Jump to content

Report not sent to relaying host, why?


amnixed

Recommended Posts

Hello Everyone,

I have noticed for sometime that in some cases, Spamcop sends the report to the originating host, but not to the relay.

Here is my last example:

Received: from emea01-db3-obe.outbound.protection.outlook.com

(emea01-db3-ndr.ptr.protection.outlook.com [157.56.120.98])

(using TLSv1 with cipher AES128-SHA (128/128 bits))

(No client certificate requested)

by smtpb.telissant.net (Postfix) with ESMTPS id 3B6AA27318

for <x>; Wed, 26 Feb 2014 15:13:34 -0500 (EST)

Received: from AM3PR03MB387.eurprd03.prod.outlook.com (10.242.18.21) by

AM3PR03MB482.eurprd03.prod.outlook.com (10.242.112.146) with Microsoft

SMTP

Server (TLS) id 15.0.888.9; Wed, 26 Feb 2014 19:58:27 +0000

Received: from [115.242.41.217] (115.242.41.217) by

AM3PR03MB387.eurprd03.prod.outlook.com (10.242.18.21) with Microsoft SMTP

Server (TLS) id 15.0.883.10; Wed, 26 Feb 2014 19:58:24 +0000

spam report id 6085220656 sent to: postmaster[at]relianceada.com

spam report id 6085220657 sent to: abuse.support[at]relianceada.com

Spamcop identifies the host 115.242.41.217 as the originator, and sends the report to them. But how about emea01-db3-ndr.ptr.protection.outlook.com [157.56.120.98]? It was that host which sent this piece of mail to our mail server.

Why is the report not sent to MS/Outlook?

Link to comment
Share on other sites

Hmmm ... the relianceada.com -> outlook.com/hotmail.com pair certainly are reportable looking at past reports for 157.56.120.98, with current instances of reports going to both (for the same spam). Can only assume there might be something in the O/P's mailhosting that makes the parser think MS is within his network hosting. One for Don, perhaps?

Link to comment
Share on other sites

Hmmm ... the relianceada.com -> outlook.com/hotmail.com pair certainly are reportable looking at past reports for 157.56.120.98, with current instances of reports going to both (for the same spam). Can only assume there might be something in the O/P's mailhosting that makes the parser think MS is within his network hosting. One for Don, perhaps?

I should have saved the full Spamcop analysis/report, I'll do it the next time I see this.

Link to comment
Share on other sites

I should have saved the full Spamcop analysis/report, I'll do it the next time I see this.

You can retrieve any past report from your member page. You need to get the tracking URL from the parse page - it is the link near the top of the parse result with the words to the effect that you can save the link for future reference. Look uo the Wiki article http://forum.spamcop.net/scwik/TrackingURL if you need more detail.

Link to comment
Share on other sites

You can retrieve any past report from your member page. You need to get the tracking URL from the parse page - it is the link near the top of the parse result with the words to the effect that you can save the link for future reference. Look uo the Wiki article http://forum.spamcop.net/scwik/TrackingURL if you need more detail.

Thanks for the hint, I have retrieved the SpamCop page in question, here it is:

SpamCop v 4.8.1.007 © 2014 Cisco Systems, Inc. All rights reserved.

Here is your TRACKING URL - it may be saved for future reference:

http://www.spamcop.net/sc?id=z5764379814z2...a342557f257516z

Skip to Reports

Return-Path: <x>

Received: from deliver ([unix socket])

by barrida.3dresearch.com (Cyrus v2.4.17) with LMTPA;

Wed, 26 Feb 2014 15:13:52 -0500

X-Sieve: CMU Sieve 2.4

Received: from barrida.3dresearch.com (localhost [127.0.0.1])

by smtpb.telissant.net (Postfix) with ESMTP id 47A0727379

for <x>; Wed, 26 Feb 2014 15:13:52 -0500 (EST)

