hank Posted May 23, 2019 Share Posted May 23, 2019 Can someone help me figure this out? https://www.spamcop.net/sc?id=z6549455694zfeb75193b1712788142a5546e2c495dbz Mailhost configuration problem, identified internal IP as source Mailhost: Please correct this situation - register every email address where you receive spam No source IP address found, cannot proceed. Add/edit your mailhost configuration ... I've read the previous threads about this and tried the suggestion to create a new mailhost entry but still gettimg spammed from one source that always has this problem being reported Link to comment Share on other sites More sharing options...
MIG Posted May 23, 2019 Share Posted May 23, 2019 Hey Hank, I parsed the spam using an account without Mailhosts https://www.spamcop.net/sc?id=z6549475009zed08ca727fef033d7a7791ddc92d5159z Cheers! Gš¦H Link to comment Share on other sites More sharing options...
hank Posted May 28, 2019 Author Share Posted May 28, 2019 Can you "explain like I'm 75" how you made that work? I've got another one here: https://www.spamcop.net/sc?id=z6550787211z905db5082b84aaf3684b505829469a4az Mailhost configuration problem, identified internal IP as source Link to comment Share on other sites More sharing options...
hank Posted May 28, 2019 Author Share Posted May 28, 2019 and another: https://www.spamcop.net/sc?id=z6550829312z28b288e7765aed3250e66e22677929e8z Mailhost configuration problem, identified internal IP as source Link to comment Share on other sites More sharing options...
MIG Posted May 28, 2019 Share Posted May 28, 2019 Hey Hank, I set up a "dummy" SC account, NO MailHosts, bare bones, no extra tweaks... SC account =Ā Ā MynameTest, pwd xĀ I (reparsed)Ā https://www.spamcop.net/sc?id=z6550787211z905db5082b84aaf3684b505829469a4az Ā =Ā https://www.spamcop.net/sc?id=z6550841645z866d1e0e17d7ecbba06678438cabcad2z https://www.spamcop.net/sc?id=z6550829312z28b288e7765aed3250e66e22677929e8zļ»æ =Ā https://www.spamcop.net/sc?id=z6550842701za1bd11a6d6d70b087d39b687f50d6f58z SC account with NOĀ MailHosts allows the spam to be parsed. If ever, my SC account WITH MailHosts gives a result that generates ANY errors, I try the SC account WITHOUT MailHosts. (in my experience) every time I try to modify my SC account with MailHosts I can't do successfully AND, setting up the original hosts was really messy, in the end SCA fixed, what's working I leave working. I don't wish to pester SCA "please fix what I've buggered up, again!" A dummy SC account works as a backup for any spam that won't parse.Ā If I hit a spam that cannot be parsed with either account, I pester everyone hereš Please let us know how you go? Cheers! Gš¦H Ā Link to comment Share on other sites More sharing options...
hank Posted May 28, 2019 Author Share Posted May 28, 2019 I thought doing that risks tagging the mail hosts that appear in the report as spam sources, if you don't have any mail hosts whitelisted by Spamcop? Link to comment Share on other sites More sharing options...
petzl Posted May 29, 2019 Share Posted May 29, 2019 1 hour ago, hank said: I thought doing that risks tagging the mail hosts that appear in the report as spam sources, if you don't have any mail hosts whitelisted by Spamcop? With Mailhosts NOT set-up SpamCop can sometimes (not always) name your provider as the spammer, providers usually go nuts at you when this happens One cannot with mailhosts set-up, use use it for parsing spam that does not go through your mailhost. . Some of us like to have a account set-up without mailhosts set-up to parse mail that has not gone through their mailserver Link to comment Share on other sites More sharing options...
hank Posted May 29, 2019 Author Share Posted May 29, 2019 So help me understand what Spamcop is trying to tell me when I get this warning: "Mailhost configuration problem, identified internal IP as source" Does that mean that, somewhere in the headers of the submitted spam, there is a mailhost for which I don't have an entry? Can I hand-edit the problem spam to take something out that makes Spamcop identify "internal IP as source"? I don't see what the "internal IP" is that's causing the error. Link to comment Share on other sites More sharing options...
