ortonmc Posted November 24, 2004 Share Posted November 24, 2004 I'm not sure if this is a mailhosts problem or not, but it may be related, so here goes... I reported a freshly received spam. SpamCop parsed it, and reported, "Sorry, this email is too old to file a spam report." Upon inspecting the headers, I found that the last Received header is dated 4 days ago. Either the spam spent 4 days sitting in a queue on an Italian server, or (more likely) the machine the spam was sent from has the date set incorrectly. If I understand mailhosts correctly, SpamCop should be using the first Received header after the ones added by my own ISP. Had it done this, it would have found a correct date, and would not have rejected the spam as too old. Tracking URL: http://www.spamcop.net/sc?id=z696096838zed...39177d76c4dc0fz -Mark- Link to comment Share on other sites More sharing options...
Wazoo Posted November 24, 2004 Share Posted November 24, 2004 Please see the Pinned item in the Announcements Forum at http://forum.spamcop.net/forums/index.php?showtopic=2948 In your case, the "situation" is covered in the lines; Hostname verified: outgoing1.jumpy.it erols.com received mail from sending system 213.215.144.9 Post moved from Mail-Host to the Help Forum. Link to comment Share on other sites More sharing options...
ortonmc Posted November 25, 2004 Author Share Posted November 25, 2004 In your case, the "situation" is covered in the lines; Hostname verified: outgoing1.jumpy.it erols.com received mail from sending system 213.215.144.9 Evidently I didn't understand how the mailhost system works. Let me see if I've got it straight now. The mailhosts system learns about my ISP's mail servers when I add my address to MH. It also knows about certain other ISPs' mail servers that are "trusted" - i.e. the servers are known to generate correct Received headers. I don't know how it learns about these, but that doesn't really matter. In my case, the third and fourth Received headers came from one of these "trusted" machines, so SpamCop is dead certain they are correct. If this is the case, then the spam really did languish on jumpy.it's system for >4 days... so it was too old to report before I received it. Is that it? -Mark- Link to comment Share on other sites More sharing options...
Jeff G. Posted November 25, 2004 Share Posted November 25, 2004 It does appear to me that 213.215.144.9 (with rdns outgoing1.jumpy.it but calling itself mail.jumpy.it) held that mail for 4 days, 13 hours, 29 minutes, and 32 seconds. Perhaps that mailserver should no longer be a trusted mailhost. Link to comment Share on other sites More sharing options...
Wazoo Posted November 25, 2004 Share Posted November 25, 2004 I can't claim to be a MailHost expert. But my first glance left me feeling that the Hostname verified: outgoing1.jumpy.it suggested that this was in fact part of your MailHost configuration. I'll leave it to you to set me straight on that. It could be that this server needs to have it's clock setting synced up, something that even the Microsoft HotMail servers have been prone to do a bit too often. Not sure if the Deputies could extract this kind of data from any of the databases or past reports. Perhaps a note to giuseppe.arcoraci[at]txtpolymedia.it or bcodutti[at]colt-telecom.it might get this looked at, if not fixed ... an upstream appears to be at tim[at]colt.net ... And quite on the other hand, http://www.senderbase.org/?searchBy=ipaddr...g=213.215.144.9 shows traffic increasing and listed at both sorbs (spamtrap hits) and spamhaus (419 distro) .... maybe just a matter of time before a SpamCopDNSBL listing ..??? The "trusted" thing ... when a new IP comes across the SpamCop parser as a source for e-mail, it enters a probationary period of a few days. Just seen passing mail will eventually move it to the "trusted" status. Link to comment Share on other sites More sharing options...
Wazoo Posted November 25, 2004 Share Posted November 25, 2004 New posting over in the newsgroup from another (?) user dealing with a delay between a jumpy.it server and the next server in the chain, also resulting in the "spam is too old" .... dropping a note to Deputies to take a closer look. Link to comment Share on other sites More sharing options...
Wazoo Posted November 26, 2004 Share Posted November 26, 2004 Ellen's post this morning over in the newsgroups; I removed theĀ flag Ellen Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.