X-Virus-Scanned: amavisd-new at telissant.net

X-spam-Flag: NO

X-spam-Score: 3.616

X-spam-Level: ***

X-spam-Status: No, score=3.616 tagged_above=-9999 required=6.2

tests=[AXB_ONMS_LEAKS=2.999, BAYES_00=-1.9, FREEMAIL_FROM=0.001,

FREEMAIL_REPLYTO=1, RCVD_IN_DNSWL_NONE=-0.0001, SUBJ_ALL_CAPS=1.506,

T_FREEMAIL_DOC_PDF=0.01] autolearn=no

Received: from smtpb.telissant.net ([127.0.0.1])

by barrida.3dresearch.com (barrida.3dresearch.com [127.0.0.1])

(amavisd-new, port 10024)

with ESMTP id tQIxkzTycQgG for <x>;

Wed, 26 Feb 2014 15:13:35 -0500 (EST)

Received: from emea01-db3-obe.outbound.protection.outlook.com

(emea01-db3-ndr.ptr.protection.outlook.com [157.56.120.98])

(using TLSv1 with cipher AES128-SHA (128/128 bits))

(No client certificate requested)

by smtpb.telissant.net (Postfix) with ESMTPS id 3B6AA27318

for <x>; Wed, 26 Feb 2014 15:13:34 -0500 (EST)

Received: from AM3PR03MB387.eurprd03.prod.outlook.com (10.242.18.21) by

AM3PR03MB482.eurprd03.prod.outlook.com (10.242.112.146) with Microsoft

SMTP

Server (TLS) id 15.0.888.9; Wed, 26 Feb 2014 19:58:27 +0000

Received: from [115.242.41.217] (115.242.41.217) by

AM3PR03MB387.eurprd03.prod.outlook.com (10.242.18.21) with Microsoft SMTP

Server (TLS) id 15.0.883.10; Wed, 26 Feb 2014 19:58:24 +0000

Content-Type: multipart/mixed; boundary="===============0270483437=="

MIME-Version: 1.0

Subject: YOU ARE NO: 2

To: x <x>

From: "Mr. X" <x>

Date: Thu, 27 Feb 2014 01:27:56 +0530

Reply-To: <micro.datas[at]live.com>

Message-ID:

<290fa07b-c6cb-4d5b-8580-28e7084dd6d7[at]AM3PR03MB387.eurprd03.prod.outlook.com>

X-Originating-IP: [115.242.41.217]

X-ClientProxiedBy: SINPR03CA008.apcprd03.prod.outlook.com (10.242.48.28) To

AM3PR03MB387.eurprd03.prod.outlook.com (10.242.18.21)

X-Forefront-PRVS: 0134AD334F

X-Forefront-Antispam-Report:

SFV:SPM;SFS:(10009001)(6049001)(6009001)(189002)(199002)(71186001)(81342001)(66066001)(65816001)(76796001)(90146001)(80022001)(69226001)(79102001)(43066001)(49866001)(74706001)(59766001)(50986001)(47736001)(47976001)(93136001)(76786001)(56816005)(56776001)(76576001)(76176001)(93516002)(4396001)(77096001)(63696002)(81542001)(85852003)(74876001)(42186004)(51856001)(94316002)(87976001)(54356001)(47446002)(92726001)(86362001)(95416001)(89136004)(64872006)(86442001)(74502001)(94946001)(74662001)(74316001)(31696002)(86902001)(76482001)(54316002)(81816001)(80976001)(74366001)(77982001)(568964001)(325944007)(46102001)(95666003)(512934002)(19580395003)(33646001)(19580405001)(83322001)(87266001)(85306002)(81686001)(81956001)(83072002)(84326002)(361154004);DIR:OUT;SFP:1501;SCL:5;SRVR:AM3PR03MB387;H:[115.242.41.217];CLIP:115.242.41.217;FPR:68C0FCEE.1CB39380.7FDC3283.44CD09D8.200FC;MLV:spm;PTR:InfoNoRecords;MX:1;A:0;LANG:en;

X-OriginatorOrg: microNo2winner.onmicrosoft.com

View entire message

Parsing header:

