Jump to content
Sign in to follow this  
cisxadmin

forwarding as attachment, OL2000, pdf spam

Recommended Posts

Hi,

I must be doing something wrong here, I have not submitted spam from outlook (as an attachment) for a long time now since I seem to remember that the headers get 'optimised'. However looking at the headers they seem to be fully intact on the recieved attached email from the user and on the attached emails in my sent items and in the error email from spamcop.

Anyway, the situation that has occured is that a user has recieved two of these pdf spam emails and forwarded them to me as attachements (the entire spam emails, which in turn each have a pdf attachment).

I cannot submit these two emails to spam cop via the two part submission form since the body of these two emails are blank.

I tried forwarding each email as an attachment to my submit address (also tried the quick address) and every time I get back:

SpamCop encountered errors while saving spam for processing:

SpamCop could not find your spam message in this email:

The spam email is clearly there in the email back from spamcop but somehow it has been missed?

Anyone want me to forward (as an attachment) the two spam emails to them so they can have a look?

Before anyone jumps on me, I did read the faqs and searched the forums.

Many Thanks

William.

Share this post


Link to post
Share on other sites

Bah, I just tried forwarding the emails to another server in the same manner as I was to spamcop and looked at all the emails headers with webmin, the attached spam email has lost its detailed headers.

Looking closer at the returned emails from spamcop it is evident that this is in fact the cause for the problems.

Problem 'Solved'.

Conclusion, I cannot forward as an attachment from Ouitlook 2000 emails to the spamcop submit email address.

I think I knew this already, but it seems so stupid that I just could not believe it.

"Incredulity is the wisdom of the fool."

Billings, Josh

Share this post


Link to post
Share on other sites

I had a thought on the matter, I can save the email as a .msg file to the desktop, which keeps all the details intact.

If spamcop could open zip files then I could get these types of spam to spamcop intact?

Share this post


Link to post
Share on other sites

You can use a third party add-in, such as OLSpamcop, to forward emails, with headers from outlook. It will even let you select a group of email and forward them.

Share this post


Link to post
Share on other sites

I tried the macro one just now,

http://www.freewebs.com/7wells/visbas/source/spamcop.html

It is inperfect as far as I am concerned, it does not include the pdf attachment. Perhaps this ability is not actually needed, however I do not know if spamcop does check summing of attached items so perhaps the pdf is irrelevant. Otherwise, it is a nifty bit of macro code!

I tried OLspamcop, it does not work in our combination of corporate mode outlook and the server setup here.

One thing I noticed is that with the macro submission ( which puts the headers and body into the body of an email to spamcop ) is that with these two pdf spam emails, which have blank bodies, that they were accepted and processed without a body via email, whereas this is not done via the 2 part webform.

Now there are obvious reasons for the difference, but perhaps this could be customisable in the users preferences on spamcop.net since blank bodied spam surely is quite common?

It is also not possible to submit blank bodied spam into the one part submission form.

if an extra enter and some space are added to the two part and the single part submission form in the area of the body, then it is possible to submit the spam.

Share this post


Link to post
Share on other sites

One thing I noticed is that with the macro submission ( which puts the headers and body into the body of an email to spamcop ) is that with these two pdf spam emails, which have blank bodies, that they were accepted and processed without a body via email, whereas this is not done via the 2 part webform.

Now there are obvious reasons for the difference, but perhaps this could be customisable in the users preferences on spamcop.net since blank bodied spam surely is quite common?

It is also not possible to submit blank bodied spam into the one part submission form.

if an extra enter and some space are added to the two part and the single part submission form in the area of the body, then it is possible to submit the spam.

Please provide TrackingURL's for these examples. Are you sure the bodies you are reporting are blank?

Share this post


Link to post
Share on other sites

I've never seen OLSpamcop not work with a particular setup. Perhaps you could give me some details as to how you are setup, and what isn't working? I run it in Outlook 2003 with Exchange Server 2003, and it works just fine.

Share this post


Link to post
Share on other sites

I've never seen OLSpamcop not work with a particular setup. Perhaps you could give me some details as to how you are setup, and what isn't working? I run it in Outlook 2003 with Exchange Server 2003, and it works just fine.

Outlook2000, + Scalix. Coproate mode and mapi. spamgrabber_3.0.6.exe from http://www.olspamcop.org.

I got some error message with ~'s in it, the OLSpamcop FAQ detailed that as a problem communicating with th message store. http://www.olspamcop.org/faq.shtml#106

I am trying again just in case, but the 'outlook not so good' so far.

Please provide TrackingURL's for these examples. Are you sure the bodies you are reporting are blank?

http://www.spamcop.net/mcgi?action=gettrac...rtid=2401532508

http://www.spamcop.net/mcgi?action=gettrac...rtid=2401532539

(submitted with the macro, ie via email, with headers and 'body' in the body)

Well fairly blank, looking at the emails in outlook the body is plain text format and it comprises of two newlines.

Are checksums of attachements on spam emails (like images and pdfs) collated at spamcop.net and used 'somewhere' to fight spam? (ie pyzor/razor etc..)

