mwinton Posted December 4, 2005 Share Posted December 4, 2005 Last week I had three email messages, spam spam. I tried to report them, and the IP was visible when I looked at the headers, but when I reported the email as spam spam, my SPAMcop SpamCop report came back as ERROR: no IP found. How do I get around this problem? I have a recent spam spam I can post a link to, if needed. Edit by moderator: changed spam spam to spam to comply with Hormel Foods trademark infrigement rules. Link to comment Share on other sites More sharing options...
Jeff G. Posted December 4, 2005 Share Posted December 4, 2005 Please post the Tracking URL for that spam message. Also, please be aware that the full-uppercase Registered Trademark "spam" should not be used to refer to email or newsgroup postings, per the Trademark holder, Hormel, Inc. Thanks! Link to comment Share on other sites More sharing options...
mwinton Posted December 5, 2005 Author Share Posted December 5, 2005 Please post the Tracking URL for that spam message. Also, please be aware that the full-uppercase Registered Trademark "spam" should not be used to refer to email or newsgroup postings, per the Trademark holder, Hormel, Inc. Thanks! 37185[/snapback] There is NO tracking number when an error: no IP found occurs. The parser stops. No report is filed. No tracking number is generated. Here is another that did not make it: The parser says No IP found. I thin the EXTRA space before the brackets, or the fact that there is a ( and then a [ affects the parser string. If I edit the mail to remove the extra space after the FROM line, and remove the parenthesis, it WILL parse. Thanks! Received: from ([65.54.249.37]) EHLO=omc2-s27.bay6.hotmail.com by infdz.com (Wildcat! SMTP v6.1.451.5) with SMTP id 2227458375; Mon, 05 Dec 2005 06:07:57 -0600 Received-SPF: pass (infdz.com: domain of winnerzonline009[at]msn.com designates 65.54.249.37 as permitted sender) receiver=infdz.com; client-ip=65.54.249.37; envelope-from=winnerzonline009[at]msn.com; helo=omc2-s27.bay6.hotmail.com; Received: from hotmail.com ([65.54.173.11]) by omc2-s27.bay6.hotmail.com with Microsoft SMTPSVC(6.0.3790.211); Mon, 5 Dec 2005 04:10:33 -0800 Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Mon, 5 Dec 2005 04:10:33 -0800 Message-ID: <BAY5-F114222F3608B89CA2D8F8980410[at]phx.gbl> Received: from 192.116.110.2 by by5fd.bay5.hotmail.msn.com with HTTP; Mon, 05 Dec 2005 12:10:33 GMT X-Originating-IP: [192.116.110.2] X-Originating-Email: [winnerzonline009[at]msn.com] X-Sender: winnerzonline009[at]msn.com From: "BRITISH LOTTERY" <winnerzonline009[at]msn.com> Bcc: Subject: WINNING NOTIFICATION Date: Mon, 05 Dec 2005 12:10:33 +0000 Mime-Version: 1.0 Content-Type: text/html; format=flowed X-OriginalArrivalTime: 05 Dec 2005 12:10:33.0605 (UTC) FILETIME=[E49F5350:01C5F994] Return-Path: winnerzonline009[at]msn.com Link to comment Share on other sites More sharing options...
Jeff G. Posted December 5, 2005 Share Posted December 5, 2005 It parses fine for me: http://www.spamcop.net/sc?id=z836740922z56...a7a6b428994900z You could have copied your Tracking URL from the Address box in your web browser. Link to comment Share on other sites More sharing options...