Received: from deliver ([unix socket]) by barrida.3dresearch.com (Cyrus v2.4.17) with LMTPA; Wed, 26 Feb 2014 15:13:52 -0500

Ignored

Received: from barrida.3dresearch.com (localhost [127.0.0.1]) by smtpb.telissant.net (Postfix) with ESMTP id 47A0727379 for <x>; Wed, 26 Feb 2014 15:13:52 -0500 (EST)

host 127.0.0.1 (getting name) no name

127.0.0.1 discarded

Received: from smtpb.telissant.net ([127.0.0.1]) by barrida.3dresearch.com (barrida.3dresearch.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tQIxkzTycQgG for <x>; Wed, 26 Feb 2014 15:13:35 -0500 (EST)

host 127.0.0.1 (getting name) no name

127.0.0.1 discarded

Received: from emea01-db3-obe.outbound.protection.outlook.com (emea01-db3-ndr.ptr.protection.outlook.com [157.56.120.98]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by smtpb.telissant.net (Postfix) with ESMTPS id 3B6AA27318 for <x>; Wed, 26 Feb 2014 15:13:34 -0500 (EST)

host 157.56.120.98 = emea01-db3-ndr.ptr.protection.outlook.com (cached)

emea01-db3-ndr.ptr.protection.outlook.com is 157.56.120.98

Possible spammer: 157.56.120.98

157.56.120.98 is not an MX for emea01-db3-ndr.ptr.protection.outlook.com

Host emea01-db3-ndr.ptr.protection.outlook.com (checking ip) = 157.56.120.97

157.56.120.98 is not an MX for emea01-db3-ndr.ptr.protection.outlook.com

emea01-db3-ndr.ptr.protection.outlook.com is 157.56.120.98

emea01-db3-ndr.ptr.protection.outlook.com = 157.56.120.98

Received line accepted

Relay trusted (157.56.120 157.56.120.98)

Received: from AM3PR03MB387.eurprd03.prod.outlook.com (10.242.18.21) by AM3PR03MB482.eurprd03.prod.outlook.com (10.242.112.146) with Microsoft SMTP Server (TLS) id 15.0.888.9; Wed, 26 Feb 2014 19:58:27 +0000

Masking IP-based 'by' clause.

Received: from AM3PR03MB387.eurprd03.prod.outlook.com (10.242.18.21) by AM3PR03MB482.eurprd03.prod.outlook.com with Microsoft SMTP Server (TLS) id 15.0.888.9; Wed, 26 Feb 2014 19:58:27 +0000

host 10.242.18.21 (getting name) no name

157.56.120.98 not listed in cbl.abuseat.org

157.56.120.98 not listed in dnsbl.sorbs.net

157.56.120.98 is not an MX for smtpb.telissant.net

157.56.120.98 is not an MX for emea01-db3-ndr.ptr.protection.outlook.com

157.56.120.98 is not an MX for AM3PR03MB482.eurprd03.prod.outlook.com

157.56.120.98 is not an MX for smtpb.telissant.net

10.242.18.21 discarded

Received: from [115.242.41.217] (115.242.41.217) by AM3PR03MB387.eurprd03.prod.outlook.com (10.242.18.21) with Microsoft SMTP Server (TLS) id 15.0.883.10; Wed, 26 Feb 2014 19:58:24 +0000

Masking IP-based 'by' clause.

Received: from [115.242.41.217] (115.242.41.217) by AM3PR03MB387.eurprd03.prod.outlook.com with Microsoft SMTP Server (TLS) id 15.0.883.10; Wed, 26 Feb 2014 19:58:24 +0000

no from

host 115.242.41.217 (getting name) no name

157.56.120.98 not listed in cbl.abuseat.org

157.56.120.98 not listed in dnsbl.sorbs.net

157.56.120.98 is not an MX for smtpb.telissant.net

157.56.120.98 is not an MX for emea01-db3-ndr.ptr.protection.outlook.com

157.56.120.98 is not an MX for AM3PR03MB387.eurprd03.prod.outlook.com

157.56.120.98 is not an MX for smtpb.telissant.net

Possible spammer: 115.242.41.217

Possible relay: 157.56.120.98 <----------------------------------------------- Looks like a relay!

