Jump to content
hank

[Resolved] Mailhost configuration problem, identified internal IP as source

Recommended Posts

Posted (edited)

Can someone help me figure this out?


https://www.spamcop.net/sc?id=z6549455694zfeb75193b1712788142a5546e2c495dbz
Mailhost configuration problem, identified internal IP as source
Mailhost:
Please correct this situation - register every email address where you receive spam
No source IP address found, cannot proceed.
Add/edit your mailhost configuration
...

I've read the previous threads about this and tried the suggestion to create a new mailhost entry but still gettimg spammed from one source that always has this problem being reported

Edited by hank
more

Share this post


Link to post
Share on other sites

Can you "explain like I'm 75" how you made that work?

I've got another one here:

https://www.spamcop.net/sc?id=z6550787211z905db5082b84aaf3684b505829469a4az
Mailhost configuration problem, identified internal IP as source

Share this post


Link to post
Share on other sites

and another:

https://www.spamcop.net/sc?id=z6550829312z28b288e7765aed3250e66e22677929e8z
Mailhost configuration problem, identified internal IP as source

Share this post


Link to post
Share on other sites
Posted (edited)

Hey Hank,

I set up a "dummy" SC account, NO MailHosts, bare bones, no extra tweaks...

SC account =  MynameTest, pwd

I (reparsed) 

https://www.spamcop.net/sc?id=z6550787211z905db5082b84aaf3684b505829469a4az

 = https://www.spamcop.net/sc?id=z6550841645z866d1e0e17d7ecbba06678438cabcad2z

https://www.spamcop.net/sc?id=z6550829312z28b288e7765aed3250e66e22677929e8z

https://www.spamcop.net/sc?id=z6550842701za1bd11a6d6d70b087d39b687f50d6f58z

SC account with NO MailHosts allows the spam to be parsed.

If ever, my SC account WITH MailHosts gives a result that generates ANY errors, I try the SC account WITHOUT MailHosts.

(in my experience) every time I try to modify my SC account with MailHosts I can't do successfully AND, setting up the original hosts was really messy, in the end SCA fixed, what's working I leave working. I don't wish to pester SCA "please fix what I've buggered up, again!" A dummy SC account works as a backup for any spam that won't parse. 

If I hit a spam that cannot be parsed with either account, I pester everyone here😉

Please let us know how you go?

Cheers!

G🦗H

 

Edited by MIG

Share this post


Link to post
Share on other sites

I thought doing that risks tagging the mail hosts that appear in the report as spam sources, if you don't have any mail hosts whitelisted by Spamcop?

Share this post


Link to post
Share on other sites
Posted (edited)
1 hour ago, hank said:

I thought doing that risks tagging the mail hosts that appear in the report as spam sources, if you don't have any mail hosts whitelisted by Spamcop?

With Mailhosts NOT set-up SpamCop can sometimes (not always) name your provider as the spammer, providers usually go nuts at you when this happens
One cannot with mailhosts set-up, use use it for parsing spam that does not go through your mailhost. .
Some of us like to have a account set-up without mailhosts set-up to parse mail that has not gone through their mailserver

Edited by petzl

Share this post


Link to post
Share on other sites

So help me understand what Spamcop is trying to tell me when I get this warning:

"Mailhost configuration problem, identified internal IP as source"

Does that mean that, somewhere in the headers of the submitted spam, there is a mailhost for which I don't have an entry?

Can I hand-edit the problem spam to take something out that makes Spamcop identify "internal IP as source"?

I don't see what the "internal IP" is that's causing the error.

Share this post


Link to post
Share on other sites
Posted (edited)
1 hour ago, hank said:

"Mailhost configuration problem, identified internal IP as source"

https://www.spamcop.net/sc?id=z6549455694zfeb75193b1712788142a5546e2c495dbz
54.240.7.11 is the source email-abuse[x]amazon.com
Seems you are relaying email through SpamCop

Received: from a7-11.smtp-out.eu-west-1.amazonses.com (a7-11.smtp-out.eu-west-1.amazonses.com [54.240.7.11])
    by vmx5.spamcop.net (Postfix) with ESMTP id 449CDAF6F3
    for <x>; Thu, 23 May 2019 10:01:27 -0700 (PDT)

You have your SpamCop email address in mailhosts?

Look for VMX5 in headers to see received line 
or paste the headers of spam BEFORE being relayed/forwarded.
Which gives
deleted
Edited by petzl

Share this post


Link to post
Share on other sites
2 hours ago, hank said:

So help me understand what Spamcop is trying to tell me when I get this warning:

"Mailhost configuration problem, identified internal IP as source"

Does that mean that, somewhere in the headers of the submitted spam, there is a mailhost for which I don't have an entry?

