Parser Error

[wolfs]

Relevant parts from header:

Received: from smtp2.easydns.com([205.210.42.53]), claiming to be "conan.easydns.com"

via SMTP by xxxmyhostxxx, id smtpd13275a; Thu Jan 13 16:31:03 2005

Received: from localhost (localhost [127.0.0.1])

by conan.easydns.com (Postfix) with ESMTP id B0CB0505A4

for <x>; Thu, 13 Jan 2005 10:31:01 -0500 (EST)

Received: from conan.easydns.com ([127.0.0.1])

by localhost (conan [127.0.0.1]) (amavisd-new, port 10024) with ESMTP

id 20202-27 for <x>;

Thu, 13 Jan 2005 10:31:01 -0500 (EST)

Received: from akita-u.ac.jp (84-122-68-253.onocable.ono.com [84.122.68.253])

by conan.easydns.com (Postfix) with SMTP id 9504F505B8

for <x>; Thu, 13 Jan 2005 10:30:26 -0500 (EST)

Received: from 40.12.162.158 by smtp.cke.nl;

Thu, 13 Jan 2005 15:28:35 +0000

Message-ID: <22a3______________________c3d6[at]akita-u.ac.jp>

Where easydns.com is our DNS and backup mx.

smtp2.easydns.com 3600 IN A 205.210.42.53

ns1.easydns.com 3600 IN A 216.220.40.243

ns2.easydns.com 3600 IN A 205.210.42.20

remote1.easydns.com 3600 IN A 64.39.29.212

remote2.easydns.com 3600 IN A 212.100.224.80

# host -v conan.easydns.com

Trying null domain

rcode = 0 (Success), ancount=1

The following answer is not authoritative:

conan.easydns.com 3600 IN A 205.210.42.53

For authoritative answers, see:

easydns.com 3487 IN NS ns2.easydns.com

spamcop reasons as follows:

Received: from smtp2.easydns.com([205.210.42.53]), claiming to be "conan.easydns.com" via SMTP by xxxmymailhostxxx, id smtpd13275a; Thu Jan 13 16:31:03 2005

205.210.42.53 found

host 205.210.42.53 = smtp2.easydns.com (cached)

smtp2.easydns.com is 205.210.42.53

Possible spammer: 205.210.42.53

Received line accepted

Received: from localhost (localhost [127.0.0.1]) by conan.easydns.com (Postfix) with ESMTP id B0CB0505A4 for <x>; Thu, 13 Jan 2005 10:31:01 -0500 (EST)

127.0.0.1 found

host 127.0.0.1 = localhost (cached)

localhost is 127.0.0.1

205.210.42.53 not listed in dnsbl.njabl.org

205.210.42.53 not listed in cbl.abuseat.org

205.210.42.53 not listed in dnsbl.sorbs.net

205.210.42.53 is an MX for XXMYDOMAINXX.com

127.0.0.1 discarded

Received: from conan.easydns.com ([127.0.0.1]) by localhost (conan [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 20202-27 for <x>; Thu, 13 Jan 2005 10:31:01 -0500 (EST)

127.0.0.1 found

host 127.0.0.1 = localhost (cached)

localhost is 127.0.0.1

205.210.42.53 not listed in dnsbl.njabl.org

205.210.42.53 not listed in cbl.abuseat.org

205.210.42.53 not listed in dnsbl.sorbs.net

205.210.42.53 is an MX for init-bs.com

127.0.0.1 discarded

Received: from akita-u.ac.jp (84-122-68-253.onocable.ono.com [84.122.68.253]) by conan.easydns.com (Postfix) with SMTP id 9504F505B8 for <x>; Thu, 13 Jan 2005 10:30:26 -0500 (EST)

84.122.68.253 found

host 84.122.68.253 = 84-122-68-253.onocable.ono.com. (cached)

84-122-68-253.onocable.ono.com. is 84.122.68.253

205.210.42.53 not listed in dnsbl.njabl.org

205.210.42.53 not listed in cbl.abuseat.org

205.210.42.53 not listed in dnsbl.sorbs.net

205.210.42.53 is an MX for init-bs.com

Possible spammer: 84.122.68.253

84.122.68.253 is not an MX for 84-122-68-253.onocable.ono.com

host 84-122-68-253.onocable.ono.com (checking ip) = 84.122.68.253

host conan.easydns.com (checking ip) = 205.210.42.53

205.210.42.53 not listed in dnsbl.njabl.org

205.210.42.53 not listed in cbl.abuseat.org

205.210.42.53 not listed in dnsbl.sorbs.net

Chain test:conan.easydns.com =? smtp2.easydns.com

host smtp2.easydns.com (checking ip) = 205.210.42.53

ips are close enough

205.210.42.53 is close to an MX (205.210.42.42) for easydns.com

205.210.42.53 is mx

conan.easydns.com and smtp2.easydns.com have close IP addresses - chain verified

Possible relay: 205.210.42.53

205.210.42.53 not listed in relays.ordb.org.

205.210.42.53 has already been sent to relay testers

Received line accepted

Received: from 40.12.162.158 by smtp.cke.nl; Thu, 13 Jan 2005 15:28:35 +0000

40.12.162.158 found

host 40.12.162.158 (getting name) no name

84.122.68.253 not listed in dnsbl.njabl.org

84.122.68.253 not listed in cbl.abuseat.org

84.122.68.253 not listed in dnsbl.sorbs.net

84.122.68.253 is not an MX for conan.easydns.com

84.122.68.253 is not an MX for 84-122-68-253.onocable.ono.com.

84.122.68.253 is not an MX for smtp.cke.nl

84.122.68.253 is not an MX for conan.easydns.com

84.122.68.253 not listed in dnsbl.njabl.org

Possible spammer: 40.12.162.158

host smtp.cke.nl (checking ip) ip not found ; smtp.cke.nl discarded as fake.

40.12.162.158 is not an MX for smtp.cke.nl

84.122.68.253 is not an MX for smtp.cke.nl

Looks like a forgery

84.122.68.253 discarded as a forgery, using 205.210.42.53

This is where i disagree, 84.122.68.253 should be marked as spammer and

40.12.162.158 as forgery.

Does anyone see how and why spamcop went astray? Does the

localhost/amavis line throw it off track?

This is the third spam i submitted, that exhibits this strange error.

I am glad to be able to use a manual submission system, where it is

possible to check the validity of reports.

Wolf

[wolfs]

Looks as if the problem has been fixed, spamcop would report the right IP now.

Maybe the fact, that 84.122.68.253 is now in cbl.abuseat has helped.

Wolf