petzl Posted May 29, 2019 Share Posted May 29, 2019 1 hour ago, hank said: "Mailhost configuration problem, identified internal IP as source" https://www.spamcop.net/sc?id=z6549455694zfeb75193b1712788142a5546e2c495dbz 54.240.7.11 is the source email-abuse[x]amazon.com Seems you are relaying email through SpamCop Received: from a7-11.smtp-out.eu-west-1.amazonses.com (a7-11.smtp-out.eu-west-1.amazonses.com [54.240.7.11]) Ā Ā Ā by vmx5.spamcop.net (Postfix) with ESMTP id 449CDAF6F3 Ā Ā Ā for <x>; Thu, 23 May 2019 10:01:27 -0700 (PDT) You have your SpamCop email address in mailhosts? Look for VMX5 in headers to see received line or paste the headers of spam BEFORE being relayed/forwarded. Which gives deleted Link to comment Share on other sites More sharing options...
petzl Posted May 29, 2019 Share Posted May 29, 2019 2 hours ago, hank said: So help me understand what Spamcop is trying to tell me when I get this warning: "Mailhost configuration problem, identified internal IP as source" Does that mean that, somewhere in the headers of the submitted spam, there is a mailhost for which I don't have an entry? Can I hand-edit the problem spam to take something out that makes Spamcop identify "internal IP as source"? I don't see what the "internal IP" is that's causing the error. Sorry the REAL the tracking url. sorry of snipped spam urlSeems a often "Feature" of WIN10 to not copy and paste last copied insteadhttps://www.spamcop.net/sc?id=z6550896178zd653b2b14608440d048ea63ca34e0555z Link to comment Share on other sites More sharing options...
MIG Posted May 29, 2019 Share Posted May 29, 2019 3 hours ago, hank said: What Spamcop is trying to tell me when I get this warning: 1) Does that mean that, somewhere in the headers of the submitted spam, there is a mailhost for which I don't have an entry? 2. Can I hand-edit the problem spam to take something out that makes Spamcop identify "internal IP as source"? 3. I don't see what the "internal IP" is that's causing the error. Hello Hank,Ā I'm cross posting with Petzl, (not cross with Petlzš), this is additional to anything our friend has posted, I've yet to get up to speed with his posts, just wanted to try to answer your: "help me understand" 1. No. 2.Ā No/maybe/possibly, however, the workable solution is to have a backup SC account WITHOUT any MAILHOSTS configured. It doesn't need to be a paid account & you don't need to use it all the time - ONLY when you get a spam that won't parseĀ with a SC account WITH MAILHOSTS configured. 3. Exactly, sometimes EVEN SC can't do things or can't do things perfectly, that's why there's a backup solution. You need to get to work, you're running late: the car has a flat battery, shot brakes, a busted piston and the universal joint is "$#*&%'d", in short the car isĀ "$#*&%'d". You are going to be late for work, the last time you were late your Boss said, "next time, don't bother turning up!" Do you try to work out how to fix the "$#*&%'d" vehicle or do you use an alternative means of getting to work? If you hate the job you piss around with the car, if you need the job.Ā CieLeVieš & (now I've had a chance to absorb Petzl's posts), what Petzl has posted is important, however, "x spamcop.net" does not appear in all your original parsed spams. So, two bob each way, use the backup solution AND contact SCA "Help" and ask them to check your configured MAILHOSTS? https://www.spamcop.net/fom-serve/cache/401.html, at the very bottom of the page: select [Other reasons for contact][Reason for contact], put a brief description: "Please check my MailHosts config to see if myĀ SpamCop email address is in mailhosts & please let me know?" If you're a nice person & it seems you are, you'll say "thanks", if you're likeĀ Gš¦Hļ»æļ»æļ»æĀ you won't! If SCA find aĀ SpamCop email address in MAILHOSTS, please share with us as this is a "possibly" new, additonal, IMPORTANT, information that can help others. Many thanks and cheers! Gš¦Hļ»æļ»æļ»æ Link to comment Share on other sites More sharing options...
