![[SpamCop.net - protecting the internet through technology]](http://news.spamcop.net/newlogo.jpg)
[SpamCop-List]
Re: JT, JH: Spamcop is Screwing Up -- Non-Origin Relay Used for
Blocking
Mike Easter
MikeE at ster.invalid
Mon Feb 9 16:14:20 EST 2004
Spambo wrote:
> David Lawless wrote:
>
>> I've been getting a lot of false positives lately.
I think he's saying this item shouldn't have been blocked.
>> Now I see
>> why. SC has block messages based on the "Received: from" header
>> for the inbound relay at my e-mail and web host.
I think he's seeing something different than what your tracker and my
parse are showing for the present parse, namely the parse tripping at
his relay, not parsing all the way back to the bank user IP, or rather,
he's misinterpreting. The parse goes back to the bank, but the
'non-spam' item was blocked because his relay is listed.
Abbreviated Received lines *comment
from mx6.daemonmail.net (216.104.160.36) by mailgate.cesmail.net
*relays for him, **listed
from w2kmnepmx119.mail2.usbank.com (mail2.usbank.com
[170.135.240.62])
by mx6.daemonmail.net *relays for bank
from 156.36.72.182 by w2kmnepmx119.mail2.usbank.com *bank 'user' IP.
First Bank System 170.135.0.0 - 170.135.255.255
US Bancorp 156.36.0.0 - 156.36.255.255
...but in any case, he's saying the item shouldn't have been blocked. I
can't figure out why it was. Aha! I see now, his relay IP is listed.
>> This header is
>> definitely not the point-of-origin header, and tracing back
>> further one finds one of my quite respectable banks with a
>> clean record.
> According to the headers you posted the email originated at
> 156.36.72.182 and that is what the parser is finding
>
>
http://www.spamcop.net/sc?id=z289648592zb327060e9677f6c2ade31f41edaea2af
z
>
> Where are you saying the email originated?
I agree with the SC parse, see above. The SC parse is currently naming
the last item in the chain, but I think he's saying the item shouldn't
have been blocked.
It got blocked because
216.104.160.36 listed in bl.spamcop.net (127.0.0.2)
It has been listed for 3.2 days.
Been detected sending mail to spam traps
Other hosts in this "neighborhood" with spam reports:
216.104.160.31
216.104.160.35
216.104.160.37
216.104.160.48
216.104.160.82
But, the parse of the blocked item wants to report the bank because it
was the source. But it shouldn't have been being parsed if it weren't
spam, which he is saying it isn't. The parse is correct. The block is
correct. But the item isn't spam. It's blocked because his relay
server is listed.
--
Mike Easter
More information about the SpamCop-List
mailing list