kpbuckeye Posted June 4, 2004 Share Posted June 4, 2004 I am having trouble w/ one particular submission, i have received others after this that went through fine, this one just times out or something. below is the text i get when i click to do the submission. sorry its long. Return-path: <sheer[at]firstag.com> Received: from ms-mta-03 (ms-mta-03 [10.24.14.240]) by ms-mss-03.columbus.rr.com (iPlanet Messaging Server 5.2 HotFix 1.21 (built Sep 8 2003)) with ESMTP id <0HYP00L1XWH3JZ[at]ms-mss-03.columbus.rr.com> for x; Thu, 03 Jun 2004 01:27:03 -0400 (EDT) Received: from nymx03.mgw.rr.com (nymx03.mgw.rr.com [24.92.226.164]) by ms-mta-03.columbus.rr.com (iPlanet Messaging Server 5.2 HotFix 1.21 (built Sep 8 2003)) with ESMTP id <0HYP00GW6WH2U5[at]ms-mta-03.columbus.rr.com> for x (ORCPT x); Thu, 03 Jun 2004 01:27:03 -0400 (EDT) Received: from athlon1800.ASINCO.SOFTPRIME (athlon1800.ASINCO.SOFTPRIME [200.72.188.103] (may be forged)) by nymx03.mgw.rr.com (8.12.10/8.12.8) with SMTP id i535Mhg0006138 for x; Thu, 03 Jun 2004 01:26:50 -0400 (EDT) Received: from unknown (HELO EDCEE) (192.168.148.185) by athlon1800.ASINCO.SOFTPRIME with SMTP; Thu, 03 Jun 2004 01:26:27 +0000 Date: Thu, 03 Jun 2004 01:26:15 +0000 From: valma evangelina <sheer[at]firstag.com> Subject: He Came In Her bottom... gglw ygmthlp lcime To: elyn elberta <x> Message-id: <0063______________________fad3[at]EDCEE> MIME-version: 1.0 Content-type: multipart/alternative; boundary="----=_NextPart_000_0060_01C44909.0FD06519" X-Priority: 3 X-Virus-Scanned: Symantec AntiVirus Scan Engine Original-recipient: rfc822;x View entire message Parsing header: Received: from ms-mta-03 (ms-mta-03 [10.24.14.240]) by ms-mss-03.columbus.rr.com (iPlanet Messaging Server 5.2 HotFix 1.21 (built Sep 8 2003)) with ESMTP id <0HYP00L1XWH3JZ[at]ms-mss-03.columbus.rr.com> for x; Thu, 03 Jun 2004 01:27:03 -0400 (EDT) 10.24.14.240 found host 10.24.14.240 (getting name) no name 10.24.14.240 discarded Received: from nymx03.mgw.rr.com (nymx03.mgw.rr.com [24.92.226.164]) by ms-mta-03.columbus.rr.com (iPlanet Messaging Server 5.2 HotFix 1.21 (built Sep 8 2003)) with ESMTP id <0HYP00GW6WH2U5[at]ms-mta-03.columbus.rr.com> for x (ORCPT x); Thu, 03 Jun 2004 01:27:03 -0400 (EDT) 24.92.226.164 found host 24.92.226.164 = nymx03.mgw.rr.com (cached) host nymx03.mgw.rr.com (checking ip) = 24.92.226.164 Possible spammer: 24.92.226.164 ips are close enough 24.92.226.164 is close to an MX (24.92.226.25) for rr.com 24.92.226.164 is mx Received line accepted Received: from athlon1800.ASINCO.SOFTPRIME (athlon1800.ASINCO.SOFTPRIME [200.72.188.103] (may be forged)) by nymx03.mgw.rr.com (8.12.10/8.12.8) with SMTP id i535Mhg0006138 for x; Thu, 03 Jun 2004 01:26:50 -0400 (EDT) 200.72.188.103 found host 200.72.188.103 = athlon1800.ASINCO.SOFTPRIME (cached) host athlon1800.ASINCO.SOFTPRIME (checking ip) ip not found ; athlon1800.ASINCO.SOFTPRIME discarded as fake. 24.92.226.164 not listed in dnsbl.njabl.org 24.92.226.164 not listed in cbl.abuseat.org 24.92.226.164 not listed in dnsbl.sorbs.net 24.92.226.164 is an MX for columbus.rr.com Possible spammer: 200.72.188.103 200.72.188.103 is not an MX for athlon1800.ASINCO.SOFTPRIME host athlon1800.ASINCO.SOFTPRIME (checking ip) ip not found ; athlon1800.ASINCO.SOFTPRIME discarded as fake. cannot find an mx for athlon1800.ASINCO.SOFTPRIME cannot find an mx for ASINCO.SOFTPRIME host nymx03.mgw.rr.com (checking ip) = 24.92.226.164 24.92.226.164 not listed in dnsbl.njabl.org 24.92.226.164 not listed in cbl.abuseat.org 24.92.226.164 not listed in dnsbl.sorbs.net Chain test:nymx03.mgw.rr.com =? nymx03.mgw.rr.com nymx03.mgw.rr.com and nymx03.mgw.rr.com have same hostname - chain verified Possible relay: 24.92.226.164 24.92.226.164 not listed in relays.ordb.org. 24.92.226.164 has already been sent to relay testers Received line accepted Received: from unknown (HELO EDCEE) (192.168.148.185) by athlon1800.ASINCO.SOFTPRIME with SMTP; Thu, 03 Jun 2004 01:26:27 +0000 192.168.148.185 found host 192.168.148.185 (getting name) no name 200.72.188.103 listed in dnsbl.njabl.org ( 127.0.0.9 ) Open proxies untrusted as relays Tracking message source: 200.72.188.103: Routing details for 200.72.188.103 De-referencing entelchile.net[at]abuse.net abuse net entelchile.net = enteladminip[at]entel.cl, rurbina[at]entel.cl Report routing for 200.72.188.103: enteladminip[at]entel.cl, rurbina[at]entel.cl Message is 19 hours old 200.72.188.103 listed in dnsbl.njabl.org ( 127.0.0.9 ) 200.72.188.103 listed in dnsbl.njabl.org ( 127.0.0.9 ) 200.72.188.103 is an open proxy 200.72.188.103 not listed in query.bondedsender.org 200.72.188.103 not listed in iadb.isipp.com Finding links in message body Recurse multipart: Parsing text part Parsing HTML part Resolving link obfuscation http://pnoec.cartonfullofcigs.com/n/dol/g/main.html http://ghwepoo.cartonfullofcigs.com/n/dol/g/main.html http://olv.cartonfullofcigs.com/n/dol/g/main.html http://ts.cartonfullofcigs.com/n/dol/g/main.html http://ea.cartonfullofcigs.com/n/dol/g/main.html http://rk.cartonfullofcigs.com/n/dol/g/main.html http://rohn.cartonfullofcigs.com/n/dol/g/main.html http://im.cartonfullofcigs.com/n/dol/g/main.html got sigalarm, taking too long to process, aborted. Perhaps you can wait a few minutes and reload? Link to comment Share on other sites More sharing options...
