spannerworks Posted November 8, 2004 Posted November 8, 2004 Hi I have recently re-enabled my Spamcop account as my ISP's own filtering was too leaky. I have Spamcop set up to retrieve mail from 2 external POP accounts. I came in this morning to find very little email from over the weekend. Great! I thought, I would usually have lots of spam. However, the morning drew on and I wasn't receiving any non-spam either. I sent my self a message from a Gmail account to test it and I got this back: The following message to <myspamcopuser[at]spamcop.net> was undeliverable. The reason for the problem: 5.1.2 - Bad destination host 'DNS Hard Error looking up filter2.cesmail.net (MX): NXDomain' All of my clients have been receiving the same message. Why is the mail being bounced in this way? Regards, Robin
Jeff G. Posted November 8, 2004 Posted November 8, 2004 That must be an internal issue at Corporate Email Systems. I'm seeing the following: 11/08/04 08:52:21 dig filter2.cesmail.net [at] 216.175.203.50 Dig filter2.cesmail.net[at]dns5.name-services.com (212.118.243.118) ... Authoritative Answer Query for filter2.cesmail.net type=255 class=1 filter2.cesmail.net A (Address) 192.168.1.211 filter2.cesmail.net A (Address) 192.168.1.214 filter2.cesmail.net A (Address) 192.168.1.216 filter2.cesmail.net A (Address) 192.168.1.212 cesmail.net NS (Nameserver) dns1.name-services.com cesmail.net NS (Nameserver) dns2.name-services.com cesmail.net NS (Nameserver) dns3.name-services.com cesmail.net NS (Nameserver) dns4.name-services.com cesmail.net NS (Nameserver) dns5.name-services.com dns1.name-services.com A (Address) 63.251.163.102 dns2.name-services.com A (Address) 216.52.184.230 dns3.name-services.com A (Address) 63.251.83.36 dns4.name-services.com A (Address) 64.74.96.242 dns5.name-services.com A (Address) 212.118.243.118 Dig filter2.cesmail.net[at]dns4.name-services.com (64.74.96.242) ... Authoritative Answer Query for filter2.cesmail.net type=255 class=1 filter2.cesmail.net A (Address) 192.168.1.211 filter2.cesmail.net A (Address) 192.168.1.214 filter2.cesmail.net A (Address) 192.168.1.216 filter2.cesmail.net A (Address) 192.168.1.212 cesmail.net NS (Nameserver) dns1.name-services.com cesmail.net NS (Nameserver) dns2.name-services.com cesmail.net NS (Nameserver) dns3.name-services.com cesmail.net NS (Nameserver) dns4.name-services.com cesmail.net NS (Nameserver) dns5.name-services.com dns1.name-services.com A (Address) 63.251.163.102 dns2.name-services.com A (Address) 216.52.184.230 dns3.name-services.com A (Address) 63.251.83.36 dns4.name-services.com A (Address) 64.74.96.242 dns5.name-services.com A (Address) 212.118.243.118 Dig filter2.cesmail.net[at]dns3.name-services.com (63.251.83.36) ... Authoritative Answer Query for filter2.cesmail.net type=255 class=1 filter2.cesmail.net A (Address) 192.168.1.211 filter2.cesmail.net A (Address) 192.168.1.214 filter2.cesmail.net A (Address) 192.168.1.216 filter2.cesmail.net A (Address) 192.168.1.212 cesmail.net NS (Nameserver) dns1.name-services.com cesmail.net NS (Nameserver) dns2.name-services.com cesmail.net NS (Nameserver) dns3.name-services.com cesmail.net NS (Nameserver) dns4.name-services.com cesmail.net NS (Nameserver) dns5.name-services.com dns1.name-services.com A (Address) 63.251.163.102 dns2.name-services.com A (Address) 216.52.184.230 dns3.name-services.com A (Address) 63.251.83.36 dns4.name-services.com A (Address) 64.74.96.242 dns5.name-services.com A (Address) 212.118.243.118 Dig filter2.cesmail.net[at]dns2.name-services.com (216.52.184.230) ... Authoritative Answer Query for filter2.cesmail.net type=255 class=1 filter2.cesmail.net A (Address) 192.168.1.211 filter2.cesmail.net A (Address) 192.168.1.214 filter2.cesmail.net A (Address) 192.168.1.216 filter2.cesmail.net A (Address) 192.168.1.212 cesmail.net NS (Nameserver) dns1.name-services.com cesmail.net NS (Nameserver) dns2.name-services.com cesmail.net NS (Nameserver) dns3.name-services.com cesmail.net NS (Nameserver) dns4.name-services.com cesmail.net NS (Nameserver) dns5.name-services.com dns1.name-services.com A (Address) 