bernice Posted January 4, 2008 Share Posted January 4, 2008 Recently I have found Spamcop returns the message: "No source IP address found, cannot proceed." with monotonous frequency. I know this is not caused by my email client (I have used the same one for 10 or more years now) and suspect the dirty spamming scumbags have altered the faked headers to cause this. any suggestions? Link to comment Share on other sites More sharing options...
agsteele Posted January 4, 2008 Share Posted January 4, 2008 any suggestions? Hi Bernice! As ever, you'll need to provide a tracking URL so we can take a look at an offending message. There's a FAQ entry on this: http://forum.spamcop.net/forums/index.php?showtopic=4498 Andrew Link to comment Share on other sites More sharing options...
Telarin Posted January 4, 2008 Share Posted January 4, 2008 The problem doesn't necessarily have to be on the client side. Some ISPs have been known to insert carriage returns in places they don't belong and cause parsing errors. It is possible that your ISP has recently made internal changes to their mail handling that you are not aware of. In either case, we will need to see a tracking URL or two for messages that you are having trouble parsing. Link to comment Share on other sites More sharing options...
bernice Posted January 7, 2008 Author Share Posted January 7, 2008 As ever, you'll need to provide a tracking URL so we can take a look at an offending message. There's a FAQ entry on this: http://forum.spamcop.net/forums/index.php?showtopic=4498 Well the FAQ made almost no sense to me whatsoever but I havw reported another on just now and a tracking URL was shown on the faled report as: http://www.spamcop.net/sc?id=z1599647758z0...6d0758d600eea4z Although it does not appear to give access to anything useful. Still baffled ? Link to comment Share on other sites More sharing options...
Farelf Posted January 7, 2008 Share Posted January 7, 2008 ...Although it does not appear to give access to anything useful. Still baffled ? Most everything baffles me Bernice. Anyways, I think what it should have looked like on a properly configured set up would be: http://www.spamcop.net/sc?id=z1599696350zf...3f40e4cedc8706z Meaning that the top "Received:" line is broken on the unmodified example you provided. Or maybe you need mailhosts configured. Now, that will be starting to look familiar to some of the people here (qmail, "No source IP address found, cannot proceed.") who will hopefully step up next with some suggestions. It does seem indeed, as Will suggested, an ISP thing if you changed nothing but maybe it can be worked around at your end now that there is a problem. Link to comment Share on other sites More sharing options...
agsteele Posted January 7, 2008 Share Posted January 7, 2008 Still baffled ? I'm always baffled by most everything Bernice, are you submitting by Email attachment or do you post the message into the SpamCop web reorting page? If you are able to try by whichever process you aren't normally using that might give some clues - at least if one works and the other doesn't. Andrew Link to comment Share on other sites More sharing options...
Wazoo Posted January 7, 2008 Share Posted January 7, 2008 Well the FAQ made almost no sense to me Please explain .. what FAQ? What section? What paragragh? What was before and still is confusing? The point is, how can it be fixed that would have cleared things up for you? whatsoever but I havw reported another on just now and a tracking URL was shown on the faled report as: http://www.spamcop.net/sc?id=z1599647758z0...6d0758d600eea4z Although it does not appear to give access to anything useful. The baffled part for me boils down to what happened to the headers of this e-mail .... was it edited, was it actually generated this way by an ISP ....????? The problem line is the only Received: line with any data, and the problem is that there isn't enough proper data in that line ..... Received: from 10-153-21-190.adsl.terra.cl (190.21.153.10) by with SMTP; Mon, 07 Jan 2008 03:44:59 +0000 All this basically says is that some alleged e-mail was allegedly received from a system at 189.121.153.0 .. but .... received by whom? The missing data would normally be identifying your ISP's/Host's incoming e-mail server. There is a lot of existing discussion available about some issues with a mis-configurred server using "received by 0" in that spot .... this is the first complaint of a system using "received by " .... I'd suggest that your ISP/Host needs to be notified so as to fix this server ..... but that's just me .... Link to comment Share on other sites More sharing options...
agsteele Posted January 7, 2008 Share Posted January 7, 2008 Please explain .. what FAQ? What section? What paragragh? What was before and still is confusing? The point is, how can it be fixed that would have cleared things up for you? Hi Wazoo, I think Bernice was referring to the FAQ item in the link I replied to regarding providing tracking URLs in the post above. Andrew Link to comment Share on other sites More sharing options...
