kae Posted January 5, 2007 Share Posted January 5, 2007 I registered a new email/ISP address and when I try to report, I get the "No source IP address found, cannot proceed." message. Here is the full text of what I get: No unique hostname found for source: 86.215.164.164 Possible forgery. Supposed receiving system not associated with any of your mailhosts Will not trust anything beyond this header No source IP address found, cannot proceed. Add/edit your mailhost configuration Finding full email headers Submitting spam via email (may work better) Example: What spam headers should look like Nothing to do. I guess I'm wondering if my ISP has some strange internal handling of email or if they have some kind of chewed up headers that the parser doesn't expect? Here are some links: http://www.spamcop.net/sc?id=z1184521464z0...81b1f0dc3619ebz http://www.spamcop.net/sc?id=z1184524063zd...bcee68fe5c1da1z http://www.spamcop.net/sc?id=z1184523875zf...f140b2397a45b0z http://www.spamcop.net/sc?id=z1184523553z5...f912967b215bcfz http://www.spamcop.net/sc?id=z1184522841z1...71bd2b55e8f881z http://www.spamcop.net/sc?id=z1184522649z1...0b853ffd4c043cz http://www.spamcop.net/sc?id=z1184522420ze...e3f414544ddf2cz From what I've looked at in the headers, there is a Received line that has very little information between the sending system Received line and the final internal received line (usually a 172. or 10. address). Is this a case where the mailhost needs special handling? Link to comment Share on other sites More sharing options...
StevenUnderwood Posted January 5, 2007 Share Posted January 5, 2007 registered a new email/ISP address and when I try to report, I get the "No source IP address found, cannot proceed." message. ... From what I've looked at in the headers, there is a Received line that has very little information between the sending system Received line and the final internal received line (usually a 172. or 10. address). Is this a case where the mailhost needs special handling? Is mta2.egix.net or egix.net in your mailhost configuration? If not, you need to complete the configuration (did you get the confirmation that it was complete?) of follow the directions in the pinned thread in the Mailhost configuration forum where I am moving this. Link to comment Share on other sites More sharing options...
kae Posted January 5, 2007 Author Share Posted January 5, 2007 Is mta2.egix.net or egix.net in your mailhost configuration? If not, you need to complete the configuration (did you get the confirmation that it was complete?) of follow the directions in the pinned thread in the Mailhost configuration forum where I am moving this. Thanks for moving this to the right place. mta2.egix.net and egix.net is in my mailhost configuration and I completed the configuration for both MX records (two emails). The host is in my mailhosts list and it looks complete. I looked at the SpamCop mailhost registration headers and those headers look the same (weird). It appears that this ISP (eGIX.net) removes all headers that are specific to them (ie. none of the mailhost host names or IP addresses appear in any email from this ISP). All this ISPs hosts/domain addresses and their Relaying IP addresses appear to be removed from all email headers before they get passed on to me. I guess that's one way to not get your IP addresses reported hmm. Will spamcop work with all those headers gone? Is this something that is known or is it something I should send to the deputies for special handling? Link to comment Share on other sites More sharing options...
Wazoo Posted January 5, 2007 Share Posted January 5, 2007 I only looked at the first offered Tracking URL, figured that was enough ... Going thought the Received lnes, working from the bottom ... Received: from 12.14.64.130 (HELO mail.hammondmap.com) by egix.net with esmtp (1,>(6MF2* V47**) id 7OV42H-S76)V5-5[at] for x; Thu, 4 Jan 2007 19:19:22 -0060 very, very bad cnstruct, easy assumption is that it is totally bogus Received: from aamiens-157-1-141-164.w86-215.abo.wanadoo.fr ([86.215.164.164]) by mta2.egix.net with esmtp (Exim 4.43) id 1H2Y7P-0002pl-Jz for x; Thu, 04 Jan 2007 14:19:16 -0500 This would appear to be the "real" incoming connection, typical wannado spew source, received by mta2.egix server Received: from atmail by mta2.egix.net with spam-scanned (Exim 4.43) id 1H2Y7Q-0002qu-ET for x; Thu, 04 Jan 2007 14:19:17 -0500 This one really makes little sense from this side of the screen ... assumption is that the 'atmail' server may be something internal to your ISP's network, but ...??? Received: from mta2.egix.net (mta2 [172.16.1.22]) by sfv480.egix.net (Postfix) with ESMTP id 85671108853 for <x>; Thu, 4 Jan 2007 14:19:17 -0500 (EST) Issue 1: how did the e-mail jump from the 'atmail' server to the 'sfv480.egix' server? No one here can answer that one. Issue 2: the IP address involved in that data line .... Ouch! 172.16.0.0/12 - RFC 1918 private network Therefore, not considered 'routable' ..... As per the Pinned items in this Forum Section, my attempted/aborted/updated/ignored MailHost Configuration Issues FAQ .... the only possible recourse is to talk to the Deputies .... it may be posible for them to hand massage the database for this wonky set-up, but .... I can't speak for them or this scenario. Link to comment Share on other sites More sharing options...