Can I hand-edit the problem spam to take something out that makes Spamcop identify "internal IP as source"?

I don't see what the "internal IP" is that's causing the error.

Sorry the REAL the tracking url. sorry of snipped spam url
Seems a often "Feature" of WIN10 to not copy and paste last copied instead
https://www.spamcop.net/sc?id=z6550896178zd653b2b14608440d048ea63ca34e0555z

Share this post


Link to post
Share on other sites
Posted (edited)
3 hours ago, hank said:

What Spamcop is trying to tell me when I get this warning:
1) Does that mean that, somewhere in the headers of the submitted spam, there is a mailhost for which I don't have an entry?
2. Can I hand-edit the problem spam to take something out that makes Spamcop identify "internal IP as source"?
3. I don't see what the "internal IP" is that's causing the error.

Hello Hank

I'm cross posting with Petzl, (not cross with Petlz😂), this is additional to anything our friend has posted, I've yet to get up to speed with his posts, just wanted to try to answer your: "help me understand"

1. No.

2. No/maybe/possibly, however, the workable solution is to have a backup SC account WITHOUT any MAILHOSTS configured. It doesn't need to be a paid account & you don't need to use it all the time - ONLY when you get a spam that won't parse with a SC account WITH MAILHOSTS configured.

3. Exactly, sometimes EVEN SC can't do things or can't do things perfectly, that's why there's a backup solution.

You need to get to work, you're running late: the car has a flat battery, shot brakes, a busted piston and the universal joint is "$#*&%'d", in short the car is "$#*&%'d".

You are going to be late for work, the last time you were late your Boss said, "next time, don't bother turning up!"

Do you try to work out how to fix the "$#*&%'d" vehicle or do you use an alternative means of getting to work?

If you hate the job you piss around with the car, if you need the job. CieLeVie😉

& (now I've had a chance to absorb Petzl's posts), what Petzl has posted is important, however, "x spamcop.net" does not appear in all your original parsed spams.

So, two bob each way, use the backup solution AND contact SCA "Help" and ask them to check your configured MAILHOSTS?

https://www.spamcop.net/fom-serve/cache/401.html, at the very bottom of the page: select [Other reasons for contact][Reason for contact], put a brief description:

"Please check my MailHosts config to see if my SpamCop email address is in mailhosts & please let me know?"

If you're a nice person & it seems you are, you'll say "thanks", if you're like G🦗H you won't!

  • If SCA find a SpamCop email address in MAILHOSTS, please share with us as this is a "possibly" new, additonal, IMPORTANT, information that can help others.

Many thanks and cheers!

G🦗H

Edited by MIG

Share this post


Link to post
Share on other sites
Posted (edited)
1 hour ago, MIG said:

(now I've had a chance to absorb Petzl's posts), what Petzl has posted is important, however, "x spamcop.net" does not appear in all your original parsed spams.

Yes it does.click "View entire message" for full spam
https://www.spamcop.net/sc?id=z6549455694zfeb75193b1712788142a5546e2c495dbz
Then copy and past from and including
Received: from vmx.spamcop.net (HELO vmx5.spamcop.net) ([184.94.240.112])
This tells me it's forwarded through a SpamCop/IronPort, now Cisco email server
Which gives
https://www.spamcop.net/sc?id=z6550896178zd653b2b14608440d048ea63ca34e0555z
Which means/suggests SpamCop email address has not been processed by "hank's" Mailhosts

And hank I've manage to kill the botnet going through China. But don't know if permanently?

Edited by petzl

Share this post


Link to post
Share on other sites
Posted (edited)
3 hours ago, petzl said:

Yes it does.

I said ALL original parsed spams, PETZL.

1. https://www.spamcop.net/sc?id=z6549455694zfeb75193b1712788142a5546e2c495dbz

- spamcop.net - yes

2. https://www.spamcop.net/sc?id=z6550787211z905db5082b84aaf3684b505829469a4az

- spamcop.net - yes 

3. https://www.spamcop.net/sc?id=z6550829312z28b288e7765aed3250e66e22677929e8z

 - spamcop.net  - no 

That's why I wrote "what Petzl has posted is important", 'cause it is!!

Ok, carb😘hydrate?

Cheers! G🦗H

Edited by MIG

Share this post


Link to post
Share on other sites
1 hour ago, MIG said:

3. https://www.spamcop.net/sc?id=z6550829312z28b288e7765aed3250e66e22677929e8z

 - spamcop.net  - no 

That's why I wrote "what Petzl has posted is important", 'cause it is!!

