jeffih Posted March 4, 2012 Share Posted March 4, 2012 Hey Guys. Lately we could see emails forwarded to spamcop email id ( quick.XXXXXXXXXXX[at]spam.spamcop.net ) not process properly. Please see the log below --- Spamcop reports there is error when we forward like this. Error 1 SpamCop encountered errors while saving spam for processing: SpamCop could not find your spam message in this email: Error 2 SpamCop encountered errors while saving spam for processing: Message forwarded in html wrapper. When forwarding spam, use a MIME attachment or text-type message with the spam enclosed. Do not send spam in HTML format. Sometimes this error is caused by using a "resend" feature to forward spam. HTML spam should be sent in text (source code) format ---- These emails are detect by Spamassassin with huge score and are in-fact spams. Why aren't these emails process properly ? Mail server is exim and has got acl to forward these emails to spamcop. --- if $h_X-spam-Status: begins "Yes" then deliver "spam-Redirect-Test[at]domain.com" deliver "quick.XXXXXXXXXXX[at]spam.spamcop.net" fail "The email you sent was not delivered to the recipient because it was identified as spam and rejected. IF THE EMAIL YOU SENT WAS LEGITIMATE, please send it again through a different email account, or go to http://www.prepaidlegal.com/hub/shreffler and call us at the phone number listed, or click the \"Email me\" link in the upper left corner, and send your message through the simple web form. YOU SHOULD ALSO BE AWARE that your email was automatically reported as spam to multiple agencies including the administrator of the network where it originated (your ISP) and the administrator of the network hosting any website referenced in the email. Contact us immediately if this was reported in error so we can retract the reports. Do not reply to this email, as all email replies sent to this address are automatically deleted and never delivered, seen by anyone, or ever answered. Please do not confuse this automated bounce message with error messages returned by mail servers when addresses are unreachable." endif ------- Link to comment Share on other sites More sharing options...
Farelf Posted March 4, 2012 Share Posted March 4, 2012 Hi jeffih, I believe this will be better answered in the "Reporting Help" forum, moved accordingly. Hopefully someone will be along to help you soon. Steve Link to comment Share on other sites More sharing options...
jeffih Posted March 4, 2012 Author Share Posted March 4, 2012 Thanks Steve Regards jeffih Link to comment Share on other sites More sharing options...
SpamCopAdmin Posted March 4, 2012 Share Posted March 4, 2012 >- Error 1 >- SpamCop encountered errors while saving spam for processing: >- SpamCop could not find your spam message in this email: That usually means the full spam headers were not present in what was submitted. >- Error 2 >- SpamCop encountered errors while saving spam for processing: >- Message forwarded in html wrapper. That means exactly what it says. You should be sending your spam in using plain text only. It's OK if the spam is HTML encoded, but your carrier email should not be using styles, fonts, and colors, etc. I'm thinking that your "quick" submission address has gotten into the wild somehow, and spammers are sending their spam directly to it. That is easily fixed. If you will EMAIL your login username to me, I will reset your "quick" address. >- fail "The email you sent was not delivered to the recipient because >- it was identified as spam and rejected. That sounds like your ISP is filtering your outgoing email and deleted your submission. - Don D'Minion - SpamCop Admin - - service[at]admin.spamcop.net - . Link to comment Share on other sites More sharing options...
jeffih Posted March 4, 2012 Author Share Posted March 4, 2012 Hi, We are using exim ( version 4.69 ) with cpanel . Spamassassin (version 3.3.1 ) is detecting this emails as spam. Is there a particular setting we should change so that this spams emails are process correctly ? We also tried using another "quick" address (submit.zmgphX6nuF9tN2pO[at]spam.spamcop.net ) which result in same error. Regards jeffih Link to comment Share on other sites More sharing options...
