[Scspamcop] Re: Sorry, this email is too old to file a spam report.
Ellen
nobody at spamcop.net
Fri Nov 21 16:27:18 EST 2008
Robert Blair wrote:
> The top receive header says from
>
> swe-sunlandwest.com (adsl-67-122-187-217.dsl.lsan03.pacbell.net
> [67.122.187.217])
>
> which to me says that "swe-sunlandwest.com" is not a normal email server. Yet
> spamcop chained to the next receive header as if it is a trusted server and
> complained that the message is too old.
>
> Neither swe-sunlandwest.com or pacbell.net are in my "hosts" configuration.
>
> So I think that something is wrong with spamcop parsing.
>
> http://www.spamcop.net/sc?id=z2415256517z8a40bdad36d77e4b69eae82b2f94fc55z
>
>
it's in one of your mailhosts alpha.dyndns.org (4123) ..or at least
this is:
dsl.lsan03.pacbell.net
and that is why the received header is accepted ... and indeed you are
the only user of that mailhost. And IP 63.200.17.147 answers on 25:
telnet 67.122.187.217 25
Trying 67.122.187.217...
Connected to 67.122.187.217.
Escape character is '^]'.
quit
220 swe-sunlandwest.com ESMTP Postfix
221 Bye
Connection closed by foreign host.
ellen at news:~$
and there is forward DNS for swe-sunlandwest.com
dig swe-sunlandwest.com
; <<>> DiG 9.2.2 <<>> swe-sunlandwest.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24291
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0
;; QUESTION SECTION:
;swe-sunlandwest.com. IN A
;; ANSWER SECTION:
swe-sunlandwest.com. 7200 IN A 67.122.187.217
;; AUTHORITY SECTION:
swe-sunlandwest.com. 172798 IN NS ns69.worldnic.com.
swe-sunlandwest.com. 172798 IN NS ns70.worldnic.com.
The fact that the rDNS is not set to swe-sunlandwest is of interest but
not definitive as to whether this is a mailserver or not.
All that said I still don't know if the bottom header is legit or forged.
You and Don need to have a chat about this mailhost.
Ellen
SpamCop
More information about the SCspamcop
mailing list