Jump to content

[Resolved] Mailhost configuration problem, identified internal IP as source


JimB

Recommended Posts

Hi all,

I have been having problems with a particular spam. You may remember from a previous topic - "identified internal IP as source" - that I thought there was a problem with my mailhost configuration (which seemed logical given the error). However, about half of my reports are fine. Others give the error "Mailhost configuration problem, identified internal IP as source". This seems to be a problem with the spam parser, but I am not sure of that.

Background: I use the two part Outlook reporting process. I use ^c^v to paste the header found in the <view<options menu. Following that, I right click on the body, choose "view source", and copy all of the material in the notepad window into the body section of the report form. Again, half or more of my reports work fine, but this particular spam type has been problematic.

The result can be found at:

http://www.spamcop.net/sc?id=z1114752586z4...09e6fdd33b4801z

Thanks for any help,

Jim

Link to comment
Share on other sites

Once again, looking at the headers you are providing, only your servers are touching this message, so they would be the ones causing the issue.

There are 2 received lines in this part:

Received: from dynres.com ([192.168.1.1]) by ponto.dynres.com with Microsoft SMTPSVC(5.0.2195.5329);

Tue, 24 Oct 2006 09:41:31 -0700 Received:from [84.77.109.116]

by dynres.com with esmtp

(envelope-from <qwevodi[at]poaustralia.com>)

id 1GcQYr-0004W8-JW

for x; Tue, 24 Oct 2006 10:59:51 -0700

Do you have more than one server handling your email from the internet? Any link as to one causing problems but not another?

When you view the headers, does it look like above with the second Received line connected to the first?

My looking at it, if it is not your handling of the headers, then it is ponto.dynres.com mishandling the headers.

Link to comment
Share on other sites

Steven,

Thanks for reminding me of this. I have been looking at the headers when I paste them into the form. In the form the lines are distinct. I am not sure where they become joined. I even cut and paste this particular spam header into the web form and the received lines were separate. Something with the parser?

We only have one e-mail server. Is it possible that somehow the spam can be re-sent from an internal address unwittingly? I have received spam e-mails that have other people in the "To" spot. Maybe we have some sort of worm or virus?

Thanks for your response,

Jim

Link to comment
Share on other sites

I have been looking at the headers when I paste them into the form. In the form the lines are distinct. I am not sure where they become joined. I even cut and paste this particular spam header into the web form and the received lines were separate. Something with the parser?

My guess would be that the lines are concatenating as part of the copy & paste process you're following. Possibly Outlook is 'delivering' a carriage return so the lines wrap together when you paste into the web form.

But even if my guess is wrong, you'd be well advised not to report until you can figure out a better way of reporting.

Andrew

Link to comment
Share on other sites

Andrew,

I am assuming that the two part form is for reporting spam exactly as I have been doing. If there is a better method I am open, but for reporting spam recieved in Outlook this is the only method I am aware of. As I mentioned before, this method works fine for most of the spam I am reporting. It is just a particular new type of spam that has been causing me issues. This spam has an image in the middle. It is distinct, i.e. I can identify if it will work or not before I even paste the parts in.

In the interest of new methodology, is there a different method others are using to get from a spam e-mail in Outlook to a filled in two part reporting web form? What else could I try? Also, the header appears correct in the web form when I submit it. I, obviously, cannot see the linefeed or carriage return characters (or tabs or spaces for that matter), but it appears correct on my end. I would not have thought the header would have concatenated itself into one line if Steven had not pasted it into this forum. This seems quite odd to me.

Another question. How do you see the header that I reported. I clicked on the link I inserted above, and the web form is empty. I am confused. I thought I would check out what Steven was seeing, but I can't see it.

Thanks for the response,

Jim

Link to comment
Share on other sites

dynres.com' post='49768' date='Oct 24 2006, 02:54 PM']I am assuming that the two part form is for reporting spam exactly as I have been doing. If there is a better method I am open, but for reporting spam recieved in Outlook this is the only method I am aware of

There are some third-party tools available. Listed in the FAQ. Ddepending on the version of Outlook in use, there may be options such as a Registry hack ....

In the interest of new methodology, is there a different method others are using to get from a spam e-mail in Outlook to a filled in two part reporting web form? What else could I try? Also, the header appears correct in the web form when I submit it. I, obviously, cannot see the linefeed or carriage return characters (or tabs or spaces for that matter), but it appears correct on my end. I would not have thought the header would have concatenated itself into one line if Steven had not pasted it into this forum. This seems quite odd to me.