Farelf Posted March 4, 2012 Share Posted March 4, 2012 Umm ... NEVER post a submit/quick address jeffih - but no harm done if Don is resetting your address anyway. Link to comment Share on other sites More sharing options...
jeffih Posted March 4, 2012 Author Share Posted March 4, 2012 Hello, Here I'm including the headers that present in the bounce-back mail from spamcope. It has the spam headers, but in new style. I could see that latest version cPanel is generating spam headers like this. --------SpamHeaders--------- X-spam-Status: Yes, score=1000.7 X-spam-Score: 10007 X-spam-Bar: +++++++++++++++++++++++++++++++++++++++++++++++++++ X-spam-Report: spam detection software, running on the system "xxx.ourserver-vega.xxxx", has identified this incoming email as possible spam. The original message has been attached to this so you can view it (if it isn't spam) or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: >>> XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X >> > [...] Content analysis details: (1000.7 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 1000 GTUBE BODY: Generic Test for Unsolicited Bulk Email -0.0 SPF_PASS SPF: sender matches SPF record 0.7 LOCALPART_IN_SUBJECT Local part of To: address appears in Subject X-spam-Flag: YES -------------------------------- ===============Bounceback Message from Spamcope============================== SpamCop encountered errors while saving spam for processing: SpamCop could not find your spam message in this email: Return-Path: <jeff[at]ournetworks.com> Received: from sc-smtp7.soma.ironport.com (sc-smtp7.soma.ironport.com [192.168.37.36]) by prod-sc-app6.soma.ironport.com (Postfix) with ESMTP id C4809B35406 for <submit.zmgphX6nuF9tN2pO[at]spam.spamcop.net>; Sun, 4 Mar 2012 01:12:42 -0800 (PST) Received: from unknown (HELO xxx.ourserver-vega.xxxx) ([xx.xx.xx.xx]) by vmx1.spamcop.net with ESMTP; 04 Mar 2012 01:12:42 -0800 Received: from xxx.ourserver.xxxx ([72.34.43.185]:54874) by xxx.ourserver-vega.xxxx with esmtps (TLSv1:AES256-SHA:256) (Exim 4.69) (envelope-from <jeff[at]ournetworks.com>) id 1S47UZ-0004As-T0 for test[at]albertafire.com; Sun, 04 Mar 2012 01:12:37 -0800 Received: from [123.236.66.178] (port=29568 helo=[192.168.1.101]) by xxx.ourserver.xxxx with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.69) (envelope-from <jeff[at]ournetworks.com>) id 1S47UZ-0006zg-5f for test[at]albertafire.com; Sun, 04 Mar 2012 01:12:35 -0800 Message-ID: <4F5331FF.1090404[at]ournetworks.com> Date: Sun, 04 Mar 2012 14:42:31 +0530 From: jeff <jeff[at]ournetworks.com> User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.17) Gecko/20110424 Thunderbird/3.1.10 MIME-Version: 1.0 To: test[at]albertafire.com References: <4F5317DB.7070403[at]ournetworks.com> <4F531B7B.50203[at]ournetworks.com> <4F531DB3.6080509[at]ournetworks.com> In-Reply-To: <4F531DB3.6080509[at]ournetworks.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - xxx.ourserver.xxxx X-AntiAbuse: Original Domain - albertafire.com X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - ournetworks.com X-spam-Status: Yes, score=1000.7 X-spam-Score: 10007 X-spam-Bar: +++++++++++++++++++++++++++++++++++++++++++++++++++ X-spam-Report: spam detection software, running on the system "xxx.ourserver-vega.xxxx", has identified this incoming email as possible spam. The original message has been attached to this so you can view it (if it isn't spam) or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: >>> XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X >> > [...] Content analysis details: (1000.7 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 1000 GTUBE BODY: Generic Test for Unsolicited Bulk Email -0.0 SPF_PASS SPF: sender matches SPF record 0.7 LOCALPART_IN_SUBJECT Local part of To: address appears in Subject X-spam-Flag: YES X-Pass-two: yes Subject: ***spam*** Re: test X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - xxx.ourserver-vega.xxxx X-AntiAbuse: Original Domain - albertafire.com X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - ournetworks.com X-Source: X-Source-Args: X-Source-Dir: >>> XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X >> > The email which triggered this auto-response had the following headers: Return-Path: <jeff[at]ournetworks.com> Received: from sc-smtp7.soma.ironport.com (sc-smtp7.soma.ironport.com [192.168.37.36]) by prod-sc-app6.soma.ironport.com (Postfix) with ESMTP id C4809B35406 for <submit.zmgphX6nuF9tN2pO[at]spam.spamcop.net>; Sun, 4 Mar 2012 01:12:42 -0800 (PST) Received: from unknown (HELO xxx.ourserver-vega.xxxx) ([xx.xx.xx.xx]) by vmx1.spamcop.net with ESMTP; 04 Mar 2012 01:12:42 -0800 Received: from xxx.ourserver.xxxx ([72.34.43.185]:54874) by xxx.ourserver-vega.xxxx with esmtps (TLSv1:AES256-SHA:256) (Exim 4.69) (envelope-from <jeff[at]ournetworks.com>) id 1S47UZ-0004As-T0 for test[at]albertafire.com; Sun, 04 Mar 2012 01:12:37 -0800 Received: from [123.236.66.178] (port=29568 helo=[192.168.1.101]) by xxx.ourserver.xxxx with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.69) (envelope-from <jeff[at]ournetworks.com>) id 1S47UZ-0006zg-5f for test[at]albertafire.com; Sun, 04 Mar 2012 01:12:35 -0800 Message-ID: <4F5331FF.1090404[at]ournetworks.com> Date: Sun, 04 Mar 2012 14:42:31 +0530 From: jeff <jeff[at]ournetworks.com> User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.17) Gecko/20110424 Thunderbird/3.1.10 MIME-Version: 1.0 To: test[at]albertafire.com References: <4F5317DB.7070403[at]ournetworks.com> <4F531B7B.50203[at]ournetworks.com> <4F531DB3.6080509[at]ournetworks.com> In-Reply-To: <4F531DB3.6080509[at]ournetworks.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - xxx.ourserver.xxxx X-AntiAbuse: Original Domain - albertafire.com X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - ournetworks.com X-spam-Status: Yes, score=1000.7 X-spam-Score: 10007 X-spam-Bar: +++++++++++++++++++++++++++++++++++++++++++++++++++ X-spam-Report: spam detection software, running on the system "xxx.ourserver-vega.xxxx", has identified this incoming email as possible spam. The original message has been attached to this so you can view it (if it isn't spam) or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: >>> XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X >> > [...] Content analysis details: (1000.7 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 1000 GTUBE BODY: Generic Test for Unsolicited Bulk Email -0.0 SPF_PASS SPF: sender matches SPF record 0.7 LOCALPART_IN_SUBJECT Local part of To: address appears in Subject X-spam-Flag: YES X-Pass-two: yes Subject: ***spam*** Re: test X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - xxx.ourserver-vega.xxxx X-AntiAbuse: Original Domain - albertafire.com X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - ournetworks.com X-Source: X-Source-Args: X-Source-Dir: ====================================== Link to comment Share on other sites More sharing options...
SpamCopAdmin Posted March 4, 2012 Share Posted March 4, 2012 >- SpamCop could not find your spam message in this email: When you send in a spam for processing, SpamCop looks INSIDE of your email to find the spam you're submitting. The error email shows you a complete copy of the email that you sent the spam with. These are the basic elements in that long header of the email you sent... From: jeff <jeff[at]ournetworks.com> To: test[at]albertafire.com Subject: ***spam*** Re: test Notice that there is no spam in the email you sent. All that SpamCop sees inside your email is this: >>> XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X >> > I see this in the headers: X-spam-Report: spam detection software, running on the system "xxx.ourserver-vega.xxxx", has identified this incoming email as possible spam. The original message has been attached to this This may be the SpamAssassin setting you need to change so that SpamAssassin simply adds some x-headers instead of removing the spam email and attaching it: SpamAssassin vs 'localhost' headers: The parameter is report_safe report_safe = 0 indicates "add x-headers" It may be found in local.cfile or .userprefs file depending on the SA setup. - Don D'Minion - SpamCop Admin - - service[at]admin.spamcop.net - . Link to comment Share on other sites More sharing options...
