Jump to content
gabrielt

[Resolved] Mailhost configuration problem, identified internal IP as source

Recommended Posts

Hello,

We've been reporting spam to SpamCop for years, using SpamAssassin's reporting capability to our own spamcop.net submission email address.

Basically we have a scri_pt that goes to all users spam folder and run:

spamassassin -r < email_file

SpamAssassin is correctly configured with

spamcop_from_address spamcop@ourdomain.com
spamcop_to_address submit.XXXXXXXXXXXX@spam.spamcop.net

As I said, this has been working fine for years.

However, we've started seeing the following errors after clicking on the confirmation link sent to our spamcop@ourdomain.com email:

Quote

Mailhost configuration problem, identified internal IP as source

No source IP address found, cannot proceed.

Nothing to do.

Our mailhost is correctly configured, and I even deleted it and configured it again, at no avail.

Sample confirmation URL for you guys to take a look at: https://www.spamcop.net/sc?id=z6557766050z3c1f36e50c5140df21e4fdbf0d568a5cz

I am not able to find any option to see the original email SpamAssassin sent to SpamCop, so I am not being able to debug this.

As a test, I tried sending a spam email manually from the shell prompt (without using SpamAssassin), and got the same result.

The only thing that I can think of is that we tweaked our email server a couple of weeks ago, and maybe that are some SpamAssassin-related hidden headers in the email that we end up forwarding that probably should have been removed.

I'd appreciate any help/pointers.

Thanks,

Gabriel.

Share this post


Link to post
Share on other sites
4 hours ago, gabrielt said:

I am not able to find any option to see the original email SpamAssassin sent to SpamCop, so I am not being able to debug this.

You should be able to log into your reporting account and click on the <Past Reports> tab.

Share this post


Link to post
Share on other sites
1 hour ago, Lking said:

You should be able to log into your reporting account and click on the <Past Reports> tab.

In the Past Reports, the recent reports are shown as "No reports filed", since I wasn't able to submit them as explained above. So, there is no link that allows me to see what was sent to SpamCop. See screenshot below.

 

spamcop.png

Share this post


Link to post
Share on other sites

The "Submit" by SpamAssassin should result in a Tracking URL just like the the example in your OP.  That tracking URL will include the spam sent by SpamAssassin.

Or am I missing something?

Share this post


Link to post
Share on other sites
Posted (edited)

Hi @Lking

The problem is that I can't hit Submit, as it gives an error. At the link that is sent out to us, there is no way to see the contents of the message, or at least I couldn't find one.

Anyway, we have this error message, can't submit/confirm the spam we are sending to SpamCop and have no clue on how to fix/debug this.

Please refer to the following screenshot for better undestanding the issue.

1. SpamAssassin reports the spam

2. We get a confirmation email, with the link for us to confirm/report the spam that was reported by SpamAssassin

3. We click the link and get the error message I explained in the first post:

spamcop1.thumb.png.56dda0bda7aac15438d8e39e50ceaf64.png

4. If I click "Report Now", the same page is reloaded, with a different id/hash.

Thank you in advance.

 

Edited by gabrielt

Share this post


Link to post
Share on other sites

Hi @Lking

I read and re-read this page but couldn't undestand it very well, the text is quite confusing IMHO.

I configured the Mailhost in the SpamCop control panel by simply following the instructions, where SpamCop sends an email to spamcop@ourdomain.com and we have to enter its header and body in a form, and everything is configured. In the Mailhosts tab, I see our server and its IP address correctly configured there.

The way we report spam is as follows.

Users in our system mark emails as spam. These emails are then reported to SpamCop using spamassassin -r. That's it. When the text in the page you linked above talks about "accounts", I got lost. I don't know what the text is talking about. I don't know if I need to create one Mailhost configuration for each user (email address) in our system or what.

Thank you very much for your help! :)

 

Share this post


Link to post
Share on other sites
1 hour ago, gabrielt said:

I configured the Mailhost in the SpamCop control panel by simply following the instructions, where SpamCop sends an email to spamcop@ourdomain.com

This may be your issue.  Your mailhose configuration should reflect the path of reported email (spam) not the reporting email. Depending on your situation this may be a distinction without a difference.  If all the email spam you are reporting has all been sent to [at]ourdomain.com received by one host then the configuration should be simple.  The purpose of the mailhost configuration is to document the local path of email through your servers from 'the outside world' to your inbox.  This information enables the parser to know which Received: lines in the header are expected local entries and not part of the external source of the spam.

On 7/3/2019 at 6:33 AM, gabrielt said:

The only thing that I can think of is that we tweaked our email server a couple of weeks ago,

I think you are correct about the source of the problem.  Is email to spamcop[at]ourdomain.com now follow a different path than other email?  I think an in depth review of what you tweaked is in order.

