Jump to content

Recommended Posts

18 minutes ago, Tesseract said:

https://www.spamcop.net/sc?id=z6643995729z6c0b835925fc83fc6ac686ba27423c1fz

The parsing ends almost as soon as it begins, having only looked at one host. Other recent reports have been OK.

this going through a internal network/intranet?

Through email server Ecuador needs password change (no TLS)
190.152.46.226 no abuse address  try CERT https://www.first.org/members/teams/#Ecuador
From Botnet in India
106.210.0.13  
https://www.abuseat.org/lookup.cgi?ip=106.210.0.13

Share this post


Link to post
Share on other sites
8 hours ago, Tesseract said:

https://www.spamcop.net/sc?id=z6643995729z6c0b835925fc83fc6ac686ba27423c1fz

 The parsing ends almost as soon as it begins, having only looked at one host. Other recent reports have been OK.

Nothing immediately stands out for me, but I do see an IPv6 address:

whois.ripe.net found abuse contacts for 2a01:4f8:211:2c54::2 = abuse@hetzner.de

Might be good to get the deputies looking at this at deputies[at]admin[dot]spamcop[dot]net.

Share this post


Link to post
Share on other sites

The analysis by petzl seems correct (braeburn.macports.org is in my mailhosts). I don't know why the parser would fail on this particular message alone, as it doesn't seem significantly different to many others I've reported successfully. I'll contact the deputies as suggested, thanks.

Share this post


Link to post
Share on other sites
2 hours ago, Tesseract said:

The analysis by petzl seems correct (braeburn.macports.org is in my mailhosts). I don't know why the parser would fail on this particular message alone

Interesting, I had submitted a copy to my account without mailhosts and it appears to have worked.

https://www.spamcop.net/sc?id=z6644191965z228c8ee5751b9ef3fba5a127fdc8818fz

When I try to submit with mailhosts, I get the same pause (yes, I know I don't have your mail hosts.)

https://www.spamcop.net/sc?id=z6644192306zf677ca6824be06de2a49d01b38114656z

This would almost indicate maybe the double dot hostname problem.  Hang on, maybe try changing the two dots as below to a single and try submitting again.

Received: from DESKTOP-JQ04P8P..home

 

Share this post


Link to post
Share on other sites

That could well be it. I remember there was a problem last year where invalid hostnames starting with a dot would break the parser, which was eventually fixed. Hope they can fix this one too.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×