jeffih Posted March 4, 2012 Author Share Posted March 4, 2012 Hello, I've disabled report header using "report_safe 0 ""clear_report_template" now, now the bounceback have no report header and the forwarded mail have the full content, but still spamcope not processing it. ==================== Return-path: <spamid.0[at]bounces.spamcop.net> Envelope-to: jeff[at]xx.xx.xx.xx Delivery-date: Sun, 04 Mar 2012 09:28:18 -0800 Received: from [xx.xx.xx.xx] (port=14311 helo=sc-smtp5-inbound.soma.ironport.com) by core with esmtp (Exim 4.69) (envelope-from <spamid.0[at]bounces.spamcop.net>) id 1S4FEI-0003qk-GV for jeff[at]xx.xx.xx.xx; Sun, 04 Mar 2012 09:28:18 -0800 DomainKey-Signature: s=devnull; d=spamcop.net; c=nofws; q=dns; h=Received:From:To:Subject:Date:Message-ID:Content-type: In-Reply-To:References; b=Wsq3iNkyMsyx2bOtqMH/cFz8DZeh8Qh9mMtJJ/6/F6jImbsu3u3AXpr2 pkocrSMzqYLZTEH9/1u7o4GiJV1XhRveReZtRq77OKj2TuSNaaiF4R3Qx /BDlXjQscV5sDDN; Received: from prod-sc-app7.soma.ironport.com (HELO prod-sc-app7.spamcop.net) ([192.168.37.23]) by sc-smtp-vip.soma.ironport.com with SMTP; 04 Mar 2012 09:28:18 -0800 From: SpamCop AutoResponder <spamcop[at]devnull.spamcop.net> To: jeff[at]xx.xx.xx.xx Subject: [spamCop] Errors encountered Date: Sun, 04 Mar 2012 17:28:18 GMT Message-ID: <ss4f53a632g1141d[at]msgid.spamcop.net> Content-type: text/plain In-Reply-To: <8.7.6.169.6RKR9PHGRMDQ6NT0.6[at]mail2.mcsignup.com> References: <8.7.6.169.6RKR9PHGRMDQ6NT0.6[at]mail2.mcsignup.com> X-Pass-two: yes SpamCop encountered errors while saving spam for processing: SpamCop could not find your spam message in this email: Return-Path: <ghdd[at]phoenixconsultgroup.com> Received: from sc-smtp11.soma.ironport.com (sc-smtp11.soma.ironport.com [192.168.37.79]) by prod-sc-app7.soma.ironport.com (Postfix) with ESMTP id 4D0EFAC2408 for <submit.zmgphX6nuF9tN2pO[at]spam.spamcop.net>; Sun, 4 Mar 2012 09:27:29 -0800 (PST) Received: from mail3.myserver.com (HELO myserver.com) ([xx]) by vmx1.spamcop.net with ESMTP; 04 Mar 2012 09:27:29 -0800 Received: from [82.102.24.13] (port=43666 helo=sexshop-net.com) by myserver.com with smtp (Exim 4.69) (envelope-from <ghdd[at]phoenixconsultgroup.com>) id 1S4FDT-00031J-PN for rnett[at]<snip domain>; Sun, 04 Mar 2012 09:27:29 -0800 Sender: trans-179341-632154-rnett=<snip domain>[at]mail2.mcsignup.com From: ghdd <newsalert[at]ndtv.com> To: <rnett[at]<snip domain>> Subject: The intrigue about you Date: Sun, 4 Mar 2012 17:27:28 +0000 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit MIME-Version: 1.0 Message-ID: <8.7.6.169.6RKR9PHGRMDQ6NT0.6[at]mail2.mcsignup.com> X-spam-Subject: ***spam*** The intrigue about you X-spam-Status: Yes, score=30.3 X-spam-Score: 303 X-spam-Bar: ++++++++++++++++++++++++++++++ X-spam-Report: (no report template found) X-spam-Flag: YES X-Pass-two: yes X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - myserver.com X-AntiAbuse: Original Domain - <snip domain> X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - phoenixconsultgroup.com Hello. Are you looking for a wife? Maybe I'm the that will be of interest to you! My name is Tatiana and last name is Gerasimova. I live in Vladivostok. I am a pretty "kitten" with a nice figure. You can see for yourself in my photos: http://gravityhitter420hy.webs.com/?jT=11 I am 22 years. I have a good education and a profession favorite. I have the variety of interests and hobbies. I am interested in music, books, mathematics. I