^^^^^^^^^^^^^^^^^^^

Received line accepted

Tracking message source: 115.242.41.217:

Routing details for 115.242.41.217

[refresh/show] Cached whois for 115.242.41.217 : abuse.support[at]relianceada.com

Using abuse net on abuse.support[at]relianceada.com

abuse net relianceada.com = abuse.support[at]relianceada.com, postmaster[at]relianceada.com

Using best contacts abuse.support[at]relianceada.com postmaster[at]relianceada.com

Message is 21 hours old

115.242.41.217 not listed in cbl.abuseat.org

115.242.41.217 not listed in dnsbl.sorbs.net

115.242.41.217 not listed in accredit.habeas.com

115.242.41.217 not listed in plus.bondedsender.org

115.242.41.217 not listed in iadb.isipp.com

Finding links in message body

Parsing text part

error: couldn't parse head

Message body parser requires full, accurate copy of message

More information on this error..

no links found

Reports regarding this spam have already been sent:

Re: 115.242.41.217 (Administrator of network where email originates)

Reportid: 6085220656 To: postmaster[at]relianceada.com

Reportid: 6085220657 To: abuse.support[at]relianceada.com

If reported today, reports would be sent to:

Re: 115.242.41.217 (Administrator of network where email originates)

postmaster[at]relianceada.com

abuse.support[at]relianceada.com

Link to comment
Share on other sites

Don't know why the parser didn't cause a report to go to MSN/hotmail when it has for others (at least where 157.56.120.98 is concerned):

Submitted: Friday, 28 February 2014 9:02:21 AM +0800:

[ns-hostmaster] REPLY ASAP

6085885940 ( 157.56.120.98 ) To: report_spam[at]hotmail.com

6085885939 ( 115.185.39.208 ) To: abuse.support[at]relianceada.com

6085885938 ( 115.185.39.208 ) To: postmaster[at]relianceada.com

___________________________________________________________

Submitted: Friday, 28 February 2014 6:25:03 AM +0800:

PENDING DELIVERY NOTIFICATION !

6085843251 ( 95.241.228.1 ) To: abuse[at]retail.telecomitalia.it

6085843250 ( 95.241.228.1 ) To: postmaster[at]business.telecomitalia.it

6085843249 ( 157.56.120.98 ) To: report_spam[at]hotmail.com

___________________________________________________________

Submitted: Friday, 28 February 2014 3:52:20 AM +0800:

LOAN OFFER

6085789870 ( 199.101.199.93 ) To: abuse_afnca[at]afnca.com

6085789869 ( 157.56.120.98 ) To: report_spam[at]hotmail.com

___________________________________________________________

Submitted: Thursday, 27 February 2014 11:32:00 PM +0800:

Do you need any financial assistance? Apply Now

6085666549 ( Forwarded spam ) To: [concealed user-defined recipient]

6085666548 ( Forwarded spam ) To: [concealed user-defined recipient]

6085666547 ( 157.56.120.98 ) To: report_spam[at]hotmail.com

6085666546 ( 101.58.177.152 ) To: [concealed user-defined recipient]

6085666545 ( 101.58.177.152 ) To: abuse.support[at]relianceada.com

6085666544 ( 101.58.177.152 ) To: postmaster[at]relianceada.com

___________________________________________________________

Submitted: Thursday, 27 February 2014 11:05:49 PM +0800:

Do you need any financial assistance? Apply Now

6085653432 ( 157.56.120.98 ) To: report_spam[at]hotmail.com

6085653431 ( 101.58.177.152 ) To: abuse.support[at]relianceada.com

6085653428 ( 101.58.177.152 ) To: postmaster[at]relianceada.com

___________________________________________________________

Submitted: Thursday, 27 February 2014 9:44:50 PM +0800:

Re:

6085620361 ( 157.56.120.98 ) To: report_spam[at]hotmail.com

6085620360 ( 115.244.3.79 ) To: abuse.support[at]relianceada.com

6085620359 ( 115.244.3.79 ) To: postmaster[at]relianceada.com

The history for 115.242.41.217 fails to pick up the above "pairing" of reports to source and relay. There must be a reason ... I figure Don would know it.

