P8TRI8 Posted September 30, 2004 Share Posted September 30, 2004 When I submit spam that has been sent to one of my mailhosts I get an error that reads "No source IP address found, cannot proceed. I do not see a problem but I admit to being no expert. Any help will be greatly appreciated. Here is what it looks like...... Here is your TRACKING URL - it may be saved for future reference: http://www.spamcop.net/sc?id=z676571901zc8...92b291b394d858z 0: Received: from leto.tarac.net (66.139.78.136) by mail with MERCUR-SMTP/POP3/IMAP4-Server (v3.10.18 HS-0040000) for <x>; Wed, 29 Sep 2004 14:11:53 -0700 Hostname verified: leto.tarac.net Possible forgery. Supposed receiving system not associated with any of your mailhosts Will not trust anything beyond this header No source IP address found, cannot proceed. Add/edit your mailhost configuration Finding full email headers Submitting spam via email (may work better) Example: What spam headers should look like Nothing to do. Link to comment Share on other sites More sharing options...
DavidT Posted September 30, 2004 Share Posted September 30, 2004 Supposed receiving system not associated with any of your mailhosts I'd say that line is the smokin gun...doesn't sound like your mailhosts are properly configured or this line wouldn't be there. I'm not sure how you should proceed, however. For another example of the same spam, go to "groups.google.com" and do a search for "promotion is sponsored exclusively by Giftfox" (with the quotes) and be sure to sort the results by date. DT Link to comment Share on other sites More sharing options...
P8TRI8 Posted September 30, 2004 Author Share Posted September 30, 2004 I'd say that line is the smokin gun...doesn't sound like your mailhosts are properly configured or this line wouldn't be there. I'm not sure how you should proceed, however. For another example of the same spam, go to "groups.google.com" and do a search for "promotion is sponsored exclusively by Giftfox" (with the quotes) and be sure to sort the results by date. DT 18067[/snapback] I would agree but I don't know what is wrong our how to fix it. All my email/hosts are listed. Link to comment Share on other sites More sharing options...
turetzsr Posted September 30, 2004 Share Posted September 30, 2004 ...My suggestion would be to go into Mailhosts, do a "delete host" for each entry there and start over. ...Not too long ago, after many months of successful reporting, SpamCop wanted to report my employer's e-mail system as a source of spam. I followed the advice I just gave you and it's been fine since. Link to comment Share on other sites More sharing options...
StevenUnderwood Posted October 1, 2004 Share Posted October 1, 2004 1 question....should your mail be traveling through a server not showing its fqdn (by mail). Has it always gone through this path (check headers of other recent messages and compare to older ones). If not, something has changed at your ISP and you may need to redo your mailhost config. While I would not necessarily delete the current config, you could do that. I would resubmit the mailhost config for that email address, however. Link to comment Share on other sites More sharing options...
Wazoo Posted October 1, 2004 Share Posted October 1, 2004 What I read into this is the problem is that the MailHost thing isn't liking your Mercury server ... did you have this fired up when you did the configuration sequence? ... actually suspecting that your e-mail address is the stopping point for the probe e-mails ... and along that line, when you responded to those e-mails, was it also including your Mercury server in the response or did that outgoing e-mail only reflect leaving your ISP account .... and the real nasty part of this is that your Mercury server is using what one would call a generic identification, so it's actually probably a bit useless for use as part of the MailHost thing ... I'm not sure that this would even fall into a waiver condition .... but again, who am I? Link to comment Share on other sites More sharing options...
Ellen Posted October 1, 2004 Share Posted October 1, 2004 When I submit spam that has been sent to one of my mailhosts I get an error that reads "No source IP address found, cannot proceed. I do not see a problem but I admit to being no expert. Any help will be greatly appreciated. Here is what it looks like...... Here is your TRACKING URL - it may be saved for future reference: http://www.spamcop.net/sc?id=z676571901zc8...92b291b394d858z 0: Received: from leto.tarac.net (66.139.78.136) by mail with MERCUR-SMTP/POP3/IMAP4-Server (v3.10.18 HS-0040000) for <x>; Wed, 29 Sep 2004 14:11:53 -0700 Hostname verified: leto.tarac.net Possible forgery. Supposed receiving system not associated with any of your mailhosts Will not trust anything beyond this header 18066[/snapback] It is unclear to the parser as to whether that top recveived header is part of the tarac mailhost or a mailhost that has not yet been added. In addition a server stamping a received header is expected to use its FQDN not something like "mail" I can play with this and likely get it to work if you let me know whether that received header is stamped as part of the tarac mailhost. Link to comment Share on other sites More sharing options...