Share this post


Link to post
Share on other sites
is that with these two pdf spam emails, which have blank bodies

terminology ... if there is a PDF, then the body cannot be 'blank' ... that Outlook cannot/isn't displaying the body is a whole different issue. If the e-mail actually 'had no body' one would not be trying to discuss the 'included PDF' ....

that they were accepted and processed without a body via email, whereas this is not done via the 2 part webform.

Now there are obvious reasons for the difference, but perhaps this could be customisable in the users preferences

There are a number of 'variances' on the parsing code results, a lot of them depending on how spam is submitted, some on the type of account, some based on Preferences .... web-page submittal, e-mail submittal, Quick-Reporting, Mole Reporting . on and on ... without a Tracking URL, not much to discuss about your 'sucessful multiple submittal' ... (thought thoughts would be that this should have resulted in multiple Tracking URLs ??)

Your attempted Tracking URLs would best be handled by the SpamCop FAQ entry here titled Getting a Tracking URL from a Report ID

since blank bodied spam surely is quite common?

Not really ... there have been instances where some prolific idiot idiot of a spammer was using some crapware, probably through a bad server, that would spew these, but the headers were also typically broken.

It is also not possible to submit blank bodied spam into the one part submission form.

if an extra enter and some space are added to the two part and the single part submission form in the area of the body, then it is possible to submit the spam.

There is an unofficial work around posted 'here' repeatedly .. but 'extra spaces' isn't in that desxcription. However, it is not a great thing to push, as again, as seen here ... there is an actual "no-body spam" and there is a 'spam with a body' that hets handled such that the body "isn't available" .. and this is not the same thing at all.

No .. checksums are not used ...

Share this post


Link to post
Share on other sites

terminology ... if there is a PDF, then the body cannot be 'blank' ... that Outlook cannot/isn't displaying the body is a whole different issue. If the e-mail actually 'had no body' one would not be trying to discuss the 'included PDF' ....

There are a number of 'variances' on the parsing code results, a lot of them depending on how spam is submitted, some on the type of account, some based on Preferences .... web-page submittal, e-mail submittal, Quick-Reporting, Mole Reporting . on and on ... without a Tracking URL, not much to discuss about your 'sucessful multiple submittal' ... (thought thoughts would be that this should have resulted in multiple Tracking URLs ??)

Your attempted Tracking URLs would best be handled by the SpamCop FAQ entry here titled Getting a Tracking URL from a Report ID

Not really ... there have been instances where some prolific idiot idiot of a spammer was using some crapware, probably through a bad server, that would spew these, but the headers were also typically broken.

There is an unofficial work around posted 'here' repeatedly .. but 'extra spaces' isn't in that desxcription. However, it is not a great thing to push, as again, as seen here ... there is an actual "no-body spam" and there is a 'spam with a body' that hets handled such that the body "isn't available" .. and this is not the same thing at all.

No .. checksums are not used ...

Re "then the body cannot be 'blank' " thanks for that, it is just so much easier than talking about mime boundiries; which would serve to confuse the issue perhaps and be ultimately irrelevant as the email headers were the orginal issue. I did moot the idea of spamcop being able to process zipped .msg files, it does have I am sure some benefit, but howmuch? well probably very little, who knows?

The reporting method differences: I highlighted the seemingly incongruous fact that via one way it is possible to submit the spam email in a more exact form than another form (for the purposes of submission) albeit the matter of adding a few spaces/return chars to get it to go through the other method. I mooted the idea of a possible option change in the settings to allow not adding spurious chars to enable to submit the spam emails via online form, not important really now since I see that the important of adding a few spaces or returns to the body to get it to go through is neither here nor there?

http://www.spamcop.net/sc?id=z1368590545z0...38b735b6b0e356z

http://www.spamcop.net/sc?id=z1368590480z7...ffb2a3727039fcz

yes there are a couple more related to the same 2 emails, I do not have a problem with that in this instance, do you?

Point taken regarding blank spam not being all that prevelant.

Frankly unofficial workaround? where? what is wrong with added a few spaces/returns to emails where their bodies look blank and the attachement cannot be included?

----

hmm it seems autosubmission of spam from here was temporarily 'broken' earlier today ....odd it has been working for a long time with out a single problem. I would say a gremlin messed with some emails and went away again, on the spamcop server, yes.

Submitted: 25 July 2007 00:08:10 +0100:

No reports filed

--------------------------------------------------------------------------------

Submitted: 25 July 2007 00:02:26 +0100:

No reports filed

--------------------------------------------------------------------------------

Submitted: 24 July 2007 23:19:06 +0100:

No reports filed

GMT - saw another thread - probably related to the downtime on the graph!

Edited by cisxadmin

Share this post


Link to post
Share on other sites
what is wrong with added a few spaces/returns to emails where their bodies look blank and the attachement cannot be included?

Although you may not consider that this should be a problem, the SpamCop admins have determined that the submitted item should be the exact item received by you. No material changes are allowed which means the original must be submitted entirely including the attachments.

It may not appear to make sense but that's the deal... :)

The zip file idea isn't something supported but you could always make it a suggestion.

Andrew

Edited by agsteele

Share this post


Link to post
Share on other sites

Although you may not consider that this should be a problem, the SpamCop admins have determined that the submitted item should be the exact item received by you. No material changes are allowed which means the original must be submitted entirely including the attachments.

It may not appear to make sense but that's the deal... :)

The zip file idea isn't something supported but you could always make it a suggestion.

