newhorizon Posted April 22, 2004 Share Posted April 22, 2004 I suspect I'm just clueless, but let me ask... I report spam by cutting/pasting into the SpamCop web page. I tried this new mailhost thing and got: "Sorry, the email sample you submitted for x appears to traverse more than one domain." The Email account I have is provided to me by the ISP I use for my dail-up service from home. And the domain name in my Email address is the domain name of this ISP. Straight-forward stuff. But I also POP3 this same mailbox from my job which uses a different ISP for connectivity. And trying to setup my mailhosts schtuff from my job gave me the above message. So it's kinda looking like with this mailhosts thingy in place, I can not report spam sent to the above-mentioned Email box when connecting via an ISP which doesn't own my mailbox's domain. Is that right, or am I totally in the dark? Link to comment Share on other sites More sharing options...
StevenUnderwood Posted April 22, 2004 Share Posted April 22, 2004 Without headers and/or the report URL, it is difficult to see what exactly is going on. When you POP from work, are you doing it from a client machine (directly from a program like Outlook) or is there a server that is POPping it and delivering it to your work mailbox? Did you setup the mailhost configuration for both the ISP and your work hosts? All hosts that the message travels through should be in your configuration to get an accurate parse. Link to comment Share on other sites More sharing options...
newhorizon Posted April 22, 2004 Author Share Posted April 22, 2004 Sorry, let me back up: the incident in my original post is a month old. I'm afraid I need to ask you to disregard much of it. Sorry again. But... I find I can now register mailhosts from my job (via my employer's ISP) - no more "...traverse more than one domain." error messages. So I do that and I try to report this spam: > From - Thu Apr 22 10:12:14 2004 > X-UIDL: 1082642966.13992.qmail.fcc.net,S=3472 > X-Mozilla-Status: 0001 > X-Mozilla-Status2: 00000000 > Return-Path: x > Delivered-To: x > Received: (qmail 13979 invoked by uid 89); 22 Apr 2004 14:09:26 -0000 > Received: from unknown (HELO psmtp.com) (12.158.36.74) > by 0 with SMTP; 22 Apr 2004 14:09:26 -0000 > Received: from source ([218.6.66.126]) by exprod6mx90.postini.com ([12.158.35.251]) with SMTP; > Thu, 22 Apr 2004 10:09:18 EDT > Received: from 164.232.212.92 by 218.6.66.126; Thu, 22 Apr 2004 07:32:26 -0700 > Message-ID: <OAAD____________FOYR[at]yahoo.com> > From: "Charlene Nguyen" <txajs[at]yahoo.com> > Reply-To: "Charlene Nguyen" x > To: x > Subject: Italian-crafted Rolex - only $65 - $140!! Free SHIPPING!! > Date: Thu, 22 Apr 2004 11:28:26 -0300 > X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) > MIME-Version: 1.0 > Content-Type: multipart/alternative; > boundary="--679170753373396366" > X-Priority: 3 > X-MSMail-Priority: Normal and I get: > Parsing header: > 0: Received: from unknown (HELO psmtp.com) (12.158.36.74) by 0 with SMTP; 22 Apr 2004 14:09:26 -0000 > Possible forgery. Supposed receiving system not associated with any of your mailhosts > Will not trust anything beyond this header > No source IP address found, cannot proceed. > Add/edit your mailhost configuration > Finding full email headers > Submitting spam via email (may work better) > Example: What spam headers should look like > Nothing to do. So I delete my mailhost info and try reporting it again. SpamCop duly does: > Tracking message source: 218.6.66.126: (yay!) fcc.net is the ISP I use from home. Meanwhile, my outbound SMTP server at work is smtp.covadmail.net. (I don't understand this schtuff enuf to know why my Email appears to come from exprod6mx16.postini.com instead, but I gather that's a moot point?) On SpamCop, after I configure mailhosts (using my fcc.net Email address) from work, the items in the "Hosts/Domains" drop-down list are: > ncn.net.ncn.mail1.psmtp.com > dls.net.mail5.psmtp.com > mtaonline.net > david.mtaonline.net > exprod6mx87.postini.com > exprod6mx12.postini.com > postini.com > exprod6mx55.postini.com > exprod6mx56.postini.com > exprod7mx5.postini.co > exprod5mx98.postini.com > exprod6mx25.postini.com > psmtp.com > exprod6mx83.postini.com > exprod5mx48.postini.com > exprod5mx73.postini.com > exprod5mx52.postini.com > exprod6mx50.postini.com > When you POP from work, are you doing it from a client machine .... Yep, from a run-of-the-mill Netscape mail client. IHO(*) > Did you setup the mailhost configuration for both the ISP and your work hosts? Not understanding that question. The only mailhosts SpamCop allows me to set up are the ones indicated above. I'm not seeing how to configure more mailhosts than what SpamCop finds...? I'm missing something obvious, perhaps? (*) IHO = I Hate Outlook Link to comment Share on other sites More sharing options...