Wazoo Posted October 1, 2004 Share Posted October 1, 2004 Did my comments / queries even get noticed? Link to comment Share on other sites More sharing options...
turetzsr Posted October 1, 2004 Share Posted October 1, 2004 Did my comments / queries even get noticed?18095[/snapback] ...Yep, I noticed! <g> Link to comment Share on other sites More sharing options...
P8TRI8 Posted October 1, 2004 Author Share Posted October 1, 2004 It is unclear to the parser as to whether that top recveived header is part of the tarac mailhost or a mailhost that has not yet been added. In addition a server stamping a received header is expected to use its FQDN not something like "mail" I can play with this and likely get it to work if you let me know whether that received header is stamped as part of the tarac mailhost. 18083[/snapback] Wow!! so many suggestions. Thanks . First I did try deleting and redoing the mail hosts and this did not work. This email account that is on the Mercury server has been in use for sometime. Unfortunatlely for me I am not sure what some of you are asking since one the email server is not mine so I do not know how it is set up and two I do not know enought about how email works to answer your questions. Ellen I am not sure if I can answer your question. I do know that I am making no changes to how the email appeaers so I assume that that is is being stamped by the tarac mailhost. thanks all of you for the help I hope it can be fixed so I can continute to submit spam. Link to comment Share on other sites More sharing options...
turetzsr Posted October 1, 2004 Share Posted October 1, 2004 Hi, P8TRI8! ...Seems to me your best bet at this point is to send the information noted in one of the pinned items to the deputies (deputies <at> spamcop <dot> net) and let Ellen and/or her cohorts work on it.... Link to comment Share on other sites More sharing options...
Wazoo Posted October 2, 2004 Share Posted October 2, 2004 Hypothetical scenario ... this e-mail server is being run by a buddy down the hall in the form .. of a friend across town ... somebody sharing a high-speed cable connection, usually. This buddy runs up a copy of the free-ware Mercury server and adds to the "sharing" .... All well and good, unless the cable ISP outfit figures things out and decides to renegotiate some of the money exchanges going round. The Mercury e-mail server has the option of either running as an honest-to-god e-mail server or using the ISP host as the feed and distributing the collected e-mail amongst the "internal" network feeds. I believe it's the latter scenario that has you in a bad position to try to report from that "account" ... I'm hoping that Ellen does not get "this" working for you, based on the holes that could also be opened up at the same time. I don't believe the MailHost thing will work at all "naturally" as this server is not acting as a "real" e-mail server (and I suspect the owner doesn't want to re-configure it based on the attention that would draw and that being in a dial-up pool (assumption) mail leaving that server directly may be blocked by many other ISPs. Link to comment Share on other sites More sharing options...
Ellen Posted October 3, 2004 Share Posted October 3, 2004 Wow!! so many suggestions. Thanks . First I did try deleting and redoing the mail hosts and this did not work. This email account that is on the Mercury server has been in use for sometime. Unfortunatlely for me I am not sure what some of you are asking since one the email server is not mine so I do not know how it is set up and two I do not know enought about how email works to answer your questions. Ellen I am not sure if I can answer your question. I do know that I am making no changes to how the email appeaers so I assume that that is is being stamped by the tarac mailhost. thanks all of you for the help I hope it can be fixed so I can continute to submit spam. 18131[/snapback] Ok I am thoroughly confused. I looked at your mailhosts and the original probe. I do not see tarac.net anywhere in those probe headers. And your email address is not [at]tarac.net ... do you have any relationshop with tarac.net? The mx for your email address is the same domain as your email address and there is no sign of tarac.net there -- so tarac is sending the spam? I think you need to talk to the mailserver people and get them to stamp an RFC compliant header so we know the name of the mailserver that is accepting mail for you. Link to comment Share on other sites More sharing options...