mwinton Posted December 7, 2005 Author Share Posted December 7, 2005 Please post the Tracking URL for that spam message. Also, please be aware that the full-uppercase Registered Trademark "spam" should not be used to refer to email or newsgroup postings, per the Trademark holder, Hormel, Inc. Thanks! 37185[/snapback] SpamCop.net Here are the results of your submission: Processing spam: From: barry.grove_pk[at]hotway.net Subject: Received: (qmail 8665 invoked from network); 7 Dec 2005 11:40:04 -0000 warning:Ignored Received: from unknown (HELO c60.cesmail.net) (192.168.1.105) by blade6.cesmail.net with SMTP; 7 Dec 2005 11:40:04 -0000 192.168.1.105 found host 192.168.1.105 (getting name) no name host 192.168.1.105 = Computer2-ATM3-1.2.gw.psu.edu (old cache) warning:192.168.1.105 discarded Received: from mailgate.cesmail.net ([216.154.195.36]) by c60.cesmail.net with ESMTP; 07 Dec 2005 06:40:02 -0500 216.154.195.36 found host 216.154.195.36 = mailgate.cesmail.net (cached) mailgate.cesmail.net is 216.154.195.36 Possible spammer: 216.154.195.36 Received line accepted Relay trusted (216.154.195.36 cesmail.net mailgate.cesmail.net) Received: from mail.infdz.com [69.34.200.6] by mailgate.cesmail.net with POP3 (fetchmail-6.2.1) for mwinton[at]spamcop.net (single-drop); Wed, 07 Dec 2005 06:40:02 -0500 (EST) 69.34.200.6 found Checking POP client chain: Chain test:mailgate.cesmail.net =? 216.154.195.36 ips are close enough 216.154.195.36 is close to an MX (216.154.195.53) for cesmail.net 216.154.195.36 is mx mailgate.cesmail.net and 216.154.195.36 have close IP addresses - chain verified POP hack, restarting chain. Received: by infdz.com (Wildcat! SMTP Router v6.1.451.5) for mwinton[at]infdz.com; Wed, 07 Dec 2005 05:34:15 -0600 no from warning:Ignored error:No IP found Link to comment Share on other sites More sharing options...
mwinton Posted December 7, 2005 Author Share Posted December 7, 2005 Here is another one: Date: Wed, 07 Dec 2005 05:34:15 -0600 [06:34:15 AM EST] Delivered-To: spamcop-net-mwinton[at]spamcop.net From: "<barry.grove_pk[at]hotway.net>" <barry.grove_pk[at]hotway.net> Message-ID: <2398236312[at]infdz.com> Received: * (qmail 8665 invoked from network); 7 Dec 2005 11:40:04 -0000 * from unknown (HELO c60.cesmail.net) (192.168.1.105) by blade6.cesmail.net with SMTP; 7 Dec 2005 11:40:04 -0000 * from mailgate.cesmail.net ([216.154.195.36]) by c60.cesmail.net with ESMTP; 07 Dec 2005 06:40:02 -0500 * from mail.infdz.com [69.34.200.6] by mailgate.cesmail.net with POP3 (fetchmail-6.2.1) for mwinton[at]spamcop.net (single-drop); Wed, 07 Dec 2005 06:40:02 -0500 (EST) * by infdz.com (Wildcat! SMTP Router v6.1.451.5) for mwinton[at]infdz.com; Wed, 07 Dec 2005 05:34:15 -0600 Return-Path: <barry.grove_pk[at]hotway.net> To: mwinton[at]infdz.com X-IronPort-AV: i="3.99,224,1131339600"; d="scan'208"; a="303261923:sNHT36831024" X-spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on blade6 X-spam-Level: ***************** X-spam-Status: hits=17.1 tests=ALL_TRUSTED,J_CHICKENPOX_12,MISSING_SUBJECT, URIBL_AB_SURBL,URIBL_JP_SURBL,URIBL_OB_SURBL,URIBL_SBL,URIBL_SC_SURBL, URIBL_WS_SURBL version=3.1.0 X-SpamCop-Checked: X-SpamCop-Disposition: Blocked SpamAssassin=17 Headers: Show Limited Headers Received: from ([80.183.92.235]) HELO=alaskastrikezone.com by infdz.com (Wildcat! SMTP v6.1.451.5) with SMTP id 2398234546; Wed, 07 Dec 2005 05:34:13 -0600 Message-ID: <NNPLNOMBBPGOJKEBOAECEHHKGFAB.barry.grove_pk[at]hotway.net> From: "Barry Grove" <barry.grove_pk[at]hotway.net> Subject: =?ISO-8859-1?B?UmVmaW5hbmNlIHIhYXRlIDMuNSU=?= Date: Wed, 07 Dec 2005 11:10:29 +0000 MIME-Version: 1.0 X-Sender: <barry.grove_pk[at]hotway.net> In-Reply-To: <29c401c5f7cd$8a9b5997$10e94e1e[at]7zxc6qk> Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 8bit Want us to l 0 wer your monthly h0me payments ? http://closeit123.com/?ra=tb25 Link to comment Share on other sites More sharing options...
mwinton Posted December 7, 2005 Author Share Posted December 7, 2005 I'm still looking for help. I don't have the tracking numbers from the browser to relay for you. I am still having problems with parsing. Some messages go through, and some don't. I'll try to save all the tracking numbers for you if it will help. Thanks! Link to comment Share on other sites More sharing options...
