Jump to content

Spamcop Referance in a Spam header.?


EdwardQ

Recommended Posts

Posted

I'm starting to get these spam that has Spamcop referance in the header. What is this referance? I don't use a spamcop flitering. I only use Spamcop to anaize spam and report it.

X-Persona: <Edward V>

Received: from 63.99.209.87 [210.106.237.117] by mailex03.readyhosting.com

(SMTPD32-8.05) id A926ACF006C; Sun, 16 May 2004 17:20:22 -0500

Message-ID: <06743349969464.4NS21223867vnb[at]indiatimes.com>

Received: from 216.177.96.233 by ctnlq56-bu331.bs7.indiatimes.com with DAV;

Mon, 17 May 2004 00:19:17 +0100

Reply-To: "Herminia " <fbxaasfsgwdave[at]plasa.com>

From: "Herminia " <fbxaasfsgwdave[at]plasa.com>

To: <eddy[at]quicksall.com>

Subject: styrofoam

Date: Mon, 17 May 2004 00:23:17 +0100

MIME-Version: 1.0

Content-Type: multipart/alternative;

boundary="--8800665030174707349"

X-IMAIL-spam-DNSBL: (SpamCop,181338220,127.0.0.2)

X-IMAIL-spam-VALHELO: (181338220)

X-IMAIL-spam-VALREVDNS: (181338220)

X-RCPT-TO: <edwardv[at]quicksall.com>

Status: U

X-UIDL: 340763374

Content-Type: text/plain;

Content-Transfer-Encoding: 7Bit

Holman,';,

0nline Doct0rs!

up to 70% of the best pain killers out!

_Som[at] vioxx, v-ia-gra, Fioriceet, Phentremine

and other popular meds..valium,Xan[at]x_,i[at]lis,[at]

http://www.9002hosting.com/mx1.htm

--

andre,on the door,andre,on the door,andre,on the door,andre,on the door.

Posted
X-IMAIL-spam-DNSBL: (SpamCop,181338220,127.0.0.2)

X-IMAIL-spam-VALHELO: (181338220)

X-IMAIL-spam-VALREVDNS: (181338220)

You may not use it but someone in your mail chain is using it. My reading of the headers shows it may be readyhosting which is at least processing email messages. The IP address [210.106.237.117] is on the spamcop bl so if blocking were being used, you would not have received that message. It looks to me to be the only valid header shown. I would contact your mail handler, readyhosting.

Received: from 63.99.209.87 [210.106.237.117] by mailex03.readyhosting.com

63.99.209.87 is mailex03.readyhosting.com which is forged HELO information.

210.106.237.117 has no reverse dns

210.106.237.117 listed in bl.spamcop.net (127.0.0.2) which matches the result from the header.

It did not come through the spamcop email system because the headers would be x-spamcop-*.

Posted
X-IMAIL-spam-DNSBL: (SpamCop,181338220,127.0.0.2)

The Imail SMTP/POP3 server that is being used inserts the X-IMAIL-spam when it checks against its various criteria set by the administrators.

IMAIL can be set to delete mail from the queue if it fails a pre-set number of spam tests or, alternatively insert the header so that the message is tagged for the recipient to more readily identify and handle it on arrival.

In this case the headers indicate that the message failed a check against the Spamcop DNSBL, failed a HELO/EHLO validation and a reverse DNS check.

My guess is that the admins of your mail server are tagging messages only or they may have set the threshold for rejecting a message at four errors so this one crept through.

If you're interested the Imail manual is available for download from the Ipswitch website.

Andrew

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...