Wazoo Posted April 22, 2004 Share Posted April 22, 2004 The postini thing keeps coming into the picture as a spam filter. In the situation your headers describe, there's a configuration line somewhere that could use some help. Here's the line that doesn't look good; > Received: from unknown (HELO psmtp.com) (12.158.36.74) > by 0 with SMTP; 22 Apr 2004 14:09:26 -0000 and explicitly pointed out by the error line; > 0: Received: from unknown (HELO psmtp.com) (12.158.36.74) by 0 with SMTP; 22 Apr 2004 14:09:26 -0000 > Possible forgery. Supposed receiving system not associated with any of your mailhosts Bottom line is asking your ISP / IT folks why there's a "system" reporting itself as "0" ... vice an actual IP, name, etc ..... and can they fix it ... Link to comment Share on other sites More sharing options...
StevenUnderwood Posted April 22, 2004 Share Posted April 22, 2004 (using my fcc.net Email address) fcc.net is your employers email address? Postini (I use it at work myself) is a system that accepts all of your companies email, filters out the spam and viruses, and then forwards the rest onto you. In our configuration, each user has access to the held list for their own email address and can forward out any false positives themselves. It looks like your mailhost is incomplete. Your mailhost for postini is correct, but there should be another entry for your employers server, the one calling itself 0 and not presenting it's fqdn (fully qualified domain name). In my system I see the following 2 lines first for all emails, note the mail.x.com: Received: from psmtp.com ([12.158.35.149]) by mail.x.com (Lotus Domino Release 5.0.11) with SMTP id 2004042111301747:8757; Wed, 21 Apr 2004 11:30:17 -0400 Received: from source ([65.81.1.216]) by exprod6mx9.postini.com ([12.158.35.251]) with SMTP; Wed, 21 Apr 2004 11:30:16 EDT and my mailhosts configuration has a second entry which allows the parse to go through: Mailhost name: x Email address: sunderwood[at]x.com Hosts/Domains: mail.x.com x.com As Wazoo mentioned, have the people who run the servers fix that and then resubmit your mailhost configuration and you should be all set. The parser can not match the 0 in the spam to a mailhost in your configuration. [Edit] I just deleted my configuration and tried to add it again and going to the web page (which is new since I configured this originally) came back with the following error: Complex header analysis The header sample for sunderwood[at]x.com shows more than one new mail host. This seems to indicate that your email is being forwarded through another account. SpamCop needs to identify each account individually. SpamCop could not automatically identify any additional email accounts from this sample. The most common reason for this is that the email account you have configured is being forwarded to another mail host. Each mail host must be configured individually (click "try again" and enter the email address of the final destination account). Please select from the options below. I then needed to click the Request a waiver link and am currently awaiting that waiver. I suggest you do the same thing after the server is modified to be correct.[/Edit] Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.