63.251.163.102 dns2.name-services.com A (Address) 216.52.184.230 dns3.name-services.com A (Address) 63.251.83.36 dns4.name-services.com A (Address) 64.74.96.242 dns5.name-services.com A (Address) 212.118.243.118 Dig filter2.cesmail.net[at]dns1.name-services.com (63.251.163.102) ... Authoritative Answer Query for filter2.cesmail.net type=255 class=1 filter2.cesmail.net A (Address) 192.168.1.211 filter2.cesmail.net A (Address) 192.168.1.214 filter2.cesmail.net A (Address) 192.168.1.216 filter2.cesmail.net A (Address) 192.168.1.212 cesmail.net NS (Nameserver) dns1.name-services.com cesmail.net NS (Nameserver) dns2.name-services.com cesmail.net NS (Nameserver) dns3.name-services.com cesmail.net NS (Nameserver) dns4.name-services.com cesmail.net NS (Nameserver) dns5.name-services.com dns1.name-services.com A (Address) 63.251.163.102 dns2.name-services.com A (Address) 216.52.184.230 dns3.name-services.com A (Address) 63.251.83.36 dns4.name-services.com A (Address) 64.74.96.242 dns5.name-services.com A (Address) 212.118.243.118 Dig filter2.cesmail.net[at]216.175.203.50 ... Non-authoritative answer Recursive queries supported by this server Query for filter2.cesmail.net type=255 class=1 filter2.cesmail.net A (Address) 192.168.1.211 filter2.cesmail.net A (Address) 192.168.1.212 filter2.cesmail.net A (Address) 192.168.1.214 filter2.cesmail.net A (Address) 192.168.1.216 cesmail.net NS (Nameserver) dns1.name-services.com cesmail.net NS (Nameserver) dns2.name-services.com cesmail.net NS (Nameserver) dns3.name-services.com cesmail.net NS (Nameserver) dns4.name-services.com cesmail.net NS (Nameserver) dns5.name-services.com
spannerworks Posted November 8, 2004 Author Posted November 8, 2004 Hi Jeff So what does this mean? CES is Spamcop's owner, so do they have a DNS problem they need to resolve? Or am I doing something wrong? I can post the full header of the bounce email if necessary. Robin
moonbroth Posted November 8, 2004 Posted November 8, 2004 So what does this mean? CES is Spamcop's owner, so do they have a DNS problem they need to resolve? Or am I doing something wrong? 19738[/snapback] I'm getting the same bounce messages, too. A test message sent to my [name][at]spamcop.net email address came back with: "5.1.2 - Bad destination host 'DNS Hard Error looking up filter2.cesmail.net (MX): NXDomain' (delivery attempts: 0)" I've had Spamcop POPping mail from my old account for processing for a couple of years now, and have made no changes to any relevant settings. Cheers, Nick
Jeff G. Posted November 8, 2004 Posted November 8, 2004 A full copy of the bounce (with personal details elided) would certainly help in the troubleshooting.
jgp Posted November 8, 2004 Posted November 8, 2004 The following message to <[at]spamcop.net> was undeliverable. The reason for the problem: 5.1.2 - Bad destination host 'DNS Hard Error looking up filter2.cesmail.net (MX): NXDomain' Here is one Jeff, Can't get the full headers from gmail at the moment, seems to be hung. JP
spannerworks Posted November 8, 2004 Author Posted November 8, 2004 Here you go: X-Gmail-Received: 1c85586eb5af60437b0cf805c2bf1e9ccd9dcbe7 Delivered-To: mygmailid[at]gmail.com Received: by 10.38.150.47 with SMTP id x47cs43746rnd; Mon, 8 Nov 2004 04:44:18 -0800 (PST) Received: by 10.38.10.72 with SMTP id 72mr813750rnj; Mon, 08 Nov 2004 04:44:17 -0800 (PST) Return-Path: <> Received: from c60.cesmail.net ([216.154.195.49]) by mx.gmail.com with ESMTP id 72si195366rna; Mon, 08 Nov 2004 04:44:17 -0800 (PST) Received-SPF: neutral (gmail.com: 216.154.195.49 is neither permitted nor denied by domain of ) Received: from unknown (0.0.0.0) by c60.cesmail.net with ; 08 Nov 2004 07:44:17 -0500 Date: 08 Nov 2004 07:44:17 -0500 To: mygmailid[at]gmail.com From: Mail Delivery System <MAILER-DAEMON[at]c60.cesmail.net> Subject: Delivery Status Notification (Failure) MIME-Version: 1.0 Content-Type: multipart/report; report-type=delivery-status; boundary="326194473129880.c60.cesmail.net" --326194473129880.c60.cesmail.net content-type: text/plain The following message to <myspamcopid[at]spamcop.net> was