Andrew

Well this is why I was banging my head against a wall, I wanted to preserve the itegrity of the spam emails, lol.

I have highlighted the issue a little, in that it is not possible to use the twopart/single part form with these particular spams (which seems inconsistant with the facility to do so via email), due to their lack of plain/text content in the body, having only a PDF attachment.

I will toddle off ot the http://forum.spamcop.net/forums/index.php?showforum=10 New Feature Request forum at some point to get the idea off for discussion.

Share this post


Link to post
Share on other sites

Forgive me if I'm misunderstanding the issue for you... I just read your post in the suggestion forum where you say you can save the message to the desktop with its headers intact. In which case, why not take that in its entirety and paste it into the web form?

I just had a spam item with an attachment (it was a gif file but could have been a PDF) I'll truncate the material in it but I just paste in the headers plus the content which includes the attachment... Or is your problem that you cannot create a file which includes the headers, empty message, plus attachment?

Return-Path: <forged from address>
Delivered-To: sxxxxxxx[at]xxxxxxcop.net
Received: (qmail 28744 invoked from network); 25 Jul 2007 09:50:50 -0000
Received: from unknown (HELO c60.cesmail.net) (192.168.1.105)
  by blade6.cesmail.net with SMTP; 25 Jul 2007 09:50:50 -0000
X-IronPort-AV: E=Sophos;i="4.16,579,1175486400";
remainder of headers follow here				

This is a multi-part message in MIME format.

------=_NextPart_212_B61D_E3912C5E.572EFF45
Content-Type: multipart/alternative;
	boundary="----=_NextPart_D2E_61AF_3A2FFAFA.6020FA2C"

------=_NextPart_D2E_61AF_3A2FFAFA.6020FA2C
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable



empty content here - so this bit is blank...

------=_NextPart_D2E_61AF_3A2FFAFA.6020FA2C
Content-Type: text/html;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

This bit was also blank except for some 'empty HTML code

------=_NextPart_D2E_61AF_3A2FFAFA.6020FA2C--

------=_NextPart_212_B61D_E3912C5E.572EFF45
Content-Type: image/gif;
	name="xA4wz5cIaD.gif"
Content-Transfer-Encoding: base64
Content-ID: <bd88d01c7cee89c1a06f80a9144218[at]cuatiosuna>

R0lGODdhqwF9AcYAAPz+/DSK1OzShLC6aJZ0ZDG7dPhkXOzHGYzipM7u70wNUYzONFFHJNk2oXAU
oFQH1LCGUBBrHeQ2PCwRIXaMJ01Po9JsV7zGfBhGYNSIUnSz8FdvGZ/ZkRRa7E/bEaQdbbjIDLxw
KEzuEOqnZHlq51T7tAT6nFQ25Oyq7Nxa/NfFQQQCBCXuIcR6pDQ6nLxWlIROFLhq0DXMvxfRtFTa
1CTtaQwePDDwnxEy4uwIT2e1b9lt5vwal25MxFQahMoOIl3Vn1Qe7JnI3PDN8ATSbOS+bO8WbIx6

the remainder of the attachment code followed here

------=_NextPart_212_B61D_E3912C5E.572EFF45--

Andrew

Share this post


Link to post
Share on other sites

Forgive me if I'm misunderstanding the issue for you... I just read your post in the suggestion forum where you say you can save the message to the desktop with its headers intact. In which case, why not take that in its entirety and paste it into the web form?

Hi Andrew,

Is that stuff you quoted what you see in your .msg files when you save an email to .msg format from your email program?

I get a 36k .msg file to the desktop, looking at the file with outlook it acts like a normal email and all details are intact. Opening it in notepad returns the stuff quoted below, which I do not think is compatible with Spamcop's text submit form.

In fact spamcop is probably not able to accept .msg file such as these in the first place so asking for the ability to zip them is probably somewat pointless.

The other save options in outlook 2000 are oft or txt, as oft the content are similar as described above. With the text format literally 3 lines are saved From: ,Sent: ,To:.

