Mariano
-
Posts
9 -
Joined
-
Last visited
Content Type
Profiles
Forums
Events
Posts posted by Mariano
-
-
BTW: Is any of you part of the SC team?
-
Thanks for all the explanations.
I was hesitant about resetting my mailhost because that has to be done by hand by the op's (the web-based method appears not to work for the mailserver at my university), and I would prefer not to bug them with extra work.
About setting/not setting up mailhost, I did it because noticed that in the past some reports included my ISP in the list of spammers. I was hoping mailhost would resolve that (plus SC says somewhere that this will be obligatory in the near future).
This spammer is very annoying. They keep changing the name of the server and that fools the other spam filters I have set up.Thanks to all!
-
19 minutes ago, Mariano said:
X-Antivirus: avast (VPS 22011604)
X-Antivirus-Status: Clean
Return-Path: <info@activitymatchdull.co>
X-Original-To: USER@astro.rug.nl
Delivered-To: USER@astro.rug.nl
Received: from localhost (localhost [127.0.0.1])
by mailhost1.astro.rug.nl (Postfix) with ESMTP id 50FED34BCD
for <USER@astro.rug.nl>; Sun, 16 Jan 2022 20:13:26 +0100 (CET)
X-Virus-Scanned: amavisd-new at astro.rug.nl
X-spam-Flag: NO
X-spam-Score: 5.513
X-spam-Level: *****
X-spam-Status: No, score=5.513 tagged_above=2 required=6.2
tests=[BAYES_20=-0.001, HTML_MESSAGE=0.001,
HTML_MIME_NO_HTML_TAG=0.377, MIME_HTML_ONLY=0.1,
MIME_QP_LONG_LINE=0.001, RCVD_IN_MSPIKE_BL=0.001,
RCVD_IN_MSPIKE_L4=0.001, RCVD_IN_SBL_CSS=3.335, SPF_HELO_PASS=-0.001,
SPF_PASS=-0.001, URIBL_BLACK=1.7] autolearn=no autolearn_force=no
Received: from mailhost1.astro.rug.nl ([129.125.6.180])
by localhost (mailhost.astro.rug.nl [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id rvaq9I2sDGVf for <USER@astro.rug.nl>;
Sun, 16 Jan 2022 20:13:25 +0100 (CET)
X-Greylist: delayed 632 seconds by postgrey-1.34 at mailserver1.intra.astro.rug.nl; Sun, 16 Jan 2022 20:13:22 CET
Received: from activitymatchdull.co (activitymatchdull.co [163.123.141.109])
by mailhost1.astro.rug.nl (Postfix) with ESMTP id E20B11C709
for <USER@astro.rug.nl>; Sun, 16 Jan 2022 20:13:22 +0100 (CET)
Date: Sun, 16 Jan 2022 13:50:33 -0500
From: "Detox Healthy Patches" <info@activitymatchdull.co>
MIME-Version: 1.0
Precedence: bulk
To: <USER@astro.rug.nl>
Subject: relief you need! You'll have more energy, feel healthier and generally
Message-ID: <ERVC2j_MBduIuAMqMMh2b_q8y639RlfLPJ-oJK7teHM.RScVWl2nZbhah1-uQBdEVfKdyHaQPqYRP_wQDm7hvQQ@activitymatchdull.co>
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Lines: 204Looking at the spam, I see that at the top it says:
#################################
Received: from localhost (localhost [127.0.0.1])
by mailhost1.astro.rug.nl (Postfix) with ESMTP id 50FED34BCD#################################
while a few lines below it shows the actual sender:
#################################
Received: from activitymatchdull.co (activitymatchdull.co [163.123.141.109])
by mailhost1.astro.rug.nl (Postfix) with ESMTP id E20B11C709
for <USER@astro.rug.nl>; Sun, 16 Jan 2022 20:13:22 +0100 (CET)
#################################Is this standard? (Sorry, I am not familiar with posix conventions). Could it be that this is confusing Spamcop? I can ask my university why they do it this way.
