Jump to content

Spamcop forwarder not working


jeffih
 Share

Recommended Posts

Hey Guys.

Lately we could see emails forwarded to spamcop email id ( quick.XXXXXXXXXXX[at]spam.spamcop.net ) not process properly. Please see the log below

---

Spamcop reports there is error when we forward like this.

Error 1

SpamCop encountered errors while saving spam for processing:

SpamCop could not find your spam message in this email:

Error 2

SpamCop encountered errors while saving spam for processing:

Message forwarded in html wrapper.

When forwarding spam, use a MIME attachment or text-type message with

the spam enclosed. Do not send spam in HTML format. Sometimes this

error is caused by using a "resend" feature to forward spam.

HTML spam should be sent in text (source code) format

----

These emails are detect by Spamassassin with huge score and are in-fact spams. Why aren't these emails process properly ?

Mail server is exim and has got acl to forward these emails to spamcop.

---

if

$h_X-spam-Status: begins "Yes"

then

deliver "spam-Redirect-Test[at]domain.com"

deliver "quick.XXXXXXXXXXX[at]spam.spamcop.net"

fail "The email you sent was not delivered to the recipient because it was identified as spam and rejected. IF THE EMAIL YOU SENT WAS LEGITIMATE, please send it again through a different email account, or go to http://www.prepaidlegal.com/hub/shreffler and call us at the phone number listed, or click the \"Email me\" link in the upper left corner, and send your message through the simple web form. YOU SHOULD ALSO BE AWARE that your email was automatically reported as spam to multiple agencies including the administrator of the network where it originated (your ISP) and the administrator of the network hosting any website referenced in the email. Contact us immediately if this was reported in error so we can retract the reports. Do not reply to this email, as all email replies sent to this address are automatically deleted and never delivered, seen by anyone, or ever answered. Please do not confuse this automated bounce message with error messages returned by mail servers when addresses are unreachable."

endif

-------

Link to comment
Share on other sites

>- Error 1

>- SpamCop encountered errors while saving spam for processing:

>- SpamCop could not find your spam message in this email:

That usually means the full spam headers were not present in what was submitted.

>- Error 2

>- SpamCop encountered errors while saving spam for processing:

>- Message forwarded in html wrapper.

That means exactly what it says. You should be sending your spam in using plain text only. It's OK if the spam is HTML encoded, but your carrier email should not be using styles, fonts, and colors, etc.

I'm thinking that your "quick" submission address has gotten into the wild somehow, and spammers are sending their spam directly to it.

That is easily fixed. If you will EMAIL your login username to me, I will reset your "quick" address.

>- fail "The email you sent was not delivered to the recipient because

>- it was identified as spam and rejected.

That sounds like your ISP is filtering your outgoing email and deleted your submission.

- Don D'Minion - SpamCop Admin -

- service[at]admin.spamcop.net -

.

Link to comment
Share on other sites

Hi,

We are using exim ( version 4.69 ) with cpanel . Spamassassin (version 3.3.1 ) is detecting this emails as spam.

Is there a particular setting we should change so that this spams emails are process correctly ?

We also tried using another "quick" address (submit.zmgphX6nuF9tN2pO[at]spam.spamcop.net ) which result in same error.

Regards

jeffih

Link to comment
Share on other sites

Hello,

Here I'm including the headers that present in the bounce-back mail from spamcope. It has the spam headers, but in new style. I could see that latest version cPanel is generating spam headers like this.

--------SpamHeaders---------

X-spam-Status: Yes, score=1000.7

X-spam-Score: 10007

X-spam-Bar: +++++++++++++++++++++++++++++++++++++++++++++++++++

X-spam-Report: spam detection software, running on the system "xxx.ourserver-vega.xxxx", has

identified this incoming email as possible spam. The original message

has been attached to this so you can view it (if it isn't spam) or label

similar future email. If you have any questions, see

the administrator of that system for details.

Content preview: >>> XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X

>> > [...]

