Adding new mailhost completely broken

[iixii]

As you can plainly see, the error message below is bullsh** - the confirmation code is clearly in the body. Anyone else got this error when trying to configure a mailhost?

Hello SpamCop user,

Sorry, but SpamCop has encountered errors:

Confirmation codes do not match:

From recipient address: <secret code>
From header:            <secret code>
From body:              

Please do not respond to this email (replies are ignored).  If you need
help, please consult the SpamCop website ( <http://www.spamcop.net/> ).

This email was sent in response to your email:
Return-Path: <service<at>admin.spamcop.net>
Received: from mx1.opera.com (root<at>mx1.opera.com [193.69.116.6])
	by mailbox.opera.com (8.13.4/8.13.4/Debian-3) with ESMTP id j65FakUL018682
	for <axel<at>opera.com>; Tue, 5 Jul 2005 15:36:51 GMT
Received: from spamcop.net (sc-app4.spamcop.net [64.74.133.245])
	by mx1.opera.com (8.13.4/8.13.4/Debian-3) with SMTP id j65FabYH011905
	for <axel<at>opera.com>; Tue, 5 Jul 2005 15:36:38 GMT
X-SpamCop-Conf: <secret code>
Received: from [213.236.208.22] by spamcop.net
	with HTTP; Tue, 05 Jul 2005 15:36:21 GMT
From: SpamCop robot <mhconf.<secret code><at>cmds.spamcop.net>
To: axel<at>opera.com
Subject: SpamCop account configuration email
Precedence: list
Message-ID: <wh42caa8f5gf54a<at>msgid.spamcop.net>
Date: Tue, 05 Jul 2005 15:36:21 GMT
X-Mailer: Opera/8.02 (Windows 98; U; en)
	via http://www.spamcop.net/ v1.466
X-spam-Status: No, score=-4.9 required=5.0 tests=FROM_HAS_MIXED_NUMS,
	USER_AGENT_OPERA_XM autolearn=disabled version=3.0.3
X-spam-Report: 
	*  0.1 FROM_HAS_MIXED_NUMS From: contains numbers mixed in with letters
	* -5.0 USER_AGENT_OPERA_XM X-Mailer header indicates a non-spam MUA
X-spam-Checker-Version: SpamAssassin 3.0.3 (2005-04-27) on mx1.opera.com
Status:   

Hello SpamCop user,

This email contains special codes and tracking information to help SpamCop
figure out your specific email configuration.  Do not post this email in
public.  It contains confidential information related to the security of
your SpamCop account.

Please return this complete email, preserving full headers and the special
tracking codes below.  Visit this address:
http://www.spamcop.net/mcgi?action=mhreturn

Alternately, you may submit via email.  Forward the message as an 
attachment to this address.  Or create a new message and paste this email
into it.  Either way, send it to to:

mhconf.<secret code><at>cmds.spamcop.net

Some email software may only support one or the other of these submission
methods.  For information on your email software and to learn how to get
full headers see this FAQ:
http://www.spamcop.net/fom-serve/cache/19.html

Special codes follow:
################################################################
X-SpamCop-Mx: mx1.opera.com.
X-SpamCop-Mx-Ip: 
X-SpamCop-Mh-Name: Opera
X-SpamCop-Recip: axel<at>opera.com
X-SpamCop-Unixtime: 1120577775
X-SpamCop-Conf: <secret code>
X-SpamCop-Randomness: yiNou3k6Jvq2tDTY
X-SpamCop-Hash: cb586835de45cbba9b88370b81eb6622
################################################################

[StevenUnderwood]

As you can plainly see, the error message below is <profanity removed> - the confirmation code is clearly in the body. Anyone else got this error when trying to configure a mailhost?

29933[/snapback]

Please enter the phrase "Confirmation codes do not match" into the search bar at the top of the screen and read some of the entries. This is a well documented problem with some mail handlers, one which your mail passes through.

Also, I am going to edit your post above to remove your secret code that you were asked not to reveal.

[Wazoo]

Yes it has been seen before. It has been addressed a number of times, without the need for profanity, even by folks that read and followed guidance like "Do not post the contents of this e-mail publically." ....