Wazoo Posted January 7, 2008 Share Posted January 7, 2008 I think Bernice was referring to the FAQ item in the link I replied to regarding providing tracking URLs in the post above. But that just pushes my point a bit further. JeffG and I worked through that FAQ entry a number of times. It is a step-by-step procedure. If it is not understandable then someone needs to point out just where the problem is so it can be fixed. Link to comment Share on other sites More sharing options...
Farelf Posted January 8, 2008 Share Posted January 8, 2008 But that just pushes my point a bit further. JeffG and I worked through that FAQ entry a number of times. It is a step-by-step procedure. If it is not understandable then someone needs to point out just where the problem is so it can be fixed.Only possible thing I saw was maybe spell it out that you need to be logged in to members.spamcop.net - many people submit by email, follow the acceptance email links, so references like "Login to your reporting site" are possibly just a step too far away from their experience. Bernice, was that the stumbling block? Link to comment Share on other sites More sharing options...
bernice Posted January 8, 2008 Author Share Posted January 8, 2008 Please explain .. what FAQ? What section? What paragragh? What was before and still is confusing? The point is, how can it be fixed that would have cleared things up for you? The problem being is that the failed report does not contain anything except the report ID number and hence looks nothing like the example in the FAQ. 2ndly I am easily confused trying to follow sets of sequential instructions I need to have a model of what I am trying to achieve to understand what I am doing. That's not your fault! Bernice, are you submitting by Email attachment or do you post the message into the SpamCop web reorting page? If you are able to try by whichever process you aren't normally using that might give some clues - at least if one works and the other doesn't. I have tried bouncing my email to spamcop (this has always worked in the past)(bounce function just sends the entire email with headers forward) and pasting the entire email source into the spamcop web form (this also has always worked in the past). Link to comment Share on other sites More sharing options...
Wazoo Posted January 8, 2008 Share Posted January 8, 2008 Thanks for replying. However, ..... nothing said about my posted data that pointed to the problem and suggested actions ..???? The problem being is that the failed report does not contain anything except the report ID number and hence looks nothing like the example in the FAQ. And the magic word in that description would be failed .... there would be nothing "to the right" of the ReportID number as there were no reports sent out. However, the FAQ would still stand, as the Report-ID could still be used to retrieve the Tracking URL. I have tried bouncing my email to spamcop (this has always worked in the past)(bounce function just sends the entire email with headers forward) and pasting the entire email source into the spamcop web form (this also has always worked in the past). I'm not sure I even want to ask/know just what tools you are using to do what you describe. In my mind, you are describing an ancient sequence of events used by a Web-TV unit/user in order to get a set of full-headers. But I haven't seen this discussed in a number of years. Again, the sample you provided exhibits a large problem with missing data in the only header line that would have contained enough 'stuff' for the parser to have a chance at working. Have you asked your ISP/E-mail Host about this problem yet? (Or possibly pointed their tech-support folks to this Discussion?) Link to comment Share on other sites More sharing options...
Miss Betsy Posted January 8, 2008 Share Posted January 8, 2008 The problem being is that the failed report does not contain anything except the report ID number and hence looks nothing like the example in the FAQ. 2ndly I am easily confused trying to follow sets of sequential instructions I need to have a model of what I am trying to achieve to understand what I am doing. That's not your fault! Aha! A good example of why people can't find what they want in the FAQ! It's not from a lack of trying or from 'not trying very hard' - it's a 'learning style' problem. That's why the few who ask questions should be given the benefit of doubt until it is obvious that they are just trying to get someone else to work for them. If you are not seeing anything besides the Tracking URL, then possibly you don't have 'Show details' turned on. I don't think that's the exact phrase, but I don't have time to go look. I have tried bouncing my email to spamcop (this has always worked in the past)(bounce function just sends the entire email with headers forward) and pasting the entire email source into the spamcop web form (this also has always worked in the past). Perhaps because of the way your ISP has reconfigured, the 'bounce' function doesn't work anymore. If you tell us what email client you are using, perhaps we can 'model' the way that you should be forwarding (as attachment) the headers. (It's important when troubleshooting in a forum like this to use the proper terms so that everyone is talking about the same function.) How do you get the headers to paste into the web form? Miss Betsy Link to comment Share on other sites More sharing options...
turetzsr Posted January 9, 2008 Share Posted January 9, 2008 <snip> If you are not seeing anything besides the Tracking URL, then possibly you don't have 'Show details' turned on. I don't think that's the exact phrase, but I don't have time to go look. <snip> ...IIUC, it's "Show technical details." Risking the ire of those already in the know: you "turn it on" by placing a "check" in the checkbox that precedes the text by clicking the box (if the checkbox doesn't already have a check mark). Link to comment Share on other sites More sharing options...
