Jump to content
Sign in to follow this  
kae

[Resolved] No source IP address found, cannot proceed

Recommended Posts

I registered a new email/ISP address and when I try to report, I get the "No source IP address found, cannot proceed." message. Here is the full text of what I get:

No unique hostname found for source: 86.215.164.164

Possible forgery. Supposed receiving system not associated with any of your mailhosts
Will not trust anything beyond this header

No source IP address found, cannot proceed.
Add/edit your mailhost configuration
Finding full email headers
Submitting spam via email (may work better)
Example: What spam headers should look like
Nothing to do.

I guess I'm wondering if my ISP has some strange internal handling of email or if they have some kind of chewed up headers that the parser doesn't expect?

Here are some links:

http://www.spamcop.net/sc?id=z1184521464z0...81b1f0dc3619ebz

http://www.spamcop.net/sc?id=z1184524063zd...bcee68fe5c1da1z

http://www.spamcop.net/sc?id=z1184523875zf...f140b2397a45b0z

http://www.spamcop.net/sc?id=z1184523553z5...f912967b215bcfz

http://www.spamcop.net/sc?id=z1184522841z1...71bd2b55e8f881z

http://www.spamcop.net/sc?id=z1184522649z1...0b853ffd4c043cz

http://www.spamcop.net/sc?id=z1184522420ze...e3f414544ddf2cz

From what I've looked at in the headers, there is a Received line that has very little information between the sending system Received line and the final internal received line (usually a 172. or 10. address). Is this a case where the mailhost needs special handling?

Share this post


Link to post
Share on other sites
registered a new email/ISP address and when I try to report, I get the "No source IP address found, cannot proceed." message.

...

From what I've looked at in the headers, there is a Received line that has very little information between the sending system Received line and the final internal received line (usually a 172. or 10. address). Is this a case where the mailhost needs special handling?

Is mta2.egix.net or egix.net in your mailhost configuration? If not, you need to complete the configuration (did you get the confirmation that it was complete?) of follow the directions in the pinned thread in the Mailhost configuration forum where I am moving this.

Share this post


Link to post
Share on other sites
Is mta2.egix.net or egix.net in your mailhost configuration? If not, you need to complete the configuration (did you get the confirmation that it was complete?) of follow the directions in the pinned thread in the Mailhost configuration forum where I am moving this.

Thanks for moving this to the right place. mta2.egix.net and egix.net is in my mailhost configuration and I completed the configuration for both MX records (two emails). The host is in my mailhosts list and it looks complete.

I looked at the SpamCop mailhost registration headers and those headers look the same (weird). It appears that this ISP (eGIX.net) removes all headers that are specific to them (ie. none of the mailhost host names or IP addresses appear in any email from this ISP).

All this ISPs hosts/domain addresses and their Relaying IP addresses appear to be removed from all email headers before they get passed on to me. I guess that's one way to not get your IP addresses reported hmm.

Will spamcop work with all those headers gone?

Is this something that is known or is it something I should send to the deputies for special handling?

Share this post


Link to post
Share on other sites

I only looked at the first offered Tracking URL, figured that was enough ...

Going thought the Received lnes, working from the bottom ...

Received: from 12.14.64.130 (HELO mail.hammondmap.com)

by egix.net with esmtp (1,>(6MF2* V47**)

id 7OV42H-S76)V5-5[at]

for x; Thu, 4 Jan 2007 19:19:22 -0060

very, very bad cnstruct, easy assumption is that it is totally bogus

Received: from aamiens-157-1-141-164.w86-215.abo.wanadoo.fr ([86.215.164.164])

by mta2.egix.net with esmtp (Exim 4.43)

id 1H2Y7P-0002pl-Jz

for x; Thu, 04 Jan 2007 14:19:16 -0500

This would appear to be the "real" incoming connection, typical wannado spew source, received by mta2.egix server

Received: from atmail by mta2.egix.net with spam-scanned (Exim 4.43)

id 1H2Y7Q-0002qu-ET

for x; Thu, 04 Jan 2007 14:19:17 -0500

This one really makes little sense from this side of the screen ... assumption is that the 'atmail' server may be something internal to your ISP's network, but ...???

Received: from mta2.egix.net (mta2 [172.16.1.22])

by sfv480.egix.net (Postfix) with ESMTP id 85671108853

for <x>; Thu, 4 Jan 2007 14:19:17 -0500 (EST)

Issue 1: how did the e-mail jump from the 'atmail' server to the 'sfv480.egix' server? No one here can answer that one.

Issue 2: the IP address involved in that data line .... Ouch!

172.16.0.0/12 - RFC 1918 private network

Therefore, not considered 'routable' .....

As per the Pinned items in this Forum Section, my attempted/aborted/updated/ignored MailHost Configuration Issues FAQ .... the only possible recourse is to talk to the Deputies .... it may be posible for them to hand massage the database for this wonky set-up, but .... I can't speak for them or this scenario.

Share this post


Link to post
Share on other sites
I only looked at the first offered Tracking URL, figured that was enough ...

