Jump to content

No source IP address found, cannot proceed


Recommended Posts

When I submit spam that has been sent to one of my mailhosts I get an error that reads "No source IP address found, cannot proceed. I do not see a problem but I admit to being no expert. Any help will be greatly appreciated. :blink:

Here is what it looks like......

Here is your TRACKING URL - it may be saved for future reference:

http://www.spamcop.net/sc?id=z676571901zc8...92b291b394d858z

0: Received: from leto.tarac.net (66.139.78.136) by mail with MERCUR-SMTP/POP3/IMAP4-Server (v3.10.18 HS-0040000) for <x>; Wed, 29 Sep 2004 14:11:53 -0700

Hostname verified: leto.tarac.net

Possible forgery. Supposed receiving system not associated with any of your mailhosts

Will not trust anything beyond this header

No source IP address found, cannot proceed.

Add/edit your mailhost configuration

Finding full email headers

Submitting spam via email (may work better)

Example: What spam headers should look like

Nothing to do.

Link to comment
Share on other sites

Supposed receiving system not associated with any of your mailhosts

I'd say that line is the smokin gun...doesn't sound like your mailhosts are properly configured or this line wouldn't be there. I'm not sure how you should proceed, however.

For another example of the same spam, go to "groups.google.com" and do a search for "promotion is sponsored exclusively by Giftfox" (with the quotes) and be sure to sort the results by date.

DT

Link to comment
Share on other sites

I'd say that line is the smokin gun...doesn't sound like your mailhosts are properly configured or this line wouldn't be there. I'm not sure how you should proceed, however.

For another example of the same spam, go to "groups.google.com" and do a search for "promotion is sponsored exclusively by Giftfox" (with the quotes) and be sure to sort the results by date.

DT

18067[/snapback]

I would agree but I don't know what is wrong our how to fix it. All my email/hosts are listed.

Link to comment
Share on other sites

...My suggestion would be to go into Mailhosts, do a "delete host" for each entry there and start over.

...Not too long ago, after many months of successful reporting, SpamCop wanted to report my employer's e-mail system as a source of spam. I followed the advice I just gave you and it's been fine since.

Link to comment
Share on other sites

1 question....should your mail be traveling through a server not showing its fqdn (by mail). Has it always gone through this path (check headers of other recent messages and compare to older ones). If not, something has changed at your ISP and you may need to redo your mailhost config. While I would not necessarily delete the current config, you could do that. I would resubmit the mailhost config for that email address, however.

Link to comment
Share on other sites

What I read into this is the problem is that the MailHost thing isn't liking your Mercury server ... did you have this fired up when you did the configuration sequence? ... actually suspecting that your e-mail address is the stopping point for the probe e-mails ... and along that line, when you responded to those e-mails, was it also including your Mercury server in the response or did that outgoing e-mail only reflect leaving your ISP account .... and the real nasty part of this is that your Mercury server is using what one would call a generic identification, so it's actually probably a bit useless for use as part of the MailHost thing ... I'm not sure that this would even fall into a waiver condition .... but again, who am I?

Link to comment
Share on other sites

When I submit spam that has been sent to one of my mailhosts  I get an error that reads "No source IP address found, cannot proceed. I do not see a problem but I admit to being no expert. Any help will be greatly appreciated. :blink:

Here is what it looks like......

Here is your TRACKING URL - it may be saved for future reference:

http://www.spamcop.net/sc?id=z676571901zc8...92b291b394d858z

0: Received: from leto.tarac.net (66.139.78.136) by mail with MERCUR-SMTP/POP3/IMAP4-Server (v3.10.18 HS-0040000) for <x>; Wed, 29 Sep 2004 14:11:53 -0700

Hostname verified: leto.tarac.net

Possible forgery. Supposed receiving system not associated with any of your mailhosts

Will not trust anything beyond this header

18066[/snapback]

It is unclear to the parser as to whether that top recveived header is part of the tarac mailhost or a mailhost that has not yet been added. In addition a server stamping a received header is expected to use its FQDN not something like "mail"

I can play with this and likely get it to work if you let me know whether that received header is stamped as part of the tarac mailhost.

Link to comment
Share on other sites

It is unclear to the parser as to whether that top recveived header is part of the tarac mailhost or a mailhost that has not yet been added. In addition a server stamping a received header is expected to use its FQDN not something like "mail"

I can play with this and likely get it to work if you let me know whether that received header is stamped as part of the tarac mailhost.

18083[/snapback]

Wow!! so many suggestions. Thanks . First I did try deleting and redoing the mail hosts and this did not work. This email account that is on the Mercury server has been in use for sometime. Unfortunatlely for me I am not sure what some of you are asking since one the email server is not mine so I do not know how it is set up and two I do not know enought about how email works to answer your questions. :( Ellen I am not sure if I can answer your question. I do know that I am making no changes to how the email appeaers so I assume that that is is being stamped by the tarac mailhost.

thanks all of you for the help I hope it can be fixed so I can continute to submit spam.

Link to comment
Share on other sites

Hi, P8TRI8!

...Seems to me your best bet at this point is to send the information noted in one of the pinned items to the deputies (deputies <at> spamcop <dot> net) and let Ellen and/or her cohorts work on it....

