Jump to content
clivel

Help with: Possible forgery. Supposed receiving system not associated with any of your mailhosts

Recommended Posts

Hello,

I am receiving bounced spam which had used my email address as the reply to address. As this bounced spam is unsolicited I report much of it to SpamCop. However many of the reports are not accepted with the following error:

 
Quote
Parsing header:
0: Received: from mail.modares.ac.ir ([194.225.166.4]) by mx.kundenserver.de (mxeueus001) with ESMTPS (Nemesis) id 0LyC7H-1bHSCo3jgj-015ZGX for <x>; Tue, 12 Jul 2016 18:41:44 +0200

Hostname verified: mx.modares.ac.ir

Possible forgery. Supposed receiving system not associated with any of your mailhosts

Will not trust this Received line.

Mailhost configuration problem, identified internal IP as source

Mailhost:
Please correct this situation - register every email address where you receive spam

No source IP address found, cannot proceed.

Is that because mx.kundenserver.de is not associated with my mailhost?  My hosting company is 1and1, I think that mx.kundenserver.de is associated with 1and1.

This is the header of the email that generated the error above:

Quote

Return-Path: <Postmaster@modares.ac.ir> Received: from mail.modares.ac.ir ([194.225.166.4]) by mx.kundenserver.de (mxeueus001) with ESMTPS (Nemesis) id 0LyC7H-1bHSCo3jgj-015ZGX for <x>; Tue, 12 Jul 2016 18:41:44 +0200 X-spam-Processed: mail.modares.ac.ir, Tue, 12 Jul 2016 21:10:17 +0430 X-spam-Level: * X-spam-Status: No, score=1.6 required=4.0 tests=BAYES_50,NO_RELAYS, URIBL_BLOCKED shortcircuit=no autolearn=no version=3.3.2 X-spam-Report: * 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. * See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block * for more information. * [URIs: modares.ac.ir] * -0.0 NO_RELAYS Informational: message was not relayed via SMTP * 1.6 BAYES_50 BODY: Bayes spam probability is 40 to 60% * [score: 0.5000] X-spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) Received: from mail.modares.ac.ir by mail.modares.ac.ir (via RAW) (MDaemon PRO v14.5.2) for <x>; Tue, 12 Jul 2016 21:10:17 +0430 Date: Tue, 12 Jul 2016 21:10:17 +0430 Reply-To: Postmaster@modares.ac.ir From: Postmaster@modares.ac.ir Subject: MDaemon Notification -- Attachment Removed

 

 

This is what SpamCop displays when it processes one of these bounced messages correctly
 

Quote

Parsing header:

0: Received: from NAM01-SN1-obe.outbound.protection.outlook.com ([104.47.32.217]) by mx.perfora.net (mxeueus002) with ESMTPS (Nemesis) id 0MLxG6-1bSXmZ3opI-007ktp for <x>; Tue, 12 Jul 2016 18:53:32 +0200

Hostname verified: mail-sn1nam01hn0217.outbound.protection.outlook.com
1&1 received mail from sending system 104.47.32.217

 

Thanks,

Clive

 

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×