Exchange e-mails not accepted

[jgomila]

I am sending throught and Exchange Server 2000.

We don't have a public domain assigned at our IP, and our SMTP server identifies with the local IP.

What I have to do to enable SpamReport from

I enclose the details of the spam report.

Received: from company.private.server.name ([192.168.101.200]) by public.mailer.isp with Microsoft SMTPSVC(5.0.2195.6713); Thu, 23 Dec 2004 12:00:40 +0100

192.168.101.200 found

host 192.168.101.200 (getting name) no name

192.168.101.200 discarded

Received: by company.private.server.name (Microsoft Connector for POP3 Mailboxes 5.00.2195) with SMTP (Individual POP3 Download) id MSG12232004-120034-2056.MMD[at]domaint.at.server for <x>; Thu, 23 Dec 2004 12:00:34 +0100

no from

Ignored

No source IP address found, cannot proceed.

Add/edit your mailhost configuration

Finding full email headers

Submitting spam via email (may work better)

Example: What spam headers should look like

Nothing to do.

[StevenUnderwood]

First, I think this needs to be moved by the moderator into the appropriate forum. This forum is for problems with the spamcop email system.

Please post a tracking URL for one of these failed parses so we can see exactly what you are seeing.

What you have shown is so munged to be utterly useless here.

If you are saying that your incoming internet email messages do not show the hand off from the sending system to your PUBLIC server, then you may not be able to use spamcop to report spam.

[Wazoo]

Hummm ... toss of the coin says this is going to end up in the MailHost Forum ... pushed a bit by seeing the Add/Edit thing, but still admitting that it's only a guess ... And agree completely with Steven's words .... There's no way to actually do any major analysis without seeing the full headers ..

The Exchange server can be configured in many different ways.

Your tools can have an impact (for example, your possible use of Outlook)

The way you submit can make a difference.

The MailHost configuration has some definite impact.

Your cut/paste/mung'd data answers very few of the above questions. Note, you start with "I'm sending ..." but then provide "Received" header data .. if there is a difference involved there ...???

[turetzsr]

Hi, jgomila!

...Perhaps one of the following links will help:

• SpamCop FAQ: Outlook 98 and 2000
  
• My reply in thread "Reporting spam"
  

[Ellen]

I am sending throught and Exchange Server 2000.

We don't have a public domain assigned at our IP, and our SMTP server identifies with the local IP.

What I have to do to enable SpamReport from

I enclose the details of the spam report.

Received:  from company.private.server.name ([192.168.101.200]) by public.mailer.isp with Microsoft SMTPSVC(5.0.2195.6713); Thu, 23 Dec 2004 12:00:40 +0100

192.168.101.200 found

host 192.168.101.200 (getting name) no name

192.168.101.200 discarded

Received:  by company.private.server.name (Microsoft Connector for POP3 Mailboxes 5.00.2195) with SMTP (Individual POP3 Download) id MSG12232004-120034-2056.MMD[at]domaint.at.server for <x>; Thu, 23 Dec 2004 12:00:34 +0100

no from

Ignored

No source IP address found, cannot proceed.

Add/edit your mailhost configuration

Finding full email headers

Submitting spam via email (may work better)

Example: What spam headers should look like

Nothing to do.

21735[/snapback]

I would need to see a couple of tracking urls from attempted parses to see if anything can be done. If you don;t want to put them here you can email them to me. Include your registered SC email address.

A reminder -- the company id closed tomorrow for the holidays. While I know Richard, Don and I will be checking in every so often for anything critical other mail will likely have to wait until Monday.

[jgomila]

This morning I sent an e-mail to SPAMCOP from the Exchange server account:

The message received is:

I deleted the message... i don't like the word of wazoo... sorry

I hope it will be helpfull.

I am the "system manager" but I haven't experience enough with the Exchange Server, and I don't know all the capabilities of this software.

[StevenUnderwood]

The tracking URL is helpful so we can start looking at particulars.

My best guess at this point is that a message is sent to some internet account. An internal machine (possibly 192.168.101.200) pops this message from that external account and forwards it to your mail server (mailer.infotelecom.es). Please correct this if needed.

I am not familiar with Exchange, but will mention what I find curious about these headers. Others here have Exchange experience.

The first header which would normally be your most local server, the one holding the message for you, receiving the message from a further off server, shows this mesage being handed off from an internal IP address ([192.168.101.200]) (presumably closer to the end user) to a public mail server address (presumably on the perimeter of the local network), mailer.infotelecom.es ([213.0.77.26]). Can you identify that internal IP address for us (is it a mail server or a desktop machine)?

Received:  from servidor.menorca.bonninsanso.com ([192.168.101.200]) by mailer.infotelecom.es with Microsoft SMTPSVC(5.0.2195.6713); Fri, 24 Dec 2004 11:16:03 +0100

The second header would normally be further down stream, possibly the source. This message shows a yet unknown server (servidor.menorca.bonninsanso.com, no public IP) from an unnamed source.

