ravenstar68

The error message tells you what the issue is although the IP address of the server resolves back to vmx.spamcop.com - That's not the identity given in the HELO The identity in the HELO is prod-sc-www03.spamcop.net I added a rule in my postfix file /etc/postfix/helo_access.pcre to whitelist the hostname so it didn't go through the checks on the HELO identity - I removed it once I'd completed the Spamcap mail host configuration. Here's a dig on the HELO identity. % dig prod-sc-www03.spamcop.net ; <<>> DiG 9.10.6 <<>> prod-sc-www03.spamcop.net ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 3536 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;prod-sc-www03.spamcop.net. IN A ;; AUTHORITY SECTION: spamcop.net. 300 IN SOA ns1-93.akam.net. hostmaster.akamai.com. 2023052201 300 300 300 300 ;; Query time: 43 msec ;; SERVER: fe80::c206:c3ff:fe3b:cc8d%12#53(fe80::c206:c3ff:fe3b:cc8d%12) ;; WHEN: Sun Jul 09 11:56:02 BST 2023 ;; MSG SIZE rcvd: 123 A sending server delivering to a mail exchanger should identify itself properly with its FQDN. The FQDN Should resolve back to the IP address, and the ideal configuration is for the reverse IP to resolve back to the FQDN given in the HELO identity. Really surprised to see this behaviour from Spamcaops setup.

I managed to solve the issue by whitelisting Spamcops HELO argument temporarily.

Hi I've previously registered my mail hosts with yourself, but I have changed my servers and wanted to register my current mail setup The issue is the send from your servers in order to start the process is being rejected: Connecting to mail.timothydutton.co.uk.: smtpSend:smtpEnvelope (service@admin.spamcop.net, me@myaddress.co.uk): smtpTo rcpt to:me@myaddress.co.uk (450 4.7.1 : Helo command rejected: Host not found ) Sometimes, mailservers are temporarilly unavailable. If you believe you have entered your email address and other details correctly, you might just wait a few minutes (or 24 hours) and try again. Checking the logs on my mail server I see this Jul 7 18:11:22 mail postfix/smtpd[1489520]: warning: hostname vmx.spamcop.net does not resolve to address 184.94.240.100 Jul 7 18:11:22 mail postfix/smtpd[1489520]: NOQUEUE: reject: RCPT from unknown[184.94.240.100]: 450 4.7.1 <prod-sc-www03.spamcop.net>: Helo command rejected: Host not found; from=<service@admin.spamcop.net> to=<me@myaddress.co.uk> proto=SMTP helo=<prod-sc-www03.spamcop.net> Doing a dig for vmx.spamcop.net I get this vmx.spamcop.net. 300 IN A 184.94.240.112 So it looks to me as something has changed with your sending setup Are you able to look into this?

What bothers me is that if I read the information right, While Spamcop does log the info on it's system, it does not actually send anything off to the Amazon reporting address. Does anyone know why this is? Tim

Boothy I would also make sure that you post the WHOLE email rather than just the headers you think are correct. Spamcop's system does parse the mail and among other things will look for the blank line between the headers and body (as I discussed over on the VM forums earlier). The easiest way is to go into webmail and then highlight the mail in question and select view source. Click in the window that pops up and then press CTRL-A (select all) CTRL+C (Copy to clipboard) This will allow spamcop to parse the email body for links. Here's a working example https://www.spamcop.net/sc?id=z6595387734zd88c2c465869cb155be7423f95f19d0fz Here's the point at which Virgin Media's server picked up the email from the sender: 2: Received: from turn-girlmaybe.org ([3.112.155.93]) by mx2.tb.ukmail.iss.as9143.net with ESMTP id ZY86iqwyCemITZY8einp1f; Tue, 26 Nov 2019 11:32:09 +0100 Hostname verified: ec2-3-112-155-93.ap-northeast-1.compute.amazonaws.com blueyonder.co.uk received mail from sending system 3.112.155.93 However it continue to parse the mail and finds more received headers (In this case these particular mails have a particular feature in that the initial send headers appear to have been lifted from a comcast server) 3: Received: from dovdir1-asb-05o.email.comcast.net ([96.114.154.181]) 6d7242eb83c1e7a47de48e21c6757765 by dovback1-asb-21o.email.comcast.net with LMTP id 0ICZM+sGO13mPQAADPwQFg for <x>; Fri, 26 Jul 2019 13:58:04 +0000 Hostname verified: resimta-po-34v.sys.comcast.net Possible forgery. Supposed receiving system not associated with any of your mailhosts Will not trust this Received line. This is a peculiar feature of the way spamcop's parsing system works. However we note that it has picked up the correct sending server previously . So I wouldn't panic that it says possible forgery here. Tim

Hi Petzel Just to clarify what's going on here: 212.54.57.77 isn't a spamming server. Rather it's one of the inbound servers used by Virgin Media. AS9143 is Ziggo Internet who are another Liberty Global owned company. They run email servers in the Netherlands and when Google closed their Apps for ISP service, rather than going with one of the other big mail providers, Virgin Media effectively went in house and shifted their email provision over to Ziggo between July and December 2015. (shudders at the memory) Boothy hadn't trained Spamcop to recognise the inbound server chain by using the MailHosts tab and adding his ntlworld.com email address. He's not the only one by all means and as we can see by the thread he has corrected this.