kae Posted January 5, 2007 Author Share Posted January 5, 2007 I only looked at the first offered Tracking URL, figured that was enough ... You're right, they all look about the same so looking at one is pretty much enough. I've looked at about 20 different legit and spam emails from this ISP and the header munging is all the same. None of the headers (legit or spam) contain any routable IP address. All the headers from hosts external to the ISP seem to be left intact, but the hosts and IP addresses of any internal ISP host is either removed from the Received headers or the entire Received header is removed except for the last non-routable 172 or 10 IP addresses. I did read the post by ellen, but I hate to email the deputies because any problem I usually have isn't unique, but I guess this is "deputy worthy" so I'll send an email to them and see what they say. I wonder if this ISP just removes all their IP addresse so that no one will report them. I guess that's one way to make sure no one reports you for spamming. I wonder if that means that none of the spam that comes through this ISP is reportable (since they are munging the headers.) I guess I'll see what the deputies say. Thanks for looking at it! Link to comment Share on other sites More sharing options...
StevenUnderwood Posted January 5, 2007 Share Posted January 5, 2007 I guess I'll see what the deputies say. Thanks for looking at it! If you could post back anything "postable" that may help the next person looking for the same data. Link to comment Share on other sites More sharing options...
SpamCopAdmin Posted January 5, 2007 Share Posted January 5, 2007 I guess I'm wondering if my ISP has some strange internal handling of email or if they have some kind of chewed up headers that the parser doesn't expect?Not to worry, there is nothing wrong with your setup or headers. There was a database problem on our end that prevented the parse from seeing your Mailhost info, and that caused the parse to fail. Sorry for all the trouble. It's fixed now. - Don D'Minion - SpamCop Admin - Link to comment Share on other sites More sharing options...
StevenUnderwood Posted January 5, 2007 Share Posted January 5, 2007 Not to worry, there is nothing wrong with your setup or headers. There was a database problem on our end that prevented the parse from seeing your Mailhost info, and that caused the parse to fail. Sorry for all the trouble. It's fixed now. Thanks for the update, Don. Link to comment Share on other sites More sharing options...
Eisenbart Posted September 13, 2008 Share Posted September 13, 2008 I keep getting the same message quite often, without any indication as to what the cause of the problem is. That makes it very hard for me to verify whether it has to do with mailhost configuration, as an example, because SpamCop does not even tell which email the error refers to. Here are some links: http://www.spamcop.net/sc?id=z2241645920z8...3ea244753948d0z http://www.spamcop.net/sc?id=z2242576901z8...7971bb15e67499z http://www.spamcop.net/sc?id=z2242576909z9...d7ea42fa43dfefz http://www.spamcop.net/sc?id=z2242576912zc...12a7e1ba66ab07z http://www.spamcop.net/sc?id=z2242576920z6...62ac2e34e8452bz http://www.spamcop.net/sc?id=z2242576922z2...28957eda848ff6z http://www.spamcop.net/sc?id=z2242576924z4...fe095c6d1505bcz http://www.spamcop.net/sc?id=z2242576928z7...d9db22fd898a9cz http://www.spamcop.net/sc?id=z2242576931zc...71339578a62faaz http://www.spamcop.net/sc?id=z2242578142z9...93c2370f5410f8z http://www.spamcop.net/sc?id=z2242578643z9...08050a8e9752a0z http://www.spamcop.net/sc?id=z2242578851ze...beea6c8b5502e8z http://www.spamcop.net/sc?id=z2242580993z7...6ddd6606f5f899z Link to comment Share on other sites More sharing options...
