Jump to content
Sign in to follow this  
guppy

what's it complaining about?

Recommended Posts

Hi

just attemped to report first item of spam after registering with mailhost.

Headers say,

Received: from orange [127.0.0.1] by orange.tootech.net with ESMTP
  (SMTPD32-8.15) id A483370292; Tue, 05 Apr 2005 00:57:55 +0100
Received: from  ([221.161.206.238]) by orange with SMTP id;  Tue, 5 Apr 2005 00:57:55 +0100

and I get the parse results,

0: Received: from ([221.161.206.238]) by orange with SMTP id; Tue, 5 Apr 2005 00:57:55 +0100
No unique hostname found for source: 221.161.206.238

Possible forgery. Supposed receiving system not associated with any of your mailhosts
Will not trust anything beyond this header

No source IP address found, cannot proceed.

so does this mean it's complaining about 221.161.206.238 or that it doesn't like the orange part?

slightly confused.

Thanks,

G.

Share this post


Link to post
Share on other sites

just tied another item and get a similar message, so i guess it's complaining about the orange part.

manually made it the full orange.tootech.net but it still complained.

any ideas?

G.

Edited by guppy

Share this post


Link to post
Share on other sites

When you completed the mailhost configuration, did one of the confirmations travel this same path, including the:

Received: from orange [127.0.0.1] by orange.tootech.net with ESMTP
 (SMTPD32-8.15) id A483370292; Tue, 05 Apr 2005 00:57:55 +0100
Received: from  ([221.161.206.238]) by orange with SMTP id;  Tue, 5 Apr 2005 00:57:55 +0100

Is 221.161.206.238 the actual source of this message? (Is this the entire Received: portion of the message?)

Are you running your own server, orange? If so the received line with 221.161.206.238 should have the fqdn (orange.tootech.net) rather than just orange.

Share this post


Link to post
Share on other sites

Yes 221.161.206.238 is the actual sender. For some reason the spam filtering software is not putting the full host name in the headers. the ventor is investigating this.

however even if i manually make it orange.tootech.net then spamcop still complains.

and yes it is our own server.

G.

Share this post


Link to post
Share on other sites

Moved this to MailHopst Forum section, based on what I'm reading. There is a "process" involved with "registering" your account with the MailHost configuration. Was this process actually completed? (Noting that instructions include a bit of a wait and then proceed slowly to insure that it all worked out correctly.)

You can help save some disk/screen space and allow a bit better interpretation of the actual results by providing a Tracking URL of a problem parse. But, as the error/failure seems to be occurring on "line 0" it does appear that the MailHost configuration is not complete. There may be something that can be accomplished by following instructions offered in the Pinned items in this Forum section, but ...????

Share this post


Link to post
Share on other sites

If the mailhost configuration is complete and correct, then that will have no bearing at all because the hostname and IP for orange will be in the mailhost configuration and it will know those are your servers with no external loookup.

Even with NO mailhost configuration, this should not matter.

You did complete the configuration, returning the probe and receiving the confirmation, correct?

Share this post


Link to post
Share on other sites

yes it even deleted the host and did it again pasting the text directly out of the mailbox file in to the box provided which was verified.

when i goto my mailhost tab on the web site the Hosts/Domains: dropdown is blank, however the Relaying IPs: is completed correctly.

Share this post


Link to post
Share on other sites

Geeze ... doing some search on data seen from your Tracking URL (thanks) ...

can you possibly explain the following numbers?

http://www.senderbase.org/?searchBy=ipaddr...g=61.173.85.149

Volume Statistics for this IP

Magnitude Vol Change vs. Average

Last day ........ 3.6 .. 7643%

Last 30 days .. 2.6 ... 654%

Average ........ 1.7

Not sure I even want to ask why a Domain registered in GB wants to use an e-mail server on a ChinaNet IP Block ....???

OK, now that I've got your attention <g> ..... you should note that the "problem" boils down to there being only one routable IP address seen within those headers, and this is the line that does not include any real data on just who received the incoming .... So yes, I'd say the problem is the lack of a FQDN (Fully Qualified Domain Name) .. though not sure why the MailHost configuration didn't work .. I'd say it's time to follow the instructions found in the Pinned entries for some special attention.

On the other hand, I went to 'play' with your sample ... noted the "Outlook/Eudora work-around" in use ... wondering if that might have something to do with your "test" not working ..??? I ask, as the parse I accomplished went through just fine .. see http://www.spamcop.net/sc?id=z749444608zad...17eb2ae935916cz

Share this post


Link to post
Share on other sites
Not sure I even want to ask why a Domain registered in GB wants to use an e-mail server on a ChinaNet IP Block ....???

That IP has nothing to do with us, our servers are in the UK, that was the spammer.

So it sounds like if our spam filters put the full domain in we'll be okay. Interestingly, when I change the orange to smtp.tootech.net which is the public address in the MX records (same machine) then it still fails when I played with it.

I'll chase the spam vendor and try again.if after that then I guess I'll trawl through the pinned posts to see if theres anything esle that we can do. Other option is not to report spam, which would seem a shame.

G.

Share this post


Link to post
Share on other sites
That IP has nothing to do with us, our servers are in the UK, that was the spammer.

Correct. Too many things on the plate here, the latest is trying to fix an iBook power connector, and disassembly of this thing ... well, kudos to the &*^%$ engineering staff that designed this thing and the *&%^$ proprietary compinents used for supplying DC power ... anyway, corrected my jumping through the wrong hoop with the "now that I've got your attention" edit and additional data.

So it sounds like if our spam filters put the full domain in we'll be okay. Interestingly, when I change the orange to smtp.tootech.net which is the public address in the MX records (same machine) then it still fails when I played with it.

it wasn't smtp.tootech.net that I used???? Had to re-look at my Tracking URLs .. I used orange.tootech.net

I'll chase the spam vendor and try again.if after that then I guess I'll trawl through the pinned posts to see if theres anything esle that we can do. Other option is not to report spam, which would seem a shame.

There aren't that many amd at least two of them offer the same 'final solution' ... and that involves Ellen <g> On the other hand, I don't recall a great outcome for the other user, but that was a whole different attitude going on there also ...

Share this post


Link to post
Share on other sites
That IP has nothing to do with us, our servers are in the UK, that was the spammer.

So it sounds like if our spam filters put the full domain in we'll be okay. Interestingly, when I change the orange to smtp.tootech.net which is the public address in the MX records (same machine) then it still fails when I played with it.

I'll chase the spam vendor and try again.if after that then I guess I'll trawl through the pinned posts to see if theres anything esle that we can do. Other option is not to report spam, which would seem a shame.

G.

26332[/snapback]

OK I made some changes to the mailhost. The spam now parses.

Share this post


Link to post
Share on other sites

Thanks, Ellen!

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×