motiv8d Posted February 26, 2007 Share Posted February 26, 2007 Since configuring mail hosts all spam seems to be unreportable. As such I must have done something incorrectly when configuring but cannot see what. Could someone please advise? I have a domian (call it mydomain.loc - real domain name withheld) and subdomain mymail.mydomain.loc test.mydomain.loc for which reporting seemed to be working fine before adding mail hosts. The above domain and subdomains resolve to same ip (say 111.111.111.111) (main domain name is rdns for the ip). There is a backup mail server at an entirely separate domain and ip (say 222.222.222.222) (backupdomain.loc - real name withheld). I also have an individual email account at the backup domain forwarded to an address at mydomain.loc eg: myname[at]backupdomain.loc. I have added the mailhosts in the order below (address - standard name) and confirmed emails for both mail and backup mail servers. 1) address[at]mydomian.loc - mydomain.loc 2) address[at]mymail.mydomain.loc - mymail.mydomain.loc 3) address[at]test.mydomain.loc - test.mydomain.loc 4) myname[at]backupdomain.loc - backupdomain.loc After confirming the configuration emails for these I have in my mailhosts: Hosts/domains: 1) mine. [name of my assp server] 2) mail.backupdomain.loc [external dns name of backup mail server] Relaying ips: 1) 111.111.111.111 2) 222.222.222.222 In the "delete host" dropdown there is only myname[at]backupdomain.loc I have included a sample of the spamcop report that is unreportable below [spamCop.net - protecting the internet through technology] Help | Site Map | Text size: - + xxxxxxxx Report spam Mailhosts Statistics Past Reports Preferences SpamCop v 630 Copyright © 1998-2006, IronPort Systems, Inc. All rights reserved. Here is your TRACKING URL - it may be saved for future reference: http://www.spamcop.net/sc?id=xxxxxxxx Skip to Reports Return-Path: <belf[at]jazzmebluesmusic.com> Received: from eleventhirtytwo.wbb.net.cable.rogers.com ([127.0.0.1]) by mail.mydomain.loc with hMailServer ; Mon, 26 Feb 2007 12:07:49 +0900 Received: from 74.210.6.8 ([74.210.6.8] helo=eleventhirtytwo.wbb.net.cable.rogers.com) by MINE.; 26 Feb 2007 12:07:29 +0900 Received: from cpbse ([195.219.87.130]) by eleventhirtytwo.wbb.net.cable.rogers.com (8.13.4/8.13.4) with SMTP id l1Q3BrB3067036; Sun, 25 Feb 2007 20:11:53 -0700 Message-ID: <0019______________________dbc3[at]cpbse> From: "Kimball" <belf[at]jazzmebluesmusic.com> To: <x> Subject: parking brake unclear Date: Sun, 25 Feb 2007 20:04:02 -0700 MIME-Version: 1.0 Content-Type: multipart/related; type="multipart/alternative"; boundary="----=_NextPart_000_0015_01C75918.981A5C20" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 X-Assp-Delay: delayed for 15m 4s; 26 Feb 2007 12:07:31 +0900 X-Assp-Received-SPF: pass (MINE.: local policy includes SPF record at spf.trusted-forwarder.org) client-ip=74.210.6.8; envelope-from=belf[at]jazzmebluesmusic.com; helo=eleventhirtytwo.wbb.net.cable.rogers.com; X-Assp-Received-RBL: pass (MINE.: local policy) rbl=none; client-ip=74.210.6.8; X-Assp-Bayes-Confidence: 0.00000 X-Assp-spam-Prob: 0.00000 X-Assp-Envelope-From: belf[at]jazzmebluesmusic.com X-Assp-Intended-For: x View entire message Parsing header: 0: Received: from 74.210.6.8 ([74.210.6.8] helo=eleventhirtytwo.wbb.net.cable.rogers.com) by MINE.; 26 Feb 2007 12:07:29 +0900 Hostname verified: eleventhirtytwo.wbb.net.cable.rogers.com Possible forgery. Supposed receiving system not associated with any of your mailhosts Will not trust anything beyond this header No source IP address found, cannot proceed. Thanks and regards Link to comment Share on other sites More sharing options...
StevenUnderwood Posted February 26, 2007 Share Posted February 26, 2007 Since configuring mail hosts all spam seems to be unreportable. As such I must have done something incorrectly when configuring but cannot see what. Could someone please advise? You have munged quite a bit that helping might not be completely possible. Using the data you DID supply: Is your server, defined in the error line by "MINE" specifically listed in your mailhost list? That is the receiving server being talked about. The only thing you should have included is the unmodified tracking URL. Link to comment Share on other sites More sharing options...