Content analysis details: (1000.7 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

1000 GTUBE BODY: Generic Test for Unsolicited Bulk Email

-0.0 SPF_PASS SPF: sender matches SPF record

0.7 LOCALPART_IN_SUBJECT Local part of To: address appears in Subject

X-spam-Flag: YES

--------------------------------

===============Bounceback Message from Spamcope==============================

SpamCop encountered errors while saving spam for processing:

SpamCop could not find your spam message in this email:

Return-Path: <jeff[at]ournetworks.com>

Received: from sc-smtp7.soma.ironport.com (sc-smtp7.soma.ironport.com [192.168.37.36])

by prod-sc-app6.soma.ironport.com (Postfix) with ESMTP id C4809B35406

for <submit.zmgphX6nuF9tN2pO[at]spam.spamcop.net>; Sun, 4 Mar 2012 01:12:42 -0800 (PST)

Received: from unknown (HELO xxx.ourserver-vega.xxxx) ([xx.xx.xx.xx])

by vmx1.spamcop.net with ESMTP; 04 Mar 2012 01:12:42 -0800

Received: from xxx.ourserver.xxxx ([72.34.43.185]:54874)

by xxx.ourserver-vega.xxxx with esmtps (TLSv1:AES256-SHA:256)

(Exim 4.69)

(envelope-from <jeff[at]ournetworks.com>)

id 1S47UZ-0004As-T0

for test[at]albertafire.com; Sun, 04 Mar 2012 01:12:37 -0800

Received: from [123.236.66.178] (port=29568 helo=[192.168.1.101])

by xxx.ourserver.xxxx with esmtpsa (TLSv1:AES256-SHA:256)

(Exim 4.69)

(envelope-from <jeff[at]ournetworks.com>)

id 1S47UZ-0006zg-5f

for test[at]albertafire.com; Sun, 04 Mar 2012 01:12:35 -0800

Message-ID: <4F5331FF.1090404[at]ournetworks.com>

Date: Sun, 04 Mar 2012 14:42:31 +0530

From: jeff <jeff[at]ournetworks.com>

User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.17) Gecko/20110424 Thunderbird/3.1.10

MIME-Version: 1.0

To: test[at]albertafire.com

References: <4F5317DB.7070403[at]ournetworks.com> <4F531B7B.50203[at]ournetworks.com> <4F531DB3.6080509[at]ournetworks.com>

In-Reply-To: <4F531DB3.6080509[at]ournetworks.com>

Content-Type: text/plain; charset=ISO-8859-1; format=flowed

Content-Transfer-Encoding: 7bit

X-AntiAbuse: This header was added to track abuse, please include it with any abuse report

X-AntiAbuse: Primary Hostname - xxx.ourserver.xxxx

X-AntiAbuse: Original Domain - albertafire.com

X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]

X-AntiAbuse: Sender Address Domain - ournetworks.com

X-spam-Status: Yes, score=1000.7

X-spam-Score: 10007

X-spam-Bar: +++++++++++++++++++++++++++++++++++++++++++++++++++

X-spam-Report: spam detection software, running on the system "xxx.ourserver-vega.xxxx", has

identified this incoming email as possible spam. The original message

has been attached to this so you can view it (if it isn't spam) or label

similar future email. If you have any questions, see

the administrator of that system for details.

Content preview: >>> XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X

>> > [...]

Content analysis details: (1000.7 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

1000 GTUBE BODY: Generic Test for Unsolicited Bulk Email

-0.0 SPF_PASS SPF: sender matches SPF record

0.7 LOCALPART_IN_SUBJECT Local part of To: address appears in Subject

X-spam-Flag: YES

X-Pass-two: yes

Subject: ***spam*** Re: test

X-AntiAbuse: This header was added to track abuse, please include it with any abuse report

X-AntiAbuse: Primary Hostname - xxx.ourserver-vega.xxxx

X-AntiAbuse: Original Domain - albertafire.com

X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]

X-AntiAbuse: Sender Address Domain - ournetworks.com

X-Source:

X-Source-Args:

X-Source-Dir:

>>> XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X

>>

>

The email which triggered this auto-response had the following headers:

Return-Path: <jeff[at]ournetworks.com>

Received: from sc-smtp7.soma.ironport.com (sc-smtp7.soma.ironport.com [192.168.37.36])

by prod-sc-app6.soma.ironport.com (Postfix) with ESMTP id C4809B35406

for <submit.zmgphX6nuF9tN2pO[at]spam.spamcop.net>; Sun, 4 Mar 2012 01:12:42 -0800 (PST)