Received:  by servidor.menorca.bonninsanso.com (Microsoft Connector for POP3 Mailboxes 5.00.2195) with SMTP (Individual POP3 Download) <snip message id> for <x>; Fri, 24 Dec 2004 11:15:43 +0100

The "Microsoft Connector for POP3 Mailboxes 5.00.2195" seems to be dropping all headers from the message when it retreives it.

This is why spamcop can not trace the source of this message. If all messages follow the same path, then spamcop can do nothing in your current configuration.

With some work, we might be able to get your configuration working.

[Wazoo]

I admit to faling asleep while trying to research this one. So many things gone wrong on so many levels. Was actually at the point of reminding my self that Ellen gets paid for this stuff <g>

First of all, Ellen/Deputies/Don needs to take care of this now compromised SpamCop (submittal) account.

Second item, method/tools of spam submittal still not defined, noting that the MIME Boundary lines are still in place in the actual spam submittal, probably ruling out the use of Outlook ..????

Senderbase has some strange data on the only IP seen in the data provided;

Report on IP address: 213.96.66.182

Volume Statistics for this IP

Magnitude Vol Change vs. Average

Last day ........ 0.0 .. -100%

Last 30 days .. 1.5 ... -94%

Average ........ 2.7

Sender Category NSP

Network Owner Red de servicios IP

Domain rima-tde.net

Date of first message seen from this address 2003-06-16

CIDR range 213.96.0.0/14

# of domains controlled by this network owner 3

Addresses in rima-tde.net used to send email Showing 1 - 50 out of 28069

Trace 213.96.66.182 ...

81.46.0.166 RTT: 164ms TTL:192 (166.Red-81-46-0.pooles.rima-tde.net ok)

80.58.86.222 RTT: 175ms TTL:192 (222.Red-80-58-86.pooles.rima-tde.net ok)

80.58.41.99 RTT: 173ms TTL:192 (99.Red-80-58-41.pooles.rima-tde.net ok)

213.96.66.182 RTT: 222ms TTL:230 (182.Red-213-96-66.pooles.rima-tde.net ok)

whois -h whois.corenic.net bonninsanso.com ...

Domain ID: D3187128-CNO

Domain Name: bonninsanso.com

Domain Name IDN: bonninsanso.com

Creation Date: 1997-03-27 05:00:00 UTC

Expiration Date: 2005-03-28 05:00:00 UTC

Last Modification Date: 2003-09-15 09:58:50 UTC

Sponsoring Registrar: CORE-1

Created by: CORE-1

Updated by: CORE-1

Last Updated By Registrar: CORE-1

Maintainer: 1

Registrant ID: COCO-3998709

Registrant Name: Bonnin Sanso Mahon S.L.

Registrant Address: Nou, 14

Registrant City: Mao

Registrant State/Province: BALEARES

Registrant Postal Code: 07701

Registrant Country: ES

Registrant Phone Number: +34.933152323

Registrant Email: dnsadmin[at]infotelecom.es

Admin ID: COCO-1090419

Admin Name: Infotelecom Networks

Admin Organization: Infotelecom NEtworks

Admin Address: Jose Anselmo Clave 74

Admin City: Mahon

Admin State/Province: SPAIN

Admin Postal Code: 07702

Admin Country: ES

Admin Phone Number: +34.971353881

Admin Fax Number: +34.971354236

Admin Email: dnsadmin[at]infotelecom.es

Tech ID: COCO-1090419

Tech Name: Infotelecom Networks

Tech Organization: Infotelecom NEtworks

Tech Address: Jose Anselmo Clave 74

Tech City: Mahon

Tech State/Province: SPAIN

Tech Postal Code: 07702

Tech Country: ES

Tech Phone Number: +34.971353881

Tech Fax Number: +34.971354236

Tech Email: dnsadmin[at]infotelecom.es

Zone ID: COCO-1090419

Zone Name: Infotelecom Networks

Zone Organization: Infotelecom NEtworks

Zone Address: Jose Anselmo Clave 74

Zone City: Mahon

Zone State/Province: SPAIN

Zone Postal Code: 07702

Zone Country: ES

Zone Phone Number: +34.971353881

Zone Fax Number: +34.971354236

Zone Email: dnsadmin[at]infotelecom.es

Name Server: ns1.balearics.net

Name Server: ns2.balearics.net

Dig bonninsanso.com[at]ns1.balearics.net (213.0.77.5) ...

Authoritative Answer

Recursive queries supported by this server

Query for bonninsanso.com type=255 class=1

bonninsanso.com MX (Mail Exchanger) Priority: 10 orion.infotelecom.es

bonninsanso.com SOA (Zone of Authority)

Primary NS: ns1.balearics.net

Responsible person: dnsadmin[at]infotelecom.es

serial:2004060101

refresh:14400s (4 hours)

retry:7200s (2 hours)

expire:86400s (24 hours)

minimum-ttl:86400s (24 hours)

bonninsanso.com NS (Nameserver) ns2.balearics.net

bonninsanso.com NS (Nameserver) ns1.balearics.net

orion.infotelecom.es A (Address) 213.0.77.26

ns1.balearics.net A (Address) 213.0.77.5

ns2.balearics.net A (Address) 213.0.77.8

SamSpade for Windows results;

12/24/04 09:17:40 ping bonninsanso.com

Ping failed, no such host

12/24/04 09:17:24 Slow traceroute bonninsanso.com

Trace bonninsanso.com failed, no such host

Trace www.bonninsanso.com (213.0.77.4) ...

