Jump to content
lanny

No source IP address found, cannot proceed.

Recommended Posts

I get lines like the following ones (and 4 more)

Received:  from authenticated-user (PRIMARY_HOSTNAME [PUBLIC_IP])
Ignored

Received:  from authenticated-user (PRIMARY_HOSTNAME [PUBLIC_IP]) by fmx10.freemail.private with SMTP; 9 Oct 2020 12:40:37 +0200
Ignored

Received:  from authenticated-user (PRIMARY_HOSTNAME [PUBLIC_IP]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.onbox.hu (Postfix) with ESMTPS id 4C74NP0ZfFzbtP for <x>; Fri, 9 Oct 2020 12:40:36 +0200 (CEST)
Ignored

When I forward the email the source contains proper-looking Received lines like this:

Received: from srv2.subonline.live (ip19.ip-51-zzz-169.eu [51.zzz.169.19])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mx.onbox.hu (Postfix) with ESMTPS id 4C74NP0ZfFzbtP
	for <zzz@freemail.hu>; Fri,  9 Oct 2020 12:40:36 +0200 (CEST)

(note: "zzz" my edit)

Is there a ticketing system where I can submit the raw input/output privately?

Thanks in advance!

Share this post


Link to post
Share on other sites
On 10/10/2020 at 4:31 AM, lanny said:

Is there a ticketing system where I can submit the raw input/output privately?

Thanks in advance!

Without a Tracking URL hard to workout what is happening?
Example top of page BEFORE you submit/send report
Here is your TRACKING URL - it may be saved for future reference:
https://www.spamcop.net/sc?id=z6673824588z4497eb805827af26ebca08dac0cd33ccz

From what I can guess your email provider is not stamping the/a received line?
You can forward (as a attachment) directly to the abuse address of  the IP who sent it

Edited by petzl

Share this post


Link to post
Share on other sites
5 hours ago, lanny said:

Hi @petzl I hoped the details can be kept non-public but let's look at the real details:

https://www.spamcop.net/sc?id=z6675008964zc1dc39ff8aa771b6633043fa7cd917c5z

The owners of these IP ranges generally are not very cooperative until they see their IPs show up on bloacklists.

Is email from a internal server,? No IP's are showing.
Received: from authenticated-user (PRIMARY_HOSTNAME [PUBLIC_IP])

Share this post


Link to post
Share on other sites

As it turns out this was caused by my sending mailserver (Mailu) which replaces Recevied lines (even in attachments).

One solution would be to force Thunderbird to send the attachment as base64-encoded. But I have not found an option for this.

I created a ticket in Mailu's tracker https://github.com/Mailu/Mailu/issues/1660 but the behavior seems to stem from Postfix's handling of filters, which for some reason get applied inside the message.

Share this post


Link to post
Share on other sites
16 hours ago, lanny said:

As it turns out this was caused by my sending mailserver (Mailu) which replaces Recevied lines (even in attachments).

 

Ouch.  That doesn't sound good.  With the Received lines being replaced, the only way to find the IP is to go back to the logs on each server and look up the "id" from the received line.  (That is, as long as it didn't change that too.)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×