ÐÏࡱá				>  þÿ	 		      			     þÿÿÿ	   ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿR o o t   E n t r y											   ÿÿÿÿÿÿÿÿ							    ­i>¤ÎÇ
   €	  _ _ p r o p e r t i e s _ v e r s i o n 1 . 0				   0  ÿÿÿÿÿÿÿÿÿÿÿÿ									(   €	  _ _ n a m e i d _ v e r s i o n 1 . 0						   ( ÿÿÿÿ   4					   КV>¤ÎÇ ­i>¤ÎÇ			_ _ s u b s t g 1 . 0 _ 0 E 0 4 0 0 1 E						 * ÿÿÿÿÿÿÿÿÿÿÿÿ									   	      ýÿÿÿÿÿÿÿÿÿÿÿ            	   
         þÿÿÿ                              þÿÿÿ      B            	   !   "   #   $   %   &   '   (   )   *   +   ,   -   .   /   0   1   2   3   4   5   6   7   8   9   :  ;   <   =   >   ?   [at]   A   þÿÿÿC   D   þÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿR o o t   E n t r y											   ÿÿÿÿÿÿÿÿ   
	 À	  F			hn>¤ÎÇ
   €	  _ _ p r o p e r t i e s _ v e r s i o n 1 . 0				   0  ÿÿÿÿÿÿÿÿÿÿÿÿ									(   €	  _ _ n a m e i d _ v e r s i o n 1 . 0						   ( ÿÿÿÿ   4					   КV>¤ÎÇ ­i>¤ÎÇ			_ _ s u b s t g 1 . 0 _ 0 E 0 4 0 0 1 E						 * ÿÿÿÿÿÿÿÿÿÿÿÿ									   	   ÿÿÿÿÿÿÿÿ   ýÿÿÿ            	   
         þÿÿÿ                              þÿÿÿ      B            	   !   "   #   $   %   &   '   (   )   *   +   ,   -   .   /   0   1   2   3   4   5   6   7   8   9   :  ;   <   =   >   ?   [at]   A   þÿÿÿC   D   þÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ_ _ s u b s t g 1 . 0 _ 0 E 0 3 0 0 1 E						 *       ÿÿÿÿ									   	   _ _ s u b s t g 1 . 0 _ 0 E 0 2 0 0 1 E						 *  ÿÿÿÿÿÿÿÿÿÿÿÿ									   	   _ _ s u b s t g 1 . 0 _ 1 0 0 0 0 0 1 E						 * !   ÿÿÿÿÿÿÿÿ									'   	   _ _ s u b s t g 1 . 0 _ 1 0 0 9 0 1 0 2						 * 	
   ÿÿÿÿ									þÿÿÿ		_ _ r e c i p _ v e r s i o n 1 . 0 _ # 0 0 0 0 0 0 0 0		 : 		   +					    ­i>¤ÎÇ ­i>¤ÎÇ			_ _ a t t a c h _ v e r s i o n 1 . 0 _ # 0 0 0 0 0 0 0 0	   < ÿÿÿÿÿÿÿÿ$					    ­i>¤ÎÇ ­i>¤ÎÇ			_ _ s u b s t g 1 . 0 _ 0 0 4 2 0 0 1 E						 *       ÿÿÿÿ									&   	   _ _ s u b s t g 1 . 0 _ 0 0 7 D 0 0 1 E						 * ÿÿÿÿÿÿÿÿÿÿÿÿ									   Ã	  _ _ s u b s t g 1 . 0 _ 0 E 0 D 0 1 0 2						 *  ÿÿÿÿ   ÿÿÿÿ									   *	   _ _ s u b s t g 1 . 0 _ 1 0 3 5 0 0 1 E						 * ÿÿÿÿ   ÿÿÿÿ									   #	   _ _ s u b s t g 1 . 0 _ 0 0 7 0 0 0 1 E						 *       ÿÿÿÿ									   	   _ _ s u b s t g 1 . 0 _ 0 0 3 1 0 1 0 2						 *       ÿÿÿÿ									   #	   _ _ s u b s t g 1 . 0 _ 0 0 3 B 0 1 0 2						 *    ÿÿÿÿÿÿÿÿ									   	   _ _ s u b s t g 1 . 0 _ 0 0 4 1 0 1 0 2						 * ÿÿÿÿÿÿÿÿÿÿÿÿ									   9	   _ _ s u b s t g 1 . 0 _ 0 0 6 4 0 0 1 E						 * ÿÿÿÿ   ÿÿÿÿ									   	   _ _ s u b s t g 1 . 0 _ 0 0 6 5 0 0 1 E						 *  ÿÿÿÿÿÿÿÿÿÿÿÿ									   	   _ _ s u b s t g 1 . 0 _ 3 4 1 4 0 1 0 2						 *        ÿÿÿÿ									   	   _ _ s u b s t g 1 . 0 _ 3 0 0 B 0 1 0 2						 *  ÿÿÿÿÿÿÿÿÿÿÿÿ									   	   _ _ s u b s t g 1 . 0 _ 0 0 3 D 0 0 1 E						 *        ÿÿÿÿ									   	   _ _ s u b s t g 1 . 0 _ 0 0 1 A 0 0 1 E						 *  ÿÿÿÿÿÿÿÿÿÿÿÿ									   		   _ _ s u b s t g 1 . 0 _ 0 0 3 7 0 0 1 E						 *  ÿÿÿÿÿÿÿÿÿÿÿÿ									
   	   _ _ s u b s t g 1 . 0 _ 0 C 1 D 0 1 0 2						 *        ÿÿÿÿ											   _ _ s u b s t g 1 . 0 _ 0 C 1 9 0 1 0 2						 * 
      ÿÿÿÿ									
   E	   _ _ s u b s t g 1 . 0 _ 0 C 1 E 0 0 1 E						 *  ÿÿÿÿÿÿÿÿÿÿÿÿ										   	   _ _ s u b s t g 1 . 0 _ 0 C 1 A 0 0 1 E						 * ÿÿÿÿÿÿÿÿÿÿÿÿ									   	   _ _ s u b s t g 1 . 0 _ 0 C 1 F 0 0 1 E						 *       ÿÿÿÿ									   	   _ _ s u b s t g 1 . 0 _ 0 E 0 5 0 0 1 E						 *       ÿÿÿÿ									   	   _ _ s u b s t g 1 . 0 _ 8 0 0 2 0 0 1 E						 *  ÿÿÿÿÿÿÿÿÿÿÿÿ									   
