Results 1 to 3 of 3

Thread: Again junk mail issue

  1. #1
    chandu is offline Elite Member
    Join Date
    Dec 2007
    Posts
    445
    Rep Power
    7

    Angry Again junk mail issue

    Hi Guys,

    My customer again started facing junk mail issue ...geniune mails are getting delivered in Junk folder...sometime it happenes and sometime its not...most of the users got fed up with this ...

    Have a look on one good mail header info and one spam mail header info of the same sender and reciver ..

    ################################################

    Junk mail header info

    Return-Path: user@externaldomain.com
    Received: from mail.internaldomain.com (LHLO mail.internaldomain.com)
    (1.1.2.2) by mail.internaldomain.com with LMTP; Fri, 7 May 2010 17:50:51
    +0530 (IST)
    Received: from localhost (localhost.localdomain [127.0.0.1])
    by mail.internaldomain.com (Postfix) with ESMTP id AF1FC8D404D
    for <user@internaldomain.com>; Fri, 7 May 2010 17:50:51 +0530 (IST)
    X-Virus-Scanned: amavisd-new at internaldomain.com
    X-Spam-Flag: YES
    X-Spam-Score: 6.852
    X-Spam-Level: ******
    X-Spam-Status: Yes, score=6.852 tagged_above=-10 required=6.6
    tests=[AWL=-1.630, BAYES_50=0.001, DEAR_SOMETHING=1.605,
    HTML_MESSAGE=0.001, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_PBL=0.905,
    RCVD_IN_SORBS_DUL=0.877, RCVD_IN_XBL=3.033, RDNS_NONE=0.1]
    Received: from mail.internaldomain.com ([127.0.0.1])
    by localhost (mail.internaldomain.com [127.0.0.1]) (amavisd-new, port 10024)
    with ESMTP id EX8pzjsfvhAA for <user@internaldomain.com>;
    Fri, 7 May 2010 17:50:47 +0530 (IST)
    Received: from venus.webhostingmonsters.com (unknown [1.1.1.1])
    by mail.internaldomain.com (Postfix) with SMTP id 53E238D404B
    for <user@internaldomain.com>; Fri, 7 May 2010 17:50:46 +0530 (IST)
    Received: from [122.163.255.86] (helo=server)
    by venus.webhostingmonsters.com with smtp (Exim 4.69)
    (envelope-from <user@externaldomain.com>)
    id 1OAMXn-0000Rh-Sc; Fri, 07 May 2010 08:20:41 -0400
    Message-ID: <fa1801caeddf$b4caf410$2d01a8c0@server>
    From: <user@externaldomain.com>
    To: " <user@internaldomain.com>

    References: <000301caedd5$4cc61f70$e6525e50$@in>
    Subject: Re: car booking
    Date: Fri, 7 May 2010 17:50:36 +0530
    MIME-Version: 1.0
    Content-Type: multipart/alternative;
    boundary="----=_NextPart_000_FA13_01CAEE0D.CC7B7930"
    X-Priority: 3
    X-MSMail-Priority: Normal
    X-Mailer: Microsoft Outlook Express 6.00.2900.3598
    X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3350
    X-webhostingmonsters-MailScanner-Information: Please contact the ISP for more information
    X-webhostingmonsters-MailScanner-ID: 1OAMXn-0000Rh-Sc
    X-webhostingmonsters-MailScanner: Found to be clean
    X-webhostingmonsters-MailScanner-SpamCheck: not spam (whitelisted),
    SpamAssassin (not cached, score=13.231, required 5, autolearn=spam,
    BAYES_80 2.00, DEAR_SOMETHING 1.60, DOS_OE_TO_MX 2.75,
    HTML_MESSAGE 0.00, RCVD_IN_BL_SPAMCOP_NET 1.96, RCVD_IN_PBL 0.91,
    RCVD_IN_SORBS_DUL 0.88, RCVD_IN_XBL 3.03, RDNS_NONE 0.10)
    X-webhostingmonsters-MailScanner-From: user@externaldomain.com
    X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
    X-AntiAbuse: Primary Hostname - venus.webhostingmonsters.com
    X-AntiAbuse: Original Domain - internaldomain.com
    X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
    X-AntiAbuse: Sender Address Domain - externaldomain.com