Share this post


Link to post
Share on other sites

Hi @Lking

I got lost on your explanation. I don't quite get what you (and the documentation) mean by "path taken". The spams are reported from within each user's mailbox. All of them use the same domain name (@ourdomain.com in this example). The email spamcop[at]ourdomain.com is used only to send the reports to SpamCop via SpamAssassin (spamcop_from_address spamcop[at]ourdomain.com), and that is the email SpamCop sends those confirmation emails:

spamcop2.thumb.png.ecedf338f644d76d6dd35a9550464685.png

At our Mailhosts configuration, that is the email configured to receive the reports:

Mailhost name:    ourdomain.com
Email address:    spamcop[at]ourdomain.com
Hosts/Domains:    ourdomain.com
Relaying IPsv4: [IPv4 addess of our email server]

 

1 hour ago, Lking said:

Is email to spamcop[at]ourdomain.com now follow a different path than other email?

Nope. A regular mailbox like any  other in our system.

1 hour ago, Lking said:

I think an in depth review of what you tweaked is in order.

I don't really know what could be the cause of this, since I am not being able to see what SpamCop is getting from our server (i.e., the emails/reports we are sending to the special submit email address)... So I don't know exactly what is triggering the error message...

Thanks!

Share this post


Link to post
Share on other sites

Hello Gabrielt,

I'll side-step all of LKing_Master's considered advice & just share a couple of things.

1. I took your original: 

https://www.spamcop.net/sc?id=z6557766050z3c1f36e50c5140df21e4fdbf0d568a5cz - Wednesday at 10:33 PM

  • parsed it thru a SC account without any MAILHOSTS configured, result:

https://www.spamcop.net/sc?id=z6558104666zfcc84ec0d118545d96b9b4b48e77879ez

2. Mailhost configuration problem, identified internal IP as source. No source IP address found, cannot proceed. Nothing to do >> The errors in your parsed spam:

Hank, one of our friends, had this very issue: 

 

http://forum.spamcop.net/topic/37788-resolvednbspmailhost-configuration-problem-identified-internal-ip-as-source/

We all took to it with our usual zeal, however, in the end, Hank contacted Richard, SC Admin, result:

SOLVED by Spamcop staff. Problem found and fixed.
Here is the explanation:
==========
a.local-delivery was in the mailhosts, but b.local-delivery wasn't. At one time that would have been ignored as a local hop, but some of the coding for IPv6 screwed things up so even versions numbers of some things look like IP addresses.
--
Richard

============

If you haven't done this & think it's possible solution please let us know if you get a happy result?

Thanks & cheers!

G🦗H

Share this post


Link to post
Share on other sites

@MIG I think your pointers were great. Probably the changes I did added new X-spam headers with software version numbers that might be throwing SpamCop's parser off (i.e., interpreting software version numbers as IP addresses). I will try to disable all X-spam headers and try again. Will keep you guys posted. Many thanks for all your help! You guys are great! :)

 

Share this post


Link to post
Share on other sites

@Lking and @MIG

I found the culprit! Many thanks for your help!

It was a bug with our qmail installation!

The header in our received emails were malformed.

They had a line like this:

Received: from unknown (HELO somedomain.com) (a.b.c.d)
    by 0 with SMTP; 5 Jul 2019 19:08:08 -0300

Instead of:

Received: from unknown (HELO somedomain.com) (a.b.c.d)
    by mail.ourdomain.com with SMTP; 5 Jul 2019 19:08:08 -0300

Note how the variable for our FQDN was empty, so no wonder SpamCop was complaining that could found our mailhost in the headers. So the error message was absolutely correct!

And also, I finally understood what you guys meant by "path": it is simply the sequence of "Received:" headers inside the email.

Once again, thank you so much your time. MIG's answer turned on a light bulb in my head that the email header might be malformed and...bingo!

I hope this topic helps other SpamCop users in the future.

Cheers,

Gabriel.

Share this post


Link to post
Share on other sites
51 minutes ago, gabrielt said:

@Lking and @MIG

I found the culprit! Many thanks for your help!

It was a bug with our qmail installation!

The header in our received emails were malformed.

[...]

Once again, thank you so much your time. MIG's answer turned on a light bulb in my head that the email header might be malformed and...bingo!

I hope this topic helps other SpamCop users in the future.

Cheers,

Gabriel.

and so the G🦗H advances further to becoming a master :)🙏

@gabrielt Glad you found the problem, and with it, also fixed an internal handoff problem with your qmail setup (malformed received line). (wish some big companies: RE1Mu3b?ver=5c31 -- with outlook and hotmail -- would fix theirs.... )

Share this post


Link to post
Share on other sites

Peer to peer works!  So can we mark this resolved?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×