Thanks
-
Thanks RobiBlue: I did not cancel the report. The thing I see when I go to past reports is this:
-
Submitted: 16/01/2022, 21:46:11 +0100:
Grow another 3-6" inches in the next 30 days
No reports filed - To explain a bit more: I do not paste the raw email on the website. I forward the raw email as attachment. I then get an email back from Spamcop (see example below) with a link to finalise the report. When I click on that link I get one of the reports I posted above (e.g., in the original post at the top). I have no option to finalise or cancel the spam report. I had copied the headers of the email from the spammer above. But here is the email I get from Spamcop after I forward the spam to my Spamcop address:
X-Antivirus: avast (VPS 22011604)
X-Antivirus-Status: Clean
Received: from 10.196.241.214
by atlas213.free.mail.bf1.yahoo.com with HTTPS; Sun, 16 Jan 2022 20:43:17 +0000
Return-Path: <spamid.6737270321@bounces.spamcop.net>
X-Originating-Ip: [184.94.240.112]
Received-SPF: pass (domain of bounces.spamcop.net designates 184.94.240.112 as permitted sender)
Authentication-Results: atlas213.free.mail.bf1.yahoo.com;
dkim=unknown;
spf=pass smtp.mailfrom=bounces.spamcop.net;
dmarc=pass(p=NONE,sp=NONE) header.from=devnull.spamcop.net;
X-Apparently-To: mendez1960@yahoo.com; Sun, 16 Jan 2022 20:43:17 +0000
X-YMailISG: 25t1ArUWLDtakCh2lyUWbaWVJKJOp39fmygSDPeFzlusDj1D
wIV1X7c9Y_gN9fqQxXQr8I.RBWYws6Fy2.bYkai2250ZBT85_hQzEDIzD_OL
qotAf0xi.zqJBISU5WhL2JTmcmiNj9XCeo_BA7WM57AagEfeGNvoQ7w3Uj3x
JcpV64Vs_cxT3Ep399Rirp783cgcRp.Km0_ev2rtEhjtqqm6YQLQoiSnupnn
Yys5L0D9TApqFlm8hR9AigequRxz.44_vx6UwX.Ql6rRz1M63qezPAwcaa3n
N7U69BqnAhDq_mFCUbkj4TCHHeTEEzbJt.kyzBcyEHubCLOgityQCN7thSW8
pPtzUfBZUIi3S0E_Z4YKNPzZt53C6lwoIVdwFGGUb4hGkxxYlD5dd69_q3HG
8b1b54U0IzXpIv1v54CzTeZ7kUtU1s4PDo9Qxuf8dcsR6168UEJ7It9D.lDK
Lp_tNGk1nANCv6igtwa.IdOo0da4Y6KyC_gVON9CEiymdiWJ669cFf9oetrX
6lNZn3q.z2XrcZMoBSNWfTpPv.5ueofiHROlh2zJNYiZr11uQ2w1rtZI996J
X4wbtSjufjEhskVe_HNZOzlkdxX86C9tQFk689sy0TrJvftx5KoXtvPHGbCb
leOLsxEaFbbbR2YhcHZZoCbp9SzqAFW.QApVFtyekQsw5aeZtm3pIplKLiTW
rHi5U0ipDlzdOkvbw5_FBQbWc1juQK1QX6CcOcJitqZwwXVX.hDxoz0HqtPS
kONqf76ciTf4EuWZQbv9HLhyM79wQt0FpKjH9fbMvq_d0d.zaGoJn82IMI82
.uAS9fu_kGel6y2OdZhMMyPFMdXQW8nqzjveOrfvJ0n9PK79ulakN6VIvf9j
3FhMM5uPblgZAebuexSxlHl87lezvRGaAR9126l9mYDVpPSdixPh53kLCMBA
y3XH9mckmaJyK4Abwlzt6MD3onRXdeIRhfOFLlkkv.jpCaWSkZ9dZZbMXM5g
TeWCkEu5qtlmUZiIwFIVIUwPUfR2YXQ0B2hNP7pEWhTYYnBm2yavqaXS7HlJ
ZSjmycz1ce5eNuuZ
Received: from 184.94.240.112 (EHLO vmx.spamcop.net)
by 10.196.241.214 with SMTPs
(version=TLS1_2 cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256);
Sun, 16 Jan 2022 20:43:17 +0000
DomainKey-Signature: s=devnull; d=spamcop.net; c=nofws; q=dns;
h=IronPort-SDR:X-Corpus-CASE-Score:Received:From:To:
Subject:Date:Message-ID:Content-type:In-Reply-To:
References;
b=EhPQJWu+vLYAg7blRuiF2R7C4bjCWyDlNlRSsCFYyQoVpigqZunlZurO
2STptKPsPD1qip3cx+fFDUh8xjdofoFhVe8qIAzZ8XIMFSnhhk3DZyLfm
XXDULZB8pHhzXN4;
IronPort-SDR: kaCt7kGrNgN88bvrho2UWRv23L52BhWrNAiXCaJdSjjlg81w4JhVjOhvGACsraMRqkSttPsa7U
xvB0pxUOsBPCBBlNOZDwv6vzxlPz9NtCId9XT8Kz2LJcaCZkvMB2BoqNpTGd7wQwtATci9JsYZ
GcGNIFFal9Xh2D/ynml3O+HtoiGIOJi6ORAHRlyBEF8/HqnPA97eH+Fhmy2et1xtXU3V+5dTJ5
MFvwGM4/Xw3dWkI9zD9bzAHsB1lulMoV4XNZbk+G/H5ew4we7neBv2fXcpt7roy7muNlj25ixI
TeM=
X-Corpus-CASE-Score: 0
Received: from prod-sc-app009.sv4.ironport.com (HELO prod-sc-app009.spamcop.net) ([10.8.141.29])
by prod-sc-smtp-vip.sv4.ironport.com with SMTP; 16 Jan 2022 12:43:16 -0800
From: SpamCop AutoResponder <spamcop@devnull.spamcop.net>
To: mendez1960@yahoo.com
Subject: [SpamCop] has accepted 1 email for processing
Date: Sun, 16 Jan 2022 20:43:15 GMT
Message-ID: <spamid6737270321@msgid.spamcop.net>
Content-type: text/plain
In-Reply-To: <7A6C0399-2B5B-4B77-8110-B34611A6C4F1@astro.rug.nl>
References: <7A6C0399-2B5B-4B77-8110-B34611A6C4F1@astro.rug.nl>
Content-Length: 2634PLEASE HELP SUPPORT THIS SERVICE!
