Jump to content

[Resolved] Possible Forgery/No Source \IP Address Found


spaztick1

Recommended Posts

Are you copy & pasting into SpamCop?

"

[ Add to Address Book | Block Address | Report as spam | This is not Bulk Mail ]

Message-ID: <5D6A________0555[at]nexgo.uk>

"

That looks like formatting of your mail client.

So you should forward the email to your reporting address, ie: submit.abcd1234[at]spam.spamcop.net

Link to comment
Share on other sites

Are you copy & pasting into SpamCop? 

"

[ Add to Address Book | Block Address | Report as spam | This is not Bulk Mail ]

Message-ID:    <5D6A________0555[at]nexgo.uk>

"

That looks like formatting of your mail client.

So you should forward the email to your reporting address, ie:  submit.abcd1234[at]spam.spamcop.net

41405[/snapback]

Thank you for your help. I removed the formatting but still get the same message.

This is the new tracking URL

http://www.spamcop.net/sc?id=z899677944zd6...82c4cd74504047z

I have tried cutting and pasting and straight forwarding but get the same message. The link I posted was a spam email I tried to remove the whitespace from after cutting and pasting.

I read on another posting that spammers seem to be inserting whitespace into the headers to fool SpamCop.

Thank You,

John

Link to comment
Share on other sites

I'm having the same problem with my Excite email too. It appears that it is not whitespace that is causing the problem but rather 'Received' lines that do not contain a source IP address. Here is an example of a header with this problem:

Delivered-To: dg3274[at]xprdmailbe.nwk.excite.com Received: (qmail 3864 invoked from network); 17 Mar 2006 22:13:24 -0000 Received: from unknown (HELO localhost.localdomain) ([10.50.28.195]) (envelope-sender <halbro[at]tekinc.com>)           by 0 (qmail-ldap-1.03) with SMTP           for <dg3274[at]xprdmailbe.nwk.excite.com>; 17 Mar 2006 22:13:24 -0000 Return-Path: <halbro[at]tekinc.com> Received: from tekinc.com (i5387A28B.versanet.de [83.135.162.139])  by xprdmx22.nwk.excite.com (Postfix) with SMTP id BDD5D33E6E  for <dg3274[at]excite.com>; Fri, 17 Mar 2006 17:13:21 -0500 (EST) Message-ID: <000001c64a0f$f63b8ae0$413aa8c0[at]anq23>

Notice that the line in red does not have an IP address or a received 'by' entry. I believe this is what is tripping up the reporting system.

Another problem header example is this one:

Delivered-To: dg3274[at]xprdmailbe.nwk.excite.com Received: (qmail 24052 invoked from network); 17 Mar 2006 06:36:58 -0000 Received: from unknown (HELO localhost.localdomain) ([10.50.30.159]) (envelope-sender <beckyricksnt[at]telefonica.com.ar>)           by 0 (qmail-ldap-1.03) with SMTP           for <dg1696[at]xprdmailbe.nwk.excite.com>; 17 Mar 2006 06:36:58 -0000 Return-Path: <beckyricksnt[at]telefonica.com.ar> Received: from dr.dk (unknown [222.111.65.240])  by xprdmx31.nwk.excite.com (Postfix) with SMTP id 4A66D37E59;  Fri, 17 Mar 2006 01:36:55 -0500 (EST) Received: from 202.97.74.217 by mail.telefonica.com.ar with SMTP id ED21DF64440  for <dg3274[at]excite.com>; Fri, 17 Mar 2006 08:15:40 +0100 (GMT) Message-ID: <7ad201c64992$13810920$2e1940f5[at]dr.dk>

This one has the same problem as the first example but also contains a misplaced 'Received' line at the end, fooling the reporting system into thinking the header is forged since it indicates the mail was not received by one of Excites mailhosts.

When I removed the lines in red and manually reported using the Outlook/Eudora Workaround form the spam was able to successfully be reported.

Link to comment
Share on other sites

can't help but notice that both of spaztick1's samples include error messages normally seen with incomplete or incorrectly configured MailHost configured accounts.

dg3274 failed to provide a Tracking URL ... not a clue as to how the data examples provided were actually captured/posted, but noting that both samples there also include the infamous "received .... by 0" lines (incidentally, someone else posted fairly recently on how to 'fix' that under QMail) ....

Link to comment
Share on other sites

can't help but notice that both of spaztick1's samples include error messages normally seen with incomplete or incorrectly configured MailHost configured accounts.

dg3274 failed to provide a Tracking URL ... not a clue as to how the data examples provided were actually captured/posted, but noting that both samples there also include the infamous "received .... by 0" lines (incidentally, someone else posted fairly recently on how to 'fix' that under QMail) ....

