lisali Posted June 15, 2018 Share Posted June 15, 2018 Hi, Since about a month ago, I can't submit ANY spam. All I get, every time, is: "Mailhost configuration problem, identified internal IP as source" It seems to be a SpamCop parsing issue, as other online tools parse the same email headers correctly:https://mxtoolbox.com/EmailHeaders.aspx https://www.iptrackeronline.com/email-header-analysis.php What do I do? Thanks! Quote Link to comment Share on other sites More sharing options...
Lking Posted June 15, 2018 Share Posted June 15, 2018 Without a Tracking URL as an example of "why/how" processed you submission, anyone would just be guessing as to what to do. Quote Link to comment Share on other sites More sharing options...
lisali Posted June 16, 2018 Author Share Posted June 16, 2018 23 hours ago, Lking said: Without a Tracking URL as an example of "why/how" processed you submission, anyone would just be guessing as to what to do. Hi! I was going to add an example, but they all seem to reveal a bit too much data, including the email the spam was sent to (only the final catch-all email seems to be redacted). Is there a way around this? Quote Link to comment Share on other sites More sharing options...
Lking Posted June 16, 2018 Share Posted June 16, 2018 I believe that if you check your tracking URL when you are not logged into spamcop.net you will see what other will see and that your email will not be revealed. For example: https://www.spamcop.net/sc?id=z6469367419z07b4227d56dc0803077ec3b56d0aaef8z Quote Link to comment Share on other sites More sharing options...
lisali Posted June 16, 2018 Author Share Posted June 16, 2018 4 minutes ago, Lking said: I believe that if you check your tracking URL when you are not logged into spamcop.net you will see what other will see and that your email will not be revealed. For example: https://www.spamcop.net/sc?id=z6469367419z07b4227d56dc0803077ec3b56d0aaef8z Hi! If you click "view full message", it shows more details. In my case, it shows the full email that the spam was sent to, even if not logged in. As mentioned, only the final destination that the offending email is forwarded to is redacted by SpamCop. Quote Link to comment Share on other sites More sharing options...
Lking Posted June 17, 2018 Share Posted June 17, 2018 I don't know what your are seeing. In my example above my email is replaced by <x> (red bold below added). Take a look at you reporting options. Quote Received: from localhost (unknown [158.69.21.96]) by knob.com (Postfix) with ESMTP id 7A62B9B9C58 for <x>; Sat, 16 Jun 2018 04:59:08 +0000 (UTC) Received: from knob.com ([158.69.132.42]) by localhost (maia-mtl.ca.hub.org [158.69.21.96]) (maiad, port 10024) with ESMTP id 97784-03 for <x>; Sat, 16 Jun 2018 04:59:08 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.8.0 Received: from o29.healthcarereform.businsure.com (o29.healthcarereform.businsure.com [198.37.157.158]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by knob.com (Postfix) with ESMTPS id 022349B9C53 for <x>; Sat, 16 Jun 2018 04:59:07 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=businsure.com; h=content-transfer-encoding:content-type:from:mime-version:reply-to:to:subject; s=smtpapi; bh=AphJ+LD/k9UDhFzfB0SjruP4rNo=; b=au5R6P57MTuPCWCzyi TM20VEycRAHvcYPzcAY1jQJUKW4j2hOnRS+mhLGjGETh2kPQIhDEz2AooIDhSTYl b/qF3wYAiT4+jGv5a9ZoyDMplWQ5d7J/+Ojzd2ZGqkNaS3VipZfGi1TdK0GtNAuE WDELm8Mzh/JJrDddNBC4rjlqM= Received: by filter0033p3las1.sendgrid.net with SMTP id filter0033p3las1-16562-5B249919-12 2018-06-16 04:59:05.671646071 +0000 UTC Received: from NjQxOTE3 (mail.instantbusinessresources.com [162.250.10.221]) by ismtpd0041p1mdw1.sendgrid.net (SG) with HTTP id kznZoqaZSGSYTjSL82UfNg Sat, 16 Jun 2018 04:59:05.594 +0000 (UTC) Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=UTF-8 Date: Sat, 16 Jun 2018 04:59:05 +0000 (UTC) From: "Gordon Mumpower" <gordon@businsure.com> Mime-Version: 1.0 Reply-to: gordon@businsure.com To: "x" <x> Quote Link to comment Share on other sites More sharing options...
lisali Posted June 17, 2018 Author Share Posted June 17, 2018 Hi! That seems to be the case ONLY if the email is NOT forwarded. In my case, all emails are forwarded to a catch-all address, let's call it EMAIL B. If spam was sent to EMAIL A, then forwarded to EMAIL B, only EMAIL B will be redacted in the report. I can still see the full EMAIL A in SpamCop reports, even when not logged in. Quote Link to comment Share on other sites More sharing options...
Lking Posted June 17, 2018 Share Posted June 17, 2018 5 hours ago, lisali said: That seems to be the case ONLY if the email is NOT forwarded. That is not the case. I you will check again, now my example has been completed. Quote Link to comment Share on other sites More sharing options...
lisali Posted June 17, 2018 Author Share Posted June 17, 2018 20 minutes ago, Lking said: That is not the case. I you will check again, now my example has been completed. Sorry - what do you mean? In my case, I can see the original email in my reports. Quote Link to comment Share on other sites More sharing options...
