EdwardQ Posted May 17, 2004 Posted May 17, 2004 I'm starting to get these spam that has Spamcop referance in the header. What is this referance? I don't use a spamcop flitering. I only use Spamcop to anaize spam and report it. X-Persona: <Edward V> Received: from 63.99.209.87 [210.106.237.117] by mailex03.readyhosting.com (SMTPD32-8.05) id A926ACF006C; Sun, 16 May 2004 17:20:22 -0500 Message-ID: <06743349969464.4NS21223867vnb[at]indiatimes.com> Received: from 216.177.96.233 by ctnlq56-bu331.bs7.indiatimes.com with DAV; Mon, 17 May 2004 00:19:17 +0100 Reply-To: "Herminia " <fbxaasfsgwdave[at]plasa.com> From: "Herminia " <fbxaasfsgwdave[at]plasa.com> To: <eddy[at]quicksall.com> Subject: styrofoam Date: Mon, 17 May 2004 00:23:17 +0100 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="--8800665030174707349" X-IMAIL-spam-DNSBL: (SpamCop,181338220,127.0.0.2) X-IMAIL-spam-VALHELO: (181338220) X-IMAIL-spam-VALREVDNS: (181338220) X-RCPT-TO: <edwardv[at]quicksall.com> Status: U X-UIDL: 340763374 Content-Type: text/plain; Content-Transfer-Encoding: 7Bit Holman,';, 0nline Doct0rs! up to 70% of the best pain killers out! _Som[at] vioxx, v-ia-gra, Fioriceet, Phentremine and other popular meds..valium,Xan[at]x_,i[at]lis,[at] http://www.9002hosting.com/mx1.htm -- andre,on the door,andre,on the door,andre,on the door,andre,on the door.
StevenUnderwood Posted May 17, 2004 Posted May 17, 2004 X-IMAIL-spam-DNSBL: (SpamCop,181338220,127.0.0.2) X-IMAIL-spam-VALHELO: (181338220) X-IMAIL-spam-VALREVDNS: (181338220) You may not use it but someone in your mail chain is using it. My reading of the headers shows it may be readyhosting which is at least processing email messages. The IP address [210.106.237.117] is on the spamcop bl so if blocking were being used, you would not have received that message. It looks to me to be the only valid header shown. I would contact your mail handler, readyhosting. Received: from 63.99.209.87 [210.106.237.117] by mailex03.readyhosting.com 63.99.209.87 is mailex03.readyhosting.com which is forged HELO information. 210.106.237.117 has no reverse dns 210.106.237.117 listed in bl.spamcop.net (127.0.0.2) which matches the result from the header. It did not come through the spamcop email system because the headers would be x-spamcop-*.
agsteele Posted May 17, 2004 Posted May 17, 2004 X-IMAIL-spam-DNSBL: (SpamCop,181338220,127.0.0.2) The Imail SMTP/POP3 server that is being used inserts the X-IMAIL-spam when it checks against its various criteria set by the administrators. IMAIL can be set to delete mail from the queue if it fails a pre-set number of spam tests or, alternatively insert the header so that the message is tagged for the recipient to more readily identify and handle it on arrival. In this case the headers indicate that the message failed a check against the Spamcop DNSBL, failed a HELO/EHLO validation and a reverse DNS check. My guess is that the admins of your mail server are tagging messages only or they may have set the threshold for rejecting a message at four errors so this one crept through. If you're interested the Imail manual is available for download from the Ipswitch website. Andrew
Recommended Posts
Archived
This topic is now archived and is closed to further replies.