jeburkes76 Posted July 13, 2004 Share Posted July 13, 2004 Okay here is our setup. We have an email gateway running Symantec Mail Security for SMTP basically an smtp service/engine which does the following. First, it checks the message for viruses, then blacklist(s) (SpamCop), then does a heuristics check. Any message that fails the heuristics check gets sent to a catchall email address on an Exchange 2000 server behind the email gateway. Using Spamsource add for Outlook 2000 I can report the spam fine from the catchall email address but it is reporting my email gateway as the SPAMMER since it is the last server to pass the message on. Since the Symantec Mail Security for SMTP does not have a way to hold the message how can I report the spam correctly or am I doing something wrong? Thanks in Advance. Jeremy Link to comment Share on other sites More sharing options...
StevenUnderwood Posted July 13, 2004 Share Posted July 13, 2004 Any server that touches the message should be adding headers to indicate that. You should be able to register your server in mailhosts (you may need to go through the waiver process because of your configuration) to tell spamcop to trust the headers of the gateway. Otherwise, post the full headers here (or better yet, a tracking URL for one trying to report your server) and we may also be able to tell you why the headers are failing the spamcop parse. Link to comment Share on other sites More sharing options...
jeburkes76 Posted July 13, 2004 Author Share Posted July 13, 2004 Here is a report I sent like I have been trying, if I am reading it correctly under the If reported today, reports would be sent to: It has my email gateway server listed with IP address 206.39.246.201 as the originator (if I am not mistaked). It could just be that I am reading the reporting wrong. Thanks. Jeremy SpamCop v 1.356 © SpamCop.net, Inc. 1998-2004 All Rights Reserved spam Header This page may be saved for future reference: http://www.spamcop.net/sc?id=z547330861z24...962ae7d8052f82z Skip to Reports Received: from spspam1.sphq.ssp.navy.mil ([206.39.246.201]) by spmail2.sphq.ssp.navy.mil with Microsoft SMTPSVC(5.0.2195.6872); Tue, 13 Jul 2004 12:40:42 -0400 Received: from out6.mysport-times.com ([64.70.22.163]) by spspam1.sphq.ssp.navy.mil (SMSSMTP 4.0.0.59) with SMTP id M2004071312404228605 for <x>; Tue, 13 Jul 2004 12:40:42 -0400 Received: by out6.mysport-times.com (PowerMTA v2.0r4) id hug7l204a2gj; Tue, 13 Jul 2004 09:35:18 -0700 (envelope-from <pmv8rky[at]e-timetochuckle.com>) Date: Tue, 13 Jul 2004 09:35:18 -0700 X-OriginalArrivalTime: Tuesday, July 13, 2004 09:35:18 From: SMS.SMTP[at]sphq.ssp.navy.mil To: x Reply-To: AFhU3ZKPQQWBMDXKTRKXSFYIN[at]e-timetochuckle.com Subject: =?utf-8?B?QmFyYmFyYSdzIERhdGUgVG9uaWdodG==?= MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----_=_NextPart_f9c9_15c6a0.2125830" Content-Length: 6398 Return-Path: SMS.SMTP[at]sphq.ssp.navy.mil Message-ID: <SPMA___________________082a[at]spmail2.sphq.ssp.navy.mil>View entire message Parsing header: Received: from spspam1.sphq.ssp.navy.mil ([206.39.246.201]) by spmail2.sphq.ssp.navy.mil with Microsoft SMTPSVC(5.0.2195.6872); Tue, 13 Jul 2004 12:40:42 -0400 206.39.246.201 found host 206.39.246.201 (getting name) no name Possible spammer: 206.39.246.201 Received line accepted Received: from out6.mysport-times.com ([64.70.22.163]) by spspam1.sphq.ssp.navy.mil (SMSSMTP 4.0.0.59) with SMTP id M2004071312404228605 for <x>; Tue, 13 Jul 2004 12:40:42 -0400 64.70.22.163 found host 64.70.22.163 = out6.mysport-times.com (cached) host out6.mysport-times.com (checking ip) = 64.70.22.163 206.39.246.201 not listed in dnsbl.njabl.org 206.39.246.201 not listed in cbl.abuseat.org 206.39.246.201 not listed in dnsbl.sorbs.net 206.39.246.201 is not an MX for spmail2.sphq.ssp.navy.mil 206.39.246.201 is not an MX for spspam1.sphq.ssp.navy.mil 206.39.246.201 is not an MX for spmail2.sphq.ssp.navy.mil 206.39.246.201 not listed in dnsbl.njabl.org Possible spammer: 64.70.22.163 host spspam1.sphq.ssp.navy.mil (checking ip) ip not found ; spspam1.sphq.ssp.navy.mil discarded as fake. Chain test:spspam1.sphq.ssp.navy.mil =? 