Jump to content

Does parsing stop too early?


semmelbroesel
 Share

Recommended Posts

Hi,

I have received some spam that contains quite a few RECEIVED entries, and I found that the spamcop parser did not go deep enough to find the one line that actually shows the spammer.

Example report

I would like to point out the line

Received: from KNABI (acrz159.neoplus.adsl.tpnet.pl [83.11.27.159])

that doesn't appear to be parsed.

Is there a reason this is happening?

Am I doing something wrong?

Should I edit the header and remove the RECEIVED lines that belong to my provider?

(I don't think I should because the whole header gets sent in the report, but otherwise how can I get the actual spammer reported?)

Thanks for any advice you can give me - this spammer has been very persistent and seems to be increasing output :-(

Link to comment
Share on other sites

I have received some spam that contains quite a few RECEIVED entries, and I found that the spamcop parser did not go deep enough to find the one line that actually shows the spammer.

Example report

...Have you configured MailHosts? It appears that the parser is trying to report the server (216.245.171.32 = mail.agiliti.com) from which the last server (EXCHANGE1.agiliti.net, presumably, the one that ultimately receives and stores your e-mail) receives the e-mail but that's just another server in your e-mail provider's network. MailHosts was designed to help avoid this situation.

Should I edit the header and remove the RECEIVED lines that belong to my provider?

(I don't think I should because the whole header gets sent in the report, but otherwise how can I get the actual spammer reported?)

...Yes, you can do that, but if you do, cancel the reports that SpamCop offers to send. This is because editing the headers is a violation of SpamCop's Rules against material changes to spam.
Link to comment
Share on other sites

I have received some spam that contains quite a few RECEIVED entries, and I found that the spamcop parser did not go deep enough to find the one line that actually shows the spammer.

I'd suggest turning on "Show Full Technical Details" in your Preferences, send a copy of the original headers and the SpamCop Parser output and ask your ISP to explain the odd handoffs showing in that chain of events/handling. Running your reporting account through the MailHost Configuration process "might" help, but .... there are some items there that I sure can't come up with an explanation for ....

Link to comment
Share on other sites

Running your reporting account through the MailHost Configuration process "might" help, but .... there are some items there that I sure can't come up with an explanation for ....

agiliti and g2host seem to be part of our provider, digitalnorth.

I have not looked into mailhosts yet, but I am checking it out right now and will see what it does.

If I understand it correctly it will filter out servers that belong to my provider from being detected as possible spam source.

Just tried it, but the two servers mailhosts detected are names that don't even show in the email headers, so I gotta figure out if I can add the others, too. Am waiting for the test email now.

Thanks for your advice!

Link to comment
Share on other sites

We have a spam filter, but I disabled it, and I also haven't received a spam filter alert.

I sent an email to the deputies.

Thanks!

...Thanks for letting us know. If you are able, please let us know how this was resolved.
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...