213.0.248.70 RTT: 177ms TTL:192 (tmrro1-amnor2.nuria.telefonica-data.net ok)

194.69.226.29 RTT: 179ms TTL:192 (No rDNS)

193.152.56.22 RTT: 182ms TTL:192 (No rDNS)

213.0.77.4 RTT: 183ms TTL:107 (www.bonninsanso.com ok)

Your 1 MX record is:

10 orion.infotelecom.es. [TTL=86400] IP=213.0.77.26 [TTL=86400] [ES]

So, after all this, still at the same place Steven is .... servers handling your e-mail are very much in question. As it us, there is no way to report your spam via SpamCop .. not even the MailHost configuration will help. So I apparently guessed wrong, this should have been moved to the Reporting Forum .... but as there's less traffic here, I'll let it sit until something is done about the compromised account.

[jgomila]

The IP 192.168.1.200 is our LOCAL 2KServer with MS Exchange Server.

We connect to internet with an ADSL.

I supose that you are looking the registri information to know if we have a public domain. Our domain is hostet at Infotelecom, our ISP, and our Exchange Server is a local PC.

We haven't plant for redirecting e-mail to our Server (configuring mail to our public adsl IP and routing to our server).

I will continue reporting the spam directly through the mailer.infotelecom.es mail server with the Outlook Exchange, instead of Microsoft Outlook and Exchange Server. Until I could use Exchange and leave the Outlook Express away.

Thanks to all.

Merry Christmars and Happy New Year !!

[Wazoo]

No, I was looking up registrations while trying to figure out how your e-mail was flowing, as the data needed is not in the headers of the e-mail you've thus far provided .. the closest you got was copying in the e-mail from the SpamCop server, which is also the one that you included too much data (you have compromised your reporting account data ... and as so much time had gone by, couple with the number of views on your Topic, it seemed of little use to go back and mung it for you ... better to re-register for a new address and get the current one deleted.

I still believe that until you get your Exchange server setup correctly, you are not going to be able to submit your spam (delivered/processed by that server) due the lack of specific detail in the headers of that spam.

[waffull]

When adding a mailhost, what you have to do in a situation where you're using exchange it's on a LAN, rather than your WAN and most likely has an internal domain name vs. an internet domain name is:

When asked for: "What is the standard name of this email provider - for instance, hotmail.com might be referred to simply as "Hotmail"? "

Enter your local exchange server address. Usually something like 'server.internal.local'

If those of you who know spamcop inside and out as well as this new mailhost registration process would confirm or deny my recommendation, I would appreciate it. This is what I did, in order to get the mail host registration to work.

[StevenUnderwood]

That would be fine if the message were including any sort of headers indicating where the source of the message is. The headers in question appear to be dropping all of the headers from before they are popped onto the local network.

[Wazoo]

I deleted the message...

I hope it will be helpfull.

Yes and no .... you did remove the account data that was compromised .. but again, so much time and so many views, it needs to be deleted and your new account created. Unfortunately, you removed the data needed by the Deputies to kill the old account.

You didn't leave the Tracking URL in place, such that the rest of the 'discussion' is now based only on the snippets that some of us quoted in reply .... again, leaving no data for Deputies or anyone else to work with. Now that all pertinent data is gone, this Topic now seems to be a Reporting issue, and that issue is caused by the lack of data in the headers of the sample provided (then deleted) Moved over to the Reporting Help Forum. jgomila advised of this move via PM.

[Jeff G.]

It would be a sorry state of affairs if the "Microsoft Connector for POP3 Mailboxes 5.00.2195" was unable to produce in Microsoft Exchange 2000 the Headers of the emails it was retreiving via POP3. You probably have to configure that Connector to produce the Headers.

[Wazoo]

Apparently something got 'fixed' to allow some spam reporting ... or this user isn't using the same system for personal e-mail. This Topic moved from E-Mail to MailHost to Reporting .. user PM'd each time to advise of the Move. Don't ask how I know that this user has figured out how to "report" ....

[Jeff G.]

Apparently something got 'fixed' to allow some spam reporting ... or this user isn't using the same system for personal e-mail.  This Topic moved from E-Mail to MailHost to Reporting .. user PM'd each time to advise of the Move.  Don't ask how I know that this user has figured out how to "report" ....

21935[/snapback]

OK, I won't ask. Publicly, anyway.

[StevenUnderwood]

I would guess it has to do with another post you made in the last day or so

Happy Holidays