lanny Posted October 9, 2020 Share Posted October 9, 2020 I get lines like the following ones (and 4 more) Received: from authenticated-user (PRIMARY_HOSTNAME [PUBLIC_IP]) Ignored Received: from authenticated-user (PRIMARY_HOSTNAME [PUBLIC_IP]) by fmx10.freemail.private with SMTP; 9 Oct 2020 12:40:37 +0200 Ignored Received: from authenticated-user (PRIMARY_HOSTNAME [PUBLIC_IP]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.onbox.hu (Postfix) with ESMTPS id 4C74NP0ZfFzbtP for <x>; Fri, 9 Oct 2020 12:40:36 +0200 (CEST) Ignored When I forward the email the source contains proper-looking Received lines like this: Received: from srv2.subonline.live (ip19.ip-51-zzz-169.eu [51.zzz.169.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.onbox.hu (Postfix) with ESMTPS id 4C74NP0ZfFzbtP for <zzz@freemail.hu>; Fri, 9 Oct 2020 12:40:36 +0200 (CEST) (note: "zzz" my edit) Is there a ticketing system where I can submit the raw input/output privately? Thanks in advance! Quote Link to comment Share on other sites More sharing options...
petzl Posted October 10, 2020 Share Posted October 10, 2020 (edited) On 10/10/2020 at 4:31 AM, lanny said: Is there a ticketing system where I can submit the raw input/output privately? Thanks in advance! Without a Tracking URL hard to workout what is happening? Example top of page BEFORE you submit/send reportHere is your TRACKING URL - it may be saved for future reference:https://www.spamcop.net/sc?id=z6673824588z4497eb805827af26ebca08dac0cd33ccz From what I can guess your email provider is not stamping the/a received line? You can forward (as a attachment) directly to the abuse address of the IP who sent it Edited October 10, 2020 by petzl Quote Link to comment Share on other sites More sharing options...
lanny Posted October 11, 2020 Author Share Posted October 11, 2020 Hi @petzl I hoped the details can be kept non-public but let's look at the real details: https://www.spamcop.net/sc?id=z6675008964zc1dc39ff8aa771b6633043fa7cd917c5z The owners of these IP ranges generally are not very cooperative until they see their IPs show up on bloacklists. Quote Link to comment Share on other sites More sharing options...
petzl Posted October 11, 2020 Share Posted October 11, 2020 5 hours ago, lanny said: Hi @petzl I hoped the details can be kept non-public but let's look at the real details: https://www.spamcop.net/sc?id=z6675008964zc1dc39ff8aa771b6633043fa7cd917c5z The owners of these IP ranges generally are not very cooperative until they see their IPs show up on bloacklists. Is email from a internal server,? No IP's are showing.Received: from authenticated-user (PRIMARY_HOSTNAME [PUBLIC_IP]) Quote Link to comment Share on other sites More sharing options...
lanny Posted October 11, 2020 Author Share Posted October 11, 2020 As it turns out this was caused by my sending mailserver (Mailu) which replaces Recevied lines (even in attachments). One solution would be to force Thunderbird to send the attachment as base64-encoded. But I have not found an option for this. I created a ticket in Mailu's tracker https://github.com/Mailu/Mailu/issues/1660 but the behavior seems to stem from Postfix's handling of filters, which for some reason get applied inside the message. Quote Link to comment Share on other sites More sharing options...
gnarlymarley Posted October 12, 2020 Share Posted October 12, 2020 16 hours ago, lanny said: As it turns out this was caused by my sending mailserver (Mailu) which replaces Recevied lines (even in attachments). Ouch. That doesn't sound good. With the Received lines being replaced, the only way to find the IP is to go back to the logs on each server and look up the "id" from the received line. (That is, as long as it didn't change that too.) Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.