drworld Posted November 12, 2006 Share Posted November 12, 2006 Hello, I'm using ASSP (assp.sf.net) to filter all my email incoming thru my mail server. Now I try to use ASSP to forward (trusted spam:) directly to spamcop using my unique report address at spamcop. Now I got some trouble because it seems that reporting directly a spam to spamcop generate false header. Indeed to all my report I got a reply which indicate: SpamCop encountered errors while saving spam for processing: SpamCop could not find your spam message in this email: Return-Path: <dperez_kj[at]geocities.com> Received: from sc-smtp2-bulkmx.soma.ironport.com (sc-smtp2-bulkmx.soma.ironport.com [204.15.82.125]) by sc-app3.soma.ironport.com (Postfix) with ESMTP id 3BD8514318 for <submit.xxxxxxxxxxx[at]spam.spamcop.net>; Sun, 12 Nov 2006 03:28:48 -0800 (PST) Received: from gign.visp.fr ([88.191.22.18]) by sc-smtp2-bulkmx.soma.ironport.com with ESMTP; 12 Nov 2006 03:28:48 -0800 Received: from gign-assp.visp.fr (localhost.localdomain [127.0.0.1]) by gign.visp.fr (Postfix) with SMTP id 7A8CFB7406B for <submit.xxxxxxxxxxxxx[at]spam.spamcop.net>; Sun, 12 Nov 2006 12:28:45 +0100 (CET) Received: from 218.130.6.106 ([218.130.6.106] helo=cs.com) by gign-assp.visp.fr; 12 Nov 2006 12:28:41 +0100 In-Reply-To: <136d01c70378$9e8f96af$73ae9191[at]3kkra03> X-Sender: <dperez_kj[at]geocities.com> Reply-To: "Darryl Perez" <dperez_kj[at]geocities.com> Subject: Rolexes for Sale - Perfect for gift d2g Sender: <dperez_kj[at]geocities.com> Date: Sun, 12 Nov 2006 11:19:26 +0000 MIME-Version: 1.0 From: "Darryl Perez" <dperez_kj[at]geocities.com> Message-ID: <1163330366.3178[at]geocities.com> To: <xxxxxxxxx[at]rakotomalala.com> Content-Type: text/plain; charset="iso-8859-2" Content-Transfer-Encoding: 8bit X-Assp-Received-RBL: pass (gign-assp.visp.fr: local policy) rbl=none; client-ip=; X-Assp-Bayes-Confidence: 0.00000 X-Assp-spam-Prob: 1.00000 X-Assp-Envelope-From: dperez_kj[at]geocities.com X-Assp-Intended-For: xxxxxxxxxxx[at]rakotomalala.com X-Assp-spam: YES X-SMSMSE-SCL: 9 X-Assp-spam-Reason: Bayesian spam X-Intended-For: xxxxxxxxx[at]rakotomalala.com <body of the spam> In fact it appear that the first line: "sc-smtp2-bulkmx.soma.ironport.com" would be my email server (in the mailhost logic) but it's the mailhost of the spamcop report address ! My mailhost registered at spamcop: gign.visp.fr / gign-assp.visp.fr When I take the complet header and try to report it thru the web form I got this: http://www.spamcop.net/sc?id=z1133688888z8...4c162e6ac43489z Which explain the trouble (I think). is it a way to fix it ? Link to comment Share on other sites More sharing options...
Wazoo Posted November 12, 2006 Share Posted November 12, 2006 is it a way to fix it ? Abslutely! .. Just keep tryng to play with to make it go through the parser, go ahead and send a Report, and basically kiss your account good-bye. Why are you trying to 'report' an error message 'from' the SpamCop.net parsing system? You say this is "trusted spam" (?) ... are you suggesting that you are one of those folks that has had their account compromised and spammers are sending spam to your Reporting Account - Submit account address? There have been several of these Topics/Discussion started just within the last week or so .... I don't see this as a MailHost Configuration issue at this point .... it appears to me to be either a Reporting problem (with your automated sending of your 'trusted' spam) .... or you have a compromised and abused Reporting Account .... with this post, this Topic moves to the Reporting Help Forum section .... Link to comment Share on other sites More sharing options...
