Jump to content
ewv

mail hosts does not recogize all mailchannels hosts

Recommended Posts

mailhosts only allows adding mx1.mailchannels.net. (pri 0)
and mx2.mailchannels.net  resulting in:

inbound.mailchannels.net
postfix-inbound-0.inbound.mailchannels.net
postfix-inbound-3.inbound.mailchannels.net
postfix-inbound-4.inbound.mailchannels.net
postfix-inbound-5.inbound.mailchannels.net
postfix-inbound-6.inbound.mailchannels.net
postfix-inbound-7.inbound.mailchannels.net
postfix-inbound-11.inbound.mailchannels.net

Missing from that list is (at least)#2:
postfix-inbound-2.inbound.mailchannels.net

and more fundamentally
inbound-splitter.mailchannels.net

resulting in spamcop hanging before getting to the spam source, for example:

2: Received: from inbound-trex-4 (100-101-84-158.inbound-trex.inbound.svc.cluster.local [100.101.84.158]) by postfix-inbound-4.inbound.mailchannels.net (Postfix) with ESMTP id AAE1520251 for <x>; Thu, 12 Nov 2020 10:19:05 +0000 (UTC)
No unique hostname found for source: 100.101.84.158
Possible forgery. Supposed receiving system not associated with any of your mailhosts
Will not trust this Received line.

for headers:

... Received: from inbound-trex-4 (100-101-84-158.inbound-trex.inbound.svc.cluster.local [100.101.84.158])
    by postfix-inbound-4.inbound.mailchannels.net (Postfix) with ESMTP id AAE1520251
    for <x>; Thu, 12 Nov 2020 10:19:05 +0000 (UTC)
Received: from inbound-trex-0 (100-96-26-96.inbound-trex.inbound.svc.cluster.local [100.96.26.96])
    by postfix-inbound-splitter-0.localdomain (Postfix) with ESMTP id EBBED20032;
    Thu, 12 Nov 2020 10:19:00 +0000 (UTC)
Received: from p110239-ipoefx.ipoe.ocn.ne.jp (p110239-ipoefx.ipoe.ocn.ne.jp
 [153.246.145.238])
    by 0.0.0.0:2500 (trex/5.18.10);
    Thu, 12 Nov 2020 10:19:00 +0000

p110239-ipoefx.ipoe.ocn.ne.jp escapes being reported.

 

 

Edited by ewv

Share this post


Link to post
Share on other sites

You can try adding the same email address to your mailhosts again and then go back to the previous tracking URL to see if it picks it up.  I don't think the mailhosts updates itself automatically.

Share this post


Link to post
Share on other sites

Adding mailchannels to mailhosts was confirmed in mailhosts, with no change in parsing behavior.  Parsing submissions have been only after Mailhosts was updated.

Mailchannels later disappeared from mailhosts entirely and could not be added back: Selecting the "standard name" mailchannels resulted in the options to select only dreamhost servers (the base mail host already registered long ago).  Hours later I could then add mailchannels servers again, but still with the same aberrant behavior blocking parsing for mail hosts preceding mailchannels in the Receive headers.

For a second spamcop account, used only for quickreporting, I have not been able to add mailchannels to the mailhosts at all, with the only options being the dreamhost mail servers after specifying the standard name 'mailchannels'.

Share this post


Link to post
Share on other sites
50 minutes ago, ewv said:

Adding mailchannels to mailhosts was confirmed in mailhosts, with no change in parsing behavior.  Parsing submissions have been only after Mailhosts was updated.

Would help if you could send a Tracking URL which is at top of parse BEFORE you submit spam
example
Here is your TRACKING URL - it may be saved for future reference:
https://www.spamcop.net/sc?id=z6690533908ze72fd31a4dff786edaf29eccae16c308z

Share this post


Link to post
Share on other sites
1 hour ago, ewv said:

Another example:

https://www.spamcop.net/sc?id=z6690587707z0afbb907bf385a3a5839c4d16a400f48z

This has not been reported so as to not duplicate.

https://www.spamcop.net/w3m?action=checkblock&amp;ip=163.172.137.93

spam is bombing the world fake email addresses included
199.10.31.238 is a cloud account possibly compromised? 