Received: from unknown (HELO xxx.ourserver-vega.xxxx) ([xx.xx.xx.xx])

by vmx1.spamcop.net with ESMTP; 04 Mar 2012 01:12:42 -0800

Received: from xxx.ourserver.xxxx ([72.34.43.185]:54874)

by xxx.ourserver-vega.xxxx with esmtps (TLSv1:AES256-SHA:256)

(Exim 4.69)

(envelope-from <jeff[at]ournetworks.com>)

id 1S47UZ-0004As-T0

for test[at]albertafire.com; Sun, 04 Mar 2012 01:12:37 -0800

Received: from [123.236.66.178] (port=29568 helo=[192.168.1.101])

by xxx.ourserver.xxxx with esmtpsa (TLSv1:AES256-SHA:256)

(Exim 4.69)

(envelope-from <jeff[at]ournetworks.com>)

id 1S47UZ-0006zg-5f

for test[at]albertafire.com; Sun, 04 Mar 2012 01:12:35 -0800

Message-ID: <4F5331FF.1090404[at]ournetworks.com>

Date: Sun, 04 Mar 2012 14:42:31 +0530

From: jeff <jeff[at]ournetworks.com>

User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.17) Gecko/20110424 Thunderbird/3.1.10

MIME-Version: 1.0

To: test[at]albertafire.com

References: <4F5317DB.7070403[at]ournetworks.com> <4F531B7B.50203[at]ournetworks.com> <4F531DB3.6080509[at]ournetworks.com>

In-Reply-To: <4F531DB3.6080509[at]ournetworks.com>

Content-Type: text/plain; charset=ISO-8859-1; format=flowed

Content-Transfer-Encoding: 7bit

X-AntiAbuse: This header was added to track abuse, please include it with any abuse report

X-AntiAbuse: Primary Hostname - xxx.ourserver.xxxx

X-AntiAbuse: Original Domain - albertafire.com

X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]

X-AntiAbuse: Sender Address Domain - ournetworks.com

X-spam-Status: Yes, score=1000.7

X-spam-Score: 10007

X-spam-Bar: +++++++++++++++++++++++++++++++++++++++++++++++++++

X-spam-Report: spam detection software, running on the system "xxx.ourserver-vega.xxxx", has

identified this incoming email as possible spam. The original message

has been attached to this so you can view it (if it isn't spam) or label

similar future email. If you have any questions, see

the administrator of that system for details.

Content preview: >>> XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X

>> > [...]

Content analysis details: (1000.7 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

1000 GTUBE BODY: Generic Test for Unsolicited Bulk Email

-0.0 SPF_PASS SPF: sender matches SPF record

0.7 LOCALPART_IN_SUBJECT Local part of To: address appears in Subject

X-spam-Flag: YES

X-Pass-two: yes

Subject: ***spam*** Re: test

X-AntiAbuse: This header was added to track abuse, please include it with any abuse report

X-AntiAbuse: Primary Hostname - xxx.ourserver-vega.xxxx

X-AntiAbuse: Original Domain - albertafire.com

X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]

X-AntiAbuse: Sender Address Domain - ournetworks.com

X-Source:

X-Source-Args:

X-Source-Dir:

======================================

Link to comment
Share on other sites

>- SpamCop could not find your spam message in this email:

When you send in a spam for processing, SpamCop looks INSIDE of your email to find the spam you're submitting.

The error email shows you a complete copy of the email that you sent the spam with.

These are the basic elements in that long header of the email you sent...

From: jeff <jeff[at]ournetworks.com>

To: test[at]albertafire.com

Subject: ***spam*** Re: test

Notice that there is no spam in the email you sent.

All that SpamCop sees inside your email is this:

>>> XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X

>>

>

I see this in the headers:

X-spam-Report: spam detection software, running on the system "xxx.ourserver-vega.xxxx", has

identified this incoming email as possible spam. The original message has been attached to this

This may be the SpamAssassin setting you need to change so that SpamAssassin simply adds some x-headers instead of removing the spam email and attaching it:

SpamAssassin vs 'localhost' headers:

The parameter is report_safe

report_safe = 0 indicates "add x-headers"

It may be found in local.cfile or .userprefs file depending on the SA setup.

