[SC-Help] Re: Spamcop failing to detect true originating IP

[Ellen]

"wskrispy" <wskrispy at EXCISEoptonline.net> wrote in message news:db1fa1>
> Here's a tracker from a spam that Spamcop choked on, complete with SA
> headers:
>
> http://www.spamcop.net/sc?id=z785186974zfb5c4d04f5694f362a90b200bac251bfz
>

Assuming that these are the received headers as delivered by your
ISP/hosting company server to your mailbox, there is *no* IP in the topmost
received header showing your ISP mailserver receiving the mail:

Received: from acconci1 by 1n5-199.servernode.net with local-bsmtp (Exim
4.43)
id 1DsR07-0000Yn-17 for x; Tue, 12 Jul 2005 16:05:08 -0400

SpamCop cannot extract useful information from that header.

The next receved header has no IP either:

Received: from localhost by 1n5-199.servernode.net
with SpamAssassin (version 3.0.4);
Tue, 12 Jul 2005 16:05:08 -0400

Therefore there is no way that SC has determine the source of the spam.

Looking at the report history for your account, I see several more spams
where your server failed to record the IP of the connecting server which is
attempting to deliver the spam. It has nothing to do with SpamAssassin and
the SA X-headers.

For some reason and for some spams, your server will print 2 received
headers as above rather than showing the connecting IP as it does for other
spams:

Received: from [85.40.108.210] (helo=acconci.com)
       by 1n5-199.servernode.net with esmtp (Exim 4.43)
       id 1Drjnp-000154-8l
       for x; Sun, 10 Jul 2005 17:57:34 -0400
From: administrator at acconci.com
To: x
Subject: Your Account is Suspended For Security Reasons

You will have to discuss this with your ISP/hosting company admin/tech
support to find out what the problem is.  It may be that if some other user
at the ISP/hosting company is sending the spam/virus/phish that the headers
are as above as the mail was just shuffled around internally.

Ellen
SpamCop