Miss Betsy Posted December 7, 2005 Share Posted December 7, 2005 You may have discovered why (the extra characters). The next thing is to discover where the characters are coming from. The problem with copying and pasting is that action also does something to the lines and so doesn't help find the problem. I don't believe you said how you were submitting the spam for reports. If you are forwarding them as attachments, that would make a difference in where to look for the problem. MIss Betsy Link to comment Share on other sites More sharing options...
Jeff G. Posted December 7, 2005 Share Posted December 7, 2005 Dr. Winton, the problem appears to be with the Wildcat! ESMTP Server v6.1.451.5 on your mail.infdz.com Server - it is not recording the source of the email messages it receives in a "from" clause in its Received Header Line. Once you fix that, you should be able to use SpamCop to Report the spam it receives. Link to comment Share on other sites More sharing options...
christian.ottosson.name Posted December 9, 2005 Share Posted December 9, 2005 I have a similar problem with e-mails going through the servers of nic.name. Nic.name say they have discussed this with you. Here is one example: 0: Received: from unknown (192.168.1.101) by blade3.cesmail.net with QMQP; 9 Dec 2005 03:02:17 -0000 Internal handoff at SpamCop 1: Received: from mx05.nic.name (198.41.3.35) by mailgate.cesmail.net with SMTP; 9 Dec 2005 03:02:17 -0000 Hostname verified: mx05.nic.name SpamCop received mail from nic.name ( 198.41.3.35 ) 2: Received: from unknown (HELO lipster.com) (220.184.26.74) by mx05.nic.name with SMTP; Fri, 9 Dec 2005 03:02:15 -0000 198.41.3.35 does not report source IP correctly No source IP address found, cannot proceed. Link to comment Share on other sites More sharing options...
agsteele Posted December 9, 2005 Share Posted December 9, 2005 A tracking URL or failing that the headers will make assistance easier to provide. Andrew Link to comment Share on other sites More sharing options...
StevenUnderwood Posted December 9, 2005 Share Posted December 9, 2005 2: Received: from unknown (HELO lipster.com) (220.184.26.74) by mx05.nic.name with SMTP; Fri, 9 Dec 2005 03:02:15 -0000 198.41.3.35 does not report source IP correctly No source IP address found, cannot proceed. 37483[/snapback] I believe if the server mx05.nic.name did not put the "(HELO lipster.com)" portion in there, or changed the format to (HELORESPONSE [iPADDRESS]) it would work properly. I'm thinking the parser is seeing that first set of parenthesis and looking for the IP address in there and finding nothing. Link to comment Share on other sites More sharing options...
Jeff G. Posted December 9, 2005 Share Posted December 9, 2005 The Parser writes "does not report source IP correctly" when it has been configured to do so by SpamCop Staff. Please write to the SpamCop Deputies requesting a review of the decision regarding mx05.nic.name (198.41.3.35) via email address deputies[at]spamcop.net. Thanks! Link to comment Share on other sites More sharing options...
Miss Betsy Posted December 9, 2005 Share Posted December 9, 2005 Dr. Winton, the problem appears to be with the Wildcat! ESMTP Server v6.1.451.5 on your mail.infdz.com Server - it is not recording the source of the email messages it receives in a "from" clause in its Received Header Line. Once you fix that, you should be able to use SpamCop to Report the spam it receives. 37386[/snapback] Just out of curiosity, how come some of Dr. Winton's submissions go through and some don't, if that is the problem? Miss Betsy Link to comment Share on other sites More sharing options...
dbiel Posted December 9, 2005 Share Posted December 9, 2005 Just out of curiosity, how come some of Dr. Winton's submissions go through and some don't, if that is the problem? Miss Betsy 37513[/snapback] One possibility is that they are using more than one mail server and each one is configured differently. Link to comment Share on other sites More sharing options...
Wazoo Posted December 9, 2005 Share Posted December 9, 2005 Just out of curiosity, how come some of Dr. Winton's submissions go through and some don't, if that is the problem? 37513[/snapback] mwinton has yet to describe reporting methods/steps used. Taking the samples provided at face value, it would appear that there is a cut/paste/copy action going on, which in the past brought up issues with bad line wrapping based on actions occurring with the line-wrapping handling based on screen/display window width .. however, looking at those samples, I'm more wondering on just how "any" of those submittals may have ended up being parsed. All that extra vertical whitespace in the header portion would normally stop the parser from getting too deep into the analysis steps. Link to comment Share on other sites More sharing options...
