hank Posted May 23, 2019 Posted May 23, 2019 Can someone help me figure this out? https://www.spamcop.net/sc?id=z6549455694zfeb75193b1712788142a5546e2c495dbz Mailhost configuration problem, identified internal IP as source Mailhost: Please correct this situation - register every email address where you receive spam No source IP address found, cannot proceed. Add/edit your mailhost configuration ... I've read the previous threads about this and tried the suggestion to create a new mailhost entry but still gettimg spammed from one source that always has this problem being reported
MIG Posted May 23, 2019 Posted May 23, 2019 Hey Hank, I parsed the spam using an account without Mailhosts https://www.spamcop.net/sc?id=z6549475009zed08ca727fef033d7a7791ddc92d5159z Cheers! G🦗H
hank Posted May 28, 2019 Author Posted May 28, 2019 Can you "explain like I'm 75" how you made that work? I've got another one here: https://www.spamcop.net/sc?id=z6550787211z905db5082b84aaf3684b505829469a4az Mailhost configuration problem, identified internal IP as source
hank Posted May 28, 2019 Author Posted May 28, 2019 and another: https://www.spamcop.net/sc?id=z6550829312z28b288e7765aed3250e66e22677929e8z Mailhost configuration problem, identified internal IP as source
MIG Posted May 28, 2019 Posted May 28, 2019 Hey Hank, I set up a "dummy" SC account, NO MailHosts, bare bones, no extra tweaks... SC account = MynameTest, pwd x I (reparsed) https://www.spamcop.net/sc?id=z6550787211z905db5082b84aaf3684b505829469a4az = https://www.spamcop.net/sc?id=z6550841645z866d1e0e17d7ecbba06678438cabcad2z https://www.spamcop.net/sc?id=z6550829312z28b288e7765aed3250e66e22677929e8z = https://www.spamcop.net/sc?id=z6550842701za1bd11a6d6d70b087d39b687f50d6f58z SC account with NO MailHosts allows the spam to be parsed. If ever, my SC account WITH MailHosts gives a result that generates ANY errors, I try the SC account WITHOUT MailHosts. (in my experience) every time I try to modify my SC account with MailHosts I can't do successfully AND, setting up the original hosts was really messy, in the end SCA fixed, what's working I leave working. I don't wish to pester SCA "please fix what I've buggered up, again!" A dummy SC account works as a backup for any spam that won't parse. If I hit a spam that cannot be parsed with either account, I pester everyone here😉 Please let us know how you go? Cheers! G🦗H
hank Posted May 28, 2019 Author Posted May 28, 2019 I thought doing that risks tagging the mail hosts that appear in the report as spam sources, if you don't have any mail hosts whitelisted by Spamcop?
petzl Posted May 29, 2019 Posted May 29, 2019 1 hour ago, hank said: I thought doing that risks tagging the mail hosts that appear in the report as spam sources, if you don't have any mail hosts whitelisted by Spamcop? With Mailhosts NOT set-up SpamCop can sometimes (not always) name your provider as the spammer, providers usually go nuts at you when this happens One cannot with mailhosts set-up, use use it for parsing spam that does not go through your mailhost. . Some of us like to have a account set-up without mailhosts set-up to parse mail that has not gone through their mailserver
hank Posted May 29, 2019 Author Posted May 29, 2019 So help me understand what Spamcop is trying to tell me when I get this warning: "Mailhost configuration problem, identified internal IP as source" Does that mean that, somewhere in the headers of the submitted spam, there is a mailhost for which I don't have an entry? Can I hand-edit the problem spam to take something out that makes Spamcop identify "internal IP as source"? I don't see what the "internal IP" is that's causing the error.
