Jump to content

Recording incoming IP address


Recommended Posts

1. Gmail doesn't include in any Header Lines the IP Addresses of its web-based users when they send email like most every other web-capable public email system, causing their server's IP Address to get listed for spamming, rather than their web-based spammer users' IP Addresses, and causing their web-based spammers users to gravitate towards it

This is more of question than anything else.

We started doing this with our webmail service and it is just ignored by spamcop, I guess my question is are we doing it incorrectly ?

Received: from  smtp-out.load.com (smtp-out.load.com [209.58.232.26]) by rly-xh06.mx.aol.com (v106.2) with ESMTP id MAILRELAYINXH65-70f42db76c7e1; Mon, 18 Jul 2005 05:30:47 -0400
Received: (qmail 8741 invoked by uid 0); 18 Jul 2005 09:30:45 -0000
Received: from 66.178.81.115 ([66.178.81.115]) 
   by smtp-out.load.com (Load SMTP 5.0.1) 
   with HTTP id 2DAACD9B_E1EF_443B_9977_AAC36F1C8216[at]webmail.loadmail.load.com for gibson[at]tygo.com; Mon, 18 Jul 2005 09:30:40 -0000

Here are a couple of lines from a message from a spaming user, when this message is parsed by spam cop it basicly gets to the Received line with ref to 66.178.81.115 and says this host is not associated with your domain, and ignores the ip address thus falling back to our default outbound smtp ip address.

we began including this type of header in addition to our x-truesender-ip header, but it has not done any thing for us.

What do you think ? Or are we doing anything you can see wrong ?

Thanks

Adam Rogas

CTO Load Ltd

Link to comment
Share on other sites

Data provided is out of context.

Added line is a bit lite on included data.

"this host is not associated with your domain" indicates that MailHost Configuration has been performed on the reporting account ... and the specified line has not been added to "your" mailhost data ... as to what then fails and forces this line to be the "guilty" party goes back to the data provided being out of context. Any better analysis will be waiting for a Tracking URL, which will show the entire spam submittal.

Link to comment
Share on other sites

I can post the entire message and let spam cop parse it ? Would that help ?

30596[/snapback]

We prefer not to have spam bodies posted, but you could post: the Tracking URL for a spam or test message; the full headers for a spam or test message; or a full test message.
Link to comment
Share on other sites

Here are the complete headers for the message as recieved by aol

Thank's for taking the time to help me figure this out.

:D

Return-Path: <test[at]rock.com>
Received: from  rly-xg03.mx.aol.com (rly-xg03.mail.aol.com [172.20.115.200]) by air-xg02.mail.aol.com (vx) with ESMTP id MAILINXG23-45c42e0762876; Fri, 22 Jul 2005 00:29:47 -0400
Received: from  smtp-out.load.com (smtp-out.load.com [209.58.232.26]) by rly-xg03.mx.aol.com (vx) with ESMTP id MAILRELAYINXG36-45c42e0762876; Fri, 22 Jul 2005 00:29:29 -0400
Received: (qmail 16430 invoked by uid 0); 22 Jul 2005 04:29:24 -0000
Received: from 192.116.119.135 ([192.116.119.135]) 
   by smtp-out.load.com (Load SMTP 5.0.1) 
   with HTTP id 8F488A60_F22F_4C7A_9F34_7E1F63CA718B[at]webmail.loadmail.load.com for test[at]rock.com; Fri, 22 Jul 2005 04:29:17 -0000
Date: 22 Jul 2005 04:29:17 +0000
Message-ID: <8F488A60_F22F_4C7A_9F34_7E1F63CA718B[at]webmail.loadmail.load.com>
From: "test" <test[at]rock.com>
To: <Undisclosed Recipients>
X-TrueSenderIP: 192.116.119.135
X-SenderHTTPUserAgent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
X-Mailer: LoadMail SMTP 6.1.2.0322
X-TrueHostName: 
X-WebServer: webmail.rock.com
X-CS-SpamStatus: 0
X-Queue: AFFINITY
X-Priority: 3
Subject: test message
MIME-Version: 1.0
Content-Type: multipart/alternative; 
	boundary="----=_NextPart_33926b6b_6fb4_4b81_9f88_2543e52cfb98"
X-AOL-IP: 209.58.232.26

Link to comment
Share on other sites

Ok so not to seem slow but what you are telling me is that we are doing it correct ?

If that is the case why do we continue to get listed as the source of the spam ?

We have been doing it this way for at least the last 3 months, and every time we check to see on a report it has shown the host is not associated with your domain name error that I spoke of before.

I am guessing when you have mailhosts fully implemented this will no longer work either, is that true ?

Lastly is there anything we can do moving forward when mailhosts becomes the standard methodology for spamcop.net

Link to comment
Share on other sites

Ok so not to seem slow but what you are telling me is that we are doing it correct ?

If that is the case why do we continue to get listed as the source of the spam ?

Not really correct ... Do you have your own SpamCop reporting account? If not, please sign-up for a free one. Then set preferences to show all/full Technical details. With that done, click on the Tracking URL I provided in my last post. Witness the struggle the parser has in trying to do a chain test, trying to identify the flow of the e-mail.

We have been doing it this way for at least the last 3 months, and every time we check to see on a report it has shown the host is not associated with your domain name error that I spoke of before.

I don't quite understand what you are saying here. Please explain "check on a report" .... a report has links back into parts of the SpamCop system. Are you talking of following one of these links, are you talking of running a spam parse yourself ... trying to sort out whether it is "you" that has a mailhost configuration issue, one of your uisers, or is there something else really strange going on.

I am guessing when you have mailhosts fully implemented this will no longer work either, is that true ? 

Lastly is there anything we can do moving forward when mailhosts becomes the standard methodology for spamcop.net

30639[/snapback]

Still confused as to why you are pointing to a mailhost configuration of a reporting account as "the issue" .... how about starting with some configuration items ...

as seen in the parse; 209.58.232.26 is not an MX for smtp-out.load.com

http://www.mxtoolbox.com/index.aspx says No MX records found for smtp-out.load.com

ns1.load.com reports the following MX records:

Preference Host Name IP Address TTL

20 smtp-id.load.com 209.58.236.25 300

This may feed into the mailhost 'failed' situation, but ..... I don't think there's enough specific data offered at this point .. so not much more that possible guesses here.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...