undeliverable. The reason for the problem: 5.1.2 - Bad destination host 'DNS Hard Error looking up filter2.cesmail.net (MX): NXDomain' --326194473129880.c60.cesmail.net content-type: message/delivery-status Final-Recipient: rfc822;myspamcopid[at]spamcop.net Action: failed Status: 5.0.0 (permanent failure) Diagnostic-Code: smtp; 5.1.2 - Bad destination host 'DNS Hard Error looking up filter2.cesmail.net (MX): NXDomain' (delivery attempts: 0) Reporting-MTA: dns; c60.cesmail.net --326194473129880.c60.cesmail.net content-type: message/rfc822 Received: (qmail 28286 invoked from network); 8 Nov 2004 10:45:44 -0000 Received: from unknown (HELO mailgate.cesmail.net) (192.168.1.101) by mailgate.cesmail.net with SMTP; 8 Nov 2004 10:45:44 -0000 X-Sieve: cmu-sieve 2.0 Received: from pop-1.mail.vi.net [212.78.66.245] by mailgate.cesmail.net with POP3 (fetchmail-6.2.1) for myspamcopid[at]spamcop.net (single-drop); Mon, 08 Nov 2004 05:45:44 -0500 (EST) Received: from mxhost-1.vi.net (mxhost-1.vi.net [212.78.66.188]) by pop-1-02.mail.vi.net (Postfix) with ESMTP id 7D7667C034 for <mypopboxid[at]pop-1-02.mail.vi.net>; Mon, 8 Nov 2004 10:33:55 +0000 (GMT) Received: from rproxy.gmail.com (rproxy.gmail.com [64.233.170.195]) by mxhost-1.vi.net (Postfix) with ESMTP id 889B53AE910 for <robin[at]mydomain.com>; Mon, 8 Nov 2004 10:35:01 +0000 (GMT), Found to be clean Received: by rproxy.gmail.com with SMTP id j1so360301rnf for <robin[at]mydomain.com>; Mon, 08 Nov 2004 02:34:26 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:mime-version:content-type:content-transfer-encoding; b=ZGkUDTY6wCL8IuNpZix66mZaSXX1Vzaqd83Uni6rl0PFG7yGcPEnIECnuoCrfZ0i/etGRNcytUBd6Ie8EZgQSVlKHvjdOt9yT36KTa4EqJrAnEw3pCkEvUxm1e3JLOrWwJIaBzXwIuN5TeEE+8lV/CR+4bMgjNStkB3pHuMCPsU= Received: by 10.38.209.23 with SMTP id h23mr214997rng; Mon, 08 Nov 2004 02:34:26 -0800 (PST) Received: by 10.38.150.47 with HTTP; Mon, 8 Nov 2004 02:34:26 -0800 (PST) Message-ID: <215f627004110802347c9c037a[at]mail.gmail.com> Date: Mon, 8 Nov 2004 10:34:26 +0000 From: Robin Hislop <mygmailid[at]gmail.com> Reply-To: Robin Hislop <mygmailid[at]gmail.com> To: robin[at]mydomain.com Subject: Gmail test 10:39 Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Virtual_Internet-From: mygmailid[at]gmail.com message body --326194473129880.c60.cesmail.net--
enigma Posted November 8, 2004 Posted November 8, 2004 From a server in Greece I can send mails to my account in cqmail.net, but from an US server I get bounce mail. Content-Transfer-Encoding: quoted-printable Content-Type: text/plain;charset="iso-8859-7" Date: Mon, 08 Nov 2004 16:52:01 +0200 [16:52:01 EET] Delivered-To: cqmail-net-XXX[at]cqmail.net From: xxx[at]vodafone.gr MIME-Version: 1.0 Message-Context: text-message Message-Id: <i6v7yp$1424253523271122541[at]vodafone.gr> Received: (qmail 20823 invoked from network); 8 Nov 2004 14:48:29 -0000 from unknown (192.168.1.101) by blade5.cesmail.net with QMQP; 8 Nov 2004 14:48:29 -0000 from unknown (HELO gsp2.vodafone.gr) (213.249.17.109) by mailgate.cesmail.net with SMTP; 8 Nov 2004 14:48:29 -0000 from vodafone.gr (127.0.0.1) by gsp2.vodafone.gr (NPlex 6.0.021C4.14) id 41846816000069D9; Mon, 8 Nov 2004 16:52:01 +0200 Return-Path: <xxx[at]vodafone.gr> Subject: TEST To: xxx[at]cqmail.net X-spam-Checker-Version: SpamAssassin 3.0.0 (2004-09-13) on blade5 X-spam-Level: ** X-spam-Status: hits=2.2 tests=FROM_ENDS_IN_NUMS,FROM_STARTS_WITH_NUMS, NO_REAL_NAME version=3.0.0 X-SpamCop-Checked: Headers: Show Limited Headers There was no text in this message part The same message through US server The original message was received at Mon, 8 Nov 2004 09:48:31 -0500 from [x.249.17.x] ----- The following addresses had permanent fatal errors ----- xxx[at]cqmail.net (reason: 550 Host unknown) ----- Transcript of session follows ----- 550 5.1.2 xxx[at]cqmail.net... Host unknown (Name server: cqmail.net: host not found)
Jeff G. Posted November 8, 2004 Posted November 8, 2004 I am concerned that this situation may be leaking to friend and foe alike information about our SpamCop and forwarding addresses and our forwarding configurations.