P8TRI8 Posted October 7, 2004 Author Share Posted October 7, 2004 Ok I am thoroughly confused. I looked at your mailhosts and the original probe. I do not see tarac.net anywhere in those probe headers. And your email address is not [at]tarac.net ... do you have any relationshop with tarac.net? The mx for your email address is the same domain as your email address and there is no sign of tarac.net there -- so tarac is sending the spam? I think you need to talk to the mailserver people and get them to stamp an RFC compliant header so we know the name of the mailserver that is accepting mail for you. 18193[/snapback] Sorry don't know what mx is. The host/Domains is leto.tarac.net or tarac.net. It is listed on the mail host list for the account mysomewhere. Link to comment Share on other sites More sharing options...
Wazoo Posted October 7, 2004 Share Posted October 7, 2004 Sorry don't know what mx is. The host/Domains is leto.tarac.net or tarac.net. It is listed on the mail host list for the account mysomewhere. Very little help there. MX = mail exchange server ... You seem to want to keep playing the guessing game, so let's try to get a bit specific here. You are posting from a ComCast IP address. Ellen suggests that your e-mail address is also at a ComCast Domain. Your sample issue reflects a Mercury E-Mail server, actual location unknown due to no identification data within that header line. The Mercury server received the sample e-mail from a server named leto.tarac.net with an IP listed as 66.139.78.136 which ends up being within a pool of addresses; Trying 66.139.78.136 at ARIN Trying 66.139.78 at ARIN SBC Internet Services - Southwest SBIS-SBIS-5BLK (NET-66-136-0-0-1) 66.136.0.0 - 66.143.255.255 ServerBeach.com SBCIS-043002133006 (NET-66-139-72-0-1) 66.139.72.0 - 66.139.79.255 10/07/04 14:26:44 Slow traceroute 66.139.78.136 Trace 66.139.78.136 ... 64.1.2.35 RTT: 56ms TTL:208 (ge2-0.CHR1.SanAntonio2-TX.us.xo.net ok) 209.49.35.10 RTT: 60ms TTL:208 (No rDNS) * * * failed 66.139.78.136 RTT: 59ms TTL: 50 (leto.tarac.net ok) So what is being asked .... if you are posting and e-mailing from a ComCast account, where is this tarac.net system and the Mercury serever coming into play? Link to comment Share on other sites More sharing options...
P8TRI8 Posted October 11, 2004 Author Share Posted October 11, 2004 Very little help there. MX = mail exchange server ... You seem to want to keep playing the guessing game, so let's try to get a bit specific here. You are posting from a ComCast IP address. Ellen suggests that your e-mail address is also at a ComCast Domain. Your sample issue reflects a Mercury E-Mail server, actual location unknown due to no identification data within that header line. The Mercury server received the sample e-mail from a server named leto.tarac.net with an IP listed as 66.139.78.136 which ends up being within a pool of addresses; Trying 66.139.78.136 at ARIN Trying 66.139.78 at ARIN SBC Internet Services - Southwest SBIS-SBIS-5BLK (NET-66-136-0-0-1) 66.136.0.0 - 66.143.255.255 ServerBeach.com SBCIS-043002133006 (NET-66-139-72-0-1) 66.139.72.0 - 66.139.79.255 10/07/04 14:26:44 Slow traceroute 66.139.78.136 Trace 66.139.78.136 ... 64.1.2.35 RTT: 56ms TTL:208 (ge2-0.CHR1.SanAntonio2-TX.us.xo.net ok) 209.49.35.10 RTT: 60ms TTL:208 (No rDNS) * * * failed 66.139.78.136 RTT: 59ms TTL: 50 (leto.tarac.net ok) So what is being asked .... if you are posting and e-mailing from a ComCast account, where is this tarac.net system and the Mercury serever coming into play? 18446[/snapback] Ok now I know what you are asking. The Mercury server is the email server that my email account for mysomewhere.com is. The tarac.net I believe is the ISP for which the email server is connected because it is the one that comes back on the email probe. I appreciate you spelling it our for me . Thanks Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.