SpamCop is free. However, if you like the service please pay for it:
https://www.spamcop.net/upgradeaccount.shtmlSpamCop is now ready to process your spam.
Use links to finish spam reporting (members use cookie-login please!):
https://www.spamcop.net/sc?id=z6737270321z1d865d2cdd247325b4a6589df14c7965z
The email which triggered this auto-response had the following headers:
Return-Path: <USER@astro.rug.nl>
Received: from vmx.spamcop.net (prod-sc-smtp15.sv4.ironport.com [10.8.129.235])
by prod-sc-app009.sv4.ironport.com (Postfix) with ESMTP id 3CC94838F6
for <submit.MymButMRJ56SGu6W@spam.spamcop.net>; Sun, 16 Jan 2022 12:41:02 -0800 (PST)
Authentication-Results: vmx.spamcop.net; dkim=none (message not signed) header.i=none
IronPort-SDR: kIPI6uPHLWcrJ5a3HYyi9JhuBgmxeNdhQh7PX7V1ZItjEGdn7kt+kf7jhKhCDZT7jE+3X0lC2v
D7FqvP4yeuQwDHAK6pTFpGxuCA2WJ1UkPyzjOylN7vY1PCxFhIpNe9KhJ0EHew5N6mmycLxIPl
epusattPI3bskO1C8cSQE71iedI7R6/U825ssIe8/9hCfot9vrUhlsjGpz+7qRBBsMFsEOs5bO
uADOn0Qcr0XMXyA4zkSW2Tm7cGeRcsw+Xcl3ap31dScYuwuG42W9eNu/IoSOqjZHTC/Ml4wPgd
NfjSAsUzdHveRPdL76bGrqzh
Received: from mailhost1.astro.rug.nl ([129.125.6.180])
by vmx.spamcop.net with ESMTP; 16 Jan 2022 12:41:01 -0800
Received: from localhost (localhost [127.0.0.1])
by mailhost1.astro.rug.nl (Postfix) with ESMTP id 0534E34BCD
for <submit.MymButMRJ56SGu6W@spam.spamcop.net>; Sun, 16 Jan 2022 21:41:00 +0100 (CET)
X-Virus-Scanned: amavisd-new at astro.rug.nl
Received: from mailhost1.astro.rug.nl ([129.125.6.180])
by localhost (mailhost.astro.rug.nl [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id xd5c_myTt3ao
for <submit.MymButMRJ56SGu6W@spam.spamcop.net>;
Sun, 16 Jan 2022 21:40:58 +0100 (CET)
Received: from [192.168.178.130] (94-212-125-192.cable.dynamic.v4.ziggo.nl [94.212.125.192])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by mailhost1.astro.rug.nl (Postfix) with ESMTPSA id D131934A73
for <submit.MymButMRJ56SGu6W@spam.spamcop.net>; Sun, 16 Jan 2022 21:40:58 +0100 (CET)
From: USER@astro.rug.nl
Content-Type: multipart/alternative;
boundary="Apple-Mail=_5098530C-608F-4EA8-B83C-7C6BA1F83316"
X-Mao-Original-Outgoing-Id: 664058458.737743-171147d3a152d847ca31ae78c2908bc6
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.21\))
Subject: Fwd: be happier - everyone will wonder what your secret is!
