Jump to content
Sign in to follow this  
semmelbroesel

Does parsing stop too early?

Recommended Posts

Hi,

I have received some spam that contains quite a few RECEIVED entries, and I found that the spamcop parser did not go deep enough to find the one line that actually shows the spammer.

Example report

I would like to point out the line

Received: from KNABI (acrz159.neoplus.adsl.tpnet.pl [83.11.27.159])

that doesn't appear to be parsed.

Is there a reason this is happening?

Am I doing something wrong?

Should I edit the header and remove the RECEIVED lines that belong to my provider?

(I don't think I should because the whole header gets sent in the report, but otherwise how can I get the actual spammer reported?)

Thanks for any advice you can give me - this spammer has been very persistent and seems to be increasing output :-(

Share this post


Link to post
Share on other sites
I have received some spam that contains quite a few RECEIVED entries, and I found that the spamcop parser did not go deep enough to find the one line that actually shows the spammer.

Example report

...Have you configured MailHosts? It appears that the parser is trying to report the server (216.245.171.32 = mail.agiliti.com) from which the last server (EXCHANGE1.agiliti.net, presumably, the one that ultimately receives and stores your e-mail) receives the e-mail but that's just another server in your e-mail provider's network. MailHosts was designed to help avoid this situation.

Should I edit the header and remove the RECEIVED lines that belong to my provider?

(I don't think I should because the whole header gets sent in the report, but otherwise how can I get the actual spammer reported?)

...Yes, you can do that, but if you do, cancel the reports that SpamCop offers to send. This is because editing the headers is a violation of SpamCop's Rules against material changes to spam.

Share this post


Link to post
Share on other sites
I have received some spam that contains quite a few RECEIVED entries, and I found that the spamcop parser did not go deep enough to find the one line that actually shows the spammer.

I'd suggest turning on "Show Full Technical Details" in your Preferences, send a copy of the original headers and the SpamCop Parser output and ask your ISP to explain the odd handoffs showing in that chain of events/handling. Running your reporting account through the MailHost Configuration process "might" help, but .... there are some items there that I sure can't come up with an explanation for ....

Share this post


Link to post
Share on other sites

Running your reporting account through the MailHost Configuration process "might" help, but .... there are some items there that I sure can't come up with an explanation for ....

agiliti and g2host seem to be part of our provider, digitalnorth.

I have not looked into mailhosts yet, but I am checking it out right now and will see what it does.

If I understand it correctly it will filter out servers that belong to my provider from being detected as possible spam source.

Just tried it, but the two servers mailhosts detected are names that don't even show in the email headers, so I gotta figure out if I can add the others, too. Am waiting for the test email now.

Thanks for your advice!

Share this post


Link to post
Share on other sites
We have a spam filter, but I disabled it, and I also haven't received a spam filter alert.

I sent an email to the deputies.

Thanks!

...Thanks for letting us know. If you are able, please let us know how this was resolved.

Share this post


Link to post
Share on other sites

btw, is this thread in the right forum?

(reporting help or mailhosts maybe?)

Edited by Jank1887

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×