Wazoo Posted January 9, 2008 Share Posted January 9, 2008 ...IIUC, it's "Show technical details." Risking the ire of those already in the know: you "turn it on" by placing a "check" in the checkbox that precedes the text by clicking the box (if the checkbox doesn't already have a check mark). Or as a checkbox under Preferences when logged into your www.spamcop.net web-page ... However, there is some confusion here, I believe ... the actual commentary about "not seeing something" was in reference to looking at her Report History which listed only a Report-ID .. nothing included as per 'normal' on that same line, normally including the IP address of target of the report, some descriptive text, etc. The FAQ item pointed to and the resullting commentary were about how to turn that Report-ID into a Tracking URL. Link to comment Share on other sites More sharing options...
bernice Posted January 9, 2008 Author Share Posted January 9, 2008 The baffled part for me boils down to what happened to the headers of this e-mail .... was it edited, was it actually generated this way by an ISP ....????? The problem line is the only Received: line with any data, and the problem is that there isn't enough proper data in that line ..... Received: from 10-153-21-190.adsl.terra.cl (190.21.153.10) by with SMTP; Mon, 07 Jan 2008 03:44:59 +0000 All this basically says is that some alleged e-mail was allegedly received from a system at 189.121.153.0 .. but .... received by whom? The missing data would normally be identifying your ISP's/Host's incoming e-mail server. There is a lot of existing discussion available about some issues with a mis-configurred server using "received by 0" in that spot .... this is the first complaint of a system using "received by " .... I'd suggest that your ISP/Host needs to be notified so as to fix this server ..... but that's just me .... This seems quite likely. I am emailing my POP3 provider for there comment I am like very busy and can only find the odd couple of minuets now and then to resolve this issue and I know it is nothing to do with my client configuration at all. Link to comment Share on other sites More sharing options...
bernice Posted January 9, 2008 Author Share Posted January 9, 2008 Recently I have found Spamcop returns the message: "No source IP address found, cannot proceed." with monotonous frequency. I know this is not caused by my email client (I have used the same one for 10 or more years now) and suspect the dirty spamming scumbags have altered the faked headers to cause this. any suggestions? Interestingly enough: http://www.spamcop.net/sc?id=z1602776387zd...f114f541315fdbz Will not parse but the previous spam: http://www.spamcop.net/sc?id=z1602774515zc...4cbad6b957bdbdz Does? Link to comment Share on other sites More sharing options...
StevenUnderwood Posted January 9, 2008 Share Posted January 9, 2008 Interestingly enough: http://www.spamcop.net/sc?id=z1602776387zd...f114f541315fdbz Will not parse but the previous spam: http://www.spamcop.net/sc?id=z1602774515zc...4cbad6b957bdbdz Does? The first spam is being sent directly to your providers server where the issue already discussed (by with SMTP;) breaks the parse. Since there are no headers it can trust, SpamCop does not know what to do with this message and gives up. The second message went through 2 servers before hitting your providers. SpamCop found headers to work with and found a reportable address. That does NOT mean it will always find the correct address, because it is possible a well crafted forged header at that entry wouild get reported as the source. This sample does seem to be "trustable" to my eyes. It looks to me like the netbenefits.co.uk server is part of your Mailhosts because of this line in the working parse: Easily received mail from sending system 63.169.210.238 I suspect any message that travels that route will be reportable. Messages not following that path will fail the parse. Link to comment Share on other sites More sharing options...