	   _ _ s u b s t g 1 . 0 _ 8 0 0 3 0 0 1 E						 *       ÿÿÿÿ											   _ _ s u b s t g 1 . 0 _ 0 E 1 D 0 0 1 E						 *  ÿÿÿÿÿÿÿÿÿÿÿÿ											   _ _ p r o p e r t i e s _ v e r s i o n 1 . 0				   0 ÿÿÿÿÿÿÿÿÿÿÿÿ									[at]   ø	   _ _ s u b s t g 1 . 0 _ 0 F F 9 0 1 0 2						 * ÿÿÿÿ)   ÿÿÿÿ									?   	   þÿÿÿþÿÿÿþÿÿÿþÿÿÿþÿÿÿþÿÿÿþÿÿÿþÿÿÿþÿÿÿþÿÿÿ   þÿÿÿþÿÿÿþÿÿÿþÿÿÿþÿÿÿþÿÿÿþÿÿÿþÿÿÿþÿÿÿþÿÿÿþÿÿÿþÿÿÿþÿÿÿþÿÿÿþÿÿÿ            	   !   "   #   $   %   þÿÿÿþÿÿÿþÿÿÿ)   *   +   ,   -   .   /   0   1   2   3   4   5   þÿÿÿþÿÿÿþÿÿÿþÿÿÿþÿÿÿþÿÿÿþÿÿÿþÿÿÿþÿÿÿþÿÿÿþÿÿÿA   B   C   þÿÿÿþÿÿÿþÿÿÿþÿÿÿþÿÿÿþÿÿÿþÿÿÿK   þÿÿÿþÿÿÿN   O   þÿÿÿþÿÿÿþÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ																																																												10.0.0.352													  ISO8859_1																													   cae[at]sahar-ins.co.il											 cae[at]sahar-ins.co.il											 SMTP																+¤¾£n ÝT   cae[at]sahar-ins.co.il SMTP cae[at]sahar-ins.co.il															SMTP:CAE[at]SAHAR-INS.CO.IL																										IPM.Note																														:„™Å[5L€–}Áº»ä												ਇ údΰ 	‹›v												cae[at]sahar-ins.co.il											 SMTP																+¤¾£n ÝT   Harriet SMTP cae[at]sahar-ins.co.il		SMTP:CAE[at]SAHAR-INS.CO.IL										46A483DD.5010404(a)sahar-ins.co.il																							  46A483DD.5010404(a)sahar-ins.co.il							  H000006b00104384.1185189193.mail.domain.com					   Return-Path: <cae[at]sahar-ins.co.il>
Received: from drwt ([213.207.240.119])
	by mail.domain.com (8.13.1/8.13.1) with SMTP id l6NAWELq023788
	for <[at]domain.com>; Mon, 23 Jul 2007 11:32:26 +0100
Received: from hgsko ([140.158.39.27]) by drwt with Microsoft SMTPSVC(5.0.2195.6713); Mon, 23 Jul 2007 14:03:01 +0330
Message-ID: <46A483DD.5010404[at]sahar-ins.co.il>
Date: Mon, 23 Jul 2007 14:03:01 +0330
From: Harriet <cae[at]sahar-ins.co.il>
User-Agent: Thunderbird 1.5.0.12 (Windows/20070509)
MIME-Version: 1.0
To: [at]domain.com
Subject: 
Content-Type: multipart/mixed;
 boundary="------------000807030508060802040601"
X-Virus-Scanned: ClamAV 0.91/3740/Mon Jul 23 04:50:50 2007 on mail.domain.com
X-Virus-Status: Clean
															  cae[at]sahar-ins.co.il											 
															  _ _ s u b s t g 1 . 0 _ 3 7 0 4 0 0 1 E						 * #   &   ÿÿÿÿ									>   
	   _ _ s u b s t g 1 . 0 _ 3 7 0 7 0 0 1 E						 *  ÿÿÿÿÿÿÿÿÿÿÿÿ									=   
	   _ _ s u b s t g 1 . 0 _ 3 7 1 3 0 0 1 E						 *  (   "   ÿÿÿÿ									<   	   _ _ s u b s t g 1 . 0 _ 3 7 1 2 0 0 1 E						 *  ÿÿÿÿÿÿÿÿÿÿÿÿ								   ;   	   _ _ s u b s t g 1 . 0 _ 3 7 0 9 0 1 0 2						 * %   '   ÿÿÿÿ									:   ,	   _ _ s u b s t g 1 . 0 _ 3 7 0 1 0 1 0 2						 *  ÿÿÿÿÿÿÿÿÿÿÿÿ									   ÙM	  _ _ p r o p e r t i e s _ v e r s i o n 1 . 0				   0 2   ÿÿÿÿÿÿÿÿ									M   ¨	   _ _ s u b s t g 1 . 0 _ 3 0 0 1 0 0 1 E						 * .   0   ÿÿÿÿ									L   	   _ _ s u b s t g 1 . 0 _ 0 F F F 0 1 0 2						 * 1   ÿÿÿÿÿÿÿÿ									J   e	   _ _ s u b s t g 1 . 0 _ 3 0 0 2 0 0 1 E						 * ÿÿÿÿÿÿÿÿÿÿÿÿ									I   		   _ _ s u b s t g 1 . 0 _ 0 C 1 A 0 0 1 E						 *  /   ,   ÿÿÿÿ									H   	   _ _ s u b s t g 1 . 0 _ 0 C 1 9 0 1 0 2						 * ÿÿÿÿÿÿÿÿÿÿÿÿ									G   9	   _ _ s u b s t g 1 . 0 _ 3 0 0 3 0 0 1 E						 *  -   *   ÿÿÿÿ									F   -	   _ _ s u b s t g 1 . 0 _ 0 F F 6 0 1 0 2						 *  ÿÿÿÿÿÿÿÿÿÿÿÿ									E   	   _ _ s u b s t g 1 . 0 _ 3 0 0 B 0 1 0 2						 *  ÿÿÿÿÿÿÿÿÿÿÿÿ									D   6	   _ _ s u b s t g 1 . 0 _ 0 0 0 2 0 1 0 2						 * ÿÿÿÿÿÿÿÿÿÿÿÿ									Q   0	   _ _ s u b s t g 1 . 0 _ 0 0 0 3 0 1 0 2						 * 3   7   ÿÿÿÿ									P		   _ _ s u b s t g 1 . 0 _ 0 0 0 4 0 1 0 2						 *  ÿÿÿÿÿÿÿÿÿÿÿÿ									þÿÿÿ		_ _ s u b s t g 1 . 0 _ 1 0 1 7 0 1 0 2						 * ÿÿÿÿÿÿÿÿÿÿÿÿ									9   	   _ _ s u b s t g 1 . 0 _ 1 0 1 5 0 1 0 2						 *  9   6   ÿÿÿÿ									8   	   _ _ s u b s t g 1 . 0 _ 1 0 0 B 0 1 0 2						 *  ÿÿÿÿÿÿÿÿÿÿÿÿ									7   	   _ _ s u b s t g 1 . 0 _ 1 0 0 8 0 1 0 2						 * 5   8   ÿÿÿÿ									6   																		   ÿÿÿÿÿÿÿÿÿÿÿÿ																													ÿÿÿÿÿÿÿÿÿÿÿÿ														         		   [at] 0   КV>¤ÎÇ[at] 0   КV>¤ÎÇ ÷	       ô   	           Pw        b        b         ÿÿ		             ´ó  Þ?   ¯o	   B           	      [at] 9    €ìû×ÍÇ    	    }    à      þ      Cñ [at]    €ìû×ÍÇ
   *    Õ     	ø  		    5   #    pd p        fe  	   181d1    #    Õ;        ÕA    9    Ó d        Õ e          Y       Hñ X 	   Hñ W       mare4       Õ0        =         ) 	 ‡ údÎ # 	  IPF. 	\  .0.3 & 		    6 		        	        	       7                 Ó   E                                é             €	 VXЪ €		    €   
       €	    é         b   