Link to comment
Share on other sites

Don't know why the parser didn't cause a report to go to MSN/hotmail when it has for others (at least where 157.56.120.98 is concerned):

The history for 115.242.41.217 fails to pick up the above "pairing" of reports to source and relay. There must be a reason ... I figure Don would know it.

Well, here is a new piece of spam (origin, apparently: 180.215.157.121; relay: webmail.tjal.jus.br [177.12.238.12]), and SpamCop appears to ignore sending report to the relay's (177.12.238.12) admin:

Return-Path: <x>

Received: from deliver ([unix socket])

by barrida.3dresearch.com (Cyrus v2.4.17) with LMTPA;

Thu, 27 Feb 2014 22:49:41 -0500

X-Sieve: CMU Sieve 2.4

Received: from barrida.3dresearch.com (localhost [127.0.0.1])

by smtpb.telissant.net (Postfix) with ESMTP id 6E36227339

for <x>; Thu, 27 Feb 2014 22:49:41 -0500 (EST)

X-Virus-Scanned: amavisd-new at telissant.net

X-spam-Flag: NO

X-spam-Score: 3.5

X-spam-Level: ***

X-spam-Status: No, score=3.5 tagged_above=-9999 required=6.2

tests=[bAYES_50=0.8, RCVD_IN_PSBL=2.7] autolearn=no

Received: from smtpb.telissant.net ([127.0.0.1])

by barrida.3dresearch.com (barrida.3dresearch.com [127.0.0.1])

(amavisd-new, port 10024)

with ESMTP id kxWVvdoapdRS for <x>;

Thu, 27 Feb 2014 22:49:21 -0500 (EST)

X-Greylist: delayed 7279 seconds by postgrey-1.34 at

barrida.3dresearch.com; Thu, 27 Feb 2014 22:49:20 EST

Received: from webmail.tjal.jus.br (webmail.tjal.jus.br [177.12.238.12])

by smtpb.telissant.net (Postfix) with ESMTP id 6A1D42731F

for <x>; Thu, 27 Feb 2014 22:49:20 -0500 (EST)

Received: from localhost (localhost.localdomain [127.0.0.1])

by webmail.tjal.jus.br (Postfix) with ESMTP id 84AA16265F6E;

Thu, 27 Feb 2014 22:37:38 -0300 (BRT)

Received: from webmail.tjal.jus.br ([127.0.0.1])

by localhost (webmail.tjal.jus.br [127.0.0.1]) (amavisd-new, port 10032)

with ESMTP id UDXZqSFDfcal; Thu, 27 Feb 2014 22:37:38 -0300 (BRT)

Received: from localhost (localhost.localdomain [127.0.0.1])

by webmail.tjal.jus.br (Postfix) with ESMTP id 3F45A6265F70;

Thu, 27 Feb 2014 22:37:38 -0300 (BRT)

X-Virus-Scanned: amavisd-new at tjal.jus.br

Received: from webmail.tjal.jus.br ([127.0.0.1])

by localhost (webmail.tjal.jus.br [127.0.0.1]) (amavisd-new, port 10026)

with ESMTP id F2RBW48xWlmF; Thu, 27 Feb 2014 22:37:38 -0300 (BRT)

Received: from [180.215.157.121] (unknown [180.215.157.121])

by webmail.tjal.jus.br (Postfix) with ESMTPSA id 703D0626579F;

Thu, 27 Feb 2014 22:37:19 -0300 (BRT)

Content-Type: multipart/mixed; boundary="===============0246437836=="

MIME-Version: 1.0

Subject: Call Mr.Terry Smith For Verification +919582116140.

