[SpamCop-List] Is this a broken mail host?

Wed Feb 2 12:41:08 EST 2005

This is a question that arises from the manner in which I handle spam from a 
Dark Horse Comics web mail account (listed in Mailhosts as 
"facehugger.com"!) In order not to examine spam items within the web access, 
I have only two options available:

A. Forward (re-writes message as a new item, with wholly new headers).
B. Redirect (appends new headers to show route from host, four key original 
headers have "X-Original-" prepended.

Background:
-----------
SpamCop throws an error if I redirect to my SC reporting address. Oddly, if 
I redirect to a local account, then forward the redirected message to the SC 
reporting address as an attachment, the SC parser will then accept the 
message. I have, in the past, drastically edited the headers to restore the 
original appearance; but that is actually making material changes, as I 
understand the FAQ, so I discontinued the practice shortly after using it.
-----------

Sometimes a parse, using this arrangement, will display the "Yum, this spam 
is fresh!" tag, but with "Messsage is old", no indication of how many hours 
old.

A recent tracker will help explain my question:

http://www.spamcop.net/sc?id=z727485666z26ea4d0b2d7eee01abadf8796f84a78cz

Looking at the the lines which show timestamps I have:

--------------------------------------
Received: from gator.darkhorse.com (209.95.33.140) by aosake.net (Mercury/32 
v4.01b) with ESMTP ID MG000008;
   1 Feb 2005 09:15:43 -0800
--------------------------------------

Which is the server to which the message was redirected. Aosake.net is 
configured as a mailhost.

--------------------------------------
Received: by gator.darkhorse.com (CommuniGate Pro PIPE 4.2.8)
Received: from host81-132-217-183.range81-132.btcentralplus.com 
([81.132.217.183] verified)
--------------------------------------

SC properly recognizes the source, and reports it as such. But there is no 
timestamp here.

--------------------------------------
X-Original-Date: Tue, 01 Feb 2005 04:20:36 -0100
--------------------------------------

Who stamped this line?

The SpamCop parse apparently accepted the timestamp of aosake.net for 
determining the time of the message. The aosake.net timestamp would be 
17:15:43 GMT? (Reversing the -0800 in the PDT stamp.) So the "X-Original-
Date:" stamp should be 05:20:36 GMT? But I shouldn't trust that second 
timestamp, right?

Is something broken with "facehugger.com" (the configured mailhost ID) that 
"gator.darkhorse.com" is not stamping the time when it receives the message?  
I may need to watch the reports more closely, because I may have to manually 
cancel reports which are actually over the time limit?

I guess I should get off my duff and question the administration of the DHC 
("facehugger.com", according to Mailhosts) servers. It seems that between 
their implementation of SpamAssassin (sometimes breaks the headers), and the 
lack of rational timestamps, there may be serious problems with reporting 
spam to that account.

P.S. Both aosake.net and gator.darkhorse.com are configured as "Mailhosts"; 
the former is my own domain, and listed by the domain name, the latter is 
listed in "Mailhosts" as "facehugger.com"; probably because the first person 
with a DHC account to configure the server as a mailhost had an email 
address in the "facehugger.com" domain. My DHC account is in the 
"ahmegami.net" domain. There are currently 36 domains total, all relating to 
some comic story published by Dark Horse Comics. All should be handled by 
the "gator.darkhorse.com" severs. If it were up to me, the mailhost name 
would be one of; "gator.darkhorse.com", "Dark Horse Comics", or just "DHC".

-- 
Norman
~Win dain a lotica, En vai tu ri, Si lo ta
~Fin dein a loluca, En dragu a sei lain
~Vi fa-ru les shutai am, En riga-lint