jgomila Posted December 23, 2004 Share Posted December 23, 2004 I am sending throught and Exchange Server 2000. We don't have a public domain assigned at our IP, and our SMTP server identifies with the local IP. What I have to do to enable SpamReport from I enclose the details of the spam report. Received: from company.private.server.name ([192.168.101.200]) by public.mailer.isp with Microsoft SMTPSVC(5.0.2195.6713); Thu, 23 Dec 2004 12:00:40 +0100 192.168.101.200 found host 192.168.101.200 (getting name) no name 192.168.101.200 discarded Received: by company.private.server.name (Microsoft Connector for POP3 Mailboxes 5.00.2195) with SMTP (Individual POP3 Download) id MSG12232004-120034-2056.MMD[at]domaint.at.server for <x>; Thu, 23 Dec 2004 12:00:34 +0100 no from Ignored No source IP address found, cannot proceed. Add/edit your mailhost configuration Finding full email headers Submitting spam via email (may work better) Example: What spam headers should look like Nothing to do. Link to comment Share on other sites More sharing options...
StevenUnderwood Posted December 23, 2004 Share Posted December 23, 2004 First, I think this needs to be moved by the moderator into the appropriate forum. This forum is for problems with the spamcop email system. Please post a tracking URL for one of these failed parses so we can see exactly what you are seeing. What you have shown is so munged to be utterly useless here. If you are saying that your incoming internet email messages do not show the hand off from the sending system to your PUBLIC server, then you may not be able to use spamcop to report spam. Link to comment Share on other sites More sharing options...
Wazoo Posted December 23, 2004 Share Posted December 23, 2004 Hummm ... toss of the coin says this is going to end up in the MailHost Forum ... pushed a bit by seeing the Add/Edit thing, but still admitting that it's only a guess ... And agree completely with Steven's words .... There's no way to actually do any major analysis without seeing the full headers .. The Exchange server can be configured in many different ways. Your tools can have an impact (for example, your possible use of Outlook) The way you submit can make a difference. The MailHost configuration has some definite impact. Your cut/paste/mung'd data answers very few of the above questions. Note, you start with "I'm sending ..." but then provide "Received" header data .. if there is a difference involved there ...??? Link to comment Share on other sites More sharing options...
turetzsr Posted December 23, 2004 Share Posted December 23, 2004 Hi, jgomila! ...Perhaps one of the following links will help: SpamCop FAQ: Outlook 98 and 2000 My reply in thread "Reporting spam" Link to comment Share on other sites More sharing options...
Ellen Posted December 24, 2004 Share Posted December 24, 2004 I am sending throught and Exchange Server 2000. We don't have a public domain assigned at our IP, and our SMTP server identifies with the local IP. What I have to do to enable SpamReport from I enclose the details of the spam report. Received: from company.private.server.name ([192.168.101.200]) by public.mailer.isp with Microsoft SMTPSVC(5.0.2195.6713); Thu, 23 Dec 2004 12:00:40 +0100 192.168.101.200 found host 192.168.101.200 (getting name) no name 192.168.101.200 discarded Received: by company.private.server.name (Microsoft Connector for POP3 Mailboxes 5.00.2195) with SMTP (Individual POP3 Download) id MSG12232004-120034-2056.MMD[at]domaint.at.server for <x>; Thu, 23 Dec 2004 12:00:34 +0100 no from Ignored No source IP address found, cannot proceed. Add/edit your mailhost configuration Finding full email headers Submitting spam via email (may work better) Example: What spam headers should look like Nothing to do. 21735[/snapback] I would need to see a couple of tracking urls from attempted parses to see if anything can be done. If you don;t want to put them here you can email them to me. Include your registered SC email address. A reminder -- the company id closed tomorrow for the holidays. While I know Richard, Don and I will be checking in every so often for anything critical other mail will likely have to wait until Monday. Link to comment Share on other sites More sharing options...
jgomila Posted December 24, 2004 Author Share Posted December 24, 2004 This morning I sent an e-mail to SPAMCOP from the Exchange server account: The message received is: I deleted the message... i don't like the word of wazoo... sorry I hope it will be helpfull. I am the "system manager" but I haven't experience enough with the Exchange Server, and I don't know all the capabilities of this software. Link to comment Share on other sites More sharing options...