To: x <x>

From: x

Date: Fri, 28 Feb 2014 07:09:34 +0530

Reply-To: rbi-in[at]outlook.com

Message-Id: <2014___________________579F[at]webmail.tjal.jus.br>

View entire message

Parsing header:

Received: from deliver ([unix socket]) by barrida.3dresearch.com (Cyrus v2.4.17) with LMTPA; Thu, 27 Feb 2014 22:49:41 -0500

Ignored

Received: from barrida.3dresearch.com (localhost [127.0.0.1]) by smtpb.telissant.net (Postfix) with ESMTP id 6E36227339 for <x>; Thu, 27 Feb 2014 22:49:41 -0500 (EST)

host 127.0.0.1 (getting name) no name

127.0.0.1 discarded

Received: from smtpb.telissant.net ([127.0.0.1]) by barrida.3dresearch.com (barrida.3dresearch.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kxWVvdoapdRS for <x>; Thu, 27 Feb 2014 22:49:21 -0500 (EST)

host 127.0.0.1 (getting name) no name

127.0.0.1 discarded

Received: from webmail.tjal.jus.br (webmail.tjal.jus.br [177.12.238.12]) by smtpb.telissant.net (Postfix) with ESMTP id 6A1D42731F for <x>; Thu, 27 Feb 2014 22:49:20 -0500 (EST)

host 177.12.238.12 = webmail.tjal.jus.br (cached)

webmail.tjal.jus.br is 177.12.238.12

Possible spammer: 177.12.238.12

177.12.238.12 is an MX for tjal.jus.br

177.12.238.12 is mx

Received line accepted

Received: from localhost (localhost.localdomain [127.0.0.1]) by webmail.tjal.jus.br (Postfix) with ESMTP id 84AA16265F6E; Thu, 27 Feb 2014 22:37:38 -0300 (BRT)

host 127.0.0.1 (getting name) no name

177.12.238.12 not listed in cbl.abuseat.org

177.12.238.12 not listed in dnsbl.sorbs.net

177.12.238.12 is not an MX for smtpb.telissant.net

177.12.238.12 is an MX for tjal.jus.br

127.0.0.1 discarded

Received: from webmail.tjal.jus.br ([127.0.0.1]) by localhost (webmail.tjal.jus.br [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id UDXZqSFDfcal; Thu, 27 Feb 2014 22:37:38 -0300 (BRT)

host 127.0.0.1 (getting name) no name

177.12.238.12 not listed in cbl.abuseat.org

177.12.238.12 not listed in dnsbl.sorbs.net

177.12.238.12 is not an MX for smtpb.telissant.net

177.12.238.12 is an MX for tjal.jus.br

127.0.0.1 discarded

Received: from localhost (localhost.localdomain [127.0.0.1]) by webmail.tjal.jus.br (Postfix) with ESMTP id 3F45A6265F70; Thu, 27 Feb 2014 22:37:38 -0300 (BRT)

host 127.0.0.1 (getting name) no name

177.12.238.12 not listed in cbl.abuseat.org

177.12.238.12 not listed in dnsbl.sorbs.net

177.12.238.12 is not an MX for smtpb.telissant.net

177.12.238.12 is an MX for tjal.jus.br

127.0.0.1 discarded

Received: from webmail.tjal.jus.br ([127.0.0.1]) by localhost (webmail.tjal.jus.br [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id F2RBW48xWlmF; Thu, 27 Feb 2014 22:37:38 -0300 (BRT)

host 127.0.0.1 (getting name) no name

177.12.238.12 not listed in cbl.abuseat.org

177.12.238.12 not listed in dnsbl.sorbs.net

177.12.238.12 is not an MX for smtpb.telissant.net

177.12.238.12 is an MX for tjal.jus.br

127.0.0.1 discarded

Received: from [180.215.157.121] (unknown [180.215.157.121]) by webmail.tjal.jus.br (Postfix) with ESMTPSA id 703D0626579F; Thu, 27 Feb 2014 22:37:19 -0300 (BRT)

