Again junk mail issue

[chandu]

Hi Guys,

My customer again started facing junk mail issue ...geniune mails are getting delivered in Junk folder...sometime it happenes and sometime its not...most of the users got fed up with this ...

Have a look on one good mail header info and one spam mail header info of the same sender and reciver ..

################################################

Junk mail header info

Return-Path: user@externaldomain.com
Received: from mail.internaldomain.com (LHLO mail.internaldomain.com)
(1.1.2.2) by mail.internaldomain.com with LMTP; Fri, 7 May 2010 17:50:51
+0530 (IST)
Received: from localhost (localhost.localdomain [127.0.0.1])
by mail.internaldomain.com (Postfix) with ESMTP id AF1FC8D404D
for <user@internaldomain.com>; Fri, 7 May 2010 17:50:51 +0530 (IST)
X-Virus-Scanned: amavisd-new at internaldomain.com
X-Spam-Flag: YES
X-Spam-Score: 6.852
X-Spam-Level: ******
X-Spam-Status: Yes, score=6.852 tagged_above=-10 required=6.6
tests=[AWL=-1.630, BAYES_50=0.001, DEAR_SOMETHING=1.605,
HTML_MESSAGE=0.001, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905,
RCVD_IN_SORBS_DUL=0.877, RCVD_IN_XBL=3.033, RDNS_NONE=0.1]
Received: from mail.internaldomain.com ([127.0.0.1])
by localhost (mail.internaldomain.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id EX8pzjsfvhAA for <user@internaldomain.com>;
Fri, 7 May 2010 17:50:47 +0530 (IST)
Received: from venus.webhostingmonsters.com (unknown [1.1.1.1])
by mail.internaldomain.com (Postfix) with SMTP id 53E238D404B
for <user@internaldomain.com>; Fri, 7 May 2010 17:50:46 +0530 (IST)
Received: from [122.163.255.86] (helo=server)
by venus.webhostingmonsters.com with smtp (Exim 4.69)
(envelope-from <user@externaldomain.com>)
id 1OAMXn-0000Rh-Sc; Fri, 07 May 2010 08:20:41 -0400
Message-ID: <fa1801caeddf$b4caf410$2d01a8c0@server>
From: <user@externaldomain.com>
To: " <user@internaldomain.com>

References: <000301caedd5$4cc61f70$e6525e50$@in>
Subject: Re: car booking
Date: Fri, 7 May 2010 17:50:36 +0530
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_FA13_01CAEE0D.CC7B7930"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.3598
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3350
X-webhostingmonsters-MailScanner-Information: Please contact the ISP for more information
X-webhostingmonsters-MailScanner-ID: 1OAMXn-0000Rh-Sc
X-webhostingmonsters-MailScanner: Found to be clean
X-webhostingmonsters-MailScanner-SpamCheck: not spam (whitelisted),
SpamAssassin (not cached, score=13.231, required 5, autolearn=spam,
BAYES_80 2.00, DEAR_SOMETHING 1.60, DOS_OE_TO_MX 2.75,
HTML_MESSAGE 0.00, RCVD_IN_BL_SPAMCOP_NET 1.96, RCVD_IN_PBL 0.91,
RCVD_IN_SORBS_DUL 0.88, RCVD_IN_XBL 3.03, RDNS_NONE 0.10)
X-webhostingmonsters-MailScanner-From: user@externaldomain.com
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - venus.webhostingmonsters.com
X-AntiAbuse: Original Domain - internaldomain.com
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - externaldomain.com