 														 …   														 #‚  														    	  	 	    		   ÿÿÿ 																																						 offer.pdf													   offer.pdf																													   %PDF-1.1
%âãÏÓ
1 0 obj 
<<
/Pages 2 0 R
/Type /Catalog
>>
endobj 
2 0 obj 
<<
/MediaBox [0 0 612 792]
/Kids [3 0 R 4 0 R 5 0 R 6 0 R 7 0 R 8 0 R]
/Count 6
/Type /Pages
>>
endobj 
9 0 obj 
<<
/BaseFont /Courier
/Subtype /Type1
/Name /F1
/Type /Font
>>
endobj

The rest is left off for brevity.

Edited by cisxadmin

Share this post


Link to post
Share on other sites
Frankly unofficial workaround? where? what is wrong with added a few spaces/returns to emails where their bodies look blank and the attachement cannot be included?
The unofficial work around is to include something to the affect <no body found> or <PDF attachment found> rather than the blank spaces.

It has to do with preserving the integrity of the original message, probably for legal purposes.

Share this post


Link to post
Share on other sites

The unofficial work around is to include something to the affect <no body found> or <PDF attachment found> rather than the blank spaces.

It has to do with preserving the integrity of the original message, probably for legal purposes.

Oki.

-----------

I think I have got a little further now:

searching for a converter for .msg to .eml or outlook add-in to allow saving as .eml (for outlook 2000), I came across this:

http://www.rsbr.de/Software/OASniffer/index_eng.htm

Which works beatuifully

From: "cae[at]sahar-ins.co.il" &lt;cae[at]sahar-ins.co.il&gt;
To: "xxxxxxxxxxxx" &lt;OPENMAIL:xxxxxxxxxxxx /mail,xxxxxxxxxxx/cn=xxxxxxxxxx\ xxxxxxxxxxxxxx&gt;
Date: Mon, 23 Jul 2007 11:33:01 +0100
MIME-Version: 1.0 (produced by Redemption)
X-mailer: Redemption MIME converter ver.3.4.0.325
X-Priority: 3
Message-ID: 46A483DD.5010404(a)sahar-ins.co.il
Return-Path: &lt;cae[at]sahar-ins.co.il&gt;
Received: from drwt ([213.207.240.119]) by mail.xxxxxxxxxxxx.com (8.13.1/8.13.1) with
 SMTP id l6NAWELq023788 for &lt;xxxxxxxxxxx[at]xxxxxxxxxx.com&gt;; Mon, 23 Jul 2007 11:32:26 +0100
Received: from hgsko ([140.158.39.27]) by drwt with Microsoft
 SMTPSVC(5.0.2195.6713); Mon, 23 Jul 2007 14:03:01 +0330
User-Agent: Thunderbird 1.5.0.12 (Windows/20070509)
X-Virus-Scanned: ClamAV 0.91/3740/Mon Jul 23 04:50:50 2007 on mail.xxxxxxxxxxxx.com
X-Virus-Status: Clean
Content-type: Multipart/mixed; charset=windows-1252;
 boundary="00B0FEED_Redemption_message_boundary"
Content-Description: Multipart message


--00B0FEED_Redemption_message_boundary
Content-type: text/plain; charset=windows-1252
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Content-Description: Message text




--00B0FEED_Redemption_message_boundary
Content-type: application/PDF; charset=windows-1252; name="offer.pdf"
Content-Transfer-Encoding: Base64

JVBERi0xLjEKJeLjz9MKMSAwIG9iaiAKPDwKL1BhZ2VzIDIgMCBSCi9UeXBlIC9DYXRhbG9n
Cj4+CmVuZG9iaiAKMiAwIG9iaiAKPDwKL01lZGlhQm94IFswIDAgNjEyIDc5Ml0KL0tpZHMg
WzMgMCBSIDQgMCBSIDUgMCBSIDYgMCBSIDcgMCBSIDggMCBSXQovQ291bnQgNgovVHlwZSAv
UGFnZXMKPj4KZW5kb2JqIAo5IDAgb2JqIAo8PAovQmFzZUZvbnQgL0NvdXJpZXIKL1N1YnR5
cGUgL1R5cGUxCi9OYW1lIC9GMQovVHlwZSAvRm9

<truncated>

AowMDAwMDA4MDc1IDAwMDAwIG4gCjAwMDAwMTE2ODUgMDAwMDAgbiAKMDAw
MDAxNTY1NyAwMDAwMCBuIAowMDAwMDE4OTcyIDAwMDAwIG4gCjAwMDAwMTkxMjIgMDAwMDAg
biAKdHJhaWxlcgoKPDwKL0VuY3J5cHQgMTcgMCBSCi9JbmZvIDE4IDAgUgovUm9vdCAxIDAg
UgovU2l6ZSAxOQovSUQgWzwzM2QzOGIzYjE3NGNhZGQxNTBkYWFiYzY4NDNlNmRhMj48NWQx
OTBhNjc2YzJlNGRiYzBlZjIxZjdkZWU3ZjQxMzQ+XQo+PgpzdGFydHhyZWYKMTkzNzcKJSVF
T0YK


--00B0FEED_Redemption_message_boundary--

This looks submittable to me.

Anyone else know of other add-in's for Outlook 2000 to allow the saving of emails to formats other than .msg, .oft & '.txt' ?

Share this post


Link to post
Share on other sites
This looks submittable to me.

Also to me... The .msg file was not suitable.

All that said, if you have large numbers of these messages to report then I suspect you'll find this whole process rather too tedious and time consuming. Sadly, Outlook isn't equipped for the purposes of spam reporting. If just an occasional message in this form to report then I'm sure you'll be able to report using the content of these new files.

But thanks for be willing to try :)

Andrew

Share this post


Link to post
Share on other sites
<snip>Sadly, Outlook isn't equipped for the purposes of spam reporting.

<snip>

...But that doesn't stop me from successfully submitting about 99.999999% of the spam I receive in my Exchange account through Outlook (either via e-mail as an attachment or using the SpamCop two-part web form).

Share this post


Link to post
Share on other sites

I tried it with a fresh item of pdf spam, and it submitteded fine.

The delightfully named OASniffer add-in facilitates exports of multiple items in .eml format (plain txt), spamcop will accept multiple items attached to a single email. If I do get a shed-load of pdf spam, i'll get them submitted in a trice. Before this thread I could not submit even one - silly Outlook!

I have partially convinced myself for no other reason than it makes sense that the makers of Outlook must have made a patch to allow the saving of emails from outlook2000 as .eml.

Does anyone have info on what spamcop actually does with spam attachements, I tried searching the FAQ but oddly there are exactly zero hits for the word attachment. It seems the google search has not indexed the faqs on the www subdomain.

http://www.google.co.uk/search?hl=en&q...t+faq&meta=

does not seem to throw much light on it either.

[at]turetzsr

Surely your Outlook optimises the headers of any emails sent as attachments? Outlook version?

Share this post


Link to post
Share on other sites

The .msg file was not suitable.