41417[/snapback]

Tracking URL for first example: http://www.spamcop.net/sc?id=z899709084zea...b0e0f196d424e6z

Tracking URL for second example: http://www.spamcop.net/sc?id=z899715905z08...f069f3f770593bz

EDIT:

I just realized those two tracking URL's are from after I edited the headers and got them to submit properly. I don't have the URL's from when they failed.

But here's an example of one I just submitted now and got the No source IP/No Tracking info problem: http://www.spamcop.net/sc?id=z899969577z3e...8f39b33f540ab8z

Link to comment
Share on other sites

But here's an example of one I just submitted now and got the No source IP/No Tracking info problem: http://www.spamcop.net/sc?id=z899969577z3e...8f39b33f540ab8z

41418[/snapback]

That is because there is a blank line between each header. It sees the first blank line (which defines the end of headers in the RFC and can do nothing with it.

Could you explain exactly the steps you use to submit this message?

Your previous quote in this thread looks like there are no line feeds in the message submitted, this one shows multiple line feeds. Something seems to be wrong with the handling.

I am having a similiar problem right now when submitting from SpamCop's webmail by forwarding but am dealing with it off-line since I have seen nobody else mention it.

Link to comment
Share on other sites

I just realized those two tracking URL's are from after I edited the headers and got them to submit properly. I don't have the URL's from when they failed.

But here's an example of one I just submitted now and got the No source IP/No Tracking info problem: http://www.spamcop.net/sc?id=z899969577z3e...8f39b33f540ab8z

41418[/snapback]

That sample submitted after 'fixing' the extra blank lines in the header ... no data removed ... http://www.spamcop.net/sc?id=z900103265zbb...ba8d79cb80d890z shows a successful parse from a non-MailHost configured sccount.

Link to comment
Share on other sites

That is because there is a blank line between each header.  It sees the first blank line (which defines the end of headers in the RFC and can do nothing with it.

Could you explain exactly the steps you use to submit this message?

Your previous quote in this thread looks like there are no line feeds in the message submitted, this one shows multiple line feeds.  Something seems to be wrong with the handling.

I am having a similiar problem right now when submitting from SpamCop's webmail by forwarding but am dealing with it off-line since I have seen nobody else mention it.

41420[/snapback]

What I have been doing to submit the message is forward the spam email as an attachment from my Excite web mail account to Spamcop. When that didn't work I tried forwarding to another email account I have. I did this so I would be able to look at the header since Excite web mail will not show the header. If you are wondering why I did this it's because I didn't realize that after submitting to Spamcop I could view the header right there on the web page. I do now though. Well anyway, when I opened the forwarded attachment after receiving it at my other email the header did not show up with blank spaces like it does on the Spamcop site. It was all jumbled together like in my posts up above. When you copy and paste that into the Outlook/Eudora workaround form on Spamciop it enters it all on one line instead of formatted for the size of the window. The reporting system doesn't like that either. So I came up with the incorrect assumption that some data needed to be removed to get it to work.

Link to comment
Share on other sites

What I have been doing to submit the message is forward the spam email as an attachment from my Excite web mail account to Spamcop. When that didn't work...

41425[/snapback]

Can you try that again and post the tracking URL because that is the accepted way to do it and is shown in the first FAQ entry Wazoo pointed out.
Link to comment
Share on other sites

SC-FAQ :: SpamCop Parsing & Reporting Service :: How to get Full Headers :: Web-mail apps :: Excite web-mail

Please advise as to what is missing / wrong in this FAQ entry.

41426[/snapback]

In general there is nothing wrong with that FAQ other than some slight wording changes. I didn't even know Spamcop had an FAQ entry on how the Excite webmail interface works. Now that I have read it and found out that there is a box that needs to be checked in Account Preferences I am able to see headers. The reason I thought it didn't work is because even if that box is not checked in Account Preferences you are still presented with a "Full Headers" button to push over each email. But without having the box checked the page just reloads when you hit that button. I just assumed there was something wrong with Excites webmail because Excite makes no mention about having to check that box before the "Full Headers" button will work properly.

Can you try that again and post the tracking URL because that is the accepted way to do it and is shown in the first FAQ entry Wazoo pointed out.

41427[/snapback]

Here's two examples that I just now submitted:

http://www.spamcop.net/sc?id=z900404227z25...63c9d088e49191z

http://www.spamcop.net/sc?id=z900404575ze1...9940940ff39954z

EDIT:

Ok I got curious and just did some more testing. I forwarded a couple emails that are NOT spam to Spamcop (forwarded as an attachment from Excite webmail) and I am still getting the No source Ip/No Tracking info problem. So this leads me to believe that it is not spammers that are causing this problem but rather Excite. Perhaps Excite has changed the formatting in the way attached emails are sent?? I know I haven't changed anything on my end. I believe this all started happening a few days ago. I had been submitting for quite awhile with no problems before a few days ago. Now it appears no emails forwarded from Excite are able to be parsed properly regardless of who they are from.