StevenUnderwood Posted September 13, 2008 Share Posted September 13, 2008 I keep getting the same message quite often, without any indication as to what the cause of the problem is. That makes it very hard for me to verify whether it has to do with mailhost configuration, as an example, because SpamCop does not even tell which email the error refers to. For every link except the first one it is telling you exactly what the "cause of the problem is": 0: Received: from 5ac5183b.bb.sky.com (HELO 5ac5183b.bb.sky.com) (90.197.24.59) by server282-han (qpsmtpd/0.43rc1) with ESMTP; Fri, 12 Sep 2008 19:52:29 +0200 Hostname verified: 5ac5183b.bb.sky.com Possible forgery. [color="#FF0000"]Supposed receiving system not associated with any of your mailhosts[/color] Will not trust anything beyond this header No source IP address found, cannot proceed. Add/edit your mailhost configuration Finding full email headers Submitting spam via email (may work better) Example: What spam headers should look like Nothing to do. Every one of them was received by "server282-ham" which evidentally is not in your mailhost configuration. Either you have not configured mailhosts for EVERY email address you are reporting spam from OR your mail provider has recently changed their server configuration or added servers to their setup that are not currently in your configuration. THe next step depends on which case it is. Those headers also do not seem to be configured properly (as you can see if you follow the link on that page stating: Example: What spam headers should look like I would expect your headers to look like: Received: from 5ac5183b.bb.sky.com (5ac5183b.bb.sky.com [90.197.24.59]) by server282-han.<domain>.<tld> (qpsmtpd/0.43rc1) with ESMTP; Fri, 12 Sep 2008 19:52:29 +0200 Link to comment Share on other sites More sharing options...
Eisenbart Posted September 13, 2008 Share Posted September 13, 2008 For every link except the first one it is telling you exactly what the "cause of the problem is": Where did you get that information? When I click on the last link for, example, you can see what I am getting on the following screenshot: http://img329.imageshack.us/img329/6891/tempyl2.gif So how come you see all these details while I don't? [moderator edit - no images here thanks, converted to link, answering query in my next post] Another later edit: no reason to quote the entire previous post in the response Link to comment Share on other sites More sharing options...
Eisenbart Posted September 13, 2008 Share Posted September 13, 2008 I just reconfigured my mail hosts and found out that our ISP had indeed changed their servers. I guess everything works alright again now. Might have been easier to find out though if SpamCop had been more explicit on the cause of the problem. I am still wondering where you can see that information, as all I got was what you can see on the screenshot in my previous post. But thanks anyway! Link to comment Share on other sites More sharing options...
Farelf Posted September 14, 2008 Share Posted September 14, 2008 Where did you get that information? When I click on the last link for, example, you can see what I am getting on the following screenshot: http://img329.imageshack.us/img329/6891/tempyl2.gif So how come you see all these details while I don't? You need to turn on "Show technical details", a checkbox under the paste-in box on your members's page and an option under your "Preferences" tab from that page (for email submissions) - "Report Handling Options" link - "Show Technical Details during reporting" item - select the "Show technical data" radio button. Link to comment Share on other sites More sharing options...
Eisenbart Posted September 14, 2008 Share Posted September 14, 2008 Ah, I see! :-) Good to know, thank you! :-) Link to comment Share on other sites More sharing options...
arky65 Posted March 9, 2011 Share Posted March 9, 2011 http://www.spamcop.net/sc?id=z4931454854z7...126b03cbfe4a89z No source IP address found, cannot proceed. Link to comment Share on other sites More sharing options...
Farelf Posted March 9, 2011 Share Posted March 9, 2011 Perhaps something amiss with your mailhosting? Parses okay without mailhosts: http://www.spamcop.net/sc?id=z4931539230z5...9eed70f1c60517z Is that really spam? Are you getting this sort of thing often? Anyway, you might try redoing your hosts (the tab on your user page). Sometimes it takes a tweak from Don or a deputy to get things right - service[at]admin.spamcop.net Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.