    ################################################## ##iinbox mail header info



    Return-Path: user@externaldomain.com
    Received: from mail.internaldomain.com (LHLO mail.internaldomain.com)
    (1.1.2.2) by mail.internaldomain.com with LMTP; Thu, 22 Apr 2010
    11:03:33 +0530 (IST)
    Received: from localhost (localhost.localdomain [127.0.0.1])
    by mail.internaldomain.com (Postfix) with ESMTP id E08578D4056
    for <abc@internaldomain.com>; Thu, 22 Apr 2010 11:03:33 +0530 (IST)
    X-Virus-Scanned: amavisd-new at internaldomain.com
    X-Spam-Flag: NO
    X-Spam-Score: 5.786
    X-Spam-Level: *****
    X-Spam-Status: No, score=5.786 tagged_above=-10 required=6.6
    tests=[AWL=-1.355, BAYES_50=0.001, DEAR_SOMETHING=1.605,
    HTML_MESSAGE=0.001, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877,
    RCVD_IN_SORBS_WEB=0.619, RCVD_IN_XBL=3.033, RDNS_NONE=0.1]
    Received: from mail.internaldomain.com ([127.0.0.1])
    by localhost (mail.internaldomain.com [127.0.0.1]) (amavisd-new, port 10024)
    with ESMTP id chCaIfs2IprO for <abc@internaldomain.com>;
    Thu, 22 Apr 2010 11:03:29 +0530 (IST)
    Received: from venus.webhostingmonsters.com (unknown [10.11.27.244])
    by mail.internaldomain.com (Postfix) with SMTP id AB6AE8D4054
    for <abc@internaldomain.com>; Thu, 22 Apr 2010 11:03:28 +0530 (IST)
    Received: from [122.163.231.189] (helo=server)
    by venus.webhostingmonsters.com with smtp (Exim 4.69)
    (envelope-from <user@externaldomain.com>)
    id 1O4p2L-0003tp-2R; Thu, 22 Apr 2010 01:33:17 -0400
    Message-ID: <004b01cae1dd$500d4770$2d01a8c0@server>
    From:<user@externaldomain.com>
    To: "<abc@internaldomain.com>

    References: <009d01cae1dc$c59d5e40$50d81ac0$@in>
    Subject: Re: Taxi booking in Delhi
    Date: Thu, 22 Apr 2010 11:03:15 +0530
    MIME-Version: 1.0
    Content-Type: multipart/alternative;
    boundary="----=_NextPart_000_0046_01CAE20B.681143C0"
    X-Priority: 3
    X-MSMail-Priority: Normal
    X-Mailer: Microsoft Outlook Express 6.00.2900.3598
    X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3350
    X-webhostingmonsters-MailScanner-Information: Please contact the ISP for more information
    X-webhostingmonsters-MailScanner-ID: 1O4p2L-0003tp-2R
    X-webhostingmonsters-MailScanner: Found to be clean
    X-webhostingmonsters-MailScanner-SpamCheck: not spam (whitelisted),
    SpamAssassin (not cached, score=7.291, required 5, BAYES_00 -2.60,
    DEAR_SOMETHING 1.60, DOS_OE_TO_MX 2.75, HTML_MESSAGE 0.00,
    RCVD_IN_PBL 0.91, RCVD_IN_SORBS_DUL 0.88, RCVD_IN_SORBS_WEB 0.62,
    RCVD_IN_XBL 3.03, RDNS_NONE 0.10)
    X-webhostingmonsters-MailScanner-From: user@externaldomain.com
    X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
    X-AntiAbuse: Primary Hostname - venus.webhostingmonsters.com
    X-AntiAbuse: Original Domain - internaldomain.com
    X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
    X-AntiAbuse: Sender Address Domain - externaldomain.com


    ############################################

    I checked RBL scan for 122.163.231.189 and 122.163.255.86 receiver Ips and both are listed black list...on below link ...wht can we do in this case..


    Multi-RBL Check | The Anti-Abuse Project

    I tried to make this mail as non-junk but no luck..this non-junk spam training never worked for me....

    can any one pls suggest..

  2. #2
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,495
    Rep Power
    56

    Default

    Quote Originally Posted by chandu View Post
    I checked RBL scan for 122.163.231.189 and 122.163.255.86 receiver Ips and both are listed black list...on below link ...wht can we do in this case..

    Multi-RBL Check | The Anti-Abuse Project
    The question you have to answer is why do those IPs keep ending up on a blacklist, that's what's causing their problem.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    uxbod's Avatar
    uxbod is offline Moderator
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    24

    Default

    Code:
    Address and Port:	122.163.231.189
    Record Created:	Wed Mar 31 07:20:32 2010 GMT
    Record Updated:	Wed Mar 31 07:25:30 2010 GMT
    Additional Information:	Spam Sending Trojan or Proxy attempted to send mail from/to from=<helenlachino@hotmail.com> to=<info@paticipating.domain> proto=esmtp helo=<abts-north-dynamic-189.231.163.122.airtelbroadband.in>
    I would get them to run a decent AntiVirus scanner across their machines.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. [SOLVED] Fed 11 zcs install with existing apache
    By Lantzvillian in forum Installation
    Replies: 2
    Last Post: 10-05-2009, 11:11 AM
  2. Replies: 20
    Last Post: 03-18-2008, 05:37 AM
  3. Issues...
    By timothyalangorman in forum Administrators
    Replies: 3
    Last Post: 11-19-2007, 10:43 AM
  4. DynDNS and Zimbra
    By afterwego in forum Installation
    Replies: 30
    Last Post: 04-01-2007, 03:34 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •