Does parsing stop too early?

[semmelbroesel]

Hi,

I have received some spam that contains quite a few RECEIVED entries, and I found that the spamcop parser did not go deep enough to find the one line that actually shows the spammer.

Example report

I would like to point out the line

Received: from KNABI (acrz159.neoplus.adsl.tpnet.pl [83.11.27.159])

that doesn't appear to be parsed.

Is there a reason this is happening?

Am I doing something wrong?

Should I edit the header and remove the RECEIVED lines that belong to my provider?

(I don't think I should because the whole header gets sent in the report, but otherwise how can I get the actual spammer reported?)

Thanks for any advice you can give me - this spammer has been very persistent and seems to be increasing output :-(

[turetzsr]

I have received some spam that contains quite a few RECEIVED entries, and I found that the spamcop parser did not go deep enough to find the one line that actually shows the spammer.

Example report

...Have you configured MailHosts? It appears that the parser is trying to report the server (216.245.171.32 = mail.agiliti.com) from which the last server (EXCHANGE1.agiliti.net, presumably, the one that ultimately receives and stores your e-mail) receives the e-mail but that's just another server in your e-mail provider's network. MailHosts was designed to help avoid this situation.

Should I edit the header and remove the RECEIVED lines that belong to my provider?

(I don't think I should because the whole header gets sent in the report, but otherwise how can I get the actual spammer reported?)

...Yes, you can do that, but if you do, cancel the reports that SpamCop offers to send. This is because editing the headers is a violation of SpamCop's Rules against material changes to spam.

[Wazoo]

I have received some spam that contains quite a few RECEIVED entries, and I found that the spamcop parser did not go deep enough to find the one line that actually shows the spammer.

I'd suggest turning on "Show Full Technical Details" in your Preferences, send a copy of the original headers and the SpamCop Parser output and ask your ISP to explain the odd handoffs showing in that chain of events/handling. Running your reporting account through the MailHost Configuration process "might" help, but .... there are some items there that I sure can't come up with an explanation for ....

[semmelbroesel]

Running your reporting account through the MailHost Configuration process "might" help, but .... there are some items there that I sure can't come up with an explanation for ....

agiliti and g2host seem to be part of our provider, digitalnorth.

I have not looked into mailhosts yet, but I am checking it out right now and will see what it does.

If I understand it correctly it will filter out servers that belong to my provider from being detected as possible spam source.

Just tried it, but the two servers mailhosts detected are names that don't even show in the email headers, so I gotta figure out if I can add the others, too. Am waiting for the test email now.

Thanks for your advice!

[semmelbroesel]

Dang, it's been over 7 hours, and the mailhosts test emails haven't come... :-(

[turetzsr]

Dang, it's been over 7 hours, and the mailhosts test emails haven't come... :-(

Hi, semmelbroesel,

...Please see StevenUnderwood's final reply in thread "Not receiving Mailhost email".

[semmelbroesel]

...Please see StevenUnderwood's final reply in thread "Not receiving Mailhost email".

We have a spam filter, but I disabled it, and I also haven't received a spam filter alert.

I sent an email to the deputies.

Thanks!

[turetzsr]

We have a spam filter, but I disabled it, and I also haven't received a spam filter alert.

I sent an email to the deputies.

Thanks!

...Thanks for letting us know. If you are able, please let us know how this was resolved.

[Jank1887]

btw, is this thread in the right forum?

(reporting help or mailhosts maybe?)