Jump to content

spam will not parse


bernice
 Share

Recommended Posts

Recently I have found Spamcop returns the message:

"No source IP address found, cannot proceed."

with monotonous frequency.

I know this is not caused by my email client (I have used the same one for 10 or more years now) and suspect the dirty spamming scumbags have altered the faked headers to cause this.

any suggestions?

Link to comment
Share on other sites

The problem doesn't necessarily have to be on the client side. Some ISPs have been known to insert carriage returns in places they don't belong and cause parsing errors. It is possible that your ISP has recently made internal changes to their mail handling that you are not aware of. In either case, we will need to see a tracking URL or two for messages that you are having trouble parsing.

Link to comment
Share on other sites

As ever, you'll need to provide a tracking URL so we can take a look at an offending message.

There's a FAQ entry on this: http://forum.spamcop.net/forums/index.php?showtopic=4498

Well the FAQ made almost no sense to me whatsoever but I havw reported another on just now and a tracking URL was shown on the faled report as:

http://www.spamcop.net/sc?id=z1599647758z0...6d0758d600eea4z

Although it does not appear to give access to anything useful.

Still baffled ?

Link to comment
Share on other sites

...Although it does not appear to give access to anything useful.

Still baffled ?

Most everything baffles me Bernice. Anyways, I think what it should have looked like on a properly configured set up would be:

http://www.spamcop.net/sc?id=z1599696350zf...3f40e4cedc8706z

Meaning that the top "Received:" line is broken on the unmodified example you provided. Or maybe you need mailhosts configured.

Now, that will be starting to look familiar to some of the people here (qmail, "No source IP address found, cannot proceed.") who will hopefully step up next with some suggestions. It does seem indeed, as Will suggested, an ISP thing if you changed nothing but maybe it can be worked around at your end now that there is a problem.

Link to comment
Share on other sites

Still baffled ?

I'm always baffled by most everything :)

Bernice, are you submitting by Email attachment or do you post the message into the SpamCop web reorting page?

If you are able to try by whichever process you aren't normally using that might give some clues - at least if one works and the other doesn't.

Andrew

Link to comment
Share on other sites

Well the FAQ made almost no sense to me

Please explain .. what FAQ? What section? What paragragh? What was before and still is confusing? The point is, how can it be fixed that would have cleared things up for you?

whatsoever but I havw reported another on just now and a tracking URL was shown on the faled report as:

http://www.spamcop.net/sc?id=z1599647758z0...6d0758d600eea4z

Although it does not appear to give access to anything useful.

The baffled part for me boils down to what happened to the headers of this e-mail .... was it edited, was it actually generated this way by an ISP ....????? The problem line is the only Received: line with any data, and the problem is that there isn't enough proper data in that line .....

Received: from 10-153-21-190.adsl.terra.cl (190.21.153.10) by with SMTP; Mon, 07 Jan 2008 03:44:59 +0000

All this basically says is that some alleged e-mail was allegedly received from a system at 189.121.153.0 .. but .... received by whom? The missing data would normally be identifying your ISP's/Host's incoming e-mail server. There is a lot of existing discussion available about some issues with a mis-configurred server using "received by 0" in that spot .... this is the first complaint of a system using "received by " ....

I'd suggest that your ISP/Host needs to be notified so as to fix this server ..... but that's just me ....

Link to comment
Share on other sites

Please explain .. what FAQ? What section? What paragragh? What was before and still is confusing? The point is, how can it be fixed that would have cleared things up for you?

Hi Wazoo,

I think Bernice was referring to the FAQ item in the link I replied to regarding providing tracking URLs in the post above.

Andrew

Link to comment
Share on other sites

I think Bernice was referring to the FAQ item in the link I replied to regarding providing tracking URLs in the post above.

But that just pushes my point a bit further. JeffG and I worked through that FAQ entry a number of times. It is a step-by-step procedure. If it is not understandable then someone needs to point out just where the problem is so it can be fixed.