Jeff G. Posted December 9, 2005 Share Posted December 9, 2005 looking at those samples, I'm more wondering on just how "any" of those submittals may have ended up being parsed. All that extra vertical whitespace in the header portion would normally stop the parser from getting too deep into the analysis steps.37526[/snapback] The sample from Linear Post #5 appears to be SpamCop Webmail's (and probably IMP Horde's) bizarre "Show All Headers" format - it doesn't get to the SpamCop Parser. The sample from Linear Post #3 (possibly from Webmail's "Message Source" Link) is what gets to the SpamCop Parser. Link to comment Share on other sites More sharing options...
Miss Betsy Posted December 9, 2005 Share Posted December 9, 2005 IMHO, it is all guess work unless Dr. Winton gives us some more information. I suggest that Dr. Winton email the deputies <at] spamcop.net and ask them what the problem is. Miss Betsy Link to comment Share on other sites More sharing options...
mwinton Posted December 17, 2005 Author Share Posted December 17, 2005 Dr. Winton, the problem appears to be with the Wildcat! ESMTP Server v6.1.451.5 on your mail.infdz.com Server - it is not recording the source of the email messages it receives in a "from" clause in its Received Header Line. Once you fix that, you should be able to use SpamCop to Report the spam it receives. 37386[/snapback] Hmmm, I wonder how I can fix that? I have tried manually editing the headers, and it will parse. If I report from the Quick form, some make it and some don't. I will give you that there has been an upgrade to the WcSMTP mail server software, but I'm not sure why some messages are able to be repotred, and some not. I thought it was a new trick by the UBE writers. Link to comment Share on other sites More sharing options...
mwinton Posted December 17, 2005 Author Share Posted December 17, 2005 Dr. Winton, the problem appears to be with the Wildcat! ESMTP Server v6.1.451.5 on your mail.infdz.com Server - it is not recording the source of the email messages it receives in a "from" clause in its Received Header Line. Once you fix that, you should be able to use SpamCop to Report the spam it receives. 37386[/snapback] Can you help me figure this out and report it to the correct source? It is still happening for me. Thanks! Link to comment Share on other sites More sharing options...
mwinton Posted December 17, 2005 Author Share Posted December 17, 2005 One possibility is that they are using more than one mail server and each one is configured differently. 37515[/snapback] This is curious to me. I saved the message source of two unwanted messages - one was parsed, one was not. I am using the same software, and only one mail server on my end. The only difference I see in the mail is that one subject line used ?ISOxxx characters in the header, and one didn't. The ?ISO Subject line did not get parsed, but the other did. If you like, I can post them, or forward them for your evaluation. Thanks! This is getting curious! Link to comment Share on other sites More sharing options...
Jeff G. Posted December 17, 2005 Share Posted December 17, 2005 Just out of curiosity, how come some of Dr. Winton's submissions go through and some don't, if that is the problem?37513[/snapback] A cursory search has shown me that Dr. Winton has at least three email addresses through three different providers, and that only email passing through his server would be affected by the particular problem I identified. Link to comment Share on other sites More sharing options...
StevenUnderwood Posted December 17, 2005 Share Posted December 17, 2005 If you like, I can post them, or forward them for your evaluation. Thanks! This is getting curious! 38005[/snapback] Please post the tracking URL's as posting the actual messages here messes them up so we can not see what the original actually looked like. Thanks. Link to comment Share on other sites More sharing options...
mwinton Posted December 17, 2005 Author Share Posted December 17, 2005 A cursory search has shown me that Dr. Winton has at least three email addresses through three different providers, and that only email passing through his server would be affected by the particular problem I identified. 38006[/snapback] Really? I thought all my mail went through mail.infdz.com. There should only be two providers, (midamerica.net and earthlink.net) and only one POP server. I'm still trying to fix the problem, but I can't identify it yet - to me it looks as if the from: line is reporting the IP address. Stick with me on this - I have alerted the WcSMTP programmers as well (Hector Santos) for Wildcat! software (WINserver is the software package). Link to comment Share on other sites More sharing options...
mwinton Posted December 17, 2005 Author Share Posted December 17, 2005 Please post the tracking URL's as posting the actual messages here messes them up so we can not see what the original actually looked like. Thanks. 38008[/snapback] I don't know how to get a tracking URL when I get an ERROR: No IP Found message. I only get a tracking URL when it is a successful report. http://www.spamcop.net/sc?id=z842856052zc6...7bdf1fcd4bbdc6z http://www.spamcop.net/sc?id=z842855319zce...9bccebb3de42b9z This is the one with the error: Submitted: Saturday, December 17, 2005 08:00:48 -0600: =?ISO-8859-1?b?R29vZCBldmVuaW5n?= No reports filed Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.