Wazoo Posted January 10, 2008 Share Posted January 10, 2008 Interestingly enough: http://www.spamcop.net/sc?id=z1602776387zd...f114f541315fdbz Will not parse but the previous spam: http://www.spamcop.net/sc?id=z1602774515zc...4cbad6b957bdbdz Does? On one hand, I'll agree .. interesting. The flip side of that is that no one involved with the code actually provides any answers to anyone here .. and the best glimmer of any explanation passed has been described as 'gobbeldygook' by one of the paid-staff that does receive 'engineering reports' from the folks involved with maintaining the codebase. So not much value in getting all that interested from this side of the screen. That said, the primary issue remains as a problem with the server that you are actually picking up your e-mail from .... now compounded by seeing that you have MailHost Configured your Reporting Account As noted by StevenU, both e-mail headers contain the same broken Received; header line. However, your 'successfully parsed' example has been 'specially' treated by going down the MailHost Configured portion/branch of the parsing code. Compare your Tracking URL parse results to that of a non-MailHost Configured account at http://www.spamcop.net/sc?id=z1603197633z3...dbc38b3903a402z (again, Full Technical Details turned on to see all this stuff) For the future (after the 90 days aging off) the following is the 'seen' difference. Headers; Received: (qmail 12751 invoked by uid 89); 9 Jan 2008 15:50:22 -0000 Received: from coumta05.netbenefit.co.uk (212.53.64.11) by with SMTP; Wed, 09 Jan 2008 15:50:22 +0000 Received: from stjohnks.net ([63.169.210.238]:57100 helo=server.stjohnks.net) by coumta05.netbenefit.co.uk with esmtp (NBT 4.61 23) id 1JCdCA-0004JC-09 for x; Wed, 09 Jan 2008 15:50:22 +0000 Received: from root by server.stjohnks.net with local (Exim 4.50) id 1JCCwn-0002AG-2N for x; Tue, 08 Jan 2008 05:48:45 -0600 MailHost Configured, multiple Received: lines; Parsing header:0: Received: from stjohnks.net ([63.169.210.238]:57100 helo=server.stjohnks.net) by coumta05.netbenefit.co.uk with esmtp (NBT 4.61 23) id 1JCdCA-0004JC-09 for x; Wed, 09 Jan 2008 15:50:22 +0000 Hostname verified: stjohnks.net Easily received mail from sending system 63.169.210.238 Tracking message source: 63.169.210.238: non-MailHost Configured account, multiple Received: lines; Parsing header: Received: (qmail 12751 invoked by uid 89); 9 Jan 2008 15:50:22 -0000 Removed 'by' from uid Received: (qmail 12751 invoked (uid 89)); 9 Jan 2008 15:50:22 -0000 no from [color=#FF9966]Ignored[/color] Received: from coumta05.netbenefit.co.uk (212.53.64.11) by with SMTP; Wed, 09 Jan 2008 15:50:22 +0000 [color=#FF9900]Invalid "received by"[/color] Received: from stjohnks.net ([63.169.210.238]:57100 helo=server.stjohnks.net) by coumta05.netbenefit.co.uk with esmtp (NBT 4.61 23) id 1JCdCA-0004JC-09 for x; Wed, 09 Jan 2008 15:50:22 +0000 63.169.210.238 found host 63.169.210.238 = stjohnks.net. (cached) stjohnks.net. is 63.169.210.238 Possible spammer: 63.169.210.238 Received line accepted Received: from root by server.stjohnks.net with local (Exim 4.50) id 1JCCwn-0002AG-2N for x; Tue, 08 Jan 2008 05:48:45 -0600 [color=#FF6600]Ignored[/color]Tracking message source: 63.169.210.238: And as a repeat of previous example; MailHost configured, single (broken) Received: line; Received: (qmail 568 invoked by uid 89); 9 Jan 2008 18:38:09 -0000 Received: from 60.pool85-56-140.dynamic.orange.es (HELO saray62bbc2320) (85.56.140.60) by with SMTP; Wed, 09 Jan 2008 18:38:09 +0000 Message-ID: ceb7______________________a8c0[at]saray62bbc2320 Parsing header: No source IP address found, cannot proceed. Not only are we looking at another example of some minor issues with the differences involved with the MailHost Configured and non-MailHost Configured Parsing routines, but this has definitely also pointed out that the lack of 'diagnostic' output in the parse results is a bit of a major issue. On the other hand, this doesn't actually feed into your reporting problem. This is definitly an issue with your ISP/Hosting service and their e-mail server. There just isn't any way to get around that. Link to comment Share on other sites More sharing options...
Wazoo Posted January 10, 2008 Share Posted January 10, 2008 From: "Wazoo" To: "SpamCop Deputies" Subject: MailHost Configured Parse result output/problems Date: Wed, 9 Jan 2008 22:50:31 -0600 Perhaps, call this a Bug Report, a Feature Request, at least a heads-up to a user-confusion issue ...???? http://forum.spamcop.net/forums/index.php?showtopic=9057 MailHost Configured Reporting Account Tracking URLs provided; http://www.spamcop.net/sc?id=z1602776387zd...f114f541315fdbz http://www.spamcop.net/sc?id=z1602774515zc...4cbad6b957bdbdz non-MailHost Configured comparison Parse; http://www.spamcop.net/sc?id=z1603197633z3...dbc38b3903a402z Primary Issue: Broken Received: line in headers ... ISP/Host doesn't have the receiving system identifying itself. Secondary Issue: MailHost Configured Reporting Account parse contains no 'diagnostic' output to show what's happening, what the parser was unhappy with, what went wrong, what and why a certain decision was made. Third Issue: yet another glaring example of the major differences in the parser handling/codebase between the MailHost Configured and the non-MailHost Configured Report code-branches that isn't described anywhere. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.