Farelf Posted February 26, 2007 Share Posted February 26, 2007 I can't see where it has gone wrong. When someone who knows this stuff comes along, here is the tracking URL for that data parsed without mailhosts: http://www.spamcop.net/sc?id=z1236872688z2...6abd9a9aa6dcf4z Link to comment Share on other sites More sharing options...
motiv8d Posted February 27, 2007 Author Share Posted February 27, 2007 You have munged quite a bit that helping might not be completely possible. Using the data you DID supply: Is your server, defined in the error line by "MINE" specifically listed in your mailhost list? That is the receiving server being talked about. The only thing you should have included is the unmodified tracking URL. Hi Steven The specific things munged were: 1) the domain (mydomain.loc) 2) backup domain (backupdomain.loc) 3) domain external IP (111.111.111.111) 4) backup domain external IP (222.222.222.222) and 5) spamcop user - xxxxxxxx. They have been munged consistently throughout the copy. The server defined by the error line "MINE." is listed in the dropdown for Hosts/domain under the mail hostname "mydomain.loc" as "MINE." (the MINE is not munged, it is the identifier used for my ASSP server). Under the same dropdown is also the backup mail server "mail.backupdomain.loc". Within the same section the dropdown for Relaying IPs shows both the external ip for mydomain.loc and also the external ip for backupdomain.loc (munged as 111.111.111.111 and 222.222.222.222 respectively). Thanks Link to comment Share on other sites More sharing options...
motiv8d Posted February 27, 2007 Author Share Posted February 27, 2007 I have a single external IP and single mail server but hosting several domains. The mail server dns entry is different also for each domain also. An example of the structure is below (real names not used) : Domain: mydomain.loc Mail server in DNS: mail.mydomain.loc Resolving IP: 111.111.111.111 (rdns PTR of this is mail.mydomain.loc) Domain. sub1.mydomain.loc Mail server in DNS: mail.sub1.mydomain.loc Resolving IP: 111.111.111.111 (rdns PTR of this is mail.mydomain.loc) Domain. sub2.mydomain.loc Mail server in DNS: mail.sub2.mydomain.loc Resolving IP: 111.111.111.111 (rdns PTR of this is mail.mydomain.loc) There is a backup mail server used for all of the above. Domain. backupdomain.loc Mail server in DNS: mail.backupdomain.loc Resolving IP: 222.222.222.222 (rdns PTR of this is mail.backupdomain.loc) I cannot work out what I should be using for mailhosts. Is just doing the entry for the first domain "mydomain.loc" enough? Also I use ASSP and it has a field for "My Name" (usually set to "ASSP.nospam"). If I use this name I get several extra IP's listed in my mailhosts that have nothing to do with me. What should I be setting this name to? mail.mydomain.loc? Thanks UPDATE: I have changed the ASSP name as "mail.mydomain.loc" (real domain used of course) and put all mailhosts via the following order: reportspam[at]mydomain.loc - standardname: mydomain.loc reportspam[at]sub1.mydomain.loc - standardname: sub1.mydomain.loc reportspam[at]sub2.mydomain.loc - standardname: sub2.mydomain.loc It is now allowing me to report spam and 'seems' correct, however, now the headers that are being reported include my actual domain and mail server name, Does that pose any problem with creating additional spam by providing the spammer with this information in the spam report? Also some of the host/domain and relaying ip dropdowns are now empty. Although it seems to be working does this sound like a problem? Link to comment Share on other sites More sharing options...
Miss Betsy Posted February 27, 2007 Share Posted February 27, 2007 It is now allowing me to report spam and 'seems' correct, however, now the headers that are being reported include my actual domain and mail server name, Does that pose any problem with creating additional spam by providing the spammer with this information in the spam report? The consensus seems to be that it is a washout - some spammers will listwash you and that spam will be reduced; some spammers seem to add those addresses to their lists. And the actual volume of spam you get is about the same, though it flucuates for unknown reasons (there is a holiday in the spammer's country?). There are people who do not like to give the spammers this information, but they cannot use spamcop to send reports. They can use spamcop to find the correct abuse address to report manually (on their own with heavy munging) or spamcop email to filter spam out. Once a person starts to get spam the only recourse is to filter; there is no way to stop it. In many people's opinion, the volume of spam doesn't matter since email has to be filtered. In fact, the more spam you can report, the better it is for everyone. OTOH, there are enough reporters that, if reporting becomes a burden, only a portion needs to be submitted. Although there are some instances of whitehat ISPs getting reports and acting on them (mistakes do happen), most of the benefit of reporting is to feed the blocklist which is used to filter (or block, by some). Miss Betsy Link to comment Share on other sites More sharing options...
motiv8d Posted February 28, 2007 Author Share Posted February 28, 2007 Thanks Miss Betsy I will continue to use, even a little more spam is acceptable if it will help shutdown some of the spamming &%*&^&'s. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.