StevenUnderwood Posted December 24, 2004 Share Posted December 24, 2004 The tracking URL is helpful so we can start looking at particulars. My best guess at this point is that a message is sent to some internet account. An internal machine (possibly 192.168.101.200) pops this message from that external account and forwards it to your mail server (mailer.infotelecom.es). Please correct this if needed. I am not familiar with Exchange, but will mention what I find curious about these headers. Others here have Exchange experience. The first header which would normally be your most local server, the one holding the message for you, receiving the message from a further off server, shows this mesage being handed off from an internal IP address ([192.168.101.200]) (presumably closer to the end user) to a public mail server address (presumably on the perimeter of the local network), mailer.infotelecom.es ([213.0.77.26]). Can you identify that internal IP address for us (is it a mail server or a desktop machine)? Received: from servidor.menorca.bonninsanso.com ([192.168.101.200]) by mailer.infotelecom.es with Microsoft SMTPSVC(5.0.2195.6713); Fri, 24 Dec 2004 11:16:03 +0100 The second header would normally be further down stream, possibly the source. This message shows a yet unknown server (servidor.menorca.bonninsanso.com, no public IP) from an unnamed source. Received: by servidor.menorca.bonninsanso.com (Microsoft Connector for POP3 Mailboxes 5.00.2195) with SMTP (Individual POP3 Download) <snip message id> for <x>; Fri, 24 Dec 2004 11:15:43 +0100 The "Microsoft Connector for POP3 Mailboxes 5.00.2195" seems to be dropping all headers from the message when it retreives it. This is why spamcop can not trace the source of this message. If all messages follow the same path, then spamcop can do nothing in your current configuration. With some work, we might be able to get your configuration working. Link to comment Share on other sites More sharing options...
Wazoo Posted December 24, 2004 Share Posted December 24, 2004 I admit to faling asleep while trying to research this one. So many things gone wrong on so many levels. Was actually at the point of reminding my self that Ellen gets paid for this stuff <g> First of all, Ellen/Deputies/Don needs to take care of this now compromised SpamCop (submittal) account. Second item, method/tools of spam submittal still not defined, noting that the MIME Boundary lines are still in place in the actual spam submittal, probably ruling out the use of Outlook ..???? Senderbase has some strange data on the only IP seen in the data provided; Report on IP address: 213.96.66.182 Volume Statistics for this IP Magnitude Vol Change vs. Average Last day ........ 0.0 .. -100% Last 30 days .. 1.5 ... -94% Average ........ 2.7 Sender Category NSP Network Owner Red de servicios IP Domain rima-tde.net Date of first message seen from this address 2003-06-16 CIDR range 213.96.0.0/14 # of domains controlled by this network owner 3 Addresses in rima-tde.net used to send email Showing 1 - 50 out of 28069 Trace 213.96.66.182 ... 81.46.0.166 RTT: 164ms TTL:192 (166.Red-81-46-0.pooles.rima-tde.net ok) 80.58.86.222 RTT: 175ms TTL:192 (222.Red-80-58-86.pooles.rima-tde.net ok) 80.58.41.99 RTT: 173ms TTL:192 (99.Red-80-58-41.pooles.rima-tde.net ok) 213.96.66.182 RTT: 222ms TTL:230 (182.Red-213-96-66.pooles.rima-tde.net ok) whois -h whois.corenic.net bonninsanso.com ... Domain ID: D3187128-CNO Domain Name: bonninsanso.com Domain Name IDN: bonninsanso.com Creation Date: 1997-03-27 05:00:00 UTC Expiration Date: 2005-03-28 05:00:00 UTC Last Modification Date: 2003-09-15 09:58:50 UTC Sponsoring Registrar: CORE-1 Created by: CORE-1 Updated by: CORE-1 Last Updated By Registrar: CORE-1 Maintainer: 1 Registrant ID: COCO-3998709 Registrant Name: Bonnin Sanso Mahon S.L. Registrant Address: Nou, 14 Registrant City: Mao Registrant State/Province: BALEARES Registrant Postal Code: 07701 Registrant Country: ES Registrant Phone Number: +34.933152323 Registrant Email: dnsadmin[at]infotelecom.es Admin ID: COCO-1090419 Admin Name: Infotelecom Networks Admin Organization: Infotelecom NEtworks Admin Address: Jose Anselmo Clave 74 Admin City: Mahon Admin State/Province: SPAIN Admin Postal Code: 07702 Admin Country: ES Admin Phone Number: +34.971353881 Admin Fax Number: +34.971354236 Admin Email: dnsadmin[at]infotelecom.es Tech ID: COCO-1090419 Tech Name: Infotelecom Networks Tech Organization: Infotelecom NEtworks Tech Address: Jose Anselmo Clave 74 Tech City: Mahon Tech State/Province: SPAIN Tech Postal Code: 07702 Tech Country: ES Tech Phone Number: +34.971353881 Tech Fax Number: +34.971354236 Tech Email: dnsadmin[at]infotelecom.es Zone ID: COCO-1090419 Zone Name: Infotelecom Networks Zone Organization: Infotelecom NEtworks Zone Address: Jose Anselmo Clave 74 Zone City: Mahon Zone State/Province: SPAIN Zone Postal Code: 07702 Zone Country: ES Zone Phone Number: +34.971353881 Zone Fax Number: +34.971354236 Zone Email: dnsadmin[at]infotelecom.es Name Server: ns1.balearics.net Name Server: ns2.balearics.net Dig bonninsanso.com[at]ns1.balearics.net (213.0.77.5) ... Authoritative Answer Recursive queries supported by this server Query for bonninsanso.com type=255 class=1 bonninsanso.com MX (Mail Exchanger) Priority: 10 orion.infotelecom.es bonninsanso.com SOA (Zone of Authority) Primary NS: ns1.balearics.net Responsible person: dnsadmin[at]infotelecom.es serial:2004060101 refresh:14400s (4 hours) retry:7200s (2 hours) expire:86400s (24 hours) minimum-ttl:86400s (24 hours) bonninsanso.com NS (Nameserver) ns2.balearics.net bonninsanso.com NS (Nameserver) ns1.balearics.net orion.infotelecom.es A (Address) 213.0.77.26 ns1.balearics.net A (Address) 213.0.77.5 ns2.balearics.net A (Address) 213.0.77.8 SamSpade for Windows results; 12/24/04 09:17:40 ping bonninsanso.com Ping failed, no such host 12/24/04 09:17:24 Slow traceroute bonninsanso.com Trace bonninsanso.com failed, no such host Trace www.bonninsanso.com (213.0.77.4) ... 213.0.248.70 RTT: 177ms TTL:192 (tmrro1-amnor2.nuria.telefonica-data.net ok) 194.69.226.29 RTT: 179ms TTL:192 (No rDNS) 193.152.56.22 RTT: 182ms TTL:192 (No rDNS) 213.0.77.4 RTT: 183ms TTL:107 (www.bonninsanso.com ok) Your 1 MX record is: 10 orion.infotelecom.es. [TTL=86400] IP=213.0.77.26 [TTL=86400] [ES] So, after all this, still at the same place Steven is .... servers handling your e-mail are very much in question. As it us, there is no way to report your spam via SpamCop .. not even the MailHost configuration will help. So I apparently guessed wrong, this should have been moved to the Reporting Forum .... but as there's less traffic here, I'll let it sit until something is done about the compromised account. Link to comment Share on other sites More sharing options...
jgomila Posted December 24, 2004 Author Share Posted December 24, 2004 The IP 192.168.1.200 is our LOCAL 2KServer with MS Exchange Server. We connect to internet with an ADSL. I supose that you are looking the registri information to know if we have a public domain. Our domain is hostet at Infotelecom, our ISP, and our Exchange Server is a local PC. We haven't plant for redirecting e-mail to our Server (configuring mail to our public adsl IP and routing to our server). I will continue reporting the spam directly through the mailer.infotelecom.es mail server with the Outlook Exchange, instead of Microsoft Outlook and Exchange Server. Until I could use Exchange and leave the Outlook Express away. Thanks to all. Merry Christmars and Happy New Year !! Link to comment Share on other sites More sharing options...
