Jump to content

"Header incomplete, aborting..."


MyNameHere

Recommended Posts

The last 3 spams I submitted via the webmail interface came back with this response:

SpamCop.net

Here are the results of your submission:

Processing spam:

From:

Subject:

error:Header incomplete, aborting.

error:No IP found

Obviously, since I simply clicked on "Report as spam" and did not save a copy first, I cannot reproduce the spam emails that I submitted.

One of them was a little odd because it displayed "No date" and "Invalid address" or something like that.

But the other two looked just like typical spams, for the usual stuff.

Is there a problem?

Thanks!

Link to comment
Share on other sites

Is there a problem?

yes and no ... Loads of complaints on the "blank spam" front ... a lot of the discussion centers around some really mangled e-mail headers, though it hasn't really been decided as to whther it's just one spammer's way of vrifying "good" addresses (no bounce message) ... or a really stupid spammer using some really stupid spammer-software ... and without the details of the spam you're questioning, one can only assume that you're probably talking about the same spam set .... yes, it's a problem, no, there's no real solution .... those headers are just tooooo screwed up.

Link to comment
Share on other sites

Okay, I can now give you an example. I saved the spam before reporting it, and this one got the error. (There is a lot of blank space in the middle, but I left it in, in case that's relevant. I also munged my e-mail address.)

====================================================

Return-Path: <GTIUYZ[at]yahoo.com>

Delivered-To: spamcop-net-mynamehere[at]spamcop.net

Received: (qmail 13673 invoked from network); 15 Apr 2004 03:53:24 -0000

Received: from unknown (192.168.1.101)

by blade6.cesmail.net with QMQP; 15 Apr 2004 03:53:24 -0000

Received: from host-148-244-85-5.block.alestra.net.mx (148.244.85.5)

by mailgate.cesmail.net with SMTP; 15 Apr 2004 03:53:23 -0000

MIME-Version: 1.0

X-Originating-IP: [232.248.56.224]

X-Originating-Email: [urizen[at]spamcop.net]

X-Sender: urizen[at]spamcop.net

Received: from 134.181.56.180 by by0lackluster.sister7.yahoo.com with HTTP;Wed, 14 Apr 2004 10:12:24 GMT

X-spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on blade6

X-spam-Level: ******

X-spam-Status: hits=6.5 tests=ALL_NATURAL,BLANK_LINES_70_80,DATE_MISSING,

FROM_NO_LOWER,J_CHICKENPOX_31,LINES_OF_YELLING,REMOVE_PAGE

version=2.63

X-SpamCop-Checked: 192.168.1.101 148.244.85.5

X-SpamCop-Disposition: Blocked bl.spamcop.net

=====================================================

This one displays in webmail with "Unknown Date" and "Invalid Address".

But, as I said, there have been others that displayed a date and address.

I will keep copies of future spams and leave them here if you want more examples.

Link to comment
Share on other sites

Just the header would have been fine in this case. Yes, many missing lines, and also a number of badly forged lines.

Starting from the bottom (just the opposite of the SpamCop parser;

Received: from 134.181.56.180 by by0lackluster.sister7.yahoo.com with HTTP;Wed, 14 Apr 2004 10:12:24 GMT

an attempt to suggest that someone dialed up and used the web interface at Yahoo ... forged line

X-Originating-IP: [232.248.56.224]

X-Originating-Email: [urizen at spamcop.net] (I modified)

X-Sender: urizen at spamcop.net (I modified)

X-Lines can be added anywhere, by anyone ... no idea if the account actually exists, but the alleged originating data is total crap ... more forged lines

Received: from host-148-244-85-5.block.alestra.net.mx (148.244.85.5)

this also goes along with the very bottom two lines;

X-SpamCop-Checked: 192.168.1.101 148.244.85.5

X-SpamCop-Disposition: Blocked bl.spamcop.net

reasoning :

148.244.85.5 listed in bl.spamcop.net (127.0.0.2)

In the past week, this system has:

Been reported as a source of spam about 20 times

Been detected sending mail to spam traps

Basically, you've got some garbage from some doofus that was trying to be "crafty" with some redirection bits added into the headers, but not smart enough to know what real headers look like .. or this idiot bought some "really good deal on make-yourself-rich-quick" spammy software and hasn't quite realized the screwing he/she has gotten yet <g> In this case, both the SpamCop parser and SpamAssissin filters have complaints about the missing data lines in these headers.

Link to comment
Share on other sites

Hey, Wazoo,

I'm getting a fairly large number of these unreportable spams (for me).

So, is there no way the reporting system can identify a source to report to?

(By the way, why was this thread moved to the email discussion in the first place, as it seems to me to be related exclusively to the reporting system. I'm not asking why it was marked as spam, but why I can't report it!)

:huh:

Link to comment
Share on other sites

OK, the first problem I'll point you to http://forum.spamcop.net/forums/index.php?showtopic=826 .. which goes right along with the missing lines in the header.

And based on all the above, your sample just isn't going to fly through the SpamCop parser at all. Background on this is that Julian has started with the premise that the tool needs a "good" set of headers to work with. Problems in getting that "good" set spam the range of bad spam like your sample, but also scrwy servers in the mix, end-user e-mail apps that like to do things "their" way, and users themselves that don't know what headers are and/or how to obtain / submit them. Reminder again that the SpamCop parser is "just a tool"

On the other hand, one could do the same type of walk-through I provided, one could pop the target'd "bad" address into the "paste-your-spam-here" web page as a single-line item to obtain SpamCop's choice of an abuse e-mail address .. see if it comes up with something reasonable ... in this specific case, I'd plug in 148.244.85.5 which would get me;

Reporting addresses:

abuse[at]alestra.net.mx

This is where you'd send your own "manual" report complaining about their spam spew. Of course, this gets to your comfort level of doing the analysis and sending reports out on your own.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...