[Scspamcop] Re: Sorry, this email is too old to file a spam report.
Mike Easter
MikeE at ster.invalid
Fri Nov 21 15:46:40 EST 2008
Robert Blair wrote:
> The top receive header says from
>
> swe-sunlandwest.com (adsl-67-122-187-217.dsl.lsan03.pacbell.net
> [67.122.187.217])
>
> which to me says that "swe-sunlandwest.com" is not a normal email
> server. Yet spamcop chained to the next receive header as if it is a
> trusted server and complained that the message is too old.
There is in fact a mailserver at that address and (so) the helo is not
(exactly) bogus.
swe-sunlandwest.com MX = mail.swe-sunlandwest.com
mail.swe-sunlandwest.com DNS 67.122.187.217
67.122.187.217 rDNS adsl-67-122-187-217.dsl.lsan03.pacbell.net
The mailserver there answers swe-sunlandwest.com very very slowly on port
25, and can be manipulated extensively, but I could not get it to relay
promiscuously with the scripts at abuse.net. The mailserver also answers
more promptly on port80.
ironport/senderbase shows that server to have a pretty significant output.
> Neither swe-sunlandwest.com or pacbell.net are in my "hosts"
> configuration.
>
> So I think that something is wrong with spamcop parsing.
>
www.spamcop.net/sc?id=z2415256517z8a40bdad36d77e4b69eae82b2f94fc55z
You are correct that SC trusts the IP to be a server which results in
chaining further to the next line which has an old datestamp. Possibly
the server is so gagged/overloaded with spam that it takes it 9 days to
get it out.
I can't see a big advantage to SC chaining back to the Nigerian cybercafe
IP, so maybe a deputy should untrust the server.
--
Mike Easter
kibitzer, not SC admin
More information about the SCspamcop
mailing list