Problems w/ SPAM processing via email submission

[GrojGuy]

I have tried to do due diligence and search for a solution to this problem in existing posts, but even though I have tried some suggestions, I have actually not read of the same problem I am having.

I normally submit my spam via email, as an attachment. This had been working for me for quite a while. I had completed the mailhost configuration, and everything was working just fine. I would receive the SPAMCOP notification email, and click on the contained link, and follow through with reporting the spam .

Then, several months ago, I started experiencing problems. When I would click on the spam reporting link in the email, I would see the parsing results as follows:

(this example is captured from my most recent attempt to report a spam email)

http://www.spamcop.net/sc?id=z847395108z9c...f80d16c146e794z

Parsing header:

0: Received: from [66.111.4.29] (helo=out5.smtp.messagingengine.com) by core.dailydns.com with esmtp (Exim 4.52) id 1Er4IB-0004tw-VJ for x; Mon, 26 Dec 2005 21:10:24 -0500

Hostname verified: out5.smtp.messagingengine.com

Possible forgery. Supposed receiving system not associated with any of your mailhosts

Will not trust anything beyond this header

No source IP address found, cannot proceed.

Add/edit your mailhost configuration

Finding full email headers

Submitting spam via email (may work better)

Example: What spam headers should look like

Nothing to do.

And no furthur processing can be done, i.e. SPAMCOP gives no reporting options.

However, if I click on the "View entire message", copy the entire header/text of the spam, then hit "back", and paste that text into the web submission form box, and hit "Process spam", I receive the expected result:

Parsing header:

0: Received: from [66.111.4.29] (helo=out5.smtp.messagingengine.com) by core.dailydns.com with esmtp (Exim 4.52) id 1Er4IB-0004tw-VJ for x; Mon, 26 Dec 2005 21:10:24 -0500

Hostname verified: out5.smtp.messagingengine.com

cashmailspro.com received mail from FastMail ( 66.111.4.29 )

1: Received: from server3.messagingengine.com (server3.internal [10.202.2.134]) by frontend1.messagingengine.com (Postfix) with ESMTP id CB9D2D2C20B for <x>; Mon, 26 Dec 2005 21:10:20 -0500 (EST)

Internal handoff at FastMail

2: Received: from mx4.internal (mx4.internal [10.202.2.203]) by server3.messagingengine.com (Cyrus v2.3-alpha) with LMTPA; Mon, 26 Dec 2005 21:10:21 -0500

Internal handoff at FastMail

3: Received: from mail3.zoneedit.com (mail3.zoneedit.com [216.133.67.106]) by mx4.messagingengine.com (Postfix) with ESMTP id 5E3FF12050D2 for <x>; Mon, 26 Dec 2005 21:10:19 -0500 (EST)

Hostname verified: mail3.zoneedit.com

FastMail received mail from CMS ( 216.133.67.106 )

4: Received: from p5091E01E.dip.t-dialin.net (p5091E01E.dip.t-dialin.net [80.145.224.30]) by mail3.zoneedit.com (Postfix) with SMTP id 40F3AE8B6C for <>; Mon, 26 Dec 2005 21:10:15 -0500 (EST)

No unique hostname found for source: 80.145.224.30

CMS received mail from sending system 80.145.224.30

And I am able to report the spam to the appropriate email addresses.

It seems odd that this was working fine for a long time and then all of a sudden stopped working. Nevertheless, I have re-done the mailhost config several times, since that seemed like the most likely problem. However, that had no effect.

I thought perhaps it was some problem with how the forwarded spam was being attached in the submission email. But then if you compare the two parses, the are identical up until the point where the "bad" parse determines "possible forgery".

And why would the submission of the exact same header via the web form work just fine?

Any ideas?

Thank you,

-Matt

[turetzsr]

<snip>

I normally submit my spam via email, as an attachment.  This had been working for me for quite a while.  I had completed the mailhost configuration, and everything was working just fine.  I would receive the SPAMCOP notification email, and click on the contained link, and follow through with reporting the spam .

Then, several months ago, I started experiencing problems.  When I would click on the spam reporting link in the email, I would see the parsing results as follows:

(this example is captured from my most recent attempt to report a spam email)

http://www.spamcop.net/sc?id=z847395108z9c...f80d16c146e794z

<snip>

38506[/snapback]

Hi, Matt!

...Who provides your e-mail service and what application to you use to submit your spam via e-mail? The reason I ask is that (although I'm not an expert by a long shot) it sounds to me as if either your e-mail provider or your e-mail application is either truncating the mail headers of your spam (when it forwards it as an attachment) or is inserting a blank line after the first "Received" header (thus causing the SpamCop parser to think that there is only the one header). Microsoft Exchange (or is it Outlook?) is known to manipulate the headers and I believe I have seen users of Lotus Notes complain about similar issues.

[StevenUnderwood]

It seems odd that this was working fine for a long time and then all of a sudden stopped working.  Nevertheless, I have re-done the mailhost config several times, since that seemed like the most likely problem.  However, that had no effect.

38506[/snapback]

The error message being displayed is suggesting that "core.dailydns.com" is not in your MailHost config, however, when re-run seems to find that mailhost.

The only thing that comes to mind that you might be able to check is do you have more than one reporting account, maybe one without the dailydns.com entry. This seems highly unlikely. Also, instead of following the link, if you go to your reporting page and click the Report Now link, do you get the same errors?

Most likely, this will need to be handled by the deputies[at]spamcop.net address, but they are currently overwhelmed and may take a while to respond. Keep the message short, to the point but including all information they need to pick out your account is your best chance of getting a response.