Message-Id: <7A6C0399-2B5B-4B77-8110-B34611A6C4F1@astro.rug.nl>
Date: Sun, 16 Jan 2022 21:40:58 +0100
To: "submit.MymButMRJ56SGu6W@spam.spamcop.net" <submit.MymButMRJ56SGu6W@spam.spamcop.net>
X-Mailer: Apple Mail (2.3445.104.21)Thanks!
-
Submitted: 16/01/2022, 21:46:11 +0100:
-
I just got one spam in this account; I forwarded it to my usual Spamcop address and I get again the same message I posted in the first post of this thread. That's all; there is no other report I can send to help track down the issue:
SpamCop v 5.4.0 © 2022 Cisco Systems, Inc. All rights reserved.
Here is your TRACKING URL - it may be saved for future reference:
https://www.spamcop.net/sc?id=z6737268214zc14769c972a1e7911c024300e846b532zMailhost configuration problem, identified internal IP as sourceMailhost:
Please correct this situation - register every email address where you receive spamNo source IP address found, cannot proceed.Add/edit your mailhost configuration
Finding full email headers
Submitting spam via email (may work better)
Example: What spam headers should look likeNothing to do.
I then forwarded the same spam to a different Spamcop account in which I have not set the mailhost. Here is the report I get in that case. None of the addresses mentioned in the report correspond to my ISP (astro.rug.nl). I wonder why in the other case Spamcop would think that the spam comes from my ISP:SpamCop v 5.4.0 © 2022 Cisco Systems, Inc. All rights reserved.
Here is your TRACKING URL - it may be saved for future reference:
https://www.spamcop.net/sc?id=z6737268372zcb07d704fa5d85c5e2222fc431c18620z
http://www.activitymatchdull.finance/Wpfabpo/gSw5ur1BtMgyE6Cxqt5lLgRik8E1nM_KG5kgZlUPq7TG10X2vECy-ubppo6-jhaZHeRwjdTbS4NyweUxQOWvAVpXNakxbp7xfPRN3gIyWYRlRyQLGdDEIe2u9VFRI2LxsJOUmCCsnrieC3ANqbHpcOocSL-zgJKnBr3rYH61vPl9xbbmGvHFAKlsLEnWej-x.IgpWqOx_BYJwTRuVjzNFQtL-aphMjhrPVudmkuszWr4
http://www.activitymatchdull.finance/Jehbxsac/bhscd841828rqibea/4rWzsukmduVPrhjMhpa-LtQFNzjVuRTwJYB_xOqWpgI/x-jeWnELslKAFHvGmbbx9lPv16HYr3rBnKJgz-LScoOcpHbqNA3CeirnsCCmUOJsxL2IRFV9u2eIEDdGLQyRlRYWyIg3NRPfx7pbxkaNXpVAvWOQxUewyN4SbTdjwReHZahj-6oppbu-yCEv2X01GT7qPUlZgk5GK_Mn1E8kiRgLl5tqxC6EygMtB1ru5wSg
Please make sure this email IS spam:
From: "Detox Healthy Patches" <info@activitymatchdull.co> (relief you need! You'll have more energy, feel healthier and generally )
Improve your body and mind with this totally natu
ral Japanese remedy=
View full messageReport spam to:Re: 163.123.141.109 (Administrator of network where email originates)
To: abuse@serverion.com (Notes)
To: info@serverion.com (Notes)Re: http://www.activitymatchdull.finance/Jehbxsac/b... (Administrator of network hosting website referenced in spam)
To: abuse@cloudflare.com (Notes)Re: http://www.activitymatchdull.finance/Wpfabpo/gS... (Administrator of network hosting website referenced in spam)
To: abuse@cloudflare.com (Notes)Finally, I checked the raw spam and I do not find any reference to my ISP in the body. The name of the mail server and IP of my ISP appear only in the header as part of the delivery process (see below).
Does this help?
If not, I'd be happy to provide more info (but at the moment I am not sure what else I could provide...)
