MyNameHere Posted May 7, 2010 Share Posted May 7, 2010 Hi. This is reminiscent of an old topic here. But this mystery is even more mysterious. This message showed up in my Held Mail with both X-SpamCop-Whitelisted and blocked by SpamAssassin. It was from me to another SpamCop address. I received it because I am POPing from that other SpamCop account (it's a family member whose mail I monitor). Usually, these messages end up routed to a folder I have created for that family member's mail. I believe this has happened on rare occasions before, but I never saved the email. So here are the relevant message headers (I think... if you need more, let me know): X-spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on filter7 X-spam-Level: *** X-spam-Status: hits=3.0 tests=HTML_MESSAGE,RDNS_NONE,TVD_SPACE_RATIO version=3.2.4 <snip> X-SpamCop-Checked: <three IP addresses> X-SpamCop-Whitelisted: mynamehere<at>spamcop.net X-SpamCop-Checked: X-SpamCop-Disposition: Blocked SpamAssassin=3 (Obviously, I have munged my email address.) Additional info: The message was composed and sent from Outlook via my home ISP, but was sent as mynamehere<at>spamcop.net. So, in a sense, the from-address was forged. What went wrong here? Link to comment Share on other sites More sharing options...
Wazoo Posted May 7, 2010 Share Posted May 7, 2010 if you need more, let me know): What went wrong here? Not near enough information for me. Also thinking that there's not enough there for the email_support person to 'find it' on the servers. Link to comment Share on other sites More sharing options...
SpamCop 98 Posted May 7, 2010 Share Posted May 7, 2010 It looks to me like there's been some doubling-up of at least some headers. Why are there two "X-SpamCop-Checked" headers? The second one is empty, or so it seems, but whatever original message it was attached to its disposition trumped anything prior. The message was composed and sent from Outlook via my home ISP, but was sent as mynamehere<at>spamcop.net. So, in a sense, the from-address was forged. That shouldn't have anything to do with it since sc blocks by IP# only. And forgery is intent; if I sign my wife's name on a check with her full knowledge the prosecutor's not going to try to take me down. Link to comment Share on other sites More sharing options...
MyNameHere Posted May 7, 2010 Author Share Posted May 7, 2010 It looks to me like there's been some doubling-up of at least some headers. Why are there two "X-SpamCop-Checked" headers? The second one is empty, or so it seems, but whatever original message it was attached to its disposition trumped anything prior. <snip> That's the way the headers were in the message source. The second "X-SpamCop-Checked" is there and is blank. [Added in later edit] But that was the key to the answer. See next post. [Full email source removed in edit] Link to comment Share on other sites More sharing options...
MyNameHere Posted May 9, 2010 Author Share Posted May 9, 2010 After reporting this to SpamCop support, I believe we have figured out the answer. The key is what SpamCop 98 noticed: There are two X-SpamCop-Checked lines. So the sequence of events was: Mail arrives at family member's account and is checked and gets whitelisted. Mail is POPed to my account. Mail is checked a second time and because I am not whitelisted on my own account, SpamAssassin kills it. Mail ends up in my Held Mail. All this because we both have SpamCop accounts. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.