petzl Posted May 29, 2019 Share Posted May 29, 2019 1 hour ago, MIG said: (now I've had a chance to absorb Petzl's posts), what Petzl has posted is important, however, "x spamcop.net" does not appear in all your original parsed spams. Yes it does.click "View entire message" for full spamhttps://www.spamcop.net/sc?id=z6549455694zfeb75193b1712788142a5546e2c495dbz Then copy and past from and includingReceived: from vmx.spamcop.net (HELO vmx5.spamcop.net) ([184.94.240.112]) This tells me it's forwarded through a SpamCop/IronPort, now Cisco email server Which giveshttps://www.spamcop.net/sc?id=z6550896178zd653b2b14608440d048ea63ca34e0555z Which means/suggests SpamCop email address has not been processed by "hank's" Mailhosts And hank I've manage to kill the botnet going through China. But don't know if permanently? Link to comment Share on other sites More sharing options...
MIG Posted May 29, 2019 Share Posted May 29, 2019 3 hours ago, petzl said: Yes it does. I said ALL original parsed spams, PETZL. 1. https://www.spamcop.net/sc?id=z6549455694zfeb75193b1712788142a5546e2c495dbz - spamcop.netļ»æĀ - yes 2. https://www.spamcop.net/sc?id=z6550787211z905db5082b84aaf3684b505829469a4az - spamcop.netļ»æ - yesĀ 3. https://www.spamcop.net/sc?id=z6550829312z28b288e7765aed3250e66e22677929e8z Ā - spamcop.netĀ - noĀ That's why I wrote "what Petzl has posted is important", 'cause it is!! Ok, carbšhydrate? Cheers!Ā Gš¦Hļ»æļ»æļ»æ Link to comment Share on other sites More sharing options...
petzl Posted May 29, 2019 Share Posted May 29, 2019 1 hour ago, MIG said: 3. https://www.spamcop.net/sc?id=z6550829312z28b288e7765aed3250e66e22677929e8z Ā - spamcop.netĀ - noĀ That's why I wrote "what Petzl has posted is important", 'cause it is!! Just another non-standard email provider that scatters headers received line in a lot of garbage.. Not even stamping a received line IMO -109.236.94.178 does seem to be spewing emailĀ reduce SpamAssassin to 2 at present set at 3 but may lead to false positives Ā Link to comment Share on other sites More sharing options...
MIG Posted May 29, 2019 Share Posted May 29, 2019 1 hour ago, petzl said: Just another non-standard email provider that scatters headers received line in a lot of garbage.. Not even stamping a received line IMO -109.236.94.178 does seem to be spewing emailĀ reduce SpamAssassin to 2 at present set at 3 but may lead to false positives Ā WOT? Are we on the same track Petzl, I'm not following?Ā Ā ConfusedĀ Gš¦Hļ»æļ»æļ»æ Link to comment Share on other sites More sharing options...
petzl Posted May 29, 2019 Share Posted May 29, 2019 5 minutes ago, MIG said: WOT? Are we on the same track Petzl, I'm not following?Ā Ā ConfusedĀ Gš¦Hļ»æļ»æļ»æ https://www.spamcop.net/sc?id=z6550829312z28b288e7765aed3250e66e22677929e8z Hanks email provider is not stamping the received line properlyReceived: from busy.lorenzobuzios.com (customer.worldstream.nl [109.236.94.178] (may be forged)) SpamCop does. I would ditch them. Link to comment Share on other sites More sharing options...