StevenUnderwood Posted November 12, 2006 Share Posted November 12, 2006 Now I try to use ASSP to forward (trusted spam:) directly to spamcop using my unique report address at spamcop. This looks like ASSP is doing a simple forward to tour submit address, which will not work. Unless ASSP can forward as attachment, this is not likely to work. Spamcop ignores the headers of the message it receives and parses the headers in the body of the message. Received: from sc-smtp2-bulkmx.soma.ironport.com (sc-smtp2-bulkmx.soma.ironport.com [204.15.82.125]) by sc-app3.soma.ironport.com (Postfix) with ESMTP id 3BD8514318 for <submit.xxxxxxxxxxx[at]spam.spamcop.net>; Sun, 12 Nov 2006 03:28:48 -0800 (PST) Internal transfer within SpamCop Received: from gign.visp.fr ([88.191.22.18]) by sc-smtp2-bulkmx.soma.ironport.com with ESMTP; 12 Nov 2006 03:28:48 -0800 SpamCop receives from gign.visp.fr (looks like they are affiliated with your ISP). Received: from gign-assp.visp.fr (localhost.localdomain [127.0.0.1]) by gign.visp.fr (Postfix) with SMTP id 7A8CFB7406B for <submit.xxxxxxxxxxxxx[at]spam.spamcop.net>; Sun, 12 Nov 2006 12:28:45 +0100 (CET) ASSP system sends it to gign.visp.fr destined for your submit address, Received: from 218.130.6.106 ([218.130.6.106] helo=cs.com) by gign-assp.visp.fr; 12 Nov 2006 12:28:41 +0100 ASSP received this from the source 218.130.6.106 <body of the spam> THis should not be the body of the spam but the entire spam including headers AS the body of the submission. That is an important distinction. Link to comment Share on other sites More sharing options...
drworld Posted November 12, 2006 Author Share Posted November 12, 2006 Abslutely! .. Just keep tryng to play with to make it go through the parser, go ahead and send a Report, and basically kiss your account good-bye. Why are you trying to 'report' an error message 'from' the SpamCop.net parsing system? You say this is "trusted spam" (?) ... are you suggesting that you are one of those folks that has had their account compromised and spammers are sending spam to your Reporting Account - Submit account address? There have been several of these Topics/Discussion started just within the last week or so .... I don't see this as a MailHost Configuration issue at this point .... it appears to me to be either a Reporting problem (with your automated sending of your 'trusted' spam) .... or you have a compromised and abused Reporting Account .... with this post, this Topic moves to the Reporting Help Forum section .... I'm not trying to report the error message itself. I just try to understand why spamcop doesn't handle correctly the spam report. I'm sorry but english isn't my native language and I explain my case probably badly, so I gonna try to do it better here. 'trusted' spam means in my mind, email coming into honeypot, these emails address are use to train my baysian filter. In the same time I would report all incoming mail on these address to spamcop. This is what I'm trying to do. So when a spam come into the honeypot ASSP use it to train the baysian system and then forward it to my submit address. this is the chain: spam -> ASSP -> submit.xxx[at]spam.spamcop.net In return I got (at my primary email address configured in my spamcop account): SpamCop encountered errors while saving spam for processing: SpamCop could not find your spam message in this email: Return-Path: <xcyucoe[at]paudio.com> Received: from sc-smtp4-bulkmx.soma.ironport.com (sc-smtp4-bulkmx.soma.ironport.com [204.15.82.126]) by sc-app2.soma.ironport.com (Postfix) with ESMTP id 58CD65508 for <submit.xxxxxxxxxx[at]spam.spamcop.net>; Sun, 12 Nov 2006 04:16:06 -0800 (PST) Received: from gign.visp.fr ([88.191.22.18]) by sc-smtp4-bulkmx.soma.ironport.com with ESMTP; 12 Nov 2006 04:16:06 -0800 Received: from gign-assp.visp.fr (localhost.localdomain [127.0.0.1]) by gign.visp.fr (Postfix) with SMTP id 83E3DB7401C for <submit.xxxxxxxxx[at]spam.spamcop.net>; Sun, 12 Nov 2006 13:15:57 +0100 (CET) Received: from 86.63.111.220 ([86.63.111.220] helo=86-63-111-220.asta-net.com.pl) by gign-assp.visp.fr; 12 Nov 2006 13:15:50 +0100 Message-ID: <000c01c70654$4af554c0$00000000[at]iwonkaegwbkftv> From: "Storage" <xcyucoe[at]paudio.com> To: xxxxxxx[at]nopourriel.fr References: <000c01c70654$4af554c0$00000000[at]iwonkaegwbkftv> Subject: Re: Terms Date: Sun, 12 Nov 2006 13:15:50 +0100 MIME-Version: 1.0 Content-Type: multipart/related; type="multipart/alternative"; boundary="----=_NextPart_000_0003_01C7065C.ACB772D0" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2869 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2962 X-Assp-spam-Prob: 1.00000 X-Assp-Envelope-From: xcyucoe[at]paudio.com X-Assp-Intended-For: xxxxxxx[at]nopourriel.fr X-Assp-spam: YES X-SMSMSE-SCL: 9 X-Assp-spam-Reason: Has spam address X-Intended-For: xxxxxxxx[at]nopourriel.fr This is a multi-part message in MIME format. <body of the spam> The email which triggered this auto-response had the following headers: Return-Path: <ebzkxubwan[at]orchidmoon.com> Received: from sc-smtp4-bulkmx.soma.ironport.com (sc-smtp4-bulkmx.soma.ironport.com [204.15.82.126]) by sc-app2.soma.ironport.com (Postfix) with ESMTP id EB70254B1 for <submit.xxxxxxxxx[at]spam.spamcop.net>; Sun, 12 Nov 2006 04:22:26 -0800 (PST) Received: from gign.visp.fr ([88.191.22.18]) by sc-smtp4-bulkmx.soma.ironport.com with ESMTP; 12 Nov 2006 04:22:26 -0800 Received: from gign-assp.visp.fr (localhost.localdomain [127.0.0.1]) by gign.visp.fr (Postfix) with SMTP id A3888B7401C for <submit.xxxxxxxxx[at]spam.spamcop.net>; Sun, 12 Nov 2006 13:22:21 +0100 (CET) Received: from 75.18.92.6 ([75.18.92.6] helo=adsl-75-18-92-6.dsl.chcgil.sbcglobal.net) by gign-assp.visp.fr; 12 Nov 2006 13:22:20 +0100 Message-ID: <000901c70655$211687e0$00000000[at]John> From: "epicenter" <ebzkxubwan[at]orchidmoon.com> To: xxxxx[at]nopourriel.fr References: <000901c70655$211687e0$00000000[at]John> Subject: Re: edit Date: Sun, 12 Nov 2006 06:21:50 -0600 MIME-Version: 1.0 Content-Type: multipart/related; type="multipart/alternative"; boundary="----=_NextPart_000_0004_01C70622.D67C17E0" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2869 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2962 X-Assp-spam-Prob: 1.00000 X-Assp-Envelope-From: ebzkxubwan[at]orchidmoon.com X-Assp-Intended-For: jos[at]nopourriel.fr X-Assp-spam: YES X-SMSMSE-SCL: 9 X-Assp-spam-Reason: Has spam address X-Intended-For: jos[at]nopourriel.fr is it more clear explain like that ? The goal of my step is to report automatically the majority of the spam received on my mail server, and report the most complex one manually. Regards Link to comment Share on other sites More sharing options...
Farelf Posted November 12, 2006 Share Posted November 12, 2006 When I take the complet header and try to report it thru the web form I got this: http://www.spamcop.net/sc?id=z1133688888z8...4c162e6ac43489z Which explain the trouble (I think). It shows the problem but doesn't explain it. The original spam (a familiar "Hoodia" spam) should parse like - http://www.spamcop.net/sc?id=z1133772188zf...f6ef5d178037efz In your "past reports" do you have this already parsed correctly? There should be no way you would see those "extra" lines as in your example. Link to comment Share on other sites More sharing options...
drworld Posted November 12, 2006 Author Share Posted November 12, 2006 Thanks for your reply, I understand what's wrong in my report now. I gonna investigate to find a way to forward the spam in attachement. Regards Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.