Share this post


Link to post
Share on other sites

All of my incoming mail at dreamhost now has these mailchannels headers inserted, which blocks spamcop parsing to find the source.  Submitting any incoming mail to the spamcop parser results in hanging on mailchannels Received headers, and the parser "finds" networking@carbon60.com (mailchannels) as the reporting address.  I have tested this on random non-spam incoming mail (which is not reported). The mailchannels headers make finding and reporting spam impossible, except that mailchannels takes credit for the spam and its headers are in fact responsible for protecting spammers from being reported.

Dreamhost also funnels all outgoing mail to mailchannels to intercept and scan.  Aside from the privacy problem (echoing Google mail surveillance), this results in occasional, to an unknown degree, random outgoing mail being disparaged as "junk" in mailchannels headers, which in turn sometimes causes the perfectly valid mail to bounce or be diverted into a receiver's spam folder.  But that is a different problem than the one with incoming mail and the disruption of spamcop parsing, which is a new problem.  I don't know if this mess is caused by dreamhost, mailchannels, the spamcop mailhosts system, or some combination.  I have reported it to dreamhost but am still waiting; they are very slow and the first rounds of their eventual 'responses' are usually oblivious to the problem reported.

Share this post


Link to post
Share on other sites
8 hours ago, ewv said:

Another example:

https://www.spamcop.net/sc?id=z6690587707z0afbb907bf385a3a5839c4d16a400f48z

This has not been reported so as to not duplicate.

Hmmm, I noticed your second line does not properly match the first one.  Specifically the "by 0.0.0.0:2500" section does not match a mailchannels line of "inbound-egress-6.mailchannels.net".  Something is strange where the headers do not see to match up.  If nothing was lost, then this would be from an internal mailchannels user.

1: Received: from TrololoVPN ([UNAVAILABLE]. [163.172.137.93]) by 0.0.0.0:2500 (trex/5.18.10); Thu, 12 Nov 2020 21:07:09 +0000
No unique hostname found for source: 163.172.137.93
Possible forgery. Supposed receiving system not associated with any of your mailhosts
Will not trust this Received line.

 

Share this post


Link to post
Share on other sites
6 hours ago, gnarlymarley said:

Hmmm, I noticed your second line does not properly match the first one.  Specifically the "by 0.0.0.0:2500" section does not match a mailchannels line of "inbound-egress-6.mailchannels.net".  Something is strange where the headers do not see to match up.  If nothing was lost, then this would be from an internal mailchannels user.


1: Received: from TrololoVPN ([UNAVAILABLE]. [163.172.137.93]) by 0.0.0.0:2500 (trex/5.18.10); Thu, 12 Nov 2020 21:07:09 +0000
No unique hostname found for source: 163.172.137.93
Possible forgery. Supposed receiving system not associated with any of your mailhosts
Will not trust this Received line.

 

Hi,

I work for MailChannels. We have a few internal MTA hops while processing incoming email in our inbound filtering service. At each hop, we add a Received header as per the RFCs. Some of the internal MTAs are on private IP addresses. The 0.0.0.0:2500 Received header is the first hop into our edge SMTP proxy. While it's not super cool to have an IP of 0.0.0.0, we don't believe it's inconsistent with the RFC.

But please, if we're doing it wrong, we want to fix this and would be keen to know what you all think is the correct way to add headers.

Thanks

Ken Simpson

MailChannels CEO

Share this post


Link to post
Share on other sites
1 hour ago, Ken Simpson said:

Hi,

I work for MailChannels. We have a few internal MTA hops while processing incoming email in our inbound filtering service. At each hop, we add a Received header as per the RFCs. Some of the internal MTAs are on private IP addresses. The 0.0.0.0:2500 Received header is the first hop into our edge SMTP proxy. While it's not super cool to have an IP of 0.0.0.0, we don't believe it's inconsistent with the RFC.

But please, if we're doing it wrong, we want to fix this and would be keen to know what you all think is the correct way to add headers.

