I misread your first response and got off on the wrong track by thinking you had said the message-id header WAS inserted by the mail client. In re-reading you clearly said it was done by iMail. OK, I know what to do now.
At 10:47 PM 2/23/2006, Matt wrote:
Outlook does not add a Message-ID header. The difference between these two messages is that the first is one that is using your server as it's SMTP server and you are scanning the message as it came directly from the E-mail client, while the second example is one that passed through another server before coming to yours. IMail, like most every E-mail server, adds a Message-ID header when one isn't already there. Declude detects Message-ID headers inserted by your own IMail box (Message-Id: <[EMAIL PROTECTED]> in the first example), and treats the message as if it didn't have one since it didn't actually have one when it was received, and this is what triggers SPAMHEADERS for this message. The second example had a Message-ID header before it hit your server. That header was inserted by Charter's server.--- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
There is a lesser known solution to this that you definitely should add if you are going to stay on IMail 7.07. You can add "LOOSENSPAMHEADERS ON" to your Global.cfg to disable the Message-ID test in SPAMHEADERS. I use this even though I don't have the same issue because I get a lot more false positives on SPAMHEADERS when it checks for the Message-ID. If you use this alternative switch, you will still get other hits such as CMDSPACE and BADHEADERS on some of the same E-mail clients. It appears that you aren't using CMDSPACE though because that test would hit every directly connecting Outlook client unless it was whitelisted. CMDSPACE is a great test, especially in combination with other tests that target zombie spam (XBL/CBL, SpamCop, open relay tests, and to some extent Sniffer).
The best solution is to upgrade to IMail 8.x or higher and add a setting to your Global.cfg for "WHITELIST AUTH". This will whitelist all authenticated E-mail, which I assume included the first example that you provided. This also saves processing power since WHITELIST AUTH disables most tests in JunkMail.
Matt
Orin Wells wrote:
Clearly I am missing something here. I am still wrestling with the SPAMHEADERS issue but with a different sender. This time the sender is using Microsoft Office Outlook. It appears messages coming from this sender do not have the Message-ID header. But when I look at other messages sent by others using the same build of this application sometimes they DO have the Message-ID. What is happening here? Is there anyway that this sender can "fix" this problem?
Here is a header set from the chap who is "failing"
X-Persona: <Awasco>
Received: from steve2 [216.254.57.135] by consejo-wa.org with ESMTP
(SMTPD32-7.07) id A9111EEB010C; Thu, 23 Feb 2006 14:37:05 -0800
Reply-To: <[EMAIL PROTECTED]>
From: "Steve Chupik" <[EMAIL PROTECTED]>
To: "'Orin Wells'" <[EMAIL PROTECTED]>
Subject: RE: e-mail
Date: Thu, 23 Feb 2006 14:36:49 -0800
Organization: Consejo Counseling
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_03BE_01C63886.9616AF40"
X-Mailer: Microsoft Office Outlook, Build 11.0.5510
Thread-Index: AcYzhon3oAG4QKXrR/aQjfBQ4RaA6gFQvMdQ
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1506
In-Reply-To: <[EMAIL PROTECTED]>
Message-Id: <[EMAIL PROTECTED]>
X-RBL-Warning: SPAMHEADERS: This E-mail has headers consistent with spam [4000021e].
X-Declude-Sender: [EMAIL PROTECTED] [216.254.57.135]
X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam.
X-Spam-Tests-Failed: SPAMHEADERS
X-RCPT-TO: <[EMAIL PROTECTED]>
Status: U
X-UIDL: 375162615
Here is a message from another chap using exactly the same build of MS Office Outlook - no problem.