Wazoo Posted June 4, 2004 Share Posted June 4, 2004 Oh geeze, I was hoping someone was going to handle this over in the newsgroups. I had changed your "members" URL to "www" so I could arrmpt to look at your parse ... ran into the same issue, it took forever to load the page, then saw the same sigalarm message. I even had a posting started to agree that your parse was sucking, and that I had ran two spams of my own through the web-based parser with no issues .. was starting to say something about perhaps this one needing to have the actual spam posted over in the spamcop.spam group .. got to thinking that there should have been the "see full spam" on the Tracking/parser page that I'd just closed ... was going to go back and run it up again before saying something really stupid .... got interrupted, phone call from an elderly woman down the street ... just home from the hospital, husband had a heart attack about 0230, and some lowlife scum (I'm guessing someone using a scanner on the police/emergency channels) had entered the house and ripped off the valuables .... I'm headed back to the newsgroups to see if I can figure out why someone hasn't looked at it over there first ... This is something that Mike Easter usually likes to tinker with .... Link to comment Share on other sites More sharing options...
Wazoo Posted June 4, 2004 Share Posted June 4, 2004 Ok, I don't quite understand why your newsgroup post seems to have been ignored. However, did the URL change again so I could could look at it, got the same result ... the "view entire spam" was there .. took a look .. damn, what a mess ... Without spending too much more time on it, here's my take. Your spammer is one that frequents the newsgroups, and is thus aware of the current code work going on to handle the too-many links issue and has really busted his/her hump on making sure that his/her spew is going to really screw up any chance of reporting it. I'm hoping you still have the original copy, as I believe this fits into Ellen's request at http://forum.spamcop.net/forums/index.php?showtopic=1549 ... please read that and send off a copy for Julian's collection. Link to comment Share on other sites More sharing options...
art0l0 Posted June 4, 2004 Share Posted June 4, 2004 I have had two or three reports with this same problem. The first I tried submitting at least three times and then gave up on it. It never showed up on my page as unreported spam. The next time I tried resubmitting one the result was back in a flash with the normal reporting buttons. If it happened a third time that email also processed on the second pass without problem. Link to comment Share on other sites More sharing options...
Wazoo Posted June 4, 2004 Share Posted June 4, 2004 Can't speak to yours (art101) .. but kpbuckeye's I've touched 5 times throughout the day, not sure if he/she said how many times he/she tried it ... and as I said above, this particular piece of spew was definitely "crafted" ... Link to comment Share on other sites More sharing options...
Wazoo Posted June 4, 2004 Share Posted June 4, 2004 Wow, confusion reigns! It was pointed out by the poster over in the newsgroups that he/she did not use the Forums, so my post "there" referencing the post "here" confused that person. So, I'll also make the assumption that kpbuckeye is wondering what I was talking about "here" when talking about the posts "there" ... Bottom line, thus far, there are two people that are sharing some spammer spew. One posted early afternoon in the newsgroups, the other posted in the Forums in the evening. For some reason, I was the only one that apparently went to take a look at the attempted submittals and offered any words as to what to do next. Apologies if it appeared that I was losing it <g> Link to comment Share on other sites More sharing options...
Robert Slade Posted June 4, 2004 Share Posted June 4, 2004 I posted the original in the newsgroups. It looks like we got the same spam - similar URLs (same domain) from different sources. I have sent my original to the deputies as an example of 'bad spam'. I had to delete all my unreported spam to get the paser to work again. Just tried parsing the doggy spam aagin through the web parser with the same results. Looks like there is someting in it that the paser does not like. Now unconfused Rob Link to comment Share on other sites More sharing options...
Wazoo Posted June 4, 2004 Share Posted June 4, 2004 Thanks Robert for making the trip <g> Here's hoping that the fix shows up soon. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.