Jump to content

[Resolved] Mailhost configuration problem, identified internal IP as source


hank

Recommended Posts

Posted

Can someone help me figure this out?


https://www.spamcop.net/sc?id=z6549455694zfeb75193b1712788142a5546e2c495dbz
Mailhost configuration problem, identified internal IP as source
Mailhost:
Please correct this situation - register every email address where you receive spam
No source IP address found, cannot proceed.
Add/edit your mailhost configuration
...

I've read the previous threads about this and tried the suggestion to create a new mailhost entry but still gettimg spammed from one source that always has this problem being reported

  • Replies 73
  • Created
  • Last Reply
Posted

Can you "explain like I'm 75" how you made that work?

I've got another one here:

https://www.spamcop.net/sc?id=z6550787211z905db5082b84aaf3684b505829469a4az
Mailhost configuration problem, identified internal IP as source

Posted

and another:

https://www.spamcop.net/sc?id=z6550829312z28b288e7765aed3250e66e22677929e8z
Mailhost configuration problem, identified internal IP as source

Posted

Hey Hank,

I set up a "dummy" SC account, NO MailHosts, bare bones, no extra tweaks...

SC account =  MynameTest, pwd

I (reparsed) 

https://www.spamcop.net/sc?id=z6550787211z905db5082b84aaf3684b505829469a4az

 = https://www.spamcop.net/sc?id=z6550841645z866d1e0e17d7ecbba06678438cabcad2z

https://www.spamcop.net/sc?id=z6550829312z28b288e7765aed3250e66e22677929e8z

https://www.spamcop.net/sc?id=z6550842701za1bd11a6d6d70b087d39b687f50d6f58z

SC account with NO MailHosts allows the spam to be parsed.

If ever, my SC account WITH MailHosts gives a result that generates ANY errors, I try the SC account WITHOUT MailHosts.

(in my experience) every time I try to modify my SC account with MailHosts I can't do successfully AND, setting up the original hosts was really messy, in the end SCA fixed, what's working I leave working. I don't wish to pester SCA "please fix what I've buggered up, again!" A dummy SC account works as a backup for any spam that won't parse. 

If I hit a spam that cannot be parsed with either account, I pester everyone here😉

Please let us know how you go?

Cheers!

G🦗H

 

Posted

I thought doing that risks tagging the mail hosts that appear in the report as spam sources, if you don't have any mail hosts whitelisted by Spamcop?

Posted
1 hour ago, hank said:

I thought doing that risks tagging the mail hosts that appear in the report as spam sources, if you don't have any mail hosts whitelisted by Spamcop?

With Mailhosts NOT set-up SpamCop can sometimes (not always) name your provider as the spammer, providers usually go nuts at you when this happens
One cannot with mailhosts set-up, use use it for parsing spam that does not go through your mailhost. .
Some of us like to have a account set-up without mailhosts set-up to parse mail that has not gone through their mailserver

Posted

So help me understand what Spamcop is trying to tell me when I get this warning:

"Mailhost configuration problem, identified internal IP as source"

Does that mean that, somewhere in the headers of the submitted spam, there is a mailhost for which I don't have an entry?

Can I hand-edit the problem spam to take something out that makes Spamcop identify "internal IP as source"?

I don't see what the "internal IP" is that's causing the error.

Posted
1 hour ago, hank said:

"Mailhost configuration problem, identified internal IP as source"

https://www.spamcop.net/sc?id=z6549455694zfeb75193b1712788142a5546e2c495dbz
54.240.7.11 is the source email-abuse[x]amazon.com
Seems you are relaying email through SpamCop

Received: from a7-11.smtp-out.eu-west-1.amazonses.com (a7-11.smtp-out.eu-west-1.amazonses.com [54.240.7.11])
    by vmx5.spamcop.net (Postfix) with ESMTP id 449CDAF6F3
    for <x>; Thu, 23 May 2019 10:01:27 -0700 (PDT)

You have your SpamCop email address in mailhosts?

Look for VMX5 in headers to see received line 
or paste the headers of spam BEFORE being relayed/forwarded.
Which gives
deleted
Posted
2 hours ago, hank said:

So help me understand what Spamcop is trying to tell me when I get this warning:

"Mailhost configuration problem, identified internal IP as source"

Does that mean that, somewhere in the headers of the submitted spam, there is a mailhost for which I don't have an entry?

