Jump to content
Sign in to follow this  
Ashocka

Spamcop Rejecting Mail Generated by Fantastico

Recommended Posts

Wazoo

Your help is appreciated, but the manner in which you deliver it is not. I would therefore request you do not bother addressing any of my posts in future, please let others do that. If they don't wish to, fine.

Here's the complete header again (munged)

From - Wed Feb 14 08:13:16 2007
X-Account-Key: account2
X-UIDL: 207b0cd81924ef82292e121567d51efc
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-path: <cognitiv(at)host.spamungaccessiblehosting.com>
Envelope-to: hostacce(at)spamungaccessiblehosting.com
Delivery-date: Wed, 14 Feb 2007 08:03:37 +1100
Received: from cognitiv by host.spamungaccessiblehosting.com with local (Exim 4.63)
	(envelope-from <cognitiv(at)host.spamungaccessiblehosting.com>)
	id 1HH4oh-00011u-Qt
	for hostacce(at)spamungaccessiblehosting.com; Wed, 14 Feb 2007 08:03:37 +1100
To: hostacce(at)spamungaccessiblehosting.com
Subject: WordPress installation on http://cognitivity.org
From: fantastico(at)spamungcognitivity.org
X-Sender: <fantastico(at)spamungcognitivity.org>
X-Mailer: PHP
X-Priority: 1
Message-Id: <E1HH4oh-00011u-Qt(at)host.spamungaccessiblehosting.com>
Date: Wed, 14 Feb 2007 08:03:37 +1100
X-Antivirus: AVG for E-mail 7.5.441 [268.17.37/682]
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1

I hope this is more helpful.

Geoff

Share this post


Link to post
Share on other sites
Your help is appreciated, but the manner in which you deliver it is not. I would therefore request you do not bother addressing any of my posts in future,

Whatever ... you ask a question, sometimes answer just appear .. that's the way it works around here ...

Here's the complete header again (munged)

From - Wed Feb 14 08:13:16 2007
snipped

I hope this is more helpful.

The first glance once again left one with the immediate response that there's nothing in there that deals with a SpamCop.net e-mail account ....

So we ignore that small issue, look at what you did provide ...

A major second to Stevenunderwood's remarks about the line I didn't snip ....

The "From" is not a valid "From: " line, it's certainly not a valid "X-Line: " ... and the fact that the data that follows is a time-stamp ... well, that's a problem ...

On the other hand, the last time this specific factoid was brought up, it was in fact a Reporting issue, as the parser failed on that bad line. The 'source' of the bad line boiled down to an issue with Thunderbird, as I recall .... then again, guess maybe that Topic/Discussion is gong to have to be located, as now I have this strange thought about FireFox and a web-mail application .... search later, perhaps .. time involved ....??? The 'problem' with this is that it boiled down to how an e-mail was snagged, then handled ... whereas your initial query allegedly dealt with an e-mail server sending another server's e-mail directly, thus Thunderbird/FireFox wouldn't be in the mix .... so I'm still back to the 'lack of data' issue, actually .... having the added confusion of a non-related sample offered up as 'evidence' ...????

Yet, on the other hand, can't help but note that this data/construct is not present in your first offered sample, that was (assumedly) supposed to be an actual SpamCop.net e-mail server hand-off .... so we're back to the issue of just what you are trying to present as an example of a specific prooblem ... samples of 'something else' help no one ...

Share this post


Link to post
Share on other sites

Whatever ... you ask a question, sometimes answer just appear .. that's the way it works around here ...

Well I have asked you not to bother replying to me because I don't find your manner helpful at all. So please understand, your responses and tone are not welcome, if others don't want to help, that's fine also, but I'd prefer not to deal with Wazoo. Everyone else I find help in an acceptable manner and appreciate their help. Please respect this Wazoo.

The first glance once again left one with the immediate response that there's nothing in there that deals with a SpamCop.net e-mail account ....

