[SC-Help] Re: SC wrongly detects spammer address

[Mike Easter]

Graeme Leith wrote:
> SPG wrote:
>> I got this spam:
>>
http://www.spamcop.net/sc?id=z788095883z6381708b04f1e2541630e84c7cf63dcbz
>>
>> SC wrongly detects spammer's address.
> <snip>
>> Why SC detects my mailbox provider (POLBOX) as spamer ???
>
> On the Spamcop web site, click the mailhosts tab at the top of the
> page and go through the setup procedure. Once this is done, the
> problem should go away.

For SPG, not really Graeme.

  Abbreviated Received lines *comment
  from [213.241.68.194] (helo=noe.katowice.mtl.pl) by
free.polbox.*serves you
  from (ntmygi058237.mygi.nt.ftth.ppp.infoweb.ne.jp [61.124.74.237]) by
noe.katowice.mtl.pl *sourceline
  from IAMRK-AG02 (61.124.74.237) by 61.124.74.237 *bogusline

Absent a mailhost configuration, SC has to figure out how to chain each
upper 'from' field IP to the lower 'by' field domain/hostname.  If you
examine the verbose of the tracker, you can watch that process if you
are accustomed to its order.

213.241.68.194 rDNS arka.katowice.mtl.pl [which is not /exactly/
noe.katowice.mtl.pl] and also noe.katowice.mtl.pl from the 'by' has
cname katowice.mtl.pl and alias noe.katowice.mtl.pl and DNS
213.241.68.194

As a result, SC recognizes the IP and the host/domainname as MX, so that
part is 'good' but it isn't *familiar* with the server/relay/MTA [in
this case MX] yet.  Until it is satisfied to 'trust' the IP to be a
server which matches with the host/domainname in the 'by' below, it has
to break the chain.

With time and 'maturity', SC /should/ be able to recognize the server as
a server and trust it to be a relaying server -- even if you don't
configure to mailhost.  The wiser strategy would be to configure for
mailhosting, because there may be a variety of header configurations
which can emerge from your providers MXes and MTAs, and this is possibly
only one variety.


-- 
Mike Easter
kibitzer, not SC admin