I just tried submitting a .msg file ("a binary MAPI message built on COM/structure-storage") to spamcop as an attachment, its headers are 'optimised' by outlook on sending and so becomes useless, however in the returned email the spamcop parser is shown to have processed prefectly well the .msg file and the returned output looks very similar to the saved .eml version (with some other changes too)

Compare this with the above quoted sample

Date: Mon, 23 Jul 2007 11:33:01 +0100
From: cae &lt;cae[at]sahar-ins.co.il&gt;
To: xxxxxxxxxxxx &lt;xxxxxxxxxxxx[at]xxxxxxxxxxxx.com&gt;
Message-ID: &lt;H000008100106fea.1185440231.mail.xxxxxxxxxxxx.com[at]MHS&gt;
Subject: 
MIME-Version: 1.0
Content-Type: multipart/mixed;
	boundary="scalix-part-00038642a9=_02"

--scalix-part-00038642a9=_02
Content-Type: text/plain;
	charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline



--scalix-part-00038642a9=_02
Content-Type: application/pdf
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
	filename="offer.pdf"

JVBERi0xLjEKJeLjz9MKMSAwIG9iaiAKPDwKL1BhZ2VzIDIgMCBSCi9UeXBlIC9DYXRhbG9n
Cj4+CmVuZG9iaiAKMiAwIG9iaiAKPDwKL01lZGlhQm94IFswIDAgNjEyIDc5Ml0KL0tpZHMg
WzMgMCBSIDQgMCBSIDUgMCBSIDYgMCBSIDcgMCBSIDggMCBSXQovQ291bnQgNgovVHlwZSAv
UGFnZXMKPj4KZW5kb2JqIAo5IDAgb2JqIAo8PAovQmFzZUZvbnQgL0NvdXJpZXIKL1N1YnR5
cGUgL1R5cGUxCi9OYW1lIC9GMQovVHlwZSAvRm9

<truncated>

AowMDAwMDA4MDc1IDAwMDAwIG4gCjAwMDAwMTE2ODUgMDAwMDAgbiAKMDAw
MDAxNTY1NyAwMDAwMCBuIAowMDAwMDE4OTcyIDAwMDAwIG4gCjAwMDAwMTkxMjIgMDAwMDAg
biAKdHJhaWxlcgoKPDwKL0VuY3J5cHQgMTcgMCBSCi9JbmZvIDE4IDAgUgovUm9vdCAxIDAg
UgovU2l6ZSAxOQovSUQgWzwzM2QzOGIzYjE3NGNhZGQxNTBkYWFiYzY4NDNlNmRhMj48NWQx
OTBhNjc2YzJlNGRiYzBlZjIxZjdkZWU3ZjQxMzQ+XQo+PgpzdGFydHhyZWYKMTkzNzcKJSVF
T0YK

--scalix-part-00038642a9=_02--


I tried sending the .msg file zipped up and also rared up but spamcop did not understand it.

Share this post


Link to post
Share on other sites
<snip>

[at]turetzsr

Surely your Outlook optimises the headers of any emails sent as attachments? Outlook version?

...Dunno and don't care, since I am able to submit and the SpamCop parser seems to do its thing. :) <g>

...Edit: added later, did not realize that I had been asked which version of Outlook I am using. Outlook 2003.

Edited by turetzsr

Share this post


Link to post
Share on other sites

turetzsr , do you mean that an 'exchange version' (what ever that is) of outlook can forward as an attachment email for submittal to spamcop in the 'correct' way?

Further comments on:

Outlook Attachment Sniffer.

http://www.rsbr.de/Software/OASniffer/index_eng.htm

a) The mime boundries are changed. (I am not saying mime boundry names are important to spamcop.net, are they?)

eg:

Content-Type: multipart/mixed;
 boundary="------------030203080506020007000504"
MIME-Version: 1.0

becomes

Content-type: Multipart/mixed; charset=windows-1252;
 boundary="00B0FEED_Redemption_message_boundary"
MIME-Version: 1.0 (produced by Redemption)

B) The headers are changed a bit, by added entries or changed characters

eg these two are added where there was none like these before:

X-mailer: Redemption MIME converter ver.3.4.0.325
X-Priority: 3

eg the [at] character changes into (a)

eg:

Message-ID: &lt;46AF31A7.4020106 [at] uk.munged.com&gt;

becomes:

Message-ID: 46AF31A7.4020106(a)uk.munged.com

eg:

From: Sebastian munged &lt;xhj [at] uk.munged.com&gt;

becomes:

From: "xhj[at]uk.munged.com" &lt;xhj[at]uk.munged.com&gt;

c) the option to use the outlook add-in when looking at an email that is an attachment to another email is an important feature to have!, as header details are lost/'optimised' when moving an email from being an attachment to an email into the inbox so the OAsniffer addin can be used on it.

d) when replying to an email, and adding in an inline bmp it is not possible to send the email since for some reason OAS cannot process the email - quite why it is concerning its self with email being sent is beyond me.

Edited by cisxadmin

Share this post


Link to post
Share on other sites
turetzsr , do you mean that an 'exchange version' (what ever that is) of outlook can forward as an attachment email for submittal to spamcop in the 'correct' way?

<snip>

...Yes, exactly!

...However, I don't know what an "'exchange version' ... of outlook" is, either. Outlook is a client tool that (among other things) allows one to access e-mail stored on a Microsoft Exchange Server.

Share this post


Link to post
Share on other sites
...However, I don't know what an "'exchange version' ... of outlook" is, either. Outlook is a client tool that (among other things) allows one to access e-mail stored on a Microsoft Exchange Server.

Reaching way back when, one could install Outlook as 'Internet Mode Only' or 'Corporate' mode. Various functions and capabilities of Outlook were impacted by this selection.

Basically, Internet Mode meant POP3, SMTP, etc. access to an external e-mail server.

Corporate Mode basically meant that Outlook only dealt with the 'local' Exchange server.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×