X-Persona: <Awasco>
Received: from mxsf16.cluster1.charter.net [209.225.28.216] by awasco.com with ESMTP
(SMTPD32-7.07) id A0DE7401B8; Mon, 26 Jul 2004 08:18:54 -0700
Received: from mxip10.cluster1.charter.net (mxip10a.cluster1.charter.net [209.225.28.140])
by mxsf16.cluster1.charter.net (8.12.11/8.12.11) with ESMTP id i6QF6YR0023700
for <[EMAIL PROTECTED]>; Mon, 26 Jul 2004 11:06:34 -0400
Received: from 44ba00138.kfalls.or.charter.com (HELO SCOTTSGATEWAY) (68.186.0.138)
by mxip10.cluster1.charter.net with ESMTP; 26 Jul 2004 11:06:32 -0400
Message-Id: <[EMAIL PROTECTED]>
X-Ironport-AV: i="3.83,88,1089000000";
d="scan'208?jpg'208,145?dat'208,145,59"; a="140519816:sNHT19421620"
Reply-To: <[EMAIL PROTECTED]>
From: "Scott Lochard" <[EMAIL PROTECTED]>
To: "Orin Wells" <[EMAIL PROTECTED]>
Subject:
Date: Mon, 26 Jul 2004 08:06:30 -0700
Organization: LifeorDeathLeadership
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_0060_01C472E7.76D7EA10"
X-Mailer: Microsoft Office Outlook, Build 11.0.5510
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409
X-MS-TNEF-Correlator: 00000000E4E4AE15AD8AD544BD6C22CBC36DF311E4922700
Thread-Index: AcRzIeZrtdYsyWeMTb6K4XIb1GNwxA==
X-Declude-Sender: [EMAIL PROTECTED] [209.225.28.216]
X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam.
X-Spam-Tests-Failed: IPNOTINMX, CATCHALLMAILS
X-Declude-Date: 07/26/2004 15:06:30 [12]
X-RCPT-TO: <[EMAIL PROTECTED]>
Status: U
X-UIDL: 375108670
Is it the ISP service that inserts (or should) the message-ID or is it Outlook? It does not make sense it would be the ISP service because it really shouldn't even know you are sending an email. So if it is the email client application (Microsoft Office Outlook) why does one incarnation insert the message header and the other not?
I am not convinced that it is necessarily the message-id because I found a message from Barry Simpson using an even later version of Microsoft Office Outlook where the message-id appears in the same manner and no flag is generated. Now I am really confused. Is it something else causing this failure?
X-Persona: <Awasco>
Received: from declude.com [63.246.13.90] by awasco.com with ESMTP
(SMTPD32-7.07) id A421B009E; Thu, 02 Dec 2004 07:26:25 -0800
Received: from Bart [68.162.218.198] by declude.com with ESMTP
(SMTPD32-8.05) id AB311FD40074; Thu, 02 Dec 2004 08:40:01 -0500
Reply-To: <[EMAIL PROTECTED]>
From: "Barry Simpson" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Subject: Important Declude Update
Date: Thu, 2 Dec 2004 08:43:34 -0500
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0034_01C4D84B.02BCA200"
X-Mailer: Microsoft Office Outlook, Build 11.0.6353
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
Thread-Index: AcTYdOsB2FXQiyGFTg2powYSHhcaCQ==
Message-Id: <[EMAIL PROTECTED]>
X-ML1: NzI5
X-ML2: VGh1LCAyIERlYyAyMDA0IDA4OjQzOjM0IC0wNTAw
X-ML3: QY969WtqWWSEQlARpEoFHITI4imZ2xl74aRUjTv/smaG5axEQub2RD+vbSwB4HRHiUzm78WolzKZy7Tdee3Fig==
X-Note: This E-mail was scanned for viruses by Declude Virus (www.declude.com )
X-NRecips: 1
X-Reverse-IP: static-68-162-218-198.bos.east.verizon.net
X-Weight: 0 (Whitelisted)
X-Country-Chain: UNITED STATES->destination.
X-Declude-Sender: [EMAIL PROTECTED] [68.162.218.198]
X-Declude-Spoolname: D1b311fd40074adf7.SMD
Precedence: bulk
Sender: [EMAIL PROTECTED]
X-Declude-Sender: [EMAIL PROTECTED] [63.246.13.90]
X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam.
X-Spam-Tests-Failed: CATCHALLMAILS
X-Declude-Date: 12/02/2004 13:43:34 [102]
X-RCPT-TO: <[EMAIL PROTECTED]>
Status: U
X-UIDL: 375122650
--- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