Link to comment
Share on other sites

But that just pushes my point a bit further. JeffG and I worked through that FAQ entry a number of times. It is a step-by-step procedure. If it is not understandable then someone needs to point out just where the problem is so it can be fixed.
Only possible thing I saw was maybe spell it out that you need to be logged in to members.spamcop.net - many people submit by email, follow the acceptance email links, so references like "Login to your reporting site" are possibly just a step too far away from their experience. Bernice, was that the stumbling block?
Link to comment
Share on other sites

Please explain .. what FAQ? What section? What paragragh? What was before and still is confusing? The point is, how can it be fixed that would have cleared things up for you?

The problem being is that the failed report does not contain anything except the report ID number and hence looks nothing like the example in the FAQ.

2ndly I am easily confused trying to follow sets of sequential instructions I need to have a model of what I am trying to achieve to understand what I am doing. That's not your fault!

Bernice, are you submitting by Email attachment or do you post the message into the SpamCop web reorting page?

If you are able to try by whichever process you aren't normally using that might give some clues - at least if one works and the other doesn't.

I have tried bouncing my email to spamcop (this has always worked in the past)(bounce function just sends the entire email with headers forward) and pasting the entire email source into the spamcop web form (this also has always worked in the past).

Link to comment
Share on other sites

Thanks for replying. However, ..... nothing said about my posted data that pointed to the problem and suggested actions ..????

The problem being is that the failed report does not contain anything except the report ID number and hence looks nothing like the example in the FAQ.

And the magic word in that description would be failed .... there would be nothing "to the right" of the ReportID number as there were no reports sent out. However, the FAQ would still stand, as the Report-ID could still be used to retrieve the Tracking URL.

I have tried bouncing my email to spamcop (this has always worked in the past)(bounce function just sends the entire email with headers forward) and pasting the entire email source into the spamcop web form (this also has always worked in the past).

I'm not sure I even want to ask/know just what tools you are using to do what you describe. In my mind, you are describing an ancient sequence of events used by a Web-TV unit/user in order to get a set of full-headers. But I haven't seen this discussed in a number of years.

Again, the sample you provided exhibits a large problem with missing data in the only header line that would have contained enough 'stuff' for the parser to have a chance at working. Have you asked your ISP/E-mail Host about this problem yet? (Or possibly pointed their tech-support folks to this Discussion?)

Link to comment
Share on other sites

The problem being is that the failed report does not contain anything except the report ID number and hence looks nothing like the example in the FAQ.

2ndly I am easily confused trying to follow sets of sequential instructions I need to have a model of what I am trying to achieve to understand what I am doing. That's not your fault!

Aha! A good example of why people can't find what they want in the FAQ! It's not from a lack of trying or from 'not trying very hard' - it's a 'learning style' problem. That's why the few who ask questions should be given the benefit of doubt until it is obvious that they are just trying to get someone else to work for them.

If you are not seeing anything besides the Tracking URL, then possibly you don't have 'Show details' turned on. I don't think that's the exact phrase, but I don't have time to go look.

I have tried bouncing my email to spamcop (this has always worked in the past)(bounce function just sends the entire email with headers forward) and pasting the entire email source into the spamcop web form (this also has always worked in the past).

Perhaps because of the way your ISP has reconfigured, the 'bounce' function doesn't work anymore. If you tell us what email client you are using, perhaps we can 'model' the way that you should be forwarding (as attachment) the headers. (It's important when troubleshooting in a forum like this to use the proper terms so that everyone is talking about the same function.) How do you get the headers to paste into the web form?

Miss Betsy

Link to comment
Share on other sites

<snip>

If you are not seeing anything besides the Tracking URL, then possibly you don't have 'Show details' turned on. I don't think that's the exact phrase, but I don't have time to go look.

<snip>

...IIUC, it's "Show technical details." Risking the ire of those already in the know: you "turn it on" by placing a "check" in the checkbox that precedes the text by clicking the box (if the checkbox doesn't already have a check mark).
Link to comment
Share on other sites

...IIUC, it's "Show technical details." Risking the ire of those already in the know: you "turn it on" by placing a "check" in the checkbox that precedes the text by clicking the box (if the checkbox doesn't already have a check mark).

Or as a checkbox under Preferences when logged into your www.spamcop.net web-page ...

However, there is some confusion here, I believe ... the actual commentary about "not seeing something" was in reference to looking at her Report History which listed only a Report-ID .. nothing included as per 'normal' on that same line, normally including the IP address of target of the report, some descriptive text, etc. The FAQ item pointed to and the resullting commentary were about how to turn that Report-ID into a Tracking URL.

Link to comment
Share on other sites

The baffled part for me boils down to what happened to the headers of this e-mail .... was it edited, was it actually generated this way by an ISP ....????? The problem line is the only Received: line with any data, and the problem is that there isn't enough proper data in that line .....

Received: from 10-153-21-190.adsl.terra.cl (190.21.153.10) by with SMTP; Mon, 07 Jan 2008 03:44:59 +0000

All this basically says is that some alleged e-mail was allegedly received from a system at 189.121.153.0 .. but .... received by whom? The missing data would normally be identifying your ISP's/Host's incoming e-mail server. There is a lot of existing discussion available about some issues with a mis-configurred server using "received by 0" in that spot .... this is the first complaint of a system using "received by " ....

I'd suggest that your ISP/Host needs to be notified so as to fix this server ..... but that's just me ....

This seems quite likely.

I am emailing my POP3 provider for there comment

I am like very busy and can only find the odd couple of minuets now and then to resolve this issue and I know it is nothing to do with my client configuration at all.

Link to comment
Share on other sites

Recently I have found Spamcop returns the message:

"No source IP address found, cannot proceed."

with monotonous frequency.

I know this is not caused by my email client (I have used the same one for 10 or more years now) and suspect the dirty spamming scumbags have altered the faked headers to cause this.

any suggestions?

Interestingly enough:

http://www.spamcop.net/sc?id=z1602776387zd...f114f541315fdbz

Will not parse

but the previous spam:

http://www.spamcop.net/sc?id=z1602774515zc...4cbad6b957bdbdz

Does?

Link to comment
Share on other sites

The first spam is being sent directly to your providers server where the issue already discussed (by with SMTP;) breaks the parse. Since there are no headers it can trust, SpamCop does not know what to do with this message and gives up.

The second message went through 2 servers before hitting your providers. SpamCop found headers to work with and found a reportable address. That does NOT mean it will always find the correct address, because it is possible a well crafted forged header at that entry wouild get reported as the source. This sample does seem to be "trustable" to my eyes.

It looks to me like the netbenefits.co.uk server is part of your Mailhosts because of this line in the working parse:

Easily received mail from sending system 63.169.210.238

I suspect any message that travels that route will be reportable. Messages not following that path will fail the parse.

Link to comment
Share on other sites

On one hand, I'll agree .. interesting. The flip side of that is that no one involved with the code actually provides any answers to anyone here .. and the best glimmer of any explanation passed has been described as 'gobbeldygook' by one of the paid-staff that does receive 'engineering reports' from the folks involved with maintaining the codebase. So not much value in getting all that interested from this side of the screen.

That said, the primary issue remains as a problem with the server that you are actually picking up your e-mail from .... now compounded by seeing that you have MailHost Configured your Reporting Account

As noted by StevenU, both e-mail headers contain the same broken Received; header line. However, your 'successfully parsed' example has been 'specially' treated by going down the MailHost Configured portion/branch of the parsing code. Compare your Tracking URL parse results to that of a non-MailHost Configured account at http://www.spamcop.net/sc?id=z1603197633z3...dbc38b3903a402z (again, Full Technical Details turned on to see all this stuff)

For the future (after the 90 days aging off) the following is the 'seen' difference.