Bottom line is a white-space condition. Somewhere along the line, someone/something is adding white-space to (usually) one of the code strings. The instructions that have worked in the past are to not copy the whole block of data at once ... try selecting "just the code string" when trying to insert that data.

[iixii]

1. Searching:

I did of course do the exact search you mention. You will notice that you get loads of results dealing with all kinds of problems copying the message verbatim, with people using Outlook, and whatnot. If you don't happen to look at just the right search results, which contain the hints about the whitespace problem, it's no use.

And after reading a few threads, I concluded that my problem was not so easy and resolved to post about it myself.

2. Profanity: Say, you aren't by any chance from the US, aren't you? There is no other country in the world that is so in love with swear words, yet overreacts so hilariously whenever you use a supposedly eeevil word (mind you, I didn't even notice that I did).

3. "Secret" stuff: Oh come on, this is so silly. I didn't follow pointless orders, so what. Isn't it kinda useless to cut away the only important part of the message with regard to the problem, hm? Furthermore, no one can use the information in the quoted message for anything, and even if anyone could, it would harm no one but myself.

4. "well documented": No, this problem is not well documented. There is no FAQ entry, there is no pinned post.

To sum it up:

This is a bug that is so simple and straightforward that should have been fixed long ago. I could understand your frustration that people are asking about it again and again if it was at least a well-documented long-standing bug, as you claim it is. Make a FAQ entry, pin a post, and only then pick on people who don't see the solution before their eyes.

[StevenUnderwood]

3. "Secret" stuff: Oh come on, this is so silly. I didn't follow pointless orders, so what. Isn't it kinda useless to cut away the only important part of the message with regard to the problem, hm? Furthermore, no one can use the information in the quoted message for anything, and even if anyone could, it would harm no one but myself.

30698[/snapback]

Anyone could use that information in order to submit to your secret email address which then sends out reports on your behalf (especially if you are not paying attention) and could help blacklist another individual. That not only harms you (by losing your account for false reporting), it harms the servers affected by your improper reports, and harms spamcops reputation and effectiveness.

To sum it up:

This is a bug that is so simple and straightforward that should have been fixed long ago. I could understand your frustration that people are asking about it again and again if it was at least a well-documented long-standing bug, as you claim it is. Make a FAQ entry, pin a post, and only then pick on people who don't see the solution before their eyes.

30698[/snapback]

The problem is NOT with spamcop's end, however. It is in the way that one of your hosts is not following the RFC's and adding whitespace to a message. Spamcop's requirement is that of RFC compliance. When you modify that whitespace to get your mailhost approved, you are, in effect, taking responsibility that you will remove all the whitespace from any submission you make. This will of course not be done, and it is not ususally a "material change" to the spam, but it is a change. Have your ISP fix their problem of adding whitespace to your messages.

[Jeff G.]

4. "well documented": No, this problem is not well documented. There is no FAQ entry, there is no pinned post.

30698[/snapback]

I have now addressed those concerns. Are you happy now?

[Jeff G.]

Which part of "Do not post this email in

public. It contains confidential information related to the security of

your SpamCop account." did you not understand?

[iixii]

Anyone could use that information in order to submit to your secret email address which then sends out reports on your behalf (especially if you are not paying attention) and could help blacklist another individual.  That not only harms you (by losing your account for false reporting), it harms the servers affected by your improper reports, and harms spamcops reputation and effectiveness.

OK, I see. Thanks for that information. It raises a question though: Why is the message all mysterious and secretive by saying "It contains confidential information related to the security of your SpamCop account" instead of plainly and unmistakably stating "The X-SpamCop-Conf code can be used to submit spam in your name, so don't show it to anyone."?

Which, come to think of it, would still be weak security-by-obscurity. There is no reason why Spamcop sends out your obviously easily abusable account ID with the confirmation message - it could just as well use temporary unique IDs to match up host configuration and confirmation message. Then the need to keep the confirmation message secret would vanish. I suggest that this change be made.

The problem is NOT with spamcop's end, however.  It is in the way that one of your hosts is not following the RFC's and adding whitespace to a message.  Spamcop's requirement is that of RFC compliance.