Link to comment
Share on other sites

In general there is nothing wrong with that FAQ other than some slight wording changes.

??????

I didn't even know Spamcop had an FAQ entry on how the Excite webmail interface works.

And again the question comes up .. what else needs to be done to bring the FAQ into view?

As before, the extra blank lines between all existing header lines blow away any possibility of a parse. Some folks had an issue with linewraps being added as an issue with the width of the broswer window, but ... some of these lines are short enough that it's hard to see how that would be an issue here. But along that line, the browser being used has not been identifed. Is this also somehow tied to a FireFox or IE issue perhaps??

Link to comment
Share on other sites

I'm sure it's nothing anybody couldn't figure out but here's the minor wording change that needs to be fixed:

The FAQ as it is now:

Sign in to your email account.

Click on Preferences on the Email home page

Click on Email Preferences

Check the box to display headers

Click on Save

The FAQ as it should be:

Sign in to your email account.

Click on Mail Preferences on the Email home page

Click on Account Preferences

Check the box to display headers

Click on Save

As far as bringing this part of the FAQ into view goes...

It's not that it was hard to find, it's that I wasn't looking for it to begin with.

As far as my browser goes I use both IE and Firefox. I'm not sure how my browser would affect the way Excite forwards emails as attachments.

Link to comment
Share on other sites

I'm having trouble reporting my spam using Excite Webmail.

http://www.spamcop.net/sc?id=z899650288z08...668aadb9b6164fz

That spam won't parse because you have a Mailhost for Comcast configured, but not one for your Excite.com address. Since Excite.com isn't on your list of email providers, SpamCop thinks the headers are forged and won't proceed.

If you log into your account here and run our Mailhost utility to register your Excite address, you should be OK.

- Don D'Minion - SpamCop Admin -

Link to comment
Share on other sites

That spam won't parse because you have a Mailhost for Comcast configured, but not one for your Excite.com address.  Since Excite.com isn't on your list of email providers, SpamCop thinks the headers are forged and won't proceed.

If you log into your account here and run our Mailhost utility to register your Excite address, you should be OK.

41447[/snapback]

???? I pointed out the MailHost configuration issue back in Linear post #5 in the Topic .. that poster has yet to return apparently. But I'm not sure that even if successful in getting through the MailHost configuration process (a bit doubtful) this wouldn't resolve the problems with the submittal issues thus far being discussed .... but that's just me ...

And of course, the "log in ... here" refers to http://www.spamcop.net ... not the Forum.

Link to comment
Share on other sites

????  I pointed out the MailHost configuration issue back in Linear post #5 in the Topic .. that poster has yet to return apparently.  But I'm not sure that even if successful in getting through the MailHost configuration process (a bit doubtful) this wouldn't resolve the problems with the submittal issues thus far being discussed .... but that's just me ...

And of course, the "log in ... here" refers to http://www.spamcop.net ... not the Forum.

41449[/snapback]

Thank you both for your help. Mr D'Minion emailed me with the instructions on what to do and it worked. It was a wrongly configuresd mailhost. I can now report Excite spam. Wazoo, I read your first post regarding the incorrectly configured mailhost and tried several times to add the excite servers. At one time I had the excite server set up but somehow lost/deleted the comcast account. At any rate they both work now. Sorry I didn't reply sooner. Thank you again.

John Lazar

Link to comment
Share on other sites

Thank you both for your help.  Mr D'Minion emailed me with the instructions on what to do and it worked.  It was a wrongly configuresd mailhost.  I can now report Excite spam.  Wazoo, I read your first post regarding the incorrectly configured mailhost and tried several times to add the excite servers.  At one time I had  the excite server set up but somehow lost/deleted the comcast account.  At any rate they both work now.  Sorry I didn't reply sooner.  Thank you again.

John Lazar

41550[/snapback]

Well, I'm glad that worked for you and you can report excite spam. I am still having problems though. Sending spam from Excite to Spamcop as an attachment is still not working for me.

Here's what I'm getting:

http://www.spamcop.net/sc?id=z904055283z66...4ed7854a8f7a03z

http://www.spamcop.net/sc?id=z904055304z53...6c25b77fa569afz

http://www.spamcop.net/sc?id=z904055440zbb...e9f0d5e81b9627z

If anyone can help me figure this out it would be greatly appreciated.

Thanks!

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...