- Don D'Minion - SpamCop Admin -

- service[at]admin.spamcop.net -

.

Link to comment
Share on other sites

Hello,

I've disabled report header using "report_safe 0 ""clear_report_template" now, now the bounceback have no report header and the forwarded mail have the full content, but still spamcope not processing it.

====================

Return-path: <spamid.0[at]bounces.spamcop.net>

Envelope-to: jeff[at]xx.xx.xx.xx

Delivery-date: Sun, 04 Mar 2012 09:28:18 -0800

Received: from [xx.xx.xx.xx] (port=14311 helo=sc-smtp5-inbound.soma.ironport.com)

by core with esmtp (Exim 4.69)

(envelope-from <spamid.0[at]bounces.spamcop.net>)

id 1S4FEI-0003qk-GV

for jeff[at]xx.xx.xx.xx; Sun, 04 Mar 2012 09:28:18 -0800

DomainKey-Signature: s=devnull; d=spamcop.net; c=nofws; q=dns;

h=Received:From:To:Subject:Date:Message-ID:Content-type:

In-Reply-To:References;

b=Wsq3iNkyMsyx2bOtqMH/cFz8DZeh8Qh9mMtJJ/6/F6jImbsu3u3AXpr2

pkocrSMzqYLZTEH9/1u7o4GiJV1XhRveReZtRq77OKj2TuSNaaiF4R3Qx

/BDlXjQscV5sDDN;

Received: from prod-sc-app7.soma.ironport.com (HELO prod-sc-app7.spamcop.net) ([192.168.37.23])

by sc-smtp-vip.soma.ironport.com with SMTP; 04 Mar 2012 09:28:18 -0800

From: SpamCop AutoResponder <spamcop[at]devnull.spamcop.net>

To: jeff[at]xx.xx.xx.xx

Subject: [spamCop] Errors encountered

Date: Sun, 04 Mar 2012 17:28:18 GMT

Message-ID: <ss4f53a632g1141d[at]msgid.spamcop.net>

Content-type: text/plain

In-Reply-To: <8.7.6.169.6RKR9PHGRMDQ6NT0.6[at]mail2.mcsignup.com>

References: <8.7.6.169.6RKR9PHGRMDQ6NT0.6[at]mail2.mcsignup.com>

X-Pass-two: yes

SpamCop encountered errors while saving spam for processing:

SpamCop could not find your spam message in this email:

Return-Path: <ghdd[at]phoenixconsultgroup.com>

Received: from sc-smtp11.soma.ironport.com (sc-smtp11.soma.ironport.com [192.168.37.79])

by prod-sc-app7.soma.ironport.com (Postfix) with ESMTP id 4D0EFAC2408

for <submit.zmgphX6nuF9tN2pO[at]spam.spamcop.net>; Sun, 4 Mar 2012 09:27:29 -0800 (PST)

Received: from mail3.myserver.com (HELO myserver.com) ([xx])

by vmx1.spamcop.net with ESMTP; 04 Mar 2012 09:27:29 -0800

Received: from [82.102.24.13] (port=43666 helo=sexshop-net.com)

by myserver.com with smtp (Exim 4.69)

(envelope-from <ghdd[at]phoenixconsultgroup.com>)

id 1S4FDT-00031J-PN

for rnett[at]<snip domain>; Sun, 04 Mar 2012 09:27:29 -0800

Sender: trans-179341-632154-rnett=<snip domain>[at]mail2.mcsignup.com

From: ghdd <newsalert[at]ndtv.com>

To: <rnett[at]<snip domain>>

Subject: The intrigue about you

Date: Sun, 4 Mar 2012 17:27:28 +0000

Content-Type: text/plain; charset=utf-8

Content-Transfer-Encoding: 7bit

MIME-Version: 1.0

Message-ID: <8.7.6.169.6RKR9PHGRMDQ6NT0.6[at]mail2.mcsignup.com>

X-spam-Subject: ***spam*** The intrigue about you

X-spam-Status: Yes, score=30.3

X-spam-Score: 303

X-spam-Bar: ++++++++++++++++++++++++++++++

X-spam-Report: (no report template found)

X-spam-Flag: YES

X-Pass-two: yes

X-AntiAbuse: This header was added to track abuse, please include it with any abuse report

X-AntiAbuse: Primary Hostname - myserver.com

X-AntiAbuse: Original Domain - <snip domain>

X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]

X-AntiAbuse: Sender Address Domain - phoenixconsultgroup.com

Hello.