Wazoo Posted December 24, 2004 Share Posted December 24, 2004 No, I was looking up registrations while trying to figure out how your e-mail was flowing, as the data needed is not in the headers of the e-mail you've thus far provided .. the closest you got was copying in the e-mail from the SpamCop server, which is also the one that you included too much data (you have compromised your reporting account data ... and as so much time had gone by, couple with the number of views on your Topic, it seemed of little use to go back and mung it for you ... better to re-register for a new address and get the current one deleted. I still believe that until you get your Exchange server setup correctly, you are not going to be able to submit your spam (delivered/processed by that server) due the lack of specific detail in the headers of that spam. Link to comment Share on other sites More sharing options...
waffull Posted December 26, 2004 Share Posted December 26, 2004 When adding a mailhost, what you have to do in a situation where you're using exchange it's on a LAN, rather than your WAN and most likely has an internal domain name vs. an internet domain name is: When asked for: "What is the standard name of this email provider - for instance, hotmail.com might be referred to simply as "Hotmail"? " Enter your local exchange server address. Usually something like 'server.internal.local' If those of you who know spamcop inside and out as well as this new mailhost registration process would confirm or deny my recommendation, I would appreciate it. This is what I did, in order to get the mail host registration to work. Link to comment Share on other sites More sharing options...
StevenUnderwood Posted December 26, 2004 Share Posted December 26, 2004 That would be fine if the message were including any sort of headers indicating where the source of the message is. The headers in question appear to be dropping all of the headers from before they are popped onto the local network. Link to comment Share on other sites More sharing options...
Wazoo Posted December 26, 2004 Share Posted December 26, 2004 I deleted the message... I hope it will be helpfull. Yes and no .... you did remove the account data that was compromised .. but again, so much time and so many views, it needs to be deleted and your new account created. Unfortunately, you removed the data needed by the Deputies to kill the old account. You didn't leave the Tracking URL in place, such that the rest of the 'discussion' is now based only on the snippets that some of us quoted in reply .... again, leaving no data for Deputies or anyone else to work with. Now that all pertinent data is gone, this Topic now seems to be a Reporting issue, and that issue is caused by the lack of data in the headers of the sample provided (then deleted) Moved over to the Reporting Help Forum. jgomila advised of this move via PM. Link to comment Share on other sites More sharing options...
Jeff G. Posted December 27, 2004 Share Posted December 27, 2004 It would be a sorry state of affairs if the "Microsoft Connector for POP3 Mailboxes 5.00.2195" was unable to produce in Microsoft Exchange 2000 the Headers of the emails it was retreiving via POP3. You probably have to configure that Connector to produce the Headers. Link to comment Share on other sites More sharing options...
Wazoo Posted December 28, 2004 Share Posted December 28, 2004 Apparently something got 'fixed' to allow some spam reporting ... or this user isn't using the same system for personal e-mail. This Topic moved from E-Mail to MailHost to Reporting .. user PM'd each time to advise of the Move. Don't ask how I know that this user has figured out how to "report" .... Link to comment Share on other sites More sharing options...
Jeff G. Posted December 28, 2004 Share Posted December 28, 2004 Apparently something got 'fixed' to allow some spam reporting ... or this user isn't using the same system for personal e-mail. This Topic moved from E-Mail to MailHost to Reporting .. user PM'd each time to advise of the Move. Don't ask how I know that this user has figured out how to "report" ....21935[/snapback] OK, I won't ask. Publicly, anyway. Link to comment Share on other sites More sharing options...
StevenUnderwood Posted December 28, 2004 Share Posted December 28, 2004 I would guess it has to do with another post you made in the last day or so Happy Holidays Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.