Brian Kendig Posted August 28, 2020 Share Posted August 28, 2020 I've got a personal email server (named enchanter.net) that I recently migrated to Exim. I used SpamCop's Mailhosts tab to send me a test email and then I gave it back to SpamCop so that it knows about my mailhost; but still, there are two messages in my Junk mail folder that tell me "Mailhost configuration problem, identified internal IP as source" when I try to submit them to SmapCop. Here are the headers from one of them (the other one is similar, and I edited out the long signatures): Return-path: <info@themailertools.com> Envelope-to: brian@enchanter.net Delivery-date: Wed, 26 Aug 2020 19:15:42 -0400 Received: from themailertools.com ([106.75.103.146]) by www with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.93) (envelope-from <info@themailertools.com>) id 1kB4dp-000XhP-Ex for brian@enchanter.net; Wed, 26 Aug 2020 19:15:42 -0400 DKIM-Signature: ... DomainKey-Signature: ... Reply-To: <908618401@qq.com> Message-ID: <20200827071535733026@themailertools.com> From: "unlimited smtp seller" <info@themailertools.com> To: <brian@enchanter.net> Subject: Re:quality SMTP for bulk mailing/fresh office 365 emails Date: Thu, 27 Aug 2020 07:15:30 +0800 MIME-Version: 1.0 Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: base64 X-mailer: Jxxflinct 0 What does "identified internal IP as source" mean here? The only IP in the headers is 106.75.103.146, and that's in China. I admit it's entirely possible that I set up my Exim server incorrectly, but what did I do wrong? Quote Link to comment Share on other sites More sharing options...
petzl Posted August 28, 2020 Share Posted August 28, 2020 1 hour ago, Brian Kendig said: What does "identified internal IP as source" mean here? The only IP in the headers is 106.75.103.146, and that's in China. I admit it's entirely possible that I set up my Exim server incorrectly, but what did I do wrong? Showing a "SpamCop tracking URL" would help The only IP shown is a Chinese Botnet, You Chinese?https://www.abuseat.org/lookup.cgi?ip=106.75.103.146 Quote Link to comment Share on other sites More sharing options...
Brian Kendig Posted August 28, 2020 Author Share Posted August 28, 2020 Tracking URL for the most recent one of these: https://www.spamcop.net/sc?id=z6647673526z717f1b3f9f3bda2be59f7a5a44fe732ez Nope, not Chinese; I and my site are in the US. I just don't see how SpamCop thinks that's an internal IP. My SpamCop Mailhosts config shows "Relaying IPsv4" as my external IP address, 216.53.249.115. Quote Link to comment Share on other sites More sharing options...
petzl Posted August 28, 2020 Share Posted August 28, 2020 (edited) 11 hours ago, Brian Kendig said: 216.53.249.115. https://www.spamcop.net/sc?id=z6647673526z717f1b3f9f3bda2be59f7a5a44fe732ez Not stamping received IP only and only the from Botnet IP Your email server testhttps://mxtoolbox.com/SuperTool.aspx?action=smtp%3a216.53.249.115&run=toolpage Here is a older spam I parsed, the spammer is faking a Amazon IP but SpamCop picks it uphttps://www.spamcop.net/sc?id=z6646871784z9df15b8889614b273871f0e99d31a66fz Edited August 28, 2020 by petzl Quote Link to comment Share on other sites More sharing options...
Brian Kendig Posted August 29, 2020 Author Share Posted August 29, 2020 petzl - I appreciate your help but I don't understand what that means. Yes, my spam is from a Chinese botnet IP, but what do you mean by "Not stamping received IP only"? Is that a problem on my end? As for my email server test - looks like it checks out okay except for reverse DNS on my server. That's because my ISP's DNS apparently takes precedence over the nameserver I chose for my domain. I don't think that can be fixed, but it's not a factor here, is it? Your example shows SpamCop handling your spam correctly, but I still don't understand what "identified internal IP as source" means for mine. Quote Link to comment Share on other sites More sharing options...
petzl Posted August 29, 2020 Share Posted August 29, 2020 (edited) On 8/29/2020 at 12:53 PM, Brian Kendig said: "Not stamping received IP only"? Is that a problem on my end? Your email server needs to stamp it's own IP (216.53.249.115) as well as the sending IP. The only IP it shows is the "From" IP. 106.75.87.56. This needs fixing More Information About Smtp Banner Check The SMTP banner issued by your email server did not contain the hostname we resolved for your server’s IP address. This also needs fixing (ask your ISP) as many services will discard email from you More Information About Smtp Reverse Dns Mismatch The forward lookup (A) of the hostname hostname did not match the reverse lookup (PTR) for the IP Address. Example of a correctly matching pair of records: (A) lookup for smtp.mxtoolbox.com resolves to 208.123.79.38 (PTR) lookup for 208.123.79.38 reverses to smtp.mxtoolbox.com Edited August 30, 2020 by petzl Quote Link to comment Share on other sites More sharing options...