You're right, they all look about the same so looking at one is pretty much enough.

I've looked at about 20 different legit and spam emails from this ISP and the header munging is all the same. None of the headers (legit or spam) contain any routable IP address. All the headers from hosts external to the ISP seem to be left intact, but the hosts and IP addresses of any internal ISP host is either removed from the Received headers or the entire Received header is removed except for the last non-routable 172 or 10 IP addresses.

I did read the post by ellen, but I hate to email the deputies because any problem I usually have isn't unique, but I guess this is "deputy worthy" so I'll send an email to them and see what they say.

I wonder if this ISP just removes all their IP addresse so that no one will report them. I guess that's one way to make sure no one reports you for spamming.

I wonder if that means that none of the spam that comes through this ISP is reportable (since they are munging the headers.) I guess I'll see what the deputies say. Thanks for looking at it!

Share this post


Link to post
Share on other sites
I guess I'll see what the deputies say. Thanks for looking at it!

If you could post back anything "postable" that may help the next person looking for the same data.

Share this post


Link to post
Share on other sites
I guess I'm wondering if my ISP has some strange internal handling of email or if they have some kind of chewed up headers that the parser doesn't expect?
Not to worry, there is nothing wrong with your setup or headers. There was a database problem on our end that prevented the parse from seeing your Mailhost info, and that caused the parse to fail.

Sorry for all the trouble. It's fixed now.

- Don D'Minion - SpamCop Admin -

Share this post


Link to post
Share on other sites
Not to worry, there is nothing wrong with your setup or headers. There was a database problem on our end that prevented the parse from seeing your Mailhost info, and that caused the parse to fail.

Sorry for all the trouble. It's fixed now.

Thanks for the update, Don.

Share this post


Link to post
Share on other sites

I keep getting the same message quite often, without any indication as to what the cause of the problem is. That makes it very hard for me to verify whether it has to do with mailhost configuration, as an example, because SpamCop does not even tell which email the error refers to.

For every link except the first one it is telling you exactly what the "cause of the problem is":

0: Received: from 5ac5183b.bb.sky.com (HELO 5ac5183b.bb.sky.com) (90.197.24.59) by server282-han (qpsmtpd/0.43rc1) with ESMTP; Fri, 12 Sep 2008 19:52:29 +0200
Hostname verified: 5ac5183b.bb.sky.com

Possible forgery. [color="#FF0000"]Supposed receiving system not associated with any of your mailhosts[/color]
Will not trust anything beyond this header

No source IP address found, cannot proceed.
Add/edit your mailhost configuration
Finding full email headers
Submitting spam via email (may work better)
Example: What spam headers should look like

Nothing to do.

Every one of them was received by "server282-ham" which evidentally is not in your mailhost configuration. Either you have not configured mailhosts for EVERY email address you are reporting spam from OR your mail provider has recently changed their server configuration or added servers to their setup that are not currently in your configuration. THe next step depends on which case it is.

Those headers also do not seem to be configured properly (as you can see if you follow the link on that page stating: Example: What spam headers should look like

I would expect your headers to look like:

Received: from 5ac5183b.bb.sky.com (5ac5183b.bb.sky.com [90.197.24.59]) by server282-han.<domain>.<tld> (qpsmtpd/0.43rc1) with ESMTP; Fri, 12 Sep 2008 19:52:29 +0200

Share this post


Link to post
Share on other sites
For every link except the first one it is telling you exactly what the "cause of the problem is":

Where did you get that information? When I click on the last link for, example, you can see what I am getting on the following screenshot:

http://img329.imageshack.us/img329/6891/tempyl2.gif

So how come you see all these details while I don't?

[moderator edit - no images here thanks, converted to link, answering query in my next post]

Another later edit: no reason to quote the entire previous post in the response

Edited by Wazoo

Share this post


Link to post
Share on other sites

I just reconfigured my mail hosts and found out that our ISP had indeed changed their servers. I guess everything works alright again now. Might have been easier to find out though if SpamCop had been more explicit on the cause of the problem. I am still wondering where you can see that information, as all I got was what you can see on the screenshot in my previous post. But thanks anyway! :)

Edited by Eisenbart

Share this post


Link to post
Share on other sites
Where did you get that information? When I click on the last link for, example, you can see what I am getting on the following screenshot:

http://img329.imageshack.us/img329/6891/tempyl2.gif

So how come you see all these details while I don't?

You need to turn on "Show technical details", a checkbox under the paste-in box on your members's page and an option under your "Preferences" tab from that page (for email submissions) - "Report Handling Options" link - "Show Technical Details during reporting" item - select the "Show technical data" radio button.

Share this post


Link to post
Share on other sites

Perhaps something amiss with your mailhosting? Parses okay without mailhosts:

http://www.spamcop.net/sc?id=z4931539230z5...9eed70f1c60517z

Is that really spam? Are you getting this sort of thing often?

Anyway, you might try redoing your hosts (the tab on your user page). Sometimes it takes a tweak from Don or a deputy to get things right - service[at]admin.spamcop.net

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×