################################################## ##iinbox mail header info



Return-Path: user@externaldomain.com
Received: from mail.internaldomain.com (LHLO mail.internaldomain.com)
(1.1.2.2) by mail.internaldomain.com with LMTP; Thu, 22 Apr 2010
11:03:33 +0530 (IST)
Received: from localhost (localhost.localdomain [127.0.0.1])
by mail.internaldomain.com (Postfix) with ESMTP id E08578D4056
for <abc@internaldomain.com>; Thu, 22 Apr 2010 11:03:33 +0530 (IST)
X-Virus-Scanned: amavisd-new at internaldomain.com
X-Spam-Flag: NO
X-Spam-Score: 5.786
X-Spam-Level: *****
X-Spam-Status: No, score=5.786 tagged_above=-10 required=6.6
tests=[AWL=-1.355, BAYES_50=0.001, DEAR_SOMETHING=1.605,
HTML_MESSAGE=0.001, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877,
RCVD_IN_SORBS_WEB=0.619, RCVD_IN_XBL=3.033, RDNS_NONE=0.1]
Received: from mail.internaldomain.com ([127.0.0.1])
by localhost (mail.internaldomain.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id chCaIfs2IprO for <abc@internaldomain.com>;
Thu, 22 Apr 2010 11:03:29 +0530 (IST)
Received: from venus.webhostingmonsters.com (unknown [10.11.27.244])
by mail.internaldomain.com (Postfix) with SMTP id AB6AE8D4054
for <abc@internaldomain.com>; Thu, 22 Apr 2010 11:03:28 +0530 (IST)
Received: from [122.163.231.189] (helo=server)
by venus.webhostingmonsters.com with smtp (Exim 4.69)
(envelope-from <user@externaldomain.com>)
id 1O4p2L-0003tp-2R; Thu, 22 Apr 2010 01:33:17 -0400
Message-ID: <004b01cae1dd$500d4770$2d01a8c0@server>
From:<user@externaldomain.com>
To: "<abc@internaldomain.com>

References: <009d01cae1dc$c59d5e40$50d81ac0$@in>
Subject: Re: Taxi booking in Delhi
Date: Thu, 22 Apr 2010 11:03:15 +0530
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0046_01CAE20B.681143C0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.3598
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3350
X-webhostingmonsters-MailScanner-Information: Please contact the ISP for more information
X-webhostingmonsters-MailScanner-ID: 1O4p2L-0003tp-2R
X-webhostingmonsters-MailScanner: Found to be clean
X-webhostingmonsters-MailScanner-SpamCheck: not spam (whitelisted),
SpamAssassin (not cached, score=7.291, required 5, BAYES_00 -2.60,
DEAR_SOMETHING 1.60, DOS_OE_TO_MX 2.75, HTML_MESSAGE 0.00,
RCVD_IN_PBL 0.91, RCVD_IN_SORBS_DUL 0.88, RCVD_IN_SORBS_WEB 0.62,
RCVD_IN_XBL 3.03, RDNS_NONE 0.10)
X-webhostingmonsters-MailScanner-From: user@externaldomain.com
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - venus.webhostingmonsters.com
X-AntiAbuse: Original Domain - internaldomain.com
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - externaldomain.com


############################################

I checked RBL scan for 122.163.231.189 and 122.163.255.86 receiver Ips and both are listed black list...on below link ...wht can we do in this case..


Multi-RBL Check | The Anti-Abuse Project

I tried to make this mail as non-junk but no luck..this non-junk spam training never worked for me....

can any one pls suggest..

[phoenix]

I checked RBL scan for 122.163.231.189 and 122.163.255.86 receiver Ips and both are listed black list...on below link ...wht can we do in this case..

Multi-RBL Check | The Anti-Abuse Project

The question you have to answer is why do those IPs keep ending up on a blacklist, that's what's causing their problem.

[uxbod]

Code:

Address and Port:	122.163.231.189
Record Created:	Wed Mar 31 07:20:32 2010 GMT
Record Updated:	Wed Mar 31 07:25:30 2010 GMT
Additional Information:	Spam Sending Trojan or Proxy attempted to send mail from/to from=<helenlachino@hotmail.com> to=<info@paticipating.domain> proto=esmtp helo=<abts-north-dynamic-189.231.163.122.airtelbroadband.in>

I would get them to run a decent AntiVirus scanner across their machines.