Can I hand-edit the problem spam to take something out that makes Spamcop identify "internal IP as source"?

I don't see what the "internal IP" is that's causing the error.

Sorry the REAL the tracking url. sorry of snipped spam url
Seems a often "Feature" of WIN10 to not copy and paste last copied instead
https://www.spamcop.net/sc?id=z6550896178zd653b2b14608440d048ea63ca34e0555z

Posted
3 hours ago, hank said:

What Spamcop is trying to tell me when I get this warning:
1) Does that mean that, somewhere in the headers of the submitted spam, there is a mailhost for which I don't have an entry?
2. Can I hand-edit the problem spam to take something out that makes Spamcop identify "internal IP as source"?
3. I don't see what the "internal IP" is that's causing the error.

Hello Hank

I'm cross posting with Petzl, (not cross with Petlz😂), this is additional to anything our friend has posted, I've yet to get up to speed with his posts, just wanted to try to answer your: "help me understand"

1. No.

2. No/maybe/possibly, however, the workable solution is to have a backup SC account WITHOUT any MAILHOSTS configured. It doesn't need to be a paid account & you don't need to use it all the time - ONLY when you get a spam that won't parse with a SC account WITH MAILHOSTS configured.

3. Exactly, sometimes EVEN SC can't do things or can't do things perfectly, that's why there's a backup solution.

You need to get to work, you're running late: the car has a flat battery, shot brakes, a busted piston and the universal joint is "$#*&%'d", in short the car is "$#*&%'d".

You are going to be late for work, the last time you were late your Boss said, "next time, don't bother turning up!"

Do you try to work out how to fix the "$#*&%'d" vehicle or do you use an alternative means of getting to work?

If you hate the job you piss around with the car, if you need the job. CieLeVie😉

& (now I've had a chance to absorb Petzl's posts), what Petzl has posted is important, however, "x spamcop.net" does not appear in all your original parsed spams.

So, two bob each way, use the backup solution AND contact SCA "Help" and ask them to check your configured MAILHOSTS?

https://www.spamcop.net/fom-serve/cache/401.html, at the very bottom of the page: select [Other reasons for contact][Reason for contact], put a brief description:

"Please check my MailHosts config to see if my SpamCop email address is in mailhosts & please let me know?"

If you're a nice person & it seems you are, you'll say "thanks", if you're like G🦗H you won't!

  • If SCA find a SpamCop email address in MAILHOSTS, please share with us as this is a "possibly" new, additonal, IMPORTANT, information that can help others.

Many thanks and cheers!

G🦗H

Posted
1 hour ago, MIG said:

(now I've had a chance to absorb Petzl's posts), what Petzl has posted is important, however, "x spamcop.net" does not appear in all your original parsed spams.

Yes it does.click "View entire message" for full spam
https://www.spamcop.net/sc?id=z6549455694zfeb75193b1712788142a5546e2c495dbz
Then copy and past from and including
Received: from vmx.spamcop.net (HELO vmx5.spamcop.net) ([184.94.240.112])
This tells me it's forwarded through a SpamCop/IronPort, now Cisco email server
Which gives
https://www.spamcop.net/sc?id=z6550896178zd653b2b14608440d048ea63ca34e0555z
Which means/suggests SpamCop email address has not been processed by "hank's" Mailhosts

And hank I've manage to kill the botnet going through China. But don't know if permanently?

Posted
3 hours ago, petzl said:

Yes it does.

I said ALL original parsed spams, PETZL.

1. https://www.spamcop.net/sc?id=z6549455694zfeb75193b1712788142a5546e2c495dbz

- spamcop.net - yes

2. https://www.spamcop.net/sc?id=z6550787211z905db5082b84aaf3684b505829469a4az

- spamcop.net - yes 

3. https://www.spamcop.net/sc?id=z6550829312z28b288e7765aed3250e66e22677929e8z

 - spamcop.net  - no 

That's why I wrote "what Petzl has posted is important", 'cause it is!!

Ok, carb😘hydrate?

Cheers! G🦗H

Posted
1 hour ago, MIG said:

3. https://www.spamcop.net/sc?id=z6550829312z28b288e7765aed3250e66e22677929e8z

 - spamcop.net  - no 

That's why I wrote "what Petzl has posted is important", 'cause it is!!

