Psychonaut Posted April 14, 2006 Share Posted April 14, 2006 I'm running into an odd problem where SpamCop fails to correctly identify the source of an e-mail. Here's the situation: the spammer in question is a crazy guy who has been mass mailing his incoherent rants to everyone in his address book for years. He always uses a Yahoo! Mail account, which he logs into at some public access library terminal at the University of Arizona. (He has admitted as much.) When I forward to SpamCop an offending e-mail that I received at my personal account (psychonaut[at]nothingisreal.com), SpamCop correctly identifies the source as an IP at the University of Arizona. My employer (spgb[at]worldsocialism.org) is also on the spammer's mailing list. However, when *they* (or I) send their copy of the very same e-mail to SpamCop, it fails to identify the source as the University of Arizona. This is very strange, since both copies of the e-mail contain the same Received header giving a U of A IP (128.196.165.21 = PUB-E3.AHSL.Arizona.EDU): Received: from [128.196.165.21] by web35715.mail.mud.yahoo.com via HTTP; Wed, 12 Apr 2006 16:07:39 PDT Both our domains, nothingisreal.com and worldsocialism.org, are hosted by DreamHost. The only major difference in our setup is that I use fetchmail to download my mail via POP3 from mail.nothingisreal.com and deliver it to a local mail server, whereas my employer checks mail via IMAP on mail.worldsocialism.org. I reproduce here the headers of the e-mail in question in case anyone wants to check with SpamCop themselves. (SpamCop seems to allow submission of headers without a body for parsing purposes.) Here is the version I received which SpamCop correctly parses. Tracking URL: http://www.spamcop.net/sc?id=z919791081z24...510714fd343b2az Return-Path: <moreevilbaddeals[at]yahoo.com> X-Original-To: psy[at]localhost Delivered-To: psy[at]localhost.worldsocialism.org Received: from localhost (localhost [127.0.0.1]) by polecat.worldsocialism.org (Postfix) with ESMTP id 04EA6903D9 for <psy[at]localhost>; Thu, 13 Apr 2006 00:15:50 +0100 (BST) X-Original-To: psychonaut[at]nothingisreal.com Delivered-To: frettchen[at]randymail-mx2.dreamhost.com Received: from mail.nothingisreal.com [208.97.132.24] by localhost with POP3 (fetchmail-6.2.5) for psy[at]localhost (single-drop); Thu, 13 Apr 2006 00:15:50 +0100 (BST) Received: from web35715.mail.mud.yahoo.com (web35715.mail.mud.yahoo.com [66.163.179.169]) by randymail-mx2.dreamhost.com (Postfix) with SMTP id B492913B3E0 for <psychonaut[at]nothingisreal.com>; Wed, 12 Apr 2006 16:07:40 -0700 (PDT) Received: (qmail 4652 invoked by uid 60001); 12 Apr 2006 23:07:39 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:Received:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=rb80uMH7Kp4m/VGyzMC0i7vOkVAkMZ4UCxjNcwT5NIAsa2OhjLIOQiGfDr5u 3GeGDVNiJh5gP4IrizKokJRF8JJ22pQ9LRZonUf2+SImTvUXUDFs1tQ9LHS8Y5V A/E/nM4GsuqMwaKflXpB9gec0jEg2CTyAnB6DWWQPf8/MIZw=; Message-ID: <20060412230739.4650.qmail[at]web35715.mail.mud.yahoo.com> Received: from [128.196.165.21] by web35715.mail.mud.yahoo.com via HTTP; Wed, 12 Apr 2006 16:07:39 PDT Date: Wed, 12 Apr 2006 16:07:39 -0700 (PDT) From: L-ightist Economist <moreevilbaddeals[at]yahoo.com> Subject: Fwd: Re: JB: Emails Violated and Erased by Unknown; Cannot Respond Immediately...EXPEL ME Here is the version my employer received which SpamCop doesn't correctly parse. Tracking URL: http://www.spamcop.net/sc?id=z919793041z85...2f64fc298ebaa6z Return-Path: <moreevilbaddeals[at]yahoo.com> X-Original-To: spgb[at]worldsocialism.org Delivered-To: spgb[at]randymail-mx1.dreamhost.com Received: from enforcer.dreamhost.com (enforcer.dreamhost.com [66.33.220.4]) by randymail-mx1.dreamhost.com (Postfix) with ESMTP id D18C434339 for <spgb[at]worldsocialism.org>; Wed, 12 Apr 2006 16:07:47 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by enforcer.dreamhost.com (Postfix) with ESMTP id AE0C017D010 for <spgb[at]worldsocialism.org>; Wed, 12 Apr 2006 16:07:47 -0700 (PDT) Received: from enforcer.dreamhost.com ([127.0.0.1]) by localhost (enforcer [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 04356-06 for <spgb[at]worldsocialism.org>; Wed, 12 Apr 2006 16:07:46 -0700 (PDT) Received: from hesl01uker.he.local (smtpout.btconnect.com [213.123.26.90]) by enforcer.dreamhost.com (Postfix) with ESMTP id ED6DF17D025 for <spgb[at]worldsocialism.org>; Wed, 12 Apr 2006 16:07:45 -0700 (PDT) Received: from c2bthimr02.btconnect.com ([194.73.73.202]) by hesl01uker.he.local with Microsoft SMTPSVC(6.0.3790.211); Thu, 13 Apr 2006 00:07:42 +0100 Received: from web35715.mail.mud.yahoo.com (web35715.mail.mud.yahoo.com [66.163.179.169]) by c2bthimr02.btconnect.com (MOS 3.5.9-GR) with SMTP id FRP26850; Thu, 13 Apr 2006 00:06:54 +0100 (BST) Received: (qmail 4652 invoked by uid 60001); 12 Apr 2006 23:07:39 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:Received:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=rb80uMH7Kp4m/VGyzMC0i7vOkVAkMZ4UCxjNcwT5NIAsa2OhjLIOQiGfDr5u 3GeGDVNiJh5gP4IrizKokJRF8JJ22pQ9LRZonUf2+SImTvUXUDFs1tQ9LHS8Y5V A/E/nM4GsuqMwaKflXpB9gec0jEg2CTyAnB6DWWQPf8/MIZw=; Message-ID: <20060412230739.4650.qmail[at]web35715.mail.mud.yahoo.com> Received: from [128.196.165.21] by web35715.mail.mud.yahoo.com via HTTP; Wed, 12 Apr 2006 16:07:39 PDT Date: Wed, 12 Apr 2006 16:07:39 -0700 (PDT) From: L-ightist Economist <moreevilbaddeals[at]yahoo.com> Subject: Fwd: Re: JB: Emails Violated and Erased by Unknown; Cannot Respond Immediately...EXPEL ME Moderator Edit: Huge long lines broken up as they were impacting the Portal display. Link to comment Share on other sites More sharing options...
StevenUnderwood Posted April 14, 2006 Share Posted April 14, 2006 Both our domains, nothingisreal.com and worldsocialism.org, are hosted by DreamHost. The only major difference in our setup is that I use fetchmail to download my mail via POP3 from mail.nothingisreal.com and deliver it to a local mail server, whereas my employer checks mail via IMAP on mail.worldsocialism.org. 42002[/snapback] A bigger difference is that the failing parse is travelling first from Yahoo, through a btconnect.com account before being directed to dreamhost.com. That is where the parse is being lost, seemingly because of the naming of their servers. Their servers don't use their FQDN. The parser does not trust that handoff. THis is likely a case where Mailhosts (defining the route your messages take to reach you) would help the parser get through this mess or btconnect needs to clean up their headers. Link to comment Share on other sites More sharing options...
Farelf Posted April 14, 2006 Share Posted April 14, 2006 ... or btconnect needs to clean up their headers.42004[/snapback] Refer http://www.dnsreport.com/tools/dnsreport.c...n=btconnect.com "Open DNS servers" and commentary. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.