Enrico_C Posted April 2, 2004 Share Posted April 2, 2004 Three little WHYs 1) Why does Spamcop also scan the 192 IP range? For instance X-SpamCop-Checked: 192.168.1.101 2) Why doesn't SpamCop add an IP of its own to the first [last from the bottom] Received in the emails I get by POP3? For instance Received: (qmail 14190 invoked from network); 2 Apr 2004 10:28:04 -0000 Received: from unknown (192.168.1.101) by blade1.cesmail.net with QMQP; 2 Apr 2004 10:28:04 -0000 Received: from mail4.xxxMYISPxxx.it (xxx.xx.128.78) by mailgate.cesmail.net with SMTP; 2 Apr 2004 10:28:03 -0000 3) Why is there a "from unknown" in the second Received? Thank you! Link to comment Share on other sites More sharing options...
Wazoo Posted April 2, 2004 Share Posted April 2, 2004 1. all IP's in the header are fed to the parser and work is done to resolve them. Thus, each IP checked shows as being looked at in the parser output routine. 2. Take a look at more headers, this is normal. 3. probable network configuration issues within the server farm. Noting that the email was picked up by mailgate.cesmail.net and the next system to handle it was blade1.cesmail.net shows that it was all handled within the cesmail.net network (also indicated by the 192 range IP you first asked about) Link to comment Share on other sites More sharing options...
Enrico_C Posted April 2, 2004 Author Share Posted April 2, 2004 1. all IP's in the header are fed to the parser Ok, that's how it works. But I still wonder why that range of IP addresses are fed to the parser. Shouldn't 192.168.xxx.xxx IPs be skipped? 2. Take a look at more headers, this is normal. Yes, I know, that's normal for Spamcop. But other mail servers add an IP of their own, AFAIK 3. ... configuration issues within the server farm You mean at Spamcop's? Link to comment Share on other sites More sharing options...
Wazoo Posted April 2, 2004 Share Posted April 2, 2004 1. all IP's in the header are fed to the parser Ok, that's how it works. But I still wonder why that range of IP addresses are fed to the parser. Shouldn't 192.168.xxx.xxx IPs be skipped? See answer #3 in my last post, dealing with "breaking the chain test" 2. Take a look at more headers, this is normal. Yes, I know, that's normal for Spamcop. But other mail servers add an IP of their own, AFAIK Let's put it this way, SpamCop doesn't manufacture the headers. The headers are as you supply them. So repeat, look at other headers. 3. ... configuration issues within the server farm You mean at Spamcop's? SpamCop and cesmail.net network go together like Mom and Dad. Link to comment Share on other sites More sharing options...
Jeff G. Posted April 2, 2004 Share Posted April 2, 2004 1. all IP's in the header are fed to the parser Ok, that's how it works. But I still wonder why that range of IP addresses are fed to the parser. Shouldn't 192.168.xxx.xxx IPs be skipped? All RFC1918-compliant IP Addresses, including 192.168.0.0/16, are skipped by the Parser in the SpamCop Parsing and Reporting System. It would probably be less efficient to try to skip them in the SpamCop Email System as well, so the administrators at Corporate Email Services, which runs the SpamCop Email System, appear to have decided to just scan all of the IP Addresses in the "Received" header lines. Is their decision causing a problem for you? 2. Take a look at more headers, this is normal. Yes, I know, that's normal for Spamcop. But other mail servers add an IP of their own, AFAIK This is the doing of software called "qmail" which is running on multiple blade servers at Corporate Email Services. qmail's programmers decided to to document their activities within email headers using nonstandard "Received" header lines - I believe they should have used "X-qmail" header lines instead. You are free to discuss this issue with them using the qmail-help list at list.cr.yp.to or learn more about qmail at a qmail mirror near you from the list here. The Administrators at Corporate Email Services have chosen qmail. The combined decisions of Client Email Administrators, qmail Programmers, Corporate Email Services Administrators, ISP Email Administrators, and Microsoft Exchange Programmers caused me a problem last year when one of my ISPs' mail servers (one that I POP from) started barfing on legit emails that had 14 ("too many" according to Microsoft's defaults) "Received" headers, but I got that ISP's Email Administrators to fix that for me. Are their decisions causing a problem for you? 3. ... configuration issues within the server farm You mean at Spamcop's?The Administrators at Corporate Email Services would need to maintain a fault-tolerant internal-only DNS server (or hosts file entries) for 1.168.192.in-addr.arpa and/or 168.192.in-addr.arpa in order to change that line to read "Received: from mailgate.cesmail.net (192.168.1.101) by blade1.cesmail.net with QMQP; 2 Apr 2004 10:28:04 -0000". They appear to have chosen not to do so at this time. Is their decision causing a problem for you? Please be specific about any such problems. Thanks! Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.