I'm sorry I did not make this clear enough to everyone, I thought I had. SC rejects this email completely, so it is discarded by the system. The only way I could get an email with an example header was to send one from Fantastico to an email address that would bypass SC. So naturally there is nothing in this email header that deals with SC as it has not gone through the SC system. Because if this email is sent to SC it rejects it and never gets to me. The question remains, why does SC reject this email? I'm willing to coordinate with JT (or anyone (but Wazoo)) to send an email to my SC account so that he can monitor the logs to see what is happening.

On the other hand, the last time this specific factoid was brought up, it was in fact a Reporting issue, as the parser failed on that bad line. The 'source' of the bad line boiled down to an issue with Thunderbird, as I recall .... then again, guess maybe that Topic/Discussion is gong to have to be located, as now I have this strange thought about FireFox and a web-mail application ....

search later, perhaps .. time involved ....??? The 'problem' with this is that it boiled down to how an e-mail was snagged, then handled ... whereas your initial query allegedly dealt with an e-mail server sending another server's e-mail directly, thus Thunderbird/FireFox wouldn't be in the mix .... so I'm still back to the 'lack of data' issue, actually .... having the added confusion of a non-related sample offered up as 'evidence' ...????

This mail is not being generated by Thunderbird. It is being generated by Fantastico. What has Thunderbird got to do with this (excuss my ignorance).

Yet, on the other hand, can't help but note that this data/construct is not present in your first offered sample, that was (assumedly) supposed to be an actual SpamCop.net e-mail server hand-off .... so we're back to the issue of just what you are trying to present as an example of a specific prooblem ... samples of 'something else' help no one ...

I'm soooo sorry that this wasn't clear enough. I'll go through it again;

When Fantastico installs a package on my server it offers to send an email of all the configuration details of the install to a given email address. If I enter any email address that is forwarded to SC, SC rejects this email, Exim logs;

2007-02-11 11:14:28 1HG2Mk-0006M9-Nq ashocka[at]spamcop.net R=lookuphost T=remot e_smtp H=mx.spamcop.net [216.154.195.36]
2007-02-11 11:14:29 1HG2Mk-0006M9-Nq Completed
2007-02-11 11:14:29 1HG2Ml-0006MI-QP H=(c60.cesmail.net.invalid) [216.154.195.49] F= rejected after DATA: there is no valid sender in any header line
2007-02-11 11:14:30 1HG2Mm-0006MN-7e cognitiv R=localuser T=local_delivery
2007-02-11 11:14:30 1HG2Mm-0006MN-7e Completed

So I understand Exim is telling me that this email has been rejected by the server at c60.cesmail.net.invalid because there is no valid sender in any header line. So I am asking if anyone (except Wazoo) can tell me why it is analysing these headers and coming to that conclusion. There must be some parsing logic or something on the server side at this server at SC that causes it to take this action, because this is the only mail I know of directed to me that is rejected. Is there a syntax or failed compliance to specification in the header?

Thanks in advance.

Geoff

Share this post


Link to post
Share on other sites

Ignore the wazoo part of the response .. try reading the damn data .. noting Wazoo is the only one around at present.

One 'sample' you've provided twice has the same bad header line on both instances .... and again, for whatever reason, that bad header line was not in your first "exact" copy of an alleged e-mail traversing the path you say can't be travelled.

So please explain how your two examples of the non-connected items do not match your first 'connected' sample .. the obvious answer would be the overdone munging, but ....???? Yet again, if he 'actual' e-mail in the first instance was made available, all this dancing could come to close and some analysis on the actual issue could start.

You want to coordinate with JT .. no problem, that option has always been available .... Contact data is found in several places .... my favorite pointer goes to your described useless Wiki .... Where to get Help

Share this post


Link to post
Share on other sites

I still have not found the post/Topic I was thinking of, but .... ran across other samples ..... even stranger yet, one of these was in the huge Cox and the missing colon discussion .. but this line didn't seem to come up ... odd .... anyway, a couple of links found thus far ....

http://forum.spamcop.net/forums/index.php?...ost&p=53184

contains:

From - Thu Jan 11 08:00:19 2007

X-Account-Key: account2

http://forum.spamcop.net/forums/index.php?...ost&p=46435

contains:

From: - Sun Aug 20 09:55:58 2006

X-UIDL: <02d401c6c3df$317c0c00$0200a8c0[at]haguey>

Notice that even these samples differ a bit ... From: in one, the other only From ....????