Lking Posted June 17, 2018 Share Posted June 17, 2018 Have you configured you mailhost to include all the forwardeding? Sorry I did not read you post closely enough. Quote Link to comment Share on other sites More sharing options...
lisali Posted June 19, 2018 Author Share Posted June 19, 2018 On 6/17/2018 at 5:46 PM, Lking said: Have you configured you mailhost to include all the forwardeding? Sorry I did not read you post closely enough. Hi! No worries. Yes, I have configured all my mailhosts. From what I understand, this issue relates to how Gmail shows the sender/relaying IP, which confuses SpamCop. Other online tools, however, seem to parse these headers just fine. Quote Link to comment Share on other sites More sharing options...
lisali Posted June 30, 2018 Author Share Posted June 30, 2018 Hi! Any update on this? Quote Link to comment Share on other sites More sharing options...
lisali Posted July 31, 2018 Author Share Posted July 31, 2018 Any fix or an update? Quote Link to comment Share on other sites More sharing options...
RobiBue Posted July 31, 2018 Share Posted July 31, 2018 does your spam by any chance arrive to a gmail account? (or is delivered by gmail) Quote Link to comment Share on other sites More sharing options...
RobiBue Posted August 1, 2018 Share Posted August 1, 2018 Ok, just reread the thread and found the following On 6/19/2018 at 9:21 AM, lisali said: Hi! No worries. Yes, I have configured all my mailhosts. From what I understand, this issue relates to how Gmail shows the sender/relaying IP, which confuses SpamCop. Other online tools, however, seem to parse these headers just fine. Yeah, Gmail adds their Received: header with a 6to4 IPv6 address from a private 10.0.0.0/8 network which according to RFC 3056 §2 is not allowed, but them being google, do it anyway regardless of the consequences. This, in my opinion, is something that google shouldn’t have implemented and should fix. SpamCop should be able to cope with the 6to4 address and see it as an internal private address just as it would be if it was given the original 10.nnn.nnn.nnn address. Currently it seems that neither SC nor google is about to budge. All we can do, is either delete the 2nd line Received: header with its faulty IPv6 address and paste it as a comment for the receiving abuse recipients for completeness, or put the IPv6 address in parentheses and place its equivalent IPv4 address in front. an example of that 2nd line: Received: by 10.176.75.22 (2002:ab0:4b16:0:0:0:0:0) with SMTP id h22-v6csp5358367uaf; Tue, 31 Jul 2018 11:25:32 -0700 (PDT) Quote Link to comment Share on other sites More sharing options...
Dave_L Posted August 1, 2018 Share Posted August 1, 2018 On 6/16/2018 at 10:02 AM, lisali said: Hi! I was going to add an example, but they all seem to reveal a bit too much data, including the email the spam was sent to (only the final catch-all email seems to be redacted). Is there a way around this? One possibility is to "munge" the information you don't want revealed, before Spamcop parses it. Quote Link to comment Share on other sites More sharing options...
lisali Posted August 2, 2018 Author Share Posted August 2, 2018 Yes! This seems to be a Gmail issue. spam not sent to Gmail seems to be parsed fine. I can't be manually editing lines for SpamCop to accept this. Why can't everyone just work together nicely? ? Is there a way for SpamCop to work around this in the meantime? Quote Link to comment Share on other sites More sharing options...
RobiBue Posted August 2, 2018 Share Posted August 2, 2018 I received this from SpamCop: <quote> Google has promised to fix the issue but have not provided an ETA of a fix. We [SpamCop] looked at programming around it but that option was rejected by our CERT board as it would have opened a security hole in our system. We can just sit and wait for Gmail. </quote> Quote Link to comment Share on other sites More sharing options...
lisali Posted August 3, 2018 Author Share Posted August 3, 2018 17 hours ago, RobiBue said: I received this from SpamCop: <quote> Google has promised to fix the issue but have not provided an ETA of a fix. We [SpamCop] looked at programming around it but that option was rejected by our CERT board as it would have opened a security hole in our system. We can just sit and wait for Gmail. </quote> Is there anything that we can do? Is there a way to send feedback to Google? Quote Link to comment Share on other sites More sharing options...
RobiBue Posted August 3, 2018 Share Posted August 3, 2018 8 hours ago, lisali said: Is there anything that we can do? Is there a way to send feedback to Google? Well, I guess it wouldn't (or couldn't) hurt if SpamCop users/reporters with gmail accounts send their feedback... I found the feedback link in gmail by clicking on the settings gear in the "new" gmail (or classic/standard view). Can't find it in the basic HTML view though. Quote Link to comment Share on other sites More sharing options...
lisali Posted August 4, 2018 Author Share Posted August 4, 2018 20 hours ago, RobiBue said: Well, I guess it wouldn't (or couldn't) hurt if SpamCop users/reporters with gmail accounts send their feedback... I found the feedback link in gmail by clicking on the settings gear in the "new" gmail (or classic/standard view). Can't find it in the basic HTML view though. Done! Let's hope they fix this. Thank you! Quote Link to comment Share on other sites More sharing options...
nhraj700 Posted August 4, 2018 Share Posted August 4, 2018 I just sent a complaint via that feedback function. Thanks for that tip. Tired of modifying headers. Quote Link to comment Share on other sites More sharing options...
petzl Posted August 4, 2018 Share Posted August 4, 2018 43 minutes ago, nhraj700 said: I just sent a complaint via that feedback function. Thanks for that tip. Tired of modifying headers. Remember to mark Gmail span as phishing. The pointy heads there have a automated process which they think works? Quote Link to comment Share on other sites More sharing options...
klappa Posted August 11, 2018 Share Posted August 11, 2018 Just give up! Neither GMail nor Spamcop will fix this in the nearest future. Unfortunately. Quote Link to comment Share on other sites More sharing options...
lisali Posted August 11, 2018 Author Share Posted August 11, 2018 7 hours ago, klappa said: Just give up! Neither GMail nor Spamcop will fix this in the nearest future. Unfortunately. You may be right. It's unfortunate. We're providing valuable data to Cisco (owners of SpamCop), and they don't seem to want to invest any resources to get this sorted. Sad. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.