Link to comment
Share on other sites

Hypothetical scenario ... this e-mail server is being run by a buddy down the hall in the form .. of a friend across town ... somebody sharing a high-speed cable connection, usually. This buddy runs up a copy of the free-ware Mercury server and adds to the "sharing" .... All well and good, unless the cable ISP outfit figures things out and decides to renegotiate some of the money exchanges going round. The Mercury e-mail server has the option of either running as an honest-to-god e-mail server or using the ISP host as the feed and distributing the collected e-mail amongst the "internal" network feeds. I believe it's the latter scenario that has you in a bad position to try to report from that "account" ... I'm hoping that Ellen does not get "this" working for you, based on the holes that could also be opened up at the same time.

I don't believe the MailHost thing will work at all "naturally" as this server is not acting as a "real" e-mail server (and I suspect the owner doesn't want to re-configure it based on the attention that would draw and that being in a dial-up pool (assumption) mail leaving that server directly may be blocked by many other ISPs.

Link to comment
Share on other sites

Wow!! so many suggestions. Thanks . First I did try deleting and redoing the mail hosts and this did not work. This email account that is on the Mercury server has been in use for sometime. Unfortunatlely for me I am not sure what some of you are asking since one the email server is not mine so I do not know how it is set up and two I do not know  enought about how email works to answer your questions.  :( Ellen I am not sure if I can answer your question. I do know that  I am making no changes to how the email appeaers so I assume that that is is being stamped by the tarac mailhost.

thanks all of you for the help I hope it can be fixed so I can continute to submit spam.

18131[/snapback]

Ok I am thoroughly confused. I looked at your mailhosts and the original probe. I do not see tarac.net anywhere in those probe headers. And your email address is not [at]tarac.net ... do you have any relationshop with tarac.net? The mx for your email address is the same domain as your email address and there is no sign of tarac.net there -- so tarac is sending the spam? I think you need to talk to the mailserver people and get them to stamp an RFC compliant header so we know the name of the mailserver that is accepting mail for you.

Link to comment
Share on other sites

Ok I am thoroughly confused. I looked at your mailhosts and the original probe. I do not see tarac.net anywhere in those probe headers. And your email address is not [at]tarac.net ... do you have any relationshop with tarac.net? The mx for your email address is the same domain as your email address and there is no sign of tarac.net there -- so tarac is sending the spam? I think you need to talk to the mailserver people and get them to stamp an RFC compliant header so we know the name of the mailserver that is accepting mail for you.

18193[/snapback]

Sorry don't know what mx is. The host/Domains is leto.tarac.net or tarac.net. It is listed on the mail host list for the account mysomewhere.

Link to comment
Share on other sites

Sorry don't know what mx is. The host/Domains is leto.tarac.net or tarac.net. It is listed  on the mail host list for the account mysomewhere.

Very little help there. MX = mail exchange server ... You seem to want to keep playing the guessing game, so let's try to get a bit specific here.

You are posting from a ComCast IP address. Ellen suggests that your e-mail address is also at a ComCast Domain.

Your sample issue reflects a Mercury E-Mail server, actual location unknown due to no identification data within that header line.

The Mercury server received the sample e-mail from a server named leto.tarac.net with an IP listed as 66.139.78.136 which ends up being within a pool of addresses;

Trying 66.139.78.136 at ARIN

Trying 66.139.78 at ARIN

SBC Internet Services - Southwest SBIS-SBIS-5BLK (NET-66-136-0-0-1)

66.136.0.0 - 66.143.255.255

ServerBeach.com SBCIS-043002133006 (NET-66-139-72-0-1)

66.139.72.0 - 66.139.79.255

10/07/04 14:26:44 Slow traceroute 66.139.78.136

Trace 66.139.78.136 ...

64.1.2.35 RTT: 56ms TTL:208 (ge2-0.CHR1.SanAntonio2-TX.us.xo.net ok)

209.49.35.10 RTT: 60ms TTL:208 (No rDNS)

* * * failed

66.139.78.136 RTT: 59ms TTL: 50 (leto.tarac.net ok)

So what is being asked .... if you are posting and e-mailing from a ComCast account, where is this tarac.net system and the Mercury serever coming into play?

Link to comment
Share on other sites

Very little help there.  MX = mail exchange server ...  You seem to want to keep playing the guessing game, so let's try to get a bit specific here.

You are posting from a ComCast IP address.  Ellen suggests that your e-mail address is also at a ComCast Domain.

Your sample issue reflects a Mercury E-Mail server, actual location unknown due to no identification data within that header line.

The Mercury server received the sample e-mail from a server named leto.tarac.net with an IP listed as 66.139.78.136 which ends up being within a pool of addresses;

Trying 66.139.78.136 at ARIN

Trying 66.139.78 at ARIN

SBC Internet Services - Southwest SBIS-SBIS-5BLK (NET-66-136-0-0-1)

                                  66.136.0.0 - 66.143.255.255

ServerBeach.com SBCIS-043002133006 (NET-66-139-72-0-1)

                                  66.139.72.0 - 66.139.79.255

10/07/04 14:26:44 Slow traceroute 66.139.78.136

Trace 66.139.78.136 ...

64.1.2.35    RTT:  56ms TTL:208 (ge2-0.CHR1.SanAntonio2-TX.us.xo.net ok)

209.49.35.10    RTT:  60ms TTL:208 (No rDNS)

* * * failed

66.139.78.136 RTT:  59ms TTL: 50 (leto.tarac.net ok)

So what is being asked .... if you are posting and e-mailing from a ComCast account, where is this tarac.net system and the Mercury serever coming into play?

18446[/snapback]

Ok now I know what you are asking. The Mercury server is the email server that my email account for mysomewhere.com is. The tarac.net I believe is the ISP for which the email server is connected because it is the one that comes back on the email probe. I appreciate you spelling it our for me . Thanks

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...