Share this post


Link to post
Share on other sites

Wazoo

I have kindly asked you not to reply or provide any further feedback to my post. Can't you be gracious enough to accommodate such a request. Please do not respond to my post anymore.

......

Geoff

Share this post


Link to post
Share on other sites

ns2.accessiblehosting.com reports the following MX records:

Preference Host Name IP Address TTL

0 cognitivity.org 205.234.106.236 14400

http://www.senderbase.org/search?searchBy=...205.234.106.236

Sender Category unknown

Network Owner unknown

Domain unknown

Date of first message seen from this address

CIDR range unknown

# of domains controlled by this network owner 0

Volume Statistics for this IP

Magnitude Vol Change vs. Average

Last day 0.0 -100%

Last 30 days 0.0 -100%

Average 0.0

Information from whois [ Click to hide details ]

Network Owner: unknown

Registered on: unknown

Updated on: unknown

Expires on: unknown

Netblock(s): unknown unknown

A definite strike-out ....

02/21/07 03:17:29 Slow traceroute cognitivity.org

Trace cognitivity.org (205.234.106.236) ...

02/21/07 03:17:58 IP block 205.234.106.236

Trying 205.234.106.236 at ARIN

Trying 205.234.106 at ARIN

OrgName: Defender Technologies Group, LLC

OrgID: DTGL

Address: 44470 Chilum Place, Building 1

Address: Suite 1197

City: Ashburn

StateProv: VA

PostalCode: 20147

Country: US

ReferralServer: rwhois://rwhois.defenderhosting.com:4321/

NetRange: 205.234.96.0 - 205.234.111.255

CIDR: 205.234.96.0/20

NetName: DEFENDER-1

NetHandle: NET-205-234-96-0-1

Parent: NET-205-0-0-0-0

NetType: Direct Allocation

NameServer: NS1.DEFTECHGROUP.COM

NameServer: NS2.DEFTECHGROUP.COM

Comment:

RegDate: 2005-07-15

Updated: 2005-07-15

OrgAbuseHandle: DTGAD-ARIN

OrgAbuseName: DTG Admin

OrgAbusePhone: +1-703-621-3565

OrgAbuseEmail: abuse[at]defenderhosting.com

whois -h whois.enom.com defenderhosting.com ...

Domain name: defenderhosting.com

Registrant Contact:

Defender Hosting Group, LLC

NA NA (NA)

NA

Fax:

PO Box 220838

Chantilly, VA 20153

US

Administrative Contact:

NA

Thomas Kiblin (admin[at]defenderhosting.com)

(703) 728-9172

Fax:

Defender Hosting Group, LLC

PO Box 220838

Chantilly, VA 20153

US

Technical Contact:

NA

Thomas Kiblin (admin[at]defenderhosting.com)

(703) 728-9172

Fax:

Defender Hosting Group, LLC

PO Box 220838

Chantilly, VA 20153

US

Status: Locked

Name Servers:

NS1.DEFTECHGROUP.COM

NS2.DEFTECHGROUP.COM

?????

http://www.senderbase.org/search?searchStr...cognitivity.org

Other information about unknown domain

Sender Category unknown category

Date of first message seen from this domain

Volume Statistics for this Domain

Magnitude Vol Change vs. 30 Day

Last day 0.0 0%

Last 30 days 0.0

Registrant City:Moyhu

Registrant State/Province:VI

Registrant Postal Code:3732

Registrant Country:AU

Name Server:NS1.ACCESSIBLEHOSTING.COM

Name Server:NS2.ACCESSIBLEHOSTING.COM

other personal data left off .. but the issue thus far does seem to go to zero e-mail seen from this place/server/domain/whatever ... so hard to go with it being on a blockklist anywhere ... yet, is this anywhere close to the problem server?

there is a server there ....

telnet 205.234.106.236 25

220 AVG ESMTP Proxy Server 7.5.434/7.5.441 [268.18.3/694]

amd while scratching around, the lack of a FQDN hit me, though not sure if there's an issue, as thus far, the only thing seen is a bit of internal handoff ... but I'll point it out, ask the question ....

second sample: Received: from cognitiv by .....

third sample: Received: from cognitiv by host.spamungaccessiblehosting.com with local (Exim 4.63)

(envelope-from <cognitiv(at)host.spamungaccessiblehosting.com>)

that "from cognitiv " seems lacking a bit of detail .....

