"This is what I am trying to unravel.
I am not sure how Purify works - but I went through the SPAM below and this is what I find:
Originates from xx.xx.xxx.xxx - this is an IP assigned to xxxxxxxxx out of Canada. A trace to the IP takes us to xxxxxXxxxx.net > xxxxxxxx.com >(spammer).com. We are not a provider to either of these upstream companies.
Site - (spammer).com - resolves to xx.xxx.xxx. A trace to this IP takes us to xxxxxxx.net > xxxxx.net >(spammer).com. We are also not the provider for any of these upstream companies.
From looking further - we ARE the upstream of your upstream provider - xxxxxxx xxxxxxx. They are the upstream provider to my ISP.
Depending on how the program looks at the path of the email - it would appear to some that we were the upstream service provider to the spammer - but in reality we are the upstream to your provider.
It is also possible that the Purify program has an old contact database entry - if it does look-ups by domains it sees. I checked abuse.net for all of the domains I could find in the SPAM that you received and do not find any entries that refer to domains reporting to hostmaster@(recipient of Purify spam reports).
Please review and let me know if you have any questions.
Regards,
hostmaster@(recipient of Purify spam reports)"
Any suggestions?
Full Version: IP hostmaster reports Purify error
QUOTE (Wayne @ Jan 7 2010, 05:29 PM) 
Any suggestions?
If you have the SMTP header (without your email address of course), I can tell you how Purify arrived at its answer. I would also be interested in the spamvertized URIs, and to whom the abuse reports were sent.
For your general information, Purify will trace back as far as it can in the delivery chain to find the domain of origin of the email. If it finds anything "funny" about an entry in the delivery chain, then that entry is discarded, and the last verifiable domain is logged as the domain of origin. If you run Purify with logging on, then you'll be able to see this tracked in the file log.txt, and it will tell you which Purify rule that it used to validate an entry in the delivery chain. e.g.
Rule #1 passes.
Rule #2 passes, line count 2.
Rule #4, accepting 68.142.200.155.
Rule #6, accepting yahoo.com.
X86 DNS Helper
Rule #8, accepting 208.72.144.33.
Rule #10, accepting web30902.mail.mud.yahoo.com.
It should be in your inbox.
QUOTE (Wayne @ Jan 7 2010, 08:03 PM)
It should be in your inbox.
Thanks for the info Wayne. A spam report may have gone to twtelcom.net based one one of the links in the body of this email (don't really have time now to unjumble the HTML), and an abuse report would have been sent (based on the SMTP header) to abuse@newsmax.com.
QUOTE (Jeff Hendrickson @ Jan 8 2010, 02:42 AM)
Thanks for the info Wayne. A spam report may have gone to twtelcom.net based one one of the links in the body of this email (don't really have time now to unjumble the HTML), and an abuse report would have been sent (based on the SMTP header) to abuse@newsmax.com.
Here is a list of to whom Purify sent spam notices:
1. hostmaster@twtelecom.net
2. hostmaster@twtelecom.net, techsupport@hendricom.com
3. hostmaster@twtelecom.net, techsupport@hendricom.com
4. hostmaster@twtelecom.net, techsupport@hendricom.com
5. hostmaster@twtelecom.net
6. hostmaster@twtelecom.net
7. hostmaster@twtelecom.net, techsupport@hendricom.com
8. hostmaster@twtelecom.net, techsupport@hendricom.com
9. hostmaster@twtelecom.net, techsupport@hendricom.com
10. hostmaster@twtelecom.net, techsupport@hendricom.com
11. hostmaster@twtelecom.net
12. hostmaster@twtelecom.net, arin@host.net
13. hostmaster@twtelecom.net
14. hostmaster@twtelecom.net
15. hostmaster@twtelecom.net, techsupport@hendricom.com
16. hostmaster@twtelecom.net, techsupport@hendricom.com
17. hostmaster@twtelecom.net
18. hostmaster@twtelecom.net
19. hostmaster@twtelecom.net
However, abuse@newsmax.com is curiously missing.
QUOTE (Wayne @ Jan 8 2010, 02:50 PM)
However, abuse@newsmax.com is curiously missing.
Can you please save the message in question as raw message source, .zip it, and email it to me?
Also, what OS, and version of Purify are your running?
I will try to reproduce your result here.
QUOTE (Jeff Hendrickson @ Jan 8 2010, 08:12 PM)
Can you please save the message in question as raw message source, .zip it, and email it to me?
Also, what OS, and version of Purify are your running?
I will try to reproduce your result here.
Also, what OS, and version of Purify are your running?