MIG Posted May 29, 2019 Share Posted May 29, 2019 53 minutes ago, petzl said: https://www.spamcop.net/sc?id=z6550829312z28b288e7765aed3250e66e22677929e8z Hanks email provider is not stamping the received line properlyReceived: from busy.lorenzobuzios.com (customer.worldstream.nl [109.236.94.178] (may be forged)) SpamCop does. I would ditch them. Cool, thanks Petzl, I hope Hank reads thisš šGš¦Hļ»æļ»æļ»æ Link to comment Share on other sites More sharing options...
hank Posted May 29, 2019 Author Share Posted May 29, 2019 I have a Spamcop email address I've used for many years. Isn't that supposed to be listed in mailhosts? As Spamcop fairly recently required, it now just forwards mail to another address. As an old long-used address it gets a lot of spam, which Spamcop no longer filters for me since they improved the Spamcop service. Link to comment Share on other sites More sharing options...
petzl Posted May 29, 2019 Share Posted May 29, 2019 7 hours ago, hank said: I have a Spamcop email address I've used for many years. Isn't that supposed to be listed in mailhosts?ļ»æ As Spaļ»æmcop fairly recently required, it now just forwards mail to another address. As an old long-used address it gets a lot of spam, which Spamcop no longer filters for me since they improved the Spamcop service. JulianĀ Haight used to have SpamCop email server as "trusted", but can't hurt to add it in forwarded email particularly? But it seems your present email provider has gobbledegook headers that don't stamp received line properly/orderly.I stopped/killed the botnet that was attacking SpamCop email addresses about a week ago. But don't know for how long? Link to comment Share on other sites More sharing options...
hank Posted May 30, 2019 Author Share Posted May 30, 2019 I've asked support and knowledgeable users at my ISP Sonic.net to take a look. I can try changing the forwarding instruction for my mail address at spamcop to forward it to a different email provider, to see if that helps. I'm slowly finding and changing all the records out there that use @spamcop.net as my email contact, but egad, it's years and years of accumulated pointers to find and fix. Link to comment Share on other sites More sharing options...
petzl Posted May 30, 2019 Share Posted May 30, 2019 45 minutes ago, hank said: I've asked support and knowledgeable users at my ISP Sonic.net to take a look. I can try changing the forwarding instruction for my mail address at spamcop to forward it to a different email provider, to see if that helps. I'm slowly finding and changing all the records out there that use @spamcop.net as my email contact, but egad, it's years and years of accumulated pointers to find and fix. Ā I just pay the $30 for Fastmail they have very good spam filtering and no problem headers Gmail is goode but will disable your account if it gets to much spam Link to comment Share on other sites More sharing options...
MIG Posted May 30, 2019 Share Posted May 30, 2019 4 hours ago, petzl said: stopped/killed the botnetļ»æ Hey Petzl, If it's not a state secret, how? Please share? Thanks & cheers! Gš¦Hļ»æļ»æļ»æ Link to comment Share on other sites More sharing options...
MIG Posted May 30, 2019 Share Posted May 30, 2019 12 hours ago, hank said: old long-used address, it gets a lot of spam,Ā SpamCop no longer filters, since they improved the Spamcop service. Hey Hank, (imo) that sounds the opposite of an "improved" service? š¤ Cheers! Gš¦Hļ»æļ»æļ»æ Link to comment Share on other sites More sharing options...
hank Posted May 30, 2019 Author Share Posted May 30, 2019 Hmmm. Can't log in to Spamcop's email client to change forwarding. These instructions: https://www.spamcop.net/ces/setup_forwarding2.shtml say login here: http://webmail.spamcop.net/ The instructions are differenet than I recall years back when Spamcop quit being an email provider --- at that time they said to set up forwarding, which I did. Now the instructions say don't set up forwarding, instead have other providers POP the mail (which Fastmail would do, if I get this figured out, I'd had a Fastmail account for a long time just in case I needed it) Link to comment Share on other sites More sharing options...
petzl Posted May 30, 2019 Share Posted May 30, 2019 5 minutes ago, hank said: Hmmm. Can't log in to Spamcop's email client to change forwarding. These instructions:https://www.spamcop.net/ces/setup_forwarding2.shtml say login here: http://webmail.spamcop.net/ The instructions are differenet than I recall years back when Spamcop quit being an email provider --- at that time they said to set up forwarding, which I did. Now the instructions say don't set up forwarding, instead have other providers POP the mail (which Fastmail would do, if I get this figured out, I'd had a Fastmail account for a long time just in case I needed it) It's here Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.