have dark hair and blue eyes and would love to write letters with good man. Oh, I can speak for hours about my ideal match and how I see relations with my true love. If you dream you meet me then contact me (I have webcams), communicating with me is easy and fun and you will never be bored with me. The email which triggered this auto-response had the following headers: Return-Path: <ghdd[at]phoenixconsultgroup.com> Received: from sc-smtp11.soma.ironport.com (sc-smtp11.soma.ironport.com [192.168.37.79]) by prod-sc-app7.soma.ironport.com (Postfix) with ESMTP id 4D0EFAC2408 for <submit.zmgphX6nuF9tN2pO[at]spam.spamcop.net>; Sun, 4 Mar 2012 09:27:29 -0800 (PST) Received: from mail3.myserver.com (HELO myserver.com) ([xx]) by vmx1.spamcop.net with ESMTP; 04 Mar 2012 09:27:29 -0800 Received: from [82.102.24.13] (port=43666 helo=sexshop-net.com) by myserver.com with smtp (Exim 4.69) (envelope-from <ghdd[at]phoenixconsultgroup.com>) id 1S4FDT-00031J-PN for rnett[at]<snip domain>; Sun, 04 Mar 2012 09:27:29 -0800 Sender: trans-179341-632154-rnett=<snip domain>[at]mail2.mcsignup.com From: ghdd <newsalert[at]ndtv.com> To: <rnett[at]<snip domain>> Subject: The intrigue about you Date: Sun, 4 Mar 2012 17:27:28 +0000 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit MIME-Version: 1.0 Message-ID: <8.7.6.169.6RKR9PHGRMDQ6NT0.6[at]mail2.mcsignup.com> X-spam-Subject: ***spam*** The intrigue about you X-spam-Status: Yes, score=30.3 X-spam-Score: 303 X-spam-Bar: ++++++++++++++++++++++++++++++ X-spam-Report: (no report template found) X-spam-Flag: YES X-Pass-two: yes X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - myserver.com X-AntiAbuse: Original Domain - <snip domain> X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - .com ======================================= This post has been edited by turetzsr by request of OP to remove domain name: Mar 6 2012, 02:36 PM EST Link to comment Share on other sites More sharing options...
petzl Posted March 5, 2012 Share Posted March 5, 2012 [sNIP] You would be best to not use "quick" reporting change this to submit.yoursupersecretemailaddress[at]spam.spamcop.net Recheck your mail hosts for testing Nothing you have sent back tells us reportable email headers? Send us a sample of what you reckon are spam headers (not full email body) Once you have it right then you can go back to "quick" reporting Link to comment Share on other sites More sharing options...
jeffih Posted March 6, 2012 Author Share Posted March 6, 2012 You can see the following spam headers are added to the mail. Can you please let me know anymore headers are needed? ---------------------------- X-spam-Subject: ***spam*** The intrigue about you X-spam-Status: Yes, score=30.3 X-spam-Score: 303 X-spam-Bar: ++++++++++++++++++++++++++++++ X-spam-Report: (no report template found) X-spam-Flag: YES ---------------------------- Link to comment Share on other sites More sharing options...
jeffih Posted March 6, 2012 Author Share Posted March 6, 2012 Hi, Please delete this thread as support is no longer required. Thank you. Link to comment Share on other sites More sharing options...
turetzsr Posted March 6, 2012 Share Posted March 6, 2012 ...Sorry, we don't delete threads because sometimes people find things of value. However, I shall Close it so that no further posts are possible (except by specially authorized members). Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.