Jump to content
Sign in to follow this  
paulp

Empty spam from cesmail.net?

Recommended Posts

I've been receiving them for many months, but now they are more and more often: empty mails from cesmail.net

E.g.:

Received: from c60.cesmail.net (c60.cesmail.net [216.154.195.49])

by esperanto.be with ESMTP (Mailtraq/2.12.1.2362) id ESPR80EAC70A

for xxx[at]esperanto.be; Thu, 05 Jun 2008 10:30:40 +0200

Received: from unknown (HELO filter7.cesmail.net) ([192.168.1.217])

by c60.cesmail.net with SMTP; 05 Jun 2008 04:30:39 -0400

Received: (qmail 3823 invoked by uid 1010); 5 Jun 2008 08:30:39 -0000

I assume cesmail = spamcop. So is some spamcop-bot badly configured?

Share this post


Link to post
Share on other sites
...So is some spamcop-bot badly configured?
Got me beat - but message sent to JT, owner of the resources that are apparently implicated.

Share this post


Link to post
Share on other sites

Curious as to why this was placed into the Lounge area rather than the SpamCop Email System & Accounts Forum section ...????

I've been receiving them for many months, but now they are more and more often: empty mails from cesmail.net

Just noting that 'blank e-mails' have been the subject of other ancient and recent Topics and Discussions within this Forum, the newsgroups, etc. Did you try to search for any of this existing data?

Received: from c60.cesmail.net (c60.cesmail.net [216.154.195.49])

by esperanto.be with ESMTP (Mailtraq/2.12.1.2362) id ESPR80EAC70A

for xxx[at]esperanto.be; Thu, 05 Jun 2008 10:30:40 +0200

Received: from unknown (HELO filter7.cesmail.net) ([192.168.1.217])

by c60.cesmail.net with SMTP; 05 Jun 2008 04:30:39 -0400

Received: (qmail 3823 invoked by uid 1010); 5 Jun 2008 08:30:39 -0000

I assume cesmail = spamcop. So is some spamcop-bot badly configured?

Not enough data provided. As suggested, hinted at, requested in numerous places, a Tracking URL is the vehicle requested to provide the data needed to try to discuss a 'spam e-mail' .... As stated above, both recent and ancient traffic pointed to e-mails with a seriously broken Message-ID: header line. As the question has come up by folks using many different e-mail Hosts, it's hard to take your leap of logic immediately, especially with no data provided to work with.

Share this post


Link to post
Share on other sites
Curious as to why this was placed into the Lounge area rather than the SpamCop Email System & Accounts Forum section ...????...
Reviewing the O/P's history I could see no indication he's a SC mail user. Which may mean I've misinterpreted the situation but his previous incidents were about being on the SCbl and a spammer exploit

http://forum.spamcop.net/forums/index.php?showtopic=9438

http://forum.spamcop.net/forums/index.php?showtopic=9465

Previous blank stuff "from spamcop" involved mail users, as far as I could see, and probably a different circumstance entirely. This is much more interesting.

Share this post


Link to post
Share on other sites
Not enough data provided. As suggested, hinted at, requested in numerous places, a Tracking URL is the vehicle requested to provide the data needed to try to discuss a 'spam e-mail' ....

Not enough data provided? What else can I provide? I get empty mails from cesmail.net. The only thing that "arrives" here is the header, which I have added.

A tracking URL? As far as I understand an empty mail cannot be reported to Spamcop.

Share this post


Link to post
Share on other sites
I've been receiving them for many months, but now they are more and more often: empty mails from cesmail.net

E.g.:

Received: from c60.cesmail.net (c60.cesmail.net [216.154.195.49])

by esperanto.be with ESMTP (Mailtraq/2.12.1.2362) id ESPR80EAC70A

for xxx[at]esperanto.be; Thu, 05 Jun 2008 10:30:40 +0200

Received: from unknown (HELO filter7.cesmail.net) ([192.168.1.217])

by c60.cesmail.net with SMTP; 05 Jun 2008 04:30:39 -0400

Received: (qmail 3823 invoked by uid 1010); 5 Jun 2008 08:30:39 -0000

I assume cesmail = spamcop. So is some spamcop-bot badly configured?

This message was much larger when we delivered it to you.

Thu Jun 5 04:30:39 2008 Info: MID 575557146 ready 1002 bytes from <wxxxx.bxxxx[at]pxxxx.com>

Thu Jun 5 04:30:39 2008 Info: MID 575557146 Message-ID '<200805279[6'

I've replaced part of the email address, but I suspect it's spam anyway. I think what's happening is that your mail server or some point in the processing of your mail after we deliver it is just cutting off the message after the first few headers. So, you're getting only the first few lines. The mail may have had illegal characters or a malformed header line, I don't know. It looks like the Message-ID line is bad, for instance.

Our system had 1002 characters, which is much more than what you saw up above. I don't believe our system is simply hanging up or failing to deliver the rest of the message, because we're getting this from your mail server:

Thu Jun 5 04:30:41 2008 Info: MID 575557146 RID [0] Response 'received the message, thanks'

You might check the server logs and see if your server logs how many bytes it received.

JT

Share this post


Link to post
Share on other sites
You might check the server logs and see if your server logs how many bytes it received.

Thanks for you answer! I'll check the logs on monday when I'm back in the office.

Share this post


Link to post
Share on other sites
Not enough data provided? What else can I provide? I get empty mails from cesmail.net. The only thing that "arrives" here is the header, which I have added.

All I see is a 'snippet' of some header data. If you're going to provide the header, please provide the 'complete' header.

A tracking URL? As far as I understand an empty mail cannot be reported to Spamcop.

See Material changes to spam after actually determining that it is really a blank / no-body spam.

One can use the Parser to get a Tracking URL and cancel the report.

Any reason all the other things posted about weren't talked to in your response? Things like;

Message-ID string in your 'blank' e-mails

Are you a SpamCop.net e-mail account holder or not

Did you look at any other existing traffic about blank e-miails and did any of it apply

Are you trying to say that you're just sitting there, minding your own business, and out of the blue, JT's servers just decided to start sending you broken e-mails for no reason at all?

Again, not enough data provided to have a meaningful discussion, in my opinion.

Later Edit: OK, while I was typing my response, I see both you and JT posted some traffic. Interestingly enough, the Message_ID: content was brought up ....

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×