Jump to content

SpamCop encountered errors -


nnelson
 Share

Recommended Posts

I just forwarded this spam email (from Mozilla Thunderbird) to SpamCop (my email address removed)

---------

Return-Path: <jpalardy[at]cardio.ru>

Delivered-To: my email addresss removed

Received: from guadix.filtered.smtp.infowest.com (guadix.filtered.smtp.infowest.com [209.33.201.202])

by barbate.infowest.com (Postfix) with ESMTP id 4BFCDF188B

for <my email addresss removed>; Thu, 7 Mar 2013 11:36:42 -0700 (MST)

Received: from cabrera.scan.iwsmtp.com (cabrera.scan.iwsmtp.com [iPv6:2604:2c00:0:105::11])

by guadix.filtered.smtp.infowest.com (Postfix) with ESMTP id 3ZMLCZ0ctHzDPrC

for <my email addresss removed>; Thu, 7 Mar 2013 11:36:42 -0700 (MST)

Received: from 178.123.20.50 ([178.123.20.50])

by cabrera.scan.iwsmtp.com (8.14.3/8.14.3/Debian-9.4) with SMTP id r27IacKZ025783

for <my email addresss removed>; Thu, 7 Mar 2013 11:36:41 -0700

Received: from unknown (HELO t1ts) ([48.74.112.215])

by 178.123.20.50 with ESMTP; Thu, 7 Mar 2013 21:40:54 +0300

Message-ID: <001b01ce1b62$b596d8b0$304a70d7[at]AdminHPt1ts>

From: "Sadie Cochran" <jpalardy[at]cardio.ru>

To: <my email addresss removed>

Subject: This Stock is Set to Fly

Date: Thu, 7 Mar 2013 21:31:40 +0300

MIME-Version: 1.0

Content-Type: text/plain;

format=flowed;

charset="windows-1250";

reply-type=original

Content-Transfer-Encoding: 7bit

X-Priority: 3

X-MSMail-Priority: Normal

X-Mailer: Microsoft Outlook Express 6.00.2800.1106

X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106

X-spam-Score: undef - spam scanning disabled

X-CanIt-Geo: ip=178.123.20.50; country=BY; region=02; city=Gomel; latitude=52.4417; longitude=30.9833; http://maps.google.com/maps?q=52.4417,30.9833&z=6

X-CanItPRO-Stream: my email addresss removed (inherits from default)

X-Canit-Stats-ID: Bayes signature not available

X-Scanned-By: CanIt (www . roaringpenguin . com) on 209.33.205.11

Gold and GemStone Mining Inc. Confirms JV Contract Including

West African Mining Partnership.

Trading Date: Thursday, March 7th, 2013

Name: GOLD AND GEMSTONE MINING, CORP

Symbol to buy: G G_SM

Closed Price: $.0175

Target Price: $0.35

Check Out This Chart. OUR MOMO IS INSIDE...

--------------

I recieved back the following from SpamCop

> SpamCop encountered errors while saving spam for processing:

> SpamCop could not find your spam message in this email:

I put the same text above in the spam text box on the Report spam page and the return page says the email originates with my ISP, the first IP in the header. If you go to http://whatismyipaddress.com/trace-email and put the email header info their text box, return page gives the following

---------------

The source IP address is 48.74.112.215.

Geo-Location Information

Country United States

State/Region NJ

City Newark

Latitude 40.7355

Longitude -74.1741

Area Code 973

--------------

48.74.112.215 is the last 'Received: from' IP in the header. The spam originates from either this IP, 48.74.112.215, or the next one 178.123.20.50 and not from my ISP.

I can put the IP address 48.74.112.215 in the spam text area of the 'Report spam' page and the return page indicates it can not do anything with that address.

I have spam but SpamCop is having difficulty doing anything with it.

Neil

Link to comment
Share on other sites

I just forwarded this spam email (from Mozilla Thunderbird) to SpamCop (my email address removed)

48.74.112.215 is the last 'Received: from' IP in the header. The spam originates from either this IP, 48.74.112.215, or the next one 178.123.20.50 and not from my ISP.

I can put the IP address 48.74.112.215 in the spam text area of the 'Report spam' page and the return page indicates it can not do anything with that address.

I have spam but SpamCop is having difficulty doing anything with it.

Neil

http://www.spamcop.net/sc?id=z5473284637z5...189099f76f2b4dz

just past the SpamCop link at top o report makes it easier (your email address is usually removed

SpamCop uses "cached" entries which sometimes/often change before updating

I pushed the "Refresh/Show" link which now gives new reporting addresses

http://www.spamcop.net/sc?track=48.74.112.215

Before I got

Cached whois for 48.74.112.215 : ed_mann[at]ccmail.prusec.com

Using last resort contacts ed_mann[at]ccmail.prusec.com

ed_mann[at]ccmail.prusec.com bounces (6 sent : 6 bounces)

Using ed_mann#ccmail.prusec.com[at]devnull.spamcop.net for statistical tracking.

However I make it the spam came from botnet IP 178.123.20.50

SpamCop is falling over because your email provider don't appear to be stamping it's headers correctly?

Received: from cabrera.scan.iwsmtp.com (cabrera.scan.iwsmtp.com [iPv6:2604:2c00:0:105::11])

Possibly a intranet?

Link to comment
Share on other sites

The initial problem with the "SpamCop encountered errors" sounds like the spam was not forwarded as an attachment? Have you successfully reported through e-mail previously?

As to the identification of your own provider as spam source, that certainly is due to something being wrong with your mailhosts setup. I suggest you contact SC Admin Don D'Minion with your reporting account details at service[at]admin.spamcop.net to see if he can assist (don't post any of that detail here).

Your spam is fine (in the sense of being "parseable", not to imply any particular enthusiasm for it) - please discuss any further examples with the Tracking URL which is available even for "failed" parses. Here is what that one looks like run through a non-mailhosted account (and cancelled, because it's your spam, not mine):

http://www.spamcop.net/sc?id=z5473284068z1...124e7862b5bc06z

Hmmm ... that's the first instance of an IPv6 resolution I've seen - I don't think - or that shouldn't - have anything to do with your problems, just saying thanks for the data. infowest.com is always going to be identified as the source without a mailhost set-up to include them in "your" network. I think.

Topic moved from "FAQ under construction" section (not to worry, that often happens).

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...