wolfs Posted January 13, 2005 Share Posted January 13, 2005 Relevant parts from header: Received: from smtp2.easydns.com([205.210.42.53]), claiming to be "conan.easydns.com" via SMTP by xxxmyhostxxx, id smtpd13275a; Thu Jan 13 16:31:03 2005 Received: from localhost (localhost [127.0.0.1]) by conan.easydns.com (Postfix) with ESMTP id B0CB0505A4 for <x>; Thu, 13 Jan 2005 10:31:01 -0500 (EST) Received: from conan.easydns.com ([127.0.0.1]) by localhost (conan [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 20202-27 for <x>; Thu, 13 Jan 2005 10:31:01 -0500 (EST) Received: from akita-u.ac.jp (84-122-68-253.onocable.ono.com [84.122.68.253]) by conan.easydns.com (Postfix) with SMTP id 9504F505B8 for <x>; Thu, 13 Jan 2005 10:30:26 -0500 (EST) Received: from 40.12.162.158 by smtp.cke.nl; Thu, 13 Jan 2005 15:28:35 +0000 Message-ID: <22a3______________________c3d6[at]akita-u.ac.jp> Where easydns.com is our DNS and backup mx. smtp2.easydns.com 3600 IN A 205.210.42.53 ns1.easydns.com 3600 IN A 216.220.40.243 ns2.easydns.com 3600 IN A 205.210.42.20 remote1.easydns.com 3600 IN A 64.39.29.212 remote2.easydns.com 3600 IN A 212.100.224.80 # host -v conan.easydns.com Trying null domain rcode = 0 (Success), ancount=1 The following answer is not authoritative: conan.easydns.com 3600 IN A 205.210.42.53 For authoritative answers, see: easydns.com 3487 IN NS ns2.easydns.com spamcop reasons as follows: Received: from smtp2.easydns.com([205.210.42.53]), claiming to be "conan.easydns.com" via SMTP by xxxmymailhostxxx, id smtpd13275a; Thu Jan 13 16:31:03 2005 205.210.42.53 found host 205.210.42.53 = smtp2.easydns.com (cached) smtp2.easydns.com is 205.210.42.53 Possible spammer: 205.210.42.53 Received line accepted Received: from localhost (localhost [127.0.0.1]) by conan.easydns.com (Postfix) with ESMTP id B0CB0505A4 for <x>; Thu, 13 Jan 2005 10:31:01 -0500 (EST) 127.0.0.1 found host 127.0.0.1 = localhost (cached) localhost is 127.0.0.1 205.210.42.53 not listed in dnsbl.njabl.org 205.210.42.53 not listed in cbl.abuseat.org 205.210.42.53 not listed in dnsbl.sorbs.net 205.210.42.53 is an MX for XXMYDOMAINXX.com 127.0.0.1 discarded Received: from conan.easydns.com ([127.0.0.1]) by localhost (conan [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 20202-27 for <x>; Thu, 13 Jan 2005 10:31:01 -0500 (EST) 127.0.0.1 found host 127.0.0.1 = localhost (cached) localhost is 127.0.0.1 205.210.42.53 not listed in dnsbl.njabl.org 205.210.42.53 not listed in cbl.abuseat.org 205.210.42.53 not listed in dnsbl.sorbs.net 205.210.42.53 is an MX for init-bs.com 127.0.0.1 discarded Received: from akita-u.ac.jp (84-122-68-253.onocable.ono.com [84.122.68.253]) by conan.easydns.com (Postfix) with SMTP id 9504F505B8 for <x>; Thu, 13 Jan 2005 10:30:26 -0500 (EST) 84.122.68.253 found host 84.122.68.253 = 84-122-68-253.onocable.ono.com. (cached) 84-122-68-253.onocable.ono.com. is 84.122.68.253 205.210.42.53 not listed in dnsbl.njabl.org 205.210.42.53 not listed in cbl.abuseat.org 205.210.42.53 not listed in dnsbl.sorbs.net 205.210.42.53 is an MX for init-bs.com Possible spammer: 84.122.68.253 84.122.68.253 is not an MX for 84-122-68-253.onocable.ono.com host 84-122-68-253.onocable.ono.com (checking ip) = 84.122.68.253 host conan.easydns.com (checking ip) = 205.210.42.53 205.210.42.53 not listed in dnsbl.njabl.org 205.210.42.53 not listed in cbl.abuseat.org 205.210.42.53 not listed in dnsbl.sorbs.net Chain test:conan.easydns.com =? smtp2.easydns.com host smtp2.easydns.com (checking ip) = 205.210.42.53 ips are close enough 205.210.42.53 is close to an MX (205.210.42.42) for easydns.com 205.210.42.53 is mx conan.easydns.com and smtp2.easydns.com have close IP addresses - chain verified Possible relay: 205.210.42.53 205.210.42.53 not listed in relays.ordb.org. 205.210.42.53 has already been sent to relay testers Received line accepted Received: from 40.12.162.158 by smtp.cke.nl; Thu, 13 Jan 2005 15:28:35 +0000 40.12.162.158 found host 40.12.162.158 (getting name) no name 84.122.68.253 not listed in dnsbl.njabl.org 84.122.68.253 not listed in cbl.abuseat.org 84.122.68.253 not listed in dnsbl.sorbs.net 84.122.68.253 is not an MX for conan.easydns.com 84.122.68.253 is not an MX for 84-122-68-253.onocable.ono.com. 84.122.68.253 is not an MX for smtp.cke.nl 84.122.68.253 is not an MX for conan.easydns.com 84.122.68.253 not listed in dnsbl.njabl.org Possible spammer: 40.12.162.158 host smtp.cke.nl (checking ip) ip not found ; smtp.cke.nl discarded as fake. 40.12.162.158 is not an MX for smtp.cke.nl 84.122.68.253 is not an MX for smtp.cke.nl Looks like a forgery 84.122.68.253 discarded as a forgery, using 205.210.42.53 This is where i disagree, 84.122.68.253 should be marked as spammer and 40.12.162.158 as forgery. Does anyone see how and why spamcop went astray? Does the localhost/amavis line throw it off track? This is the third spam i submitted, that exhibits this strange error. I am glad to be able to use a manual submission system, where it is possible to check the validity of reports. Wolf Link to comment Share on other sites More sharing options...
wolfs Posted January 14, 2005 Author Share Posted January 14, 2005 Looks as if the problem has been fixed, spamcop would report the right IP now. Maybe the fact, that 84.122.68.253 is now in cbl.abuseat has helped. Wolf Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.