Brian Kendig Posted August 29, 2020 Author Share Posted August 29, 2020 Aha, you're saying that your example spam message has "Received: by" with a numeric IP address, while my spam headers have "Received: by www" with no IP. I'll look into how to get Exim to put my external IP address there and have it show 'enchanter.net' instead of 'www'. (It's probably a matter of editing Exim's received_header_text setting, though I'm surprised the IP address isn't appearing by default.) Thank you! As for reverse DNS, I don't know if I can do anything about that because I'm using FreeDNS to resolve my hostname, but IP to hostname conversion is being handled by my ISP. I'll need to ask them if they'll fix it on their end, but they might not want to be bothered. Thank you for your help! Quote Link to comment Share on other sites More sharing options...
Brian Kendig Posted August 29, 2020 Author Share Posted August 29, 2020 (edited) No success yet. I submitted spam with this header, which includes my FQDN and IP address: Received: from net-mkting.com ([106.75.87.56]) by www.enchanter.net (216.53.249.115) with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.93) (envelope-from <sales@net-mkting.com>) id 1kCAPa-0001f8-Pi for brian@enchanter.net; Sat, 29 Aug 2020 19:37:31 -0400 but SpamCopy still says "Mailhost configuration problem, identified internal IP as source". (https://www.spamcop.net/sc?id=z6647849203zdc6a9633e3bd43a0c4fc48a74c4b0f42z) I just don't understand what it thinks is an "internal IP" that's being used as a "source." Edit: aha, when I remove my FQDN and just say "by 216.53.249.115", then SpamCop accepts it, interesting... Edited August 29, 2020 by Brian Kendig Quote Link to comment Share on other sites More sharing options...
petzl Posted August 30, 2020 Share Posted August 30, 2020 1 hour ago, Brian Kendig said: Edit: aha, when I remove my FQDN and just say "by 216.53.249.115", then SpamCop accepts it, interesting... Sounds like you have it you may be able to put "www.enchanter.net" after IP? Quote Link to comment Share on other sites More sharing options...
gnarlymarley Posted August 30, 2020 Share Posted August 30, 2020 13 hours ago, Brian Kendig said: Edit: aha, when I remove my FQDN and just say "by 216.53.249.115", then SpamCop accepts it, interesting... I wonder if SpamCop might be having problems with the IP of the receiving server too. If you change it to the follow, it will probably work. It may only want one entry for the receiving host. by www.enchanter.net with esmtps Quote Link to comment Share on other sites More sharing options...
Brian Kendig Posted August 30, 2020 Author Share Posted August 30, 2020 (edited) "by www.enchanter.net with esmtps" still gives me the "Mailhost configuration problem, identified internal IP as source" / "No source IP address found, cannot proceed" error. "by 216.53.249.115 (www.enchanter.net) withy esmtps" also gives me the same error. "by 216.53.249.115 with esmtps" also isn't working for me on another message, now. Same error. I'm perplexed - I no longer seem to be able to report any spam for my mail server. Not a critical issue, of course, but I wonder what's going on. I don't see other servers needing to put their IP address into their Received header. Edited August 30, 2020 by Brian Kendig Quote Link to comment Share on other sites More sharing options...
Brian Kendig Posted August 30, 2020 Author Share Posted August 30, 2020 (edited) Aha. I think I've figured it out. A few days ago, on the Mailhosts tab, I had set up the entry for my server by having Spamcop send me an email and then I copy/pasted it with full headers back into Spamcop's form. This created the Mailhosts entry - but the "Hosts/Domains" pulldown menu for it was empty. This was before I had put the FQDN into the email headers, so my server was only identifying itself with its local name, "www". I think this confused Spamcop. Yesterday I fixed my mail server to put its FQDN into its email headers. And just now I deleted that Mailhosts entry and created it again the same way - only, now the "Hosts/Domains" pulldown menu lists "www.enchanter.net" and "enchanter.net". I resubmitted this morning's spam, and Spamcop was able to handle it with no problem. Thank you both for your help! tl;dr: If the mail server doesn't put its FQDN into its Received header, then Spamcop's Mailhosts setup won't be able to read the domain name, and Spamcop will reject spam reports for that server with the "identified internal IP as source" error. Edited August 30, 2020 by Brian Kendig Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.