no from

host 180.215.157.121 (getting name) no name

177.12.238.12 not listed in cbl.abuseat.org

177.12.238.12 not listed in dnsbl.sorbs.net

177.12.238.12 is not an MX for smtpb.telissant.net

177.12.238.12 is an MX for tjal.jus.br

Possible spammer: 180.215.157.121

Host webmail.tjal.jus.br (checking ip) = 177.12.238.12

177.12.238.12 not listed in cbl.abuseat.org

177.12.238.12 not listed in dnsbl.sorbs.net

Chain test:webmail.tjal.jus.br =? webmail.tjal.jus.br

webmail.tjal.jus.br and webmail.tjal.jus.br have same hostname - chain verified

Possible relay: 177.12.238.12

Received line accepted

Tracking message source: 180.215.157.121:

Routing details for 180.215.157.121

[refresh/show] Cached whois for 180.215.157.121 : nw_pdsn[at]mtsindia.in

Using last resort contacts nw_pdsn[at]mtsindia.in

Message is 3 hours old

180.215.157.121 not listed in cbl.abuseat.org

180.215.157.121 listed in dnsbl.sorbs.net ( 1 )

180.215.157.121 not listed in accredit.habeas.com

180.215.157.121 not listed in plus.bondedsender.org

180.215.157.121 not listed in iadb.isipp.com

Finding links in message body

Parsing text part

error: couldn't parse head

Message body parser requires full, accurate copy of message

More information on this error..

no links found

Reports regarding this spam have already been sent:

Re: 180.215.157.121 (Administrator of network where email originates)

Reportid: 6086025644 To: nw_pdsn[at]mtsindia.in

If reported today, reports would be sent to:

Re: 180.215.157.121 (Administrator of network where email originates)

nw_pdsn[at]mtsindia.in

Link to comment
Share on other sites

I'm guessing you don't actually have your mailhosts set up? That could make all the difference. A non-mailhosted parse drills through to the apparent source, testing the delivery chain as it goes, trusting there are no "clever forgeries" along the way. A mailhosted parse simply assigns blame at the boundary of your network/extended network except somehow, as seen (maybe) in those past reports, it may go deeper when needed, past any assured relay, as well. Well, that makes sense to me anyway.

Needs some expert review of your data, as a mere user I haven't the knowledge to be able to say for sure without the guesswork.

Link to comment
Share on other sites

I'm guessing you don't actually have your mailhosts set up? That could make all the difference. A non-mailhosted parse drills through to the apparent source, testing the delivery chain as it goes, trusting there are no "clever forgeries" along the way. A mailhosted parse simply assigns blame at the boundary of your network/extended network except somehow, as seen (maybe) in those past reports, it may go deeper when needed, past any assured relay, as well. Well, that makes sense to me anyway.

Needs some expert review of your data, as a mere user I haven't the knowledge to be able to say for sure without the guesswork.

I'm not sure what you mean by "your mailhosts set up": if you mean "does my mailhost send spam messages to SpamCop automatically", then the answer is "No".

Link to comment
Share on other sites

I'm not sure what you mean by "your mailhosts set up": if you mean "does my mailhost send spam messages to SpamCop automatically", then the answer is "No".

Not exactly.

"Mailhosts setup" refers to a way of helping the Spamcop reporting system correctly analyse the messages you report.

From http://www.spamcop.net/fom-serve/cache/397.html

For users with only one email address, the process is easy. Simply log into your SpamCop reporting account and click on the Mailhosts tab at the top of the page. Click on the link at the the bottom of the page to Add first hosts and follow the instructions. For users using their SpamCop email account exclusively, the process is even easier - it is already done. Note: if you forward SpamCop email into or from the SpamCop system, you still have to configure the other email accounts involved.
Link to comment
Share on other sites

  • 2 weeks later...

Thanks for clearing that up. I have absolutely no idea then why relays are sometimes picked up (as it seems from the past reports history) and sometimes not - as in your case and also other instances in the past reports.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...