petzl Posted May 29, 2019 Posted May 29, 2019 1 hour ago, hank said: "Mailhost configuration problem, identified internal IP as source" https://www.spamcop.net/sc?id=z6549455694zfeb75193b1712788142a5546e2c495dbz 54.240.7.11 is the source email-abuse[x]amazon.com Seems you are relaying email through SpamCop Received: from a7-11.smtp-out.eu-west-1.amazonses.com (a7-11.smtp-out.eu-west-1.amazonses.com [54.240.7.11]) by vmx5.spamcop.net (Postfix) with ESMTP id 449CDAF6F3 for <x>; Thu, 23 May 2019 10:01:27 -0700 (PDT) You have your SpamCop email address in mailhosts? Look for VMX5 in headers to see received line or paste the headers of spam BEFORE being relayed/forwarded. Which gives deleted
petzl Posted May 29, 2019 Posted May 29, 2019 2 hours ago, hank said: So help me understand what Spamcop is trying to tell me when I get this warning: "Mailhost configuration problem, identified internal IP as source" Does that mean that, somewhere in the headers of the submitted spam, there is a mailhost for which I don't have an entry? Can I hand-edit the problem spam to take something out that makes Spamcop identify "internal IP as source"? I don't see what the "internal IP" is that's causing the error. Sorry the REAL the tracking url. sorry of snipped spam urlSeems a often "Feature" of WIN10 to not copy and paste last copied insteadhttps://www.spamcop.net/sc?id=z6550896178zd653b2b14608440d048ea63ca34e0555z
MIG Posted May 29, 2019 Posted May 29, 2019 3 hours ago, hank said: What Spamcop is trying to tell me when I get this warning: 1) Does that mean that, somewhere in the headers of the submitted spam, there is a mailhost for which I don't have an entry? 2. Can I hand-edit the problem spam to take something out that makes Spamcop identify "internal IP as source"? 3. I don't see what the "internal IP" is that's causing the error. Hello Hank, I'm cross posting with Petzl, (not cross with Petlz😂), this is additional to anything our friend has posted, I've yet to get up to speed with his posts, just wanted to try to answer your: "help me understand" 1. No. 2. No/maybe/possibly, however, the workable solution is to have a backup SC account WITHOUT any MAILHOSTS configured. It doesn't need to be a paid account & you don't need to use it all the time - ONLY when you get a spam that won't parse with a SC account WITH MAILHOSTS configured. 3. Exactly, sometimes EVEN SC can't do things or can't do things perfectly, that's why there's a backup solution. You need to get to work, you're running late: the car has a flat battery, shot brakes, a busted piston and the universal joint is "$#*&%'d", in short the car is "$#*&%'d". You are going to be late for work, the last time you were late your Boss said, "next time, don't bother turning up!" Do you try to work out how to fix the "$#*&%'d" vehicle or do you use an alternative means of getting to work? If you hate the job you piss around with the car, if you need the job. CieLeVie😉 & (now I've had a chance to absorb Petzl's posts), what Petzl has posted is important, however, "x spamcop.net" does not appear in all your original parsed spams. So, two bob each way, use the backup solution AND contact SCA "Help" and ask them to check your configured MAILHOSTS? https://www.spamcop.net/fom-serve/cache/401.html, at the very bottom of the page: select [Other reasons for contact][Reason for contact], put a brief description: "Please check my MailHosts config to see if my SpamCop email address is in mailhosts & please let me know?" If you're a nice person & it seems you are, you'll say "thanks", if you're like G🦗H you won't! If SCA find a SpamCop email address in MAILHOSTS, please share with us as this is a "possibly" new, additonal, IMPORTANT, information that can help others. Many thanks and cheers! G🦗H
petzl Posted May 29, 2019 Posted May 29, 2019 1 hour ago, MIG said: (now I've had a chance to absorb Petzl's posts), what Petzl has posted is important, however, "x spamcop.net" does not appear in all your original parsed spams. Yes it does.click "View entire message" for full spamhttps://www.spamcop.net/sc?id=z6549455694zfeb75193b1712788142a5546e2c495dbz Then copy and past from and includingReceived: from vmx.spamcop.net (HELO vmx5.spamcop.net) ([184.94.240.112]) This tells me it's forwarded through a SpamCop/IronPort, now Cisco email server Which giveshttps://www.spamcop.net/sc?id=z6550896178zd653b2b14608440d048ea63ca34e0555z Which means/suggests SpamCop email address has not been processed by "hank's" Mailhosts And hank I've manage to kill the botnet going through China. But don't know if permanently?
MIG Posted May 29, 2019 Posted May 29, 2019 3 hours ago, petzl said: Yes it does. I said ALL original parsed spams, PETZL. 1. https://www.spamcop.net/sc?id=z6549455694zfeb75193b1712788142a5546e2c495dbz - spamcop.net - yes 2. https://www.spamcop.net/sc?id=z6550787211z905db5082b84aaf3684b505829469a4az - spamcop.net - yes 3. https://www.spamcop.net/sc?id=z6550829312z28b288e7765aed3250e66e22677929e8z - spamcop.net - no That's why I wrote "what Petzl has posted is important", 'cause it is!! Ok, carb😘hydrate? Cheers! G🦗H
petzl Posted May 29, 2019 Posted May 29, 2019 1 hour ago, MIG said: 3. https://www.spamcop.net/sc?id=z6550829312z28b288e7765aed3250e66e22677929e8z - spamcop.net - no That's why I wrote "what Petzl has posted is important", 'cause it is!! Just another non-standard email provider that scatters headers received line in a lot of garbage.. Not even stamping a received line IMO -109.236.94.178 does seem to be spewing email reduce SpamAssassin to 2 at present set at 3 but may lead to false positives
MIG Posted May 29, 2019 Posted May 29, 2019 1 hour ago, petzl said: Just another non-standard email provider that scatters headers received line in a lot of garbage.. Not even stamping a received line IMO -109.236.94.178 does seem to be spewing email reduce SpamAssassin to 2 at present set at 3 but may lead to false positives WOT? Are we on the same track Petzl, I'm not following? Confused G🦗H
petzl Posted May 29, 2019 Posted May 29, 2019 5 minutes ago, MIG said: WOT? Are we on the same track Petzl, I'm not following? Confused G🦗H https://www.spamcop.net/sc?id=z6550829312z28b288e7765aed3250e66e22677929e8z Hanks email provider is not stamping the received line properlyReceived: from busy.lorenzobuzios.com (customer.worldstream.nl [109.236.94.178] (may be forged)) SpamCop does. I would ditch them.
MIG Posted May 29, 2019 Posted May 29, 2019 53 minutes ago, petzl said: https://www.spamcop.net/sc?id=z6550829312z28b288e7765aed3250e66e22677929e8z Hanks email provider is not stamping the received line properlyReceived: from busy.lorenzobuzios.com (customer.worldstream.nl [109.236.94.178] (may be forged)) SpamCop does. I would ditch them. Cool, thanks Petzl, I hope Hank reads this😉 🙏G🦗H
hank Posted May 29, 2019 Author Posted May 29, 2019 I have a Spamcop email address I've used for many years. Isn't that supposed to be listed in mailhosts? As Spamcop fairly recently required, it now just forwards mail to another address. As an old long-used address it gets a lot of spam, which Spamcop no longer filters for me since they improved the Spamcop service.
petzl Posted May 29, 2019 Posted May 29, 2019 7 hours ago, hank said: I have a Spamcop email address I've used for many years. Isn't that supposed to be listed in mailhosts? As Spamcop fairly recently required, it now just forwards mail to another address. As an old long-used address it gets a lot of spam, which Spamcop no longer filters for me since they improved the Spamcop service. Julian Haight used to have SpamCop email server as "trusted", but can't hurt to add it in forwarded email particularly? But it seems your present email provider has gobbledegook headers that don't stamp received line properly/orderly.I stopped/killed the botnet that was attacking SpamCop email addresses about a week ago. But don't know for how long?
hank Posted May 30, 2019 Author Posted May 30, 2019 I've asked support and knowledgeable users at my ISP Sonic.net to take a look. I can try changing the forwarding instruction for my mail address at spamcop to forward it to a different email provider, to see if that helps. I'm slowly finding and changing all the records out there that use @spamcop.net as my email contact, but egad, it's years and years of accumulated pointers to find and fix.
petzl Posted May 30, 2019 Posted May 30, 2019 45 minutes ago, hank said: I've asked support and knowledgeable users at my ISP Sonic.net to take a look. I can try changing the forwarding instruction for my mail address at spamcop to forward it to a different email provider, to see if that helps. I'm slowly finding and changing all the records out there that use @spamcop.net as my email contact, but egad, it's years and years of accumulated pointers to find and fix. I just pay the $30 for Fastmail they have very good spam filtering and no problem headers Gmail is goode but will disable your account if it gets to much spam
MIG Posted May 30, 2019 Posted May 30, 2019 4 hours ago, petzl said: stopped/killed the botnet Hey Petzl, If it's not a state secret, how? Please share? Thanks & cheers! G🦗H
MIG Posted May 30, 2019 Posted May 30, 2019 12 hours ago, hank said: old long-used address, it gets a lot of spam, SpamCop no longer filters, since they improved the Spamcop service. Hey Hank, (imo) that sounds the opposite of an "improved" service? 🤔 Cheers! G🦗H
hank Posted May 30, 2019 Author Posted May 30, 2019 Hmmm. Can't log in to Spamcop's email client to change forwarding. These instructions: https://www.spamcop.net/ces/setup_forwarding2.shtml say login here: http://webmail.spamcop.net/ The instructions are differenet than I recall years back when Spamcop quit being an email provider --- at that time they said to set up forwarding, which I did. Now the instructions say don't set up forwarding, instead have other providers POP the mail (which Fastmail would do, if I get this figured out, I'd had a Fastmail account for a long time just in case I needed it)
petzl Posted May 30, 2019 Posted May 30, 2019 5 minutes ago, hank said: Hmmm. Can't log in to Spamcop's email client to change forwarding. These instructions:https://www.spamcop.net/ces/setup_forwarding2.shtml say login here: http://webmail.spamcop.net/ The instructions are differenet than I recall years back when Spamcop quit being an email provider --- at that time they said to set up forwarding, which I did. Now the instructions say don't set up forwarding, instead have other providers POP the mail (which Fastmail would do, if I get this figured out, I'd had a Fastmail account for a long time just in case I needed it) It's here
Recommended Posts
Archived
This topic is now archived and is closed to further replies.