Thanks
Mariano
X-Antivirus: avast (VPS 22011604)
X-Antivirus-Status: Clean
Return-Path: <info@activitymatchdull.co>
X-Original-To: USER@astro.rug.nl
Delivered-To: USER@astro.rug.nl
Received: from localhost (localhost [127.0.0.1])
by mailhost1.astro.rug.nl (Postfix) with ESMTP id 50FED34BCD
for <USER@astro.rug.nl>; Sun, 16 Jan 2022 20:13:26 +0100 (CET)
X-Virus-Scanned: amavisd-new at astro.rug.nl
X-spam-Flag: NO
X-spam-Score: 5.513
X-spam-Level: *****
X-spam-Status: No, score=5.513 tagged_above=2 required=6.2
tests=[BAYES_20=-0.001, HTML_MESSAGE=0.001,
HTML_MIME_NO_HTML_TAG=0.377, MIME_HTML_ONLY=0.1,
MIME_QP_LONG_LINE=0.001, RCVD_IN_MSPIKE_BL=0.001,
RCVD_IN_MSPIKE_L4=0.001, RCVD_IN_SBL_CSS=3.335, SPF_HELO_PASS=-0.001,
SPF_PASS=-0.001, URIBL_BLACK=1.7] autolearn=no autolearn_force=no
Received: from mailhost1.astro.rug.nl ([129.125.6.180])
by localhost (mailhost.astro.rug.nl [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id rvaq9I2sDGVf for <USER@astro.rug.nl>;
Sun, 16 Jan 2022 20:13:25 +0100 (CET)
X-Greylist: delayed 632 seconds by postgrey-1.34 at mailserver1.intra.astro.rug.nl; Sun, 16 Jan 2022 20:13:22 CET
Received: from activitymatchdull.co (activitymatchdull.co [163.123.141.109])
by mailhost1.astro.rug.nl (Postfix) with ESMTP id E20B11C709
for <USER@astro.rug.nl>; Sun, 16 Jan 2022 20:13:22 +0100 (CET)
Date: Sun, 16 Jan 2022 13:50:33 -0500
From: "Detox Healthy Patches" <info@activitymatchdull.co>
MIME-Version: 1.0
Precedence: bulk
To: <USER@astro.rug.nl>
Subject: relief you need! You'll have more energy, feel healthier and generally
Message-ID: <ERVC2j_MBduIuAMqMMh2b_q8y639RlfLPJ-oJK7teHM.RScVWl2nZbhah1-uQBdEVfKdyHaQPqYRP_wQDm7hvQQ@activitymatchdull.co>
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Lines: 204
-
Regarding the forging of the email address: I was not correct in my explanation. The spams that I receive come from outside my domain. I checked the full raw email and there is no reference to our domain, except in the parts of the headers where the emails were received by our server from the outside servers. I wonder how Spamcop gets that my IP is the source. I did not keep the emails, so I cannot check them again to be 100% sure. I will do it again next time to see whether I missed something.
Thanks!
-
Hi Petzl: I configured the mailhost about 3 days ago. As I wrote originally, the procedure through the website would not work. After I feel the email address I get a message that the mailserver does not respond so the procedure cannot be completed. The mail server is up and working. I sent an email to the ops explaining the problem and they issued a waiver and installed the mailhost on my behalf. If I check, the mail servers that are configured are the correct ones.
I fear that if I delete the configuration I will have to ask the operators again to set it up for me. (And I prefer not to bother them with this as much as it is not necessary).
I will see what I can post here from a Spamcop report after I get the next spam. The reports I was referring to in my post did not get submitted because of the error. If I got to my past reports, they all look like this:
-
Submitted: 15/01/2022, 12:31:04 +0100:
The electric hand massager that's cheaper than going to the doctor!
No reports filed
-
Submitted: 15/01/2022, 12:31:04 +0100:
-
Hi:
I configured mailhost for all all my email addresses. For one of the addresses I got a waiver from the op because something was not working using the regular way of setting mailhost. Since then, whenever I report a spam from that address I get the message below. Is this normal behaviour? Does it mean that if I receive spam on that address and the spammer forges my own server as sender I can no longer report spam from that address?
I believe everything is set up properly, but since the address was added by the op, I am not 100% sure. Is there anything I should check/change? I could not find anything about this in the forum.
Thanks
Mariano
P.S. I replaced the id by XXXXXX... in case spammers read this forum :^)
SpamCop v 5.4.0 © 2022 Cisco Systems, Inc. All rights reserved.
Here is your TRACKING URL - it may be saved for future reference:
https://www.spamcop.net/sc?id=XXXXXXXXXXXXXXXXXXXXXXXXXXX
Mailhost configuration problem, identified internal IP as source
Mailhost:
Please correct this situation - register every email address where you receive spam
No source IP address found, cannot proceed.
Add/edit your mailhost configuration
Finding full email headers
Submitting spam via email (may work better)
Example: What spam headers should look like
Nothing to do.
Mailhost configuration problem, identified internal IP as source. Please correct this situation
in Mailhost Configuration of your Reporting Account
Posted
Problem solved thanks to Richard from SC!
I post here in case this helps others. The problem was that they had to add "localhost" to the list of servers.
I'm glad :^)