Thanks

Ken Simpson

MailChannels CEO

https://talosintelligence.com/reputation_center/support#faq3
Displaying behavior that is exceptionally bad, malicious, or undesirable
Has your/3 email servers listed as "poor" but not on any blocklists
So maybe you should read the above Cisco link, it may help?

you are listed on backscatterer (bounces)  the site may ask for free sign-up just close the dialog box no need to "sign-up"
https://mxtoolbox.com/Problem/Blacklist/BACKSCATTERER/?page=prob_blacklist&amp;ip=199.10.31.238&amp;link=button&amp;action=blacklist:199.10.31.238&amp;showLogin=1&amp;hidetoc=1&amp;reason=127.0.0.2

Edited by petzl

Share this post


Link to post
Share on other sites

What do I have to do to get this fixed?

For one spamcop account I can't add mailchannels to Mailhosts at all.  "Mailchannels" as the standard name reverts to non-mailchannels servers at dreamhost.  (Dreamhost is using mailchannels to intercept and scan mail.)

For my other spamcop account mailchannels can be added to Mailhosts but periodically disappears and has to be added again. 

Even while mailchannels  is registered with Mailhosts it still does not work because of additional servers with ambiguous headers inserted by mailchannels into incoming email that prevents further parsing to the spam source.  Ken Simpson, from mailchannels, above says they are inserting internal servers with IPs like 0.0.0.0:2500 but the spamcop parser hangs at ambiguous IPs like https://www.spamcop.net/sc?id=z6691078615zd435ce8b004b579b41b019fa65a5d50ez

 
3: Received: from inbound-trex-2 (100-96-24-78.inbound-trex.inbound.svc.cluster.local [100.96.24.78]) by postfix-inbound-2.inbound.mailchannels.net (Postfix) with ESMTP id 0F77480112 for <x>; Mon, 16 Nov 2020 10:20:43 +0000 (UTC)

No unique hostname found for source: 100.96.24.78 

Meanwhile, after four days, dreamhost support is not responding.

What does it take to get this fixed?

Share this post


Link to post
Share on other sites
3 hours ago, ewv said:

Meanwhile, after four days, dreamhost support is not responding.

What does it take to get this fixed?

Try sending message to SpamCop  service
https://mailsc.spamcop.net/fom-serve/cache/401.html
"Mailhosts" in "reason for contact"
In dialogue box next page :
Mail Hosts that need whitelisting in my Mailhosts
199.10.31.238,  inbound-egress-6.mailchannels.net
199.10.31.237 inbound-egress-5.mailchannels.net  ? I think
but there are more suspect the lot will be found by SpamCop?
postfix-inbound-0.inbound.mailchannels.net
postfix-inbound-3.inbound.mailchannels.net
postfix-inbound-4.inbound.mailchannels.net
postfix-inbound-5.inbound.mailchannels.net
postfix-inbound-6.inbound.mailchannels.net
postfix-inbound-7.inbound.mailchannels.net
postfix-inbound-11.inbound.mailchannels.net

Edited by petzl

Share this post


Link to post
Share on other sites
40 minutes ago, petzl said:

Try sending message to SpamCop  service
https://mailsc.spamcop.net/fom-serve/cache/401.html
"Mailhosts" in "reason for contact"
In dialogue box next page :

Petzl, your link required authentication.  Did you mean https://www.spamcop.net/fom-serve/cache/401.html?

Share this post


Link to post
Share on other sites
18 minutes ago, gnarlymarley said:

Petzl, your link required authentication.  Did you mean https://www.spamcop.net/fom-serve/cache/401.html?

Assumed EWV was a paid user?     not sure what is available for free service?  
But couldn't hurt? Same applies
https://www.spamcop.net/fom-serve/cache/401.html

Edited by petzl

Share this post


Link to post
Share on other sites

I will try the spamcop link but aside from the missing n's in the headers of the form x-inbound-n.inbound.mailchannels.net headers, the parser has also been hanging on other kinds of mailchannels headers.  Also for one spamcop account the mailchannels entry in Mailhosts periodically disappears entirely, and for another spamcop account mailchannels cannot be added to Mailhosts at all.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×