its8up Posted March 15, 2020 Share Posted March 15, 2020 I have a timer run google suite scri_pt that filters spam box contents with common keywords and emails headers to spamcop (as well as occasionally using common keywords to mail "dev/null" spam to the appropriate source). Of course, this means I must come by here every couple days or so to confirm and manually click the report link. Was reporting spam like normal, then ran into a strange issue. Clicked Unreported spam Saved: Report Now link and it went straight to this tracking URL: https://www.spamcop.net/sc?id=z6623054758z790919cde374c5c623d7a3db280014e6z Found the spam that apparently breaks the SPAMCOP page. It is below for your pleasure. Any idea what is going on with this thing? Delivered-To: *********@gmail.com Received: by 2002:a4a:3016:0:0:0:0:0 with SMTP id q22csp1931387oof; Sun, 15 Mar 2020 09:19:48 -0700 (PDT) X-Google-Smtp-Source: ADFU+vsCZ6pBhPe36NuRKdT0EMsXknH3fFGbThN9KldAi0TfyxqmwPz2vcG0j2ERgp+jUmn/eTJ9 X-Received: by 2002:adf:aac6:: with SMTP id i6mr5448025wrc.353.1584289188462; Sun, 15 Mar 2020 09:19:48 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1584289188; cv=none; d=google.com; s=arc-20160816; b=zJ9PHkIdDyTy2PsnMjDH8uzyhmB2Gp+3oal157sBSgfNJGa5BlJ/E6HNgi7cfo+nea BUGRvr+4fn0EZHLqT4V75TFoTQ6XWC5ZnrtZGbKXkppDE/0da3tUtA/suvSO2Z3wdo4a zw9F6/5KfiYyPavw/twFrPuETLtYnAe1dWeD9WmAybLRmpQnB41VM6rVHUyCezBd4BHP ozeMZo1HkjWLIdZ5iSEXYYtAOcI0lK8r3/yJ16sMEtOHxwfhyISGBo9SzZmMZV/A+j9o fRlia56QMGB0VT3DmmzanjnRQIPLbjSN+yVe4jbQu7ebATnI+UKqhnThpO8r4pztvXxE rf7A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=reply-to:date:from:to:subject:content-description :content-transfer-encoding:mime-version:message-id; bh=C0GmZhwjZqrXpIa4xSA+O5u22Z8WgX/O1JShatnvvkI=; b=DtRgqzxrV2YoaVwR9Zb/sTCEw/TkYpM2gacBajNylF3BT3ghuiuK0mEIYI6qRmS2R5 zHjtQx6kBqWtn+dRXX4ysAmDXUux++Jd43fzijV1cAR7WJ7/4wbqkbTTZejMOlkmrORh //NmTycczPlM0M67oSuT+c2aVjMQmOisU23ttnFNskZ741XtV+pvJbH0FTggccVNOc5Y ugXp4DGBaKVBauzqzoWaiYjCT7y+ET5LVFJHRmOAJ5CcYMMwpJ56/3J9I8iNxCJzTbii EeGSUUnblU+jJK3TQTecEdNg7vC4gRdT9icM2Oq8+r23sKj7z3S470u5itzYgRedWboN AKfw== ARC-Authentication-Results: i=1; mx.google.com; spf=temperror (google.com: error in processing during lookup of boc@bank.cn: DNS error) smtp.mailfrom=boc@bank.cn Return-Path: <boc@bank.cn> Received: from relay1.macrois.de (relay1.macrois.de. [81.209.169.71]) by mx.google.com with ESMTPS id e17si12912723wrp.559.2020.03.15.09.19.44 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 15 Mar 2020 09:19:48 -0700 (PDT) Received-SPF: temperror (google.com: error in processing during lookup of boc@bank.cn: DNS error) client-ip=81.209.169.71; Authentication-Results: mx.google.com; spf=temperror (google.com: error in processing during lookup of boc@bank.cn: DNS error) smtp.mailfrom=boc@bank.cn Received: from user-PC..home ([197.234.221.105]) (authenticated bits=0) by relay1.macrois.de (8.14.5/8.13.8/SuSE Linux 0.8) with ESMTP id 02FGIUm2032655; Sun, 15 Mar 2020 17:19:41 +0100 Message-Id: <202003151619.02FGIUm2032655@relay1.macrois.de> Content-Type: text/plain; charset="iso-8859-1" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Description: Mail message body Subject: KEEP IN TOUCH To: Recipients <boc@bank.cn> From: "'Wang Wei'" <boc@bank.cn> Date: Sun, 15 Mar 2020 17:19:34 +0100 Reply-To: errrwew.d.son@gmail.com Hello, I have a business proposal worth $4,000,000.00 I wish to initiate with= you and you will be compensated adequately upon agreement and conclusion. = Do send your response for more details. Regards, Mr.Wei Quote Link to comment Share on other sites More sharing options...
petzl Posted March 16, 2020 Share Posted March 16, 2020 (edited) 11 hours ago, its8up said: https://www.spamcop.net/sc?id=z6623054758z790919cde374c5c623d7a3db280014e6z Found the spam that apparently breaks the SPAMCOP page. It is below for your pleasure. Any idea what is going on with this thing? No idea From African botnet probably Gmail antics 197.234.221.105 netabuse[AT]mtn[DOT]bj Through email server 81.209.169.71 Edited March 16, 2020 by petzl Quote Link to comment Share on other sites More sharing options...
gnarlymarley Posted March 16, 2020 Share Posted March 16, 2020 14 hours ago, its8up said: Received: from user-PC..home ([197.234.221.105]) (authenticated bits=0) by relay1.macrois.de (8.14.5/8.13.8/SuSE Linux 0.8) with ESMTP id 02FGIUm2032655; The issue is the double dot in the Received line. The two dots make this an invalid record. If you change it to a single dot, it should submit. Quote Link to comment Share on other sites More sharing options...
its8up Posted March 17, 2020 Author Share Posted March 17, 2020 On 3/16/2020 at 7:55 AM, gnarlymarley said: double dot Good eye! Adding a .replace() statement in preparation for a rash of those. Thanks! Why does google allow invalid records through the pipe? Because they are too busy counting money to bother with syntax checks. This ain't the first issue Google caused for spamcop. Cannot rely on any standard formatting when the largest gorilla in the market chooses to march to the beating on its own chest. <insert angry gorilla noises here> Quote Link to comment Share on other sites More sharing options...
petzl Posted March 17, 2020 Share Posted March 17, 2020 On 3/16/2020 at 11:55 PM, gnarlymarley said: The issue is the double dot in the Received line. The two dots make this an invalid record. If you change it to a single dot, it should submit. Yes that allows it to parsehttps://www.spamcop.net/sc?id=z6623476193z4ef535a5f5916faa0ed30142c9229a4ez Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.