Headers;

Received: (qmail 12751 invoked by uid 89); 9 Jan 2008 15:50:22 -0000
Received: from coumta05.netbenefit.co.uk (212.53.64.11)
	by  with SMTP; Wed, 09 Jan 2008 15:50:22 +0000
Received: from stjohnks.net ([63.169.210.238]:57100 helo=server.stjohnks.net)
	by coumta05.netbenefit.co.uk with esmtp (NBT 4.61 23)
	id 1JCdCA-0004JC-09
	for x; Wed, 09 Jan 2008 15:50:22 +0000
Received: from root by server.stjohnks.net with local (Exim 4.50)
	id 1JCCwn-0002AG-2N
	for x; Tue, 08 Jan 2008 05:48:45 -0600

MailHost Configured, multiple Received: lines;

Parsing header:0: Received: from stjohnks.net ([63.169.210.238]:57100 helo=server.stjohnks.net) by coumta05.netbenefit.co.uk with esmtp (NBT 4.61 23) id 1JCdCA-0004JC-09 for x; Wed, 09 Jan 2008 15:50:22 +0000

Hostname verified: stjohnks.net

Easily received mail from sending system 63.169.210.238

Tracking message source: 63.169.210.238:

non-MailHost Configured account, multiple Received: lines;

Parsing header:

Received:  (qmail 12751 invoked by uid 89); 9 Jan 2008 15:50:22 -0000
Removed 'by' from uid
Received:  (qmail 12751 invoked (uid 89)); 9 Jan 2008 15:50:22 -0000
no from
[color=#FF9966]Ignored[/color]
Received:  from coumta05.netbenefit.co.uk (212.53.64.11) by with SMTP; Wed, 09 Jan 2008 15:50:22 +0000
[color=#FF9900]Invalid "received by"[/color]

Received:  from stjohnks.net ([63.169.210.238]:57100 helo=server.stjohnks.net) by coumta05.netbenefit.co.uk with esmtp (NBT 4.61 23) id 1JCdCA-0004JC-09 for x; Wed, 09 Jan 2008 15:50:22 +0000
63.169.210.238 found
host 63.169.210.238 = stjohnks.net. (cached)
stjohnks.net. is 63.169.210.238
Possible spammer: 63.169.210.238
Received line accepted

Received:  from root by server.stjohnks.net with local (Exim 4.50) id 1JCCwn-0002AG-2N for x; Tue, 08 Jan 2008 05:48:45 -0600
[color=#FF6600]Ignored[/color]Tracking message source: 63.169.210.238:

And as a repeat of previous example;

MailHost configured, single (broken) Received: line;

Received: (qmail 568 invoked by uid 89); 9 Jan 2008 18:38:09 -0000
Received: from 60.pool85-56-140.dynamic.orange.es (HELO saray62bbc2320) (85.56.140.60)
	by  with SMTP; Wed, 09 Jan 2008 18:38:09 +0000
Message-ID: ceb7______________________a8c0[at]saray62bbc2320

Parsing header:

No source IP address found, cannot proceed.

Not only are we looking at another example of some minor issues with the differences involved with the MailHost Configured and non-MailHost Configured Parsing routines, but this has definitely also pointed out that the lack of 'diagnostic' output in the parse results is a bit of a major issue.

On the other hand, this doesn't actually feed into your reporting problem. This is definitly an issue with your ISP/Hosting service and their e-mail server. There just isn't any way to get around that.

Link to comment
Share on other sites

From: "Wazoo"

To: "SpamCop Deputies"

Subject: MailHost Configured Parse result output/problems

Date: Wed, 9 Jan 2008 22:50:31 -0600

Perhaps, call this a Bug Report, a Feature Request, at least a

heads-up to a user-confusion issue ...????

http://forum.spamcop.net/forums/index.php?showtopic=9057

MailHost Configured Reporting Account Tracking URLs provided;

http://www.spamcop.net/sc?id=z1602776387zd...f114f541315fdbz

http://www.spamcop.net/sc?id=z1602774515zc...4cbad6b957bdbdz

non-MailHost Configured comparison Parse;

http://www.spamcop.net/sc?id=z1603197633z3...dbc38b3903a402z

Primary Issue: Broken Received: line in headers ... ISP/Host doesn't

have the receiving system identifying itself.

Secondary Issue: MailHost Configured Reporting Account parse

contains no 'diagnostic' output to show what's happening, what the

parser was unhappy with, what went wrong, what and why a certain

decision was made.

Third Issue: yet another glaring example of the major differences in

the parser handling/codebase between the MailHost Configured and the

non-MailHost Configured Report code-branches that isn't described

anywhere.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...