I will try to reproduce your result here.
Those are 19 unique messages, do you want all or one of them, and if one, which?
By 'raw', do you mean to copy the message from Purify's window and paste?
QUOTE (Wayne @ Jan 8 2010, 08:14 PM)
By 'raw', do you mean to copy the message from Purify's window and paste?
No, I mean save the entire message, including SMTP header, any one will do, from your email software as raw text, .zip the file, then send as attachment.
Asking again, what OS, and version of Purify are your running?
I would also be very interested in seeing a partial log from a reporting session, where you had run Purify with logging on, in the file log.txt from your Purify application folder. I'm interested in the lines that have the word rule in them. e.g.
Rule #1 passes.
Rule #2 passes, line count 2.
Rule #4, accepting 68.142.200.155.
Rule #6, accepting yahoo.com.
X86 DNS Helper
Rule #8, accepting 208.72.144.33.
Rule #10, accepting web30902.mail.mud.yahoo.com.
QUOTE (Jeff Hendrickson @ Jan 9 2010, 01:11 PM)
No, I mean save the entire message, including SMTP header, any one will do, from your email software as raw text, .zip the file, then send as attachment.
Asking again, what OS, and version of Purify are your running?
I would also be very interested in seeing a partial log from a reporting session, where you had run Purify with logging on, in the file log.txt from your Purify application folder. I'm interested in the lines that have the word rule in them. e.g.
Rule #1 passes.
Rule #2 passes, line count 2.
Rule #4, accepting 68.142.200.155.
Rule #6, accepting yahoo.com.
X86 DNS Helper
Rule #8, accepting 208.72.144.33.
Rule #10, accepting web30902.mail.mud.yahoo.com.
Asking again, what OS, and version of Purify are your running?
I would also be very interested in seeing a partial log from a reporting session, where you had run Purify with logging on, in the file log.txt from your Purify application folder. I'm interested in the lines that have the word rule in them. e.g.
Rule #1 passes.
Rule #2 passes, line count 2.
Rule #4, accepting 68.142.200.155.
Rule #6, accepting yahoo.com.
X86 DNS Helper
Rule #8, accepting 208.72.144.33.
Rule #10, accepting web30902.mail.mud.yahoo.com.
I am using Purify version 2.2 (1/0) on OSX 10.4.11
The two zip files you requested should be in your inbox.
QUOTE (Wayne @ Jan 9 2010, 04:09 PM)
I am using Purify version 2.2 (1/0) on OSX 10.4.11
The two zip files you requested should be in your inbox.
The two zip files you requested should be in your inbox.
Thank you Wayne! I ran these here and was able to reproduce this result. What had happened is an old abuse address was in the hsc database for this domain. The abuse addresses have been updated, and your reports should now go to the proper address.
Thanks again for taking the time to point this out.
QUOTE (Jeff Hendrickson @ Jan 10 2010, 02:19 PM)
Thank you Wayne! I ran these here and was able to reproduce this result. What had happened is an old abuse address was in the hsc database for this domain. The abuse addresses have been updated, and your reports should now go to the proper address.
Thanks again for taking the time to point this out.
Thanks again for taking the time to point this out.
Thanks Jeff. I will send our apologies to <hostmaster@twtelecom.net> for all of those complaints erroneously sent to them.
I noticed that Purify also sent almost 50% of those errant complaints I listed (*which was only a partial list do to my deleting previous complaints not knowing there was an on going problem*) to <techsupport@hendricom.com>. What was the purpose of that?
(**) This is a strong reason I think that Purify users should have the option of copying to themselves each Spam complaint Purify generates that the Purify user makes the decision to deliver. Why is that not an existing option?
Thanks again,
Wayne
QUOTE (Wayne @ Jan 10 2010, 03:44 PM)
What was the purpose of that?
The complaints that get sent to techsupport@hendricom.com indicate that an abuse address for one or more domains contained in the email could not be resolved to abuse addresses. From time to time I look at these and try to find / add them by hand.
QUOTE (Wayne @ Jan 10 2010, 03:44 PM)
This is a strong reason I think that Purify users should have the option of copying to themselves each Spam complaint Purify generates that the Purify user makes the decision to deliver. Why is that not an existing option?
It just may be in a future version.
QUOTE (Jeff Hendrickson @ Jan 10 2010, 09:56 PM)
The complaints that get sent to techsupport@hendricom.com indicate that an abuse address for one or more domains contained in the email could not be resolved to abuse addresses. From time to time I look at these and try to find / add them by hand.
It just may be in a future version.
It just may be in a future version.
That would be way cool!!!
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.