Share this post


Link to post
Share on other sites

This scratching around in the dark is absurd .... what is needed .. an actual e-mail with header data intact.

Somehow force your server to send an e-mail to your SpamCop.net account with a CC: to the other account .... then provide a copy of the received CC: such that the actual / exact / real data can be used to try to track things down ....

Share this post


Link to post
Share on other sites
You can not get ANY definitive answers in this forum as we are all simply other users here as has been pointed out, including at the top of every page. You need to co-ordiate a test with your sending server and JT, the administrator of the spamcop email server to see what both sides are seeing.

Okay, thanks Steve

Also, I don't believe you have provided enough evidence for anyone to make a solid gues as to what is happening. You have provided 2 completely different sets of headers and a very limited set of server logs.

Okay, I can try another one and I'll get the headers without downloading it, I'll just get it raw off the server. Would that help?

IF the second set of headers is what is causing the error message in the server logs from the first post, my best guess is the line: "From - Wed Feb 14 08:13:16 2007" causing the problem.

Can you tell me what is the problem there? Is the format not compliant to the specification?

Thanks.

...............

Geoff

Share this post


Link to post
Share on other sites

Wazoo:

Do you understand plain English... I don't want your input AT ALL. Can't you understand I don't want you posting. If no one else is going to help me fine... but I find your manner most unhelpful... you seem to be deliberatly antagonistic... there's not other rational, either that or you do not understand a simple request. Please butt out.

Here's a fresh email

Return-path: &lt;cognitiv(atmung)mungme-host.mungme-accessiblehosting.com&gt;
Envelope-to: hostacce(atmung)mungme-accessiblehosting.com
Delivery-date: Wed, 21 Feb 2007 21:14:16 +1100
Received: from cognitiv by host.mungme-accessiblehosting.com with local (Exim 4.63)
	(envelope-from &lt;cognitiv(atmung)mungme-host.accessiblehosting.com&gt;)
	id 1HJoUg-0005Jt-BC
	for hostacce(atmung)mungme-accessiblehosting.com; Wed, 21 Feb 2007 21:14:16 +1100
To: hostacce(atmung)mungme-accessiblehosting.com
Subject: WordPress installation on http://mungme-cognitivity.org
From: fantastico(atmung)mungme-cognitivity.org
X-Sender: &lt;fantastico(atmung)mungme-cognitivity.org&gt;
X-Mailer: PHP
X-Priority: 1
Content-Type: text/plain; charset=us-ascii
Content-Type: text/plain; charset=iso-8859-1
Message-Id: &lt;E1HJoUg-0005Jt-BC(atmung)mungme-host.mungme-accessiblehosting.com&gt;
Date: Wed, 21 Feb 2007 21:14:16 +1100

Share this post


Link to post
Share on other sites

Tell you what .. problem solved.

Take it up with JT.

As 'help' is not desired, off to the Lounge with this .....

Share this post


Link to post
Share on other sites

Wazoo:

Do you understand plain English... I don't want your input AT ALL. Can't you understand I don't want you posting. If no one else is going to help me fine... but I find your manner most unhelpful... you seem to be deliberatly antagonistic... there's not other rational, either that or you do not understand a simple request. Please butt out.

Here's a fresh email

You either want help, or you don't. You don't get to choose who decides to help you. This is a public forum and anyone in the world can post an answer here. Wazoo has gone beyond what most people can deduce from your information.

I also suggest you figure out how to get full headers. This newest sample still has no IP information in the only received line showing. There is absolutely NO WAY this message traveled anywhere over the internet if those are the only headers. It must have stayed inside cognitivity.org.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×