phredx Posted September 22, 2005 Share Posted September 22, 2005 Here's a tracking URL for a recently submitted spam. http://www.spamcop.net/sc?id=z808421467z1d...f2070399fbd7cfz I've followed the Mailhost configuration for all my email addresses. The fact that this one is telling me that ml-hw3.monsterlabs.com is not associated with any of my mailhosts makes me think that tfo[at]monsterlabs.com, which is the address that received this spam, is not completely configured, but I'm not sure what steps to take next. Link to comment Share on other sites More sharing options...
Wazoo Posted September 22, 2005 Share Posted September 22, 2005 Hard to say from here ... the Tracking URL results page includes an Add/Edit Mailhost data .. did you follow that link? Have you looked at your MailHost data? Have you read the "read before posting" items? Link to comment Share on other sites More sharing options...
StevenUnderwood Posted September 22, 2005 Share Posted September 22, 2005 alumni.brown.edu,Sep 22 2005, 12:36 PM]The fact that this one is telling me that ml-hw3.monsterlabs.com is not associated with any of my mailhosts makes me think that tfo<at>monsterlabs.com, which is the address that received this spam, is not completely configured, but I'm not sure what steps to take next. 33086[/snapback] 0: Received: from ml-hw3.monsterlabs.com (HELO listserv.moses.com) (216.183.105.184) by 0 with SMTP; 22 Sep 2005 12:02:16 -0000 Hostname verified: ml-hw3.monsterlabs.com Possible forgery. Supposed receiving system not associated with any of your mailhosts It is not monsterlabs it is complaining about but the machine labeled in the headers as "0" that received the message from monsterlabs (probably your system). That system should be identifying itself with fqdn. Link to comment Share on other sites More sharing options...
phredx Posted September 22, 2005 Author Share Posted September 22, 2005 It is not monsterlabs it is complaining about but the machine labeled in the headers as "0" that received the message from monsterlabs (probably your system). That system should be identifying itself with fqdn. 33088[/snapback] That's interesting. As far as I know, those headers have always reported "by 0" there. I had an older SpamCop account where emails to tfo[at]monsterlabs.com were able to be reported successfully most of the time. Here's a current example in a spam I'd report if it were working: Return-Path: <diljhbuuj[at]mindspring.net> Delivered-To: tfo[at]window.monsterlabs.com Received: (qmail 19509 invoked by alias); 22 Sep 2005 16:14:55 -0000 Delivered-To: alias-ml-tfo[at]monsterlabs.com Received: (qmail 19496 invoked from network); 22 Sep 2005 16:14:55 -0000 Received: from ml-hw3.monsterlabs.com (HELO listserv.moses.com) (216.183.105.184) by 0 with SMTP; 22 Sep 2005 16:14:55 -0000 Received: (qmail 15470 invoked from network); 22 Sep 2005 16:08:22 -0000 Received: from 66-214-245-79.dhcp.gldl.ca.charter.com (66.214.245.79) by 0 with SMTP; 22 Sep 2005 16:08:22 -0000 Return-Path: <RoscoeCompton[at]attglobal.net> Received: from flashmail-fe3.flashmail.com (mail.flashmail-fe3 [216.239.161.152]) by be3 (Cyrus v2.2.10) with LMTPA; Thu, 22 Sep 2005 11:11:46 -0600 X-Sieve: CMU Sieve 2.2 Received: from fastermail.com (bay10-f23.bay10.fastermail.com [205.158.62.76]) by animail-fe3.animail.cnet (8.12.11/8.12.11) with ESMTP id j4BM34K2006584 for <tfo[at]monsterlabs.com>; Thu, 22 Sep 2005 21:13:46 +0400 Received: from mail pickup service by attglobal.net with Microsoft SMTPSVC; Thu, 22 Sep 2005 11:10:46 -0600 Message-ID: <BAY10-F236A1BA982DC2A8744D6D0B9300[at]phx.gbl> Received: from 217.115.153.194 by by10fd.bay10.attglobal.net with HTTP; Thu, 22 Sep 2005 13:11:46 -0400 X-Originating-IP: [64.4.202.107] X-Originating-Email: [RoscoeCompton[at]attglobal.net] X-Sender: RoscoeCompton[at]attglobal.net From: "Enlargment Systems Inc." <RoscoeCompton[at]attglobal.net> To: tfo[at]monsterlabs.com Subject: Information on Longz Date: Thu, 22 Sep 2005 14:10:46 -0300 Mime-Version: 1.0 Content-Type: text/plain; format=flowed X-OriginalArrivalTime: Thu, 22 Sep 2005 14:12:46 -0300 (UTC) FILETIME=[7744B350:01C55675] Lines: 16 In this section: Received: from 66-214-245-79.dhcp.gldl.ca.charter.com (66.214.245.79) by 0 with SMTP; 22 Sep 2005 16:08:22 -0000 Is this saying that ml-hw3.monsterlabs.com is reporting it's fqdn as 0 since from ml-hw3.monsterlabs.com is the next host to receive mail? The mail winds up on an IMAP server at monsterlabs.com, so as far as I know, the final delivery system is on their network. I suppose it's possible that their system near the same time I set up a new SpamCop account, but that seems too coincidental to me. And, yes, I read the "read before posting" stuff where I thought applicable. If I missed something, I apologize. Link to comment Share on other sites More sharing options...
Jeff G. Posted September 22, 2005 Share Posted September 22, 2005 You really need to talk to the Message Labs mail admins about this. While you're at it, ask them why qmail held on to that message for 6 minutes 33 seconds. Link to comment Share on other sites More sharing options...
Wazoo Posted September 22, 2005 Share Posted September 22, 2005 For statistical purposes, http://www.spamcop.net/sc?id=z808465605z99...87eee9eec51fdaz offered up as a non-MailHosted version of a parse from the original example. In the Pinned items, Ellen states that for issues beyond the ordinary/normal, one needs to send her (Deputies) various details as she/they are are only folks available with access to your account and the MailHost database .... The "rest of us" try to chip in best "we" can .. some issues have been raised here, so you may want to include that you'd already been yelled at a bit here <g> .. whether there is a work-around at the SpamCop end, only Ellen/Deputies could answer that ... getting your host to fix things would solve things much cleaner. Link to comment Share on other sites More sharing options...
phredx Posted September 22, 2005 Author Share Posted September 22, 2005 Oh, whoops. I found a different "read before posting" somewhere else in the FAQ I guess. I missed the pinned item. Anyway, thanks for all the feedback. The goal in the end, of course, being to prevent spam... Link to comment Share on other sites More sharing options...
Jeff G. Posted September 22, 2005 Share Posted September 22, 2005 getting your host to fix things would solve things much cleaner.33099[/snapback] and make your Reports more believable. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.