Just another non-standard email provider that scatters headers received line in a lot of garbage..
Not even stamping a received line IMO -109.236.94.178 does seem to be spewing email 
reduce SpamAssassin to 2 at present set at 3 but may lead to false positives
 

Share this post


Link to post
Share on other sites
1 hour ago, petzl said:

Just another non-standard email provider that scatters headers received line in a lot of garbage..
Not even stamping a received line IMO -109.236.94.178 does seem to be spewing email 
reduce SpamAssassin to 2 at present set at 3 but may lead to false positives
 

WOT? Are we on the same track Petzl, I'm not following? 

 Confused G🦗H

Share this post


Link to post
Share on other sites
5 minutes ago, MIG said:

WOT? Are we on the same track Petzl, I'm not following? 

 Confused G🦗H

https://www.spamcop.net/sc?id=z6550829312z28b288e7765aed3250e66e22677929e8z
Hanks email provider is not stamping the received line properly
Received: from busy.lorenzobuzios.com (customer.worldstream.nl [109.236.94.178] (may be forged))
SpamCop does. I would ditch them.

Share this post


Link to post
Share on other sites
Posted (edited)

I have a Spamcop email address I've used for many years.
Isn't that supposed to be listed in mailhosts?
As Spamcop fairly recently required, it now just forwards mail to another address.
As an old long-used address it gets a lot of spam, which Spamcop no longer filters for me since they improved the Spamcop service.

Edited by hank

Share this post


Link to post
Share on other sites
Posted (edited)
7 hours ago, hank said:

I have a Spamcop email address I've used for many years.
Isn't that supposed to be listed in mailhosts?
As Spamcop fairly recently required, it now just forwards mail to another address.
As an old long-used address it gets a lot of spam, which Spamcop no longer filters for me since they improved the Spamcop service.

Julian Haight used to have SpamCop email server as "trusted", but can't hurt to add it in forwarded email particularly?
But it seems your present email provider has gobbledegook headers that don't stamp received line properly/orderly.

I stopped/killed the botnet that was attacking SpamCop email addresses about a week ago. But don't know for how long?

Edited by petzl

Share this post


Link to post
Share on other sites

I've asked support and knowledgeable users at my ISP Sonic.net to take a look.

I can try changing the forwarding instruction for my mail address at spamcop to forward it to a different email provider, to see if that helps.

I'm slowly finding and changing all the records out there that use @spamcop.net as my email contact, but egad, it's years and years of accumulated pointers to find and fix.


Share this post


Link to post
Share on other sites
Posted (edited)
45 minutes ago, hank said:

I've asked support and knowledgeable users at my ISP Sonic.net to take a look.

I can try changing the forwarding instruction for my mail address at spamcop to forward it to a different email provider, to see if that helps.

I'm slowly finding and changing all the records out there that use @spamcop.net as my email contact, but egad, it's years and years of accumulated pointers to find and fix.

 

I just pay the $30 for Fastmail they have very good spam filtering and no problem headers
Gmail is goode but will disable your account if it gets to much spam

Edited by petzl

Share this post


Link to post
Share on other sites
4 hours ago, petzl said:

stopped/killed the botnet

Hey Petzl,

If it's not a state secret, how? Please share?

Thanks & cheers!

G🦗H

Share this post


Link to post
Share on other sites
12 hours ago, hank said:

old long-used address, it gets a lot of spam, SpamCop no longer filters, since they improved the Spamcop service.

Hey Hank,

(imo) that sounds the opposite of an "improved" service?

🤔

Cheers!

G🦗H

Share this post


Link to post
Share on other sites

Hmmm. Can't log in to Spamcop's email client to change forwarding.

These instructions:
https://www.spamcop.net/ces/setup_forwarding2.shtml

say login here: http://webmail.spamcop.net/

The instructions are differenet than I recall years back when Spamcop quit being an email provider --- at that time they said to set up forwarding, which I did.

Now the instructions say don't set up forwarding, instead have other providers POP the mail (which Fastmail would do, if I get this figured out, I'd had a Fastmail account for a long time just in case I needed it)

Share this post


Link to post
Share on other sites
5 minutes ago, hank said:

Hmmm. Can't log in to Spamcop's email client to change forwarding.

These instructions:
https://www.spamcop.net/ces/setup_forwarding2.shtml

say login here: http://webmail.spamcop.net/

The instructions are differenet than I recall years back when Spamcop quit being an email provider --- at that time they said to set up forwarding, which I did.

Now the instructions say don't set up forwarding, instead have other providers POP the mail (which Fastmail would do, if I get this figured out, I'd had a Fastmail account for a long time just in case I needed it)

It's here

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×