Based on all that .... try something simple .. change the width of the Outlook window you are copying from .. this should move the linebreaks around a bit .. trying to rule out that one line is somehow just the right length that you snagging the text to copy from is magically just coming up short that one (invisible) character

Another question. How do you see the header that I reported. I clicked on the link I inserted above, and the web form is empty. I am confused. I thought I would check out what Steven was seeing, but I can't see it.

Can't answer that, as the Tracking URL you provided works fine from here ....

Link to comment
Share on other sites

In the interest of new methodology, is there a different method others are using to get from a spam e-mail in Outlook to a filled in two part reporting web form? What else could I try?

I use Outlook 2003 at work behind an Exchange server. I have Outlook configured to forward as attachment and I simply forward my spam to my submit address, then report when I get the reply. Whether this works or not may be up to your specific configuration, however.

Link to comment
Share on other sites

Wazoo,

In the Options window in Outlook 2003 it is not possible to change the size of the window. Apparently, in this case Microsoft knows exactly how big your window should be (note heavy sarcasm here).

BTW, thanks for changing my forum name.

Will and Steven,

Thanks for the ideas. I kind of like to enter the information and get the immediate response, but maybe it is time for me to grow up and start using the e-mail method. By reporting each spam and running into problems like this, I learn things I might not otherwise. In this case it may be too much of an uphill battle.

There is definitely something different about these particular spams that are causing the issue. I would like to figure out what is going on.

As a side note, I am now able to use the above link to see what others are seeing. This happened at the same time I checked the "Show Technical Details" box on the submit page. I am not sure that the two occurences have any cause-effect relationship, but just in case this may help someone else I thought I would document it.

Jim

Link to comment
Share on other sites

There is definitely something different about these particular spams that are causing the issue. I would like to figure out what is going on.

Except that both lines where the problems occur (before and after the missing CR) are being added by your servers. If the problem were further down the list, or some header provided by the sender, I would tend to agree with you. Your server takes the IP address of the connection and generates those Received lines.

Link to comment
Share on other sites

dynres.com' post='49768' date='Oct 24 2006, 08:54 PM']is there a different method others are using to get from a spam e-mail in Outlook to a filled in two part reporting web form? What else could I try? Also, the header appears correct in the web form when I submit it. I, obviously, cannot see the linefeed or carriage return characters (or tabs or spaces for that matter), but it appears correct on my end. I would not have thought the header would have concatenated itself into one line if Steven had not pasted it into this forum. This seems quite odd to me.

Others have suggested the forward Email as an attachment method. It really is quite efficient. However, if your server is adding the various received lines and is only appending, say, a Line Feed, when a Carriage Return + Line Feed is needed (or whatever combination and arrangement) then you may still get this unexpected line wrapping.

So try it with one spam item at a time and be careful to check.

I've certainly seen wrapping taking place in a copy & paste process. You don't see the missing line break because the paste box is just the right width to make you think the lines have split.

Again, just an educated guess.

Have you seen the Outlook 2003 FAQ entry?

Andrew

Link to comment
Share on other sites

In the Options window in Outlook 2003 it is not possible to change the size of the window. Apparently, in this case Microsoft knows exactly how big your window should be (note heavy sarcasm here).

You know, I can't recall working on anyone else computer that had Office 2003 installed (or Ijust never had reason to mess with it?) ... So relating to an Office 97 install I have here ... the vertical separating bar between the various options on the left and the 'main' screen on the right can be moved ... perhaps slode that a bit to the right to squezze up the text window ...???? Again, guessing that you only need to move another part of a character's width ....

BTW, thanks for changing my forum name.

That was the 'easy' part ... I did take care of the other places it was showing also ....

Link to comment
Share on other sites

Well, here is the latest. I submitted via e-mail a spam that was problematic. The e-mail submission method worked fine. I will just submit some of them (maybe all) with this method.

There are still some things I find strange, though. I checked the header section of the Options box in Outlook and it is definitely not a word wrap problem. Some lines wrap far short of the right side of the box, indicating some sort of linefeed/carriage return occurring. Also, some spam that SC has parsed successfully shows a wrapped header for two received lines, but there will still be another separate received line.

Another thing I notice is the line "Internal handoff at dynres.com". This seems to be a part of the header confusion, but I am not sure exactly what part.

Anyhow, I have a resolution, I have learned some things, and I found a place to discuss my problems (spam related ones anyhow). I will check back for comments, but I think I'm done here.

Thanks for your help,

Jim

Link to comment
Share on other sites

<snip>

Anyhow, I have a resolution, I have learned some things, and I found a place to discuss my problems (spam related ones anyhow). I will check back for comments, but I think I'm done here.

Thanks for your help,

Jim

Hi, Jim!

...Thanks for taking the time to return here to let us know that your problem appears to have been resolved. I shall so mark this thread (but you may continue follow-ups here, if you still care to do so).

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...