Just another non-standard email provider that scatters headers received line in a lot of garbage..
Not even stamping a received line IMO -109.236.94.178 does seem to be spewing email 
reduce SpamAssassin to 2 at present set at 3 but may lead to false positives
 

Posted
1 hour ago, petzl said:

Just another non-standard email provider that scatters headers received line in a lot of garbage..
Not even stamping a received line IMO -109.236.94.178 does seem to be spewing email 
reduce SpamAssassin to 2 at present set at 3 but may lead to false positives
 

WOT? Are we on the same track Petzl, I'm not following? 

 Confused G🦗H

Posted
5 minutes ago, MIG said:

WOT? Are we on the same track Petzl, I'm not following? 

 Confused G🦗H

https://www.spamcop.net/sc?id=z6550829312z28b288e7765aed3250e66e22677929e8z
Hanks email provider is not stamping the received line properly
Received: from busy.lorenzobuzios.com (customer.worldstream.nl [109.236.94.178] (may be forged))
SpamCop does. I would ditch them.

Posted

I have a Spamcop email address I've used for many years.
Isn't that supposed to be listed in mailhosts?
As Spamcop fairly recently required, it now just forwards mail to another address.
As an old long-used address it gets a lot of spam, which Spamcop no longer filters for me since they improved the Spamcop service.

Posted
7 hours ago, hank said:

I have a Spamcop email address I've used for many years.
Isn't that supposed to be listed in mailhosts?
As Spamcop fairly recently required, it now just forwards mail to another address.
As an old long-used address it gets a lot of spam, which Spamcop no longer filters for me since they improved the Spamcop service.

Julian Haight used to have SpamCop email server as "trusted", but can't hurt to add it in forwarded email particularly?
But it seems your present email provider has gobbledegook headers that don't stamp received line properly/orderly.

I stopped/killed the botnet that was attacking SpamCop email addresses about a week ago. But don't know for how long?

Posted

I've asked support and knowledgeable users at my ISP Sonic.net to take a look.

I can try changing the forwarding instruction for my mail address at spamcop to forward it to a different email provider, to see if that helps.

I'm slowly finding and changing all the records out there that use @spamcop.net as my email contact, but egad, it's years and years of accumulated pointers to find and fix.


Posted
45 minutes ago, hank said:

I've asked support and knowledgeable users at my ISP Sonic.net to take a look.

I can try changing the forwarding instruction for my mail address at spamcop to forward it to a different email provider, to see if that helps.

I'm slowly finding and changing all the records out there that use @spamcop.net as my email contact, but egad, it's years and years of accumulated pointers to find and fix.

 

I just pay the $30 for Fastmail they have very good spam filtering and no problem headers
Gmail is goode but will disable your account if it gets to much spam

Posted
4 hours ago, petzl said:

stopped/killed the botnet

Hey Petzl,

If it's not a state secret, how? Please share?

Thanks & cheers!

G🦗H

Posted
12 hours ago, hank said:

old long-used address, it gets a lot of spam, SpamCop no longer filters, since they improved the Spamcop service.

Hey Hank,

(imo) that sounds the opposite of an "improved" service?

🤔

Cheers!

G🦗H

Posted

Hmmm. Can't log in to Spamcop's email client to change forwarding.

These instructions:
https://www.spamcop.net/ces/setup_forwarding2.shtml

say login here: http://webmail.spamcop.net/

The instructions are differenet than I recall years back when Spamcop quit being an email provider --- at that time they said to set up forwarding, which I did.

Now the instructions say don't set up forwarding, instead have other providers POP the mail (which Fastmail would do, if I get this figured out, I'd had a Fastmail account for a long time just in case I needed it)

Posted
5 minutes ago, hank said:

Hmmm. Can't log in to Spamcop's email client to change forwarding.

These instructions:
https://www.spamcop.net/ces/setup_forwarding2.shtml

say login here: http://webmail.spamcop.net/

The instructions are differenet than I recall years back when Spamcop quit being an email provider --- at that time they said to set up forwarding, which I did.

Now the instructions say don't set up forwarding, instead have other providers POP the mail (which Fastmail would do, if I get this figured out, I'd had a Fastmail account for a long time just in case I needed it)

It's here

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...