Are you looking for a wife? Maybe I'm the that will be of interest to you! My name is Tatiana and last name is Gerasimova. I live in Vladivostok. I am a pretty "kitten" with a nice figure. You can see for yourself in my photos: http://gravityhitter420hy.webs.com/?jT=11

I am 22 years. I have a good education and a profession favorite. I have the variety of interests and hobbies. I am interested in music, books, mathematics.

I have dark hair and blue eyes and would love to write letters with good man. Oh, I can speak for hours about my ideal match and how I see relations with my true love.

If you dream you meet me then contact me (I have webcams), communicating with me is easy and fun and you will never be bored with me.

The email which triggered this auto-response had the following headers:

Return-Path: <ghdd[at]phoenixconsultgroup.com>

Received: from sc-smtp11.soma.ironport.com (sc-smtp11.soma.ironport.com [192.168.37.79])

by prod-sc-app7.soma.ironport.com (Postfix) with ESMTP id 4D0EFAC2408

for <submit.zmgphX6nuF9tN2pO[at]spam.spamcop.net>; Sun, 4 Mar 2012 09:27:29 -0800 (PST)

Received: from mail3.myserver.com (HELO myserver.com) ([xx])

by vmx1.spamcop.net with ESMTP; 04 Mar 2012 09:27:29 -0800

Received: from [82.102.24.13] (port=43666 helo=sexshop-net.com)

by myserver.com with smtp (Exim 4.69)

(envelope-from <ghdd[at]phoenixconsultgroup.com>)

id 1S4FDT-00031J-PN

for rnett[at]<snip domain>; Sun, 04 Mar 2012 09:27:29 -0800

Sender: trans-179341-632154-rnett=<snip domain>[at]mail2.mcsignup.com

From: ghdd <newsalert[at]ndtv.com>

To: <rnett[at]<snip domain>>

Subject: The intrigue about you

Date: Sun, 4 Mar 2012 17:27:28 +0000

Content-Type: text/plain; charset=utf-8

Content-Transfer-Encoding: 7bit

MIME-Version: 1.0

Message-ID: <8.7.6.169.6RKR9PHGRMDQ6NT0.6[at]mail2.mcsignup.com>

X-spam-Subject: ***spam*** The intrigue about you

X-spam-Status: Yes, score=30.3

X-spam-Score: 303

X-spam-Bar: ++++++++++++++++++++++++++++++

X-spam-Report: (no report template found)

X-spam-Flag: YES

X-Pass-two: yes

X-AntiAbuse: This header was added to track abuse, please include it with any abuse report

X-AntiAbuse: Primary Hostname - myserver.com

X-AntiAbuse: Original Domain - <snip domain>

X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]

X-AntiAbuse: Sender Address Domain - .com

=======================================

This post has been edited by turetzsr by request of OP to remove domain name: Mar 6 2012, 02:36 PM EST

Edited by turetzsr
Link to comment
Share on other sites

[sNIP]

You would be best to not use "quick" reporting change this to

submit.yoursupersecretemailaddress[at]spam.spamcop.net

Recheck your mail hosts for testing

Nothing you have sent back tells us reportable email headers?

Send us a sample of what you reckon are spam headers (not full email body)

Once you have it right then you can go back to "quick" reporting

Edited by petzl
Link to comment
Share on other sites

You can see the following spam headers are added to the mail. Can you please let me know anymore headers are needed?

----------------------------

X-spam-Subject: ***spam*** The intrigue about you

X-spam-Status: Yes, score=30.3

X-spam-Score: 303

X-spam-Bar: ++++++++++++++++++++++++++++++

X-spam-Report: (no report template found)

X-spam-Flag: YES

----------------------------

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

×
×
  • Create New...