[SpamCop.net - protecting the internet through technology]

[SC-Help] Re: spamcop easy fooled twice

Mike Easter MikeE at ster.invalid
Sun Mar 12 02:03:30 EST 2006 

Posted to spamcop.help & spamcop.spam;  f/ups to spamcop.help

Zbyszek wrote:
> spamcop is easy fooled by malforming header.

That bad line below is not the problem.

> Received: from  [97.151.64.18 ] (helo=..dearriba.com)
>         by smtp2.cistron.nl with esmtp ( 3.35 #1 ())
>         id 786LFL-0006PT-93

that causes this:

> Finding links in message body
> Parsing text part
> error: couldn't parse head
> Message body parser requires full, accurate copy of message
> More information on this error..
> no links found

That problem is caused by improperly folded headerlines submitted to the
parser.

That line above is not the source line

> Received: from 200-147-64-220.tlm.dialuol.com.br
> (200-147-64-220.tlm.dialuol.com.br [200.147.64.220])
>         by mx6.go2.pl (Postfix) with SMTP;
>         Sat, 11 Mar 2006 06:06:38 +0100 (CET)
> Received: from  [97.151.64.18 ] (helo=..dearriba.com)
>         by smtp2.cistron.nl with esmtp ( 3.35 #1 ())
>         id 786LFL-0006PT-93

200.147.64.220  rDNS  200-147-64-220.tlm.dialuol.com.br  is the source.
It is a dynamic IP, not a server.  The cistron.nl line with the
'malformed' IP is a bogus and noncompliant line.


> Source of spam-2:

In the 2nd spam the bad IP looks like it is in a bogus and noncompliant
line, the source is 85.182.55.247  rDNS  e182055247.adsl.alicedsl.de
is listed in CBL and dynamic lists.

> Received: from e182055247.adsl.alicedsl.de
> (e182055247.adsl.alicedsl.de [85.182.55.247])
>         by mx4.go2.pl (Postfix) with SMTP;
>         Sat, 11 Mar 2006 06:06:49 +0100 (CET)
> Received: from .anu..au ([0.136.101.194 ] helo=anu..au)
>         by smtp1..co with esmtp
>         id 1A5Ys6-464135-41

Discussion moved to .help;  .spam is not a discussion group

If you want to talk about how spamcop parses a spam, you should post the
tracker for the parse, not the spam in the spamcop.spam group.

http://www.spamcop.net/sc?id=z895602741z91e2a5aa1f054524b341258fc3516f9cz
Report Spam to:
Re: 200.147.64.220 (Administrator of network where email originates)
   To: mail-abuse at cert.br (Notes)
   To: abuse at uol.com.br (Notes)
   To: denuncia#uol.com.br at devnull.spamcop.net (Notes)
   To: mail-abuse at nic.br (Notes)
   To: Internal spamcop handling: (spambr) (Notes)
Re: http://freshandslim.info (Administrator of network hosting website
referenced in spam)
   To: abuse at tucows.com (Notes)

<cancelled>

http://www.spamcop.net/sc?id=z895605060zaa4ea9ba10f0cb0863632dd6803d83e2z
Report Spam to:
Re: 85.182.55.247 (Administrator of network where email originates)
   To: postmaster at hansenet.com (Notes)
   To: hostmaster at hansenet.com (Notes)
   To: abuse at hansenet.com (Notes)
Re: http://navigatorcapitalgroup.info (Administrator of network hosting
website referenced in spam)
   To: abuse at tucows.com (Notes)

<cancelled>

Those are correct parses of the spams you posted.  The problem you are
describing does not apply.

-- 
Mike Easter
kibitzer, not SC admin

More information about the SpamCop-Help mailing list