DavidT Posted November 8, 2004 Posted November 8, 2004 I am concerned that this situation may be leaking to friend and foe alike information about our SpamCop and forwarding addresses and our forwarding configurations. Be concerned...be *very* concerned, because here's the deal.... Mail is sent to an alias that is then trying to forward to a "cesmail.net" account...but it can't, due to the problems, so it sends back (via email, as opposed to during the SMTP session) a 500-level bounce to the From or Sender of the spam, reporting back not only the alias, but also the full cesmail address to which the alias resolves. Therefore, cesmail.net addresses which were totally unknown to the "outside world" up to know are being compromised, showing up in postmaster boxes all over the place and even worse. JT????????????????????????????????????????????????????? dt
moonbroth Posted November 8, 2004 Posted November 8, 2004 Be concerned...be *very* concerned, because here's the deal.... Mail is sent to an alias that is then trying to forward to a "cesmail.net" account...but it can't, due to the problems, so it sends back (via email, as opposed to during the SMTP session) a 500-level bounce to the From or Sender of the spam, reporting back not only the alias, but also the full cesmail address to which the alias resolves. Therefore, cesmail.net addresses which were totally unknown to the "outside world" up to know are being compromised, showing up in postmaster boxes all over the place and even worse. 19754[/snapback] That's true, and that's a problem, but -- as far as I can see -- the top-secret, final-forwarding-destination address isn't bouncing, only the intermediate [name][at]spamcop.net address. Now, are spammers stupid enough to send spam directly to [at]spamcop.net addresses? (I guess we're going to find out in the next few hours and days... ) Cheers, Nick
Wazoo Posted November 8, 2004 Posted November 8, 2004 So what does this mean? CES is Spamcop's owner, so do they have a DNS problem they need to resolve? Or am I doing something wrong? Yes there are problems, but this post is to clear up some details. CES is JT's system in Georgia. JT is providing space for the NNTP newsgroups, this Forum, and the Filtered E-Mail service for SpamCop E-Mail acounts. The actual SpamCop systems is owned by Julian/Ironport, with that part of the system residing primarily in California, Julian in Washington State, and these days having to add in mirrors and sub-systems around the world. CES is actually a different business identity that provides some SpamCop services.
Wazoo Posted November 8, 2004 Posted November 8, 2004 Be concerned...be *very* concerned, because here's the deal.... JT????????????????????????????????????????????????????? Although I've no doubt that JeffG took some action, I don't see that it was mentioned. I'm doing the alert thing again, just in case ...
Wazoo Posted November 8, 2004 Posted November 8, 2004 Just in; -=-=-=-=-=- I've changed the internal handoff so that it no longer depends on DNS working. This should fix the internal handoff problem entirely. I'm still trying to figure out why name-services.com is handing out bogus data occasionally. Jeff -=-=-=-=-=-=-
sonic Posted November 8, 2004 Posted November 8, 2004 Now, are spammers stupid enough to send spam directly to [at]spamcop.net addresses? (I guess we're going to find out in the next few hours and days... ) Some are... but a lot less than normal.... My address xxxxx[at]spamcop.net is spammed occasionally... but comparatively less than other accounts that have been similarly "in the wild". Malcolm
Jeff G. Posted November 8, 2004 Posted November 8, 2004 Now, are spammers stupid enough to send spam directly to [at]spamcop.net addresses?19771[/snapback] Yes, and they have been for years.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.