206.39.246.201 206.39.246.201 is not an MX for spspam1.sphq.ssp.navy.mil host spspam1.sphq.ssp.navy.mil (checking ip) ip not found ; spspam1.sphq.ssp.navy.mil discarded as fake. cannot find an mx for spspam1.sphq.ssp.navy.mil 206.39.250.30 is an mx ( 10 ) for sphq.ssp.navy.mil 206.39.246.201 is not an MX for spspam1.sphq.ssp.navy.mil Chain test failed Routing details for 206.39.246.201 [refresh/show] Cached whois for 206.39.246.201 : hostmaster[at]nic.mil I refuse to bother hostmaster[at]nic.mil. Using hostmaster#nic.mil[at]devnull.spamcop.net for statistical tracking. Using last resort contacts hostmaster#nic.mil[at]devnull.spamcop.net Chain error spspam1.sphq.ssp.navy.mil not equal to last sender received line discarded Tracking message source: 206.39.246.201: Routing details for 206.39.246.201 [refresh/show] Cached whois for 206.39.246.201 : hostmaster[at]nic.mil I refuse to bother hostmaster[at]nic.mil. Using hostmaster#nic.mil[at]devnull.spamcop.net for statistical tracking. Using last resort contacts hostmaster#nic.mil[at]devnull.spamcop.net Yum, this spam is fresh! Message is 1 hours old 206.39.246.201 not listed in dnsbl.njabl.org 206.39.246.201 not listed in dnsbl.njabl.org 206.39.246.201 not listed in cbl.abuseat.org 206.39.246.201 not listed in dnsbl.sorbs.net 206.39.246.201 not listed in relays.ordb.org. 206.39.246.201 not listed in query.bondedsender.org 206.39.246.201 not listed in iadb.isipp.com Finding links in message body Parsing text part Resolving link obfuscation http://clicks.timetolaugh.info/profile.asp...&lid=14&email=x host 66.226.4.28 (getting name) no name http://clicks.timetolaugh.info/redir.aspx?id=269468&email=x host 66.226.4.28 (getting name) no name Tracking link: http://clicks.timetolaugh.info/redir.aspx?id=269468&email=x No recent reports, no history available Resolves to 66.226.4.28 Routing details for 66.226.4.28 [refresh/show] Cached whois for 66.226.4.28 : dnsadmin[at]alchemy.net Using abuse net on dnsadmin[at]alchemy.net abuse net alchemy.net = abuse[at]alchemy.net Using best contacts abuse[at]alchemy.net Tracking link: http://clicks.timetolaugh.info/profile.asp...&lid=14&email=x No recent reports, no history available Resolves to 66.226.4.28 Routing details for 66.226.4.28 [refresh/show] Cached whois for 66.226.4.28 : dnsadmin[at]alchemy.net Using abuse net on dnsadmin[at]alchemy.net abuse net alchemy.net = abuse[at]alchemy.net Using best contacts abuse[at]alchemy.net Reports regarding this spam have already been sent: Reportid: 1111197463 To: cancelled[at]devnull.spamcop.net If reported today, reports would be sent to: Re: 206.39.246.201 (Administrator of network where email originates) hostmaster#nic.mil[at]devnull.spamcop.net Re: 206.39.246.201 (Third party interested in email source) spamcop[at]imaphost.com Re: http://clicks.timetolaugh.info/profile.asp?eid=... (Administrator of network hosting website referenced in spam) abuse[at]alchemy.net Re: http://clicks.timetolaugh.info/redir.aspx?id=26... (Administrator of network hosting website referenced in spam) abuse[at]alchemy.net Link to comment Share on other sites More sharing options...
StevenUnderwood Posted July 13, 2004 Share Posted July 13, 2004 You are reading it correctly. host spspam1.sphq.ssp.navy.mil (checking ip) ip not found ; spspam1.sphq.ssp.navy.mil discarded as fake. Chain test:spspam1.sphq.ssp.navy.mil =? 206.39.246.201 206.39.246.201 is not an MX for spspam1.sphq.ssp.navy.mil host spspam1.sphq.ssp.navy.mil (checking ip) ip not found ; spspam1.sphq.ssp.navy.mil discarded as fake. cannot find an mx for spspam1.sphq.ssp.navy.mil 206.39.250.30 is an mx ( 10 ) for sphq.ssp.navy.mil 206.39.246.201 is not an MX for spspam1.sphq.ssp.navy.mil Chain test failed Because the MX for the message should go to 206.39.250.30, spamcop is rejecting 206.39.246.201 accepting it from the internet. It is possible that if the spspam1.sphq.ssp.navy.mil server had a DNS entry that spamcop would not discard it and see it as "close enough" to the MX to be accepted. It is also possible that since spspam1 is not in the same /24 network, that it would not be "close enough" anyway. You could contact the deputies<at>spamcop.net for a ruling on that. They may also have further insight as to why it was rejected. Either way, if you can get the mailhost configuration approved, I think this will work. Link to comment Share on other sites More sharing options...
jeburkes76 Posted July 13, 2004 Author Share Posted July 13, 2004 Thanks StevenUnderwood, I appreciate the help. I have emailed the deputies linking this thread/topic to see what they suggest. Jeremy Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.