Sorry, but in my case, I found that not to be the reason. When the error occurred, I tried it with all my three accounts (GMX, 1&1 and my work account at Opera Software). There was no extraneous whitespace anywhere. With all three accounts, the message body was exactly identical, apart from different content in the special fields of course. This means that none of my ISPs modified the message in any way (I would have been surprised if they did, I know them well), it must have been a bug on Spamcop's end.

Furthermore, even if it was a whitespace problem, which it seems to have been in some of the other threads about this error message, it's still a Spamcop bug in that the error message is totally wrong and misleading. The confirmation codes were intact, and perfectly possible to find and parse in all instances, so even if Spamcop can't parse some headers for some reason, it should definitely not say "confirmation codes don't match", because that's not what happens.

Incidentally, I just tried again, and guess what, even though the confirmation message was exactly and bytewise identical to the one I got three weeks ago, this time Spamcop accepted it. Bug fixed perhaps?

[iixii]

Which part of "Do not post this email in

public.  It contains confidential information related to the security of

your SpamCop account." did you not understand?

Blindly following orders without any reasons given is a militaristic attitude which I don't share. It's only justified if there is a pressing or even life-threatening matter and there is no time for explanation. This is obviously not the case here, so I suggest that the warning message be made more precise, or even better, the unnecessary confidential information removed from the confirmation messages, as outlined above.

[iixii]

I have now addressed those concerns.  Are you happy now?

That's totally irrelevant, this is not about making me happy, but preventing other users with the same problem getting stuck. The new pinned post helps with that, and I thank you for that, even though the childish threat concerning the publishing of the confirmation message is expendable.

[StevenUnderwood]

Sorry, but in my case, I found that not to be the reason. When the error occurred, I tried it with all my three accounts (GMX, 1&1 and my work account at Opera Software). There was no extraneous whitespace anywhere. With all three accounts, the message body was exactly identical, apart from different content in the special fields of course. This means that none of my ISPs modified the message in any way (I would have been surprised if they did, I know them well), it must have been a bug on Spamcop's end.

30768[/snapback]

Did you return the probes via email or use the web page provided?

Did you check for whitespace within the error message spamcop returned to you that started this thread?

I believe the whitspace is not necessarily added to your incoming messages but to your outgoing message to spamcop. If whitespace were the problem, the returned message would show that the lines were not bit-wise identical.

As far as your security concerns, only one person has access to the code and knows why certain decisions were made. There are rules. There is even an explanation for the rule.

It contains confidential information related to the security of your SpamCop account.

There is even a pinned topic at the top of this mailhost forum labeled "Mailhost Issues - please read before posting, Please Read BEFORE Posting" stating that

If you have problems with mailhosts -- 1) registering new hosts; 2) returning probes; 3) spam parses or other issues you may post in this forum. However other than very general responses I will need you to write to deputies <at> admin.spamcop.net with "mailhosts" in the subject line.

Did you follow those directions or did you ignore those because there was no pressing or even life-threatening matter?

[Wazoo]

Make a FAQ entry, pin a post, and only then pick on people who don't see the solution before their eyes.

30698[/snapback]

I believe all of iixii's rather pointless exercise of typing in much nonsense can be answered by addressing this single comment ....

At the top of this Forum section, please see the existing Pinned item;

Pinned: Mailhost Issues - please read before posting

Please Read BEFORE Posting

I was going to include a snippet or two from that Pinned post, but ... why waste the effort and electrons? I have lived all around this world, to include Germany, but I fail to see what that has to do with anything. Profanity is profanity, guidelines are guidelines, procedures are procedures, instructions are instructions ... on and on .... in this case, it seems apparent that there is not a language issue involved, simply some mis-applied attitude. When using any kind of a tool, it does help to at least attempt to read and follow the instructions provided. Being retired military, I find your "don't follow pointless orders" a more than a bit ridiculous.

iixii has obviously overlooked the "primary support here is peer-to-peer" notation ... makes a "suggestion" but doesn't place that into the appropriate forum section, much less hasn't thought it all through ... wants to malign folks that did take the time out of their day to respond in an attempt to offer some assistance, ignoring that it was obvious that existing data had not been looked at ...

As stated in the referenced Pinned item, there is no one "here" that deals with the code or decisions behind the code, so the effect of all the badmouthing done thus far boils down to little beyond aggravating those that did take the time to respond.