[opinion on] Well, if the headers prove that the messages are not coming via your mail server, you should be quite justified in requesting that messagelabs unblock you and perhaps whitelist you as being part of the same company.
My perception of messagelabs is not getting any better. [opinion off] -----Original Message----- From: M Bruyere [mailto:[EMAIL PROTECTED] Sent: Thursday, January 17, 2008 8:42 AM To: MS-Exchange Admin Issues Subject: [JUNK] Re: [JUNK] Re: [JUNK] problem with messagelabs Hi, Ninja uses RBLs and is also discarding spams. As for the Messagelabs guys, I hardly see why thay are still doing business with them... They are not willing to help a lot. They were supposed to investigate and create a report of their findings and the result was the 3 spam sample I posted... what an investigation and report. That's why I turned myself to this list to try to get outside thoughts about the situations. On Jan 17, 2008 11:26 AM, Don Andrews <[EMAIL PROTECTED]> wrote: > Don't know anything about Ninja - does it or can it be configured to > reject rather than discard spam? > > Perhaps you need to have your HQ guys get Message Labs to work with > (rather than against) you to help determine what's happening. > > -----Original Message----- > From: M Bruyere [mailto:[EMAIL PROTECTED] > Sent: Thursday, January 17, 2008 8:18 AM > To: MS-Exchange Admin Issues > > Subject: [JUNK] Re: [JUNK] problem with messagelabs > > Hi, > At my site I use Ninja to spam filter. It can't be a station that > is infected because the public IP is dedicated to the mail server > using a static NAT. The workstations are actually using another IP to > hit the internet. > > As for the headers, the only data I had from MessageLabs was the 3 > samples I pasted in the original post. I searched the message-id and > some keywords on my exchange servers but can't find anything so they > are not sent through our server. > > Thanks. > > > > On Jan 17, 2008 11:09 AM, Don Andrews <[EMAIL PROTECTED]> wrote: > > Do you reject spam? Or is it possible that one or more machines at > your > > site are infected? Do the headers indicate that the spam is > definitely > > being sent from your server to HQ? > > > > > > -----Original Message----- > > From: M Bruyere [mailto:[EMAIL PROTECTED] > > Sent: Thursday, January 17, 2008 7:40 AM > > To: MS-Exchange Admin Issues > > Subject: [JUNK] problem with messagelabs > > > > Hi guys, > > I have a problem sending messages to a site (our HQ) that > > is protected by Messagelabs. In fact the problem is that they are > > throttling our connections because they say that we re sending spam. > > They provided the following samples to prove their point. After > > looking at all the configs and all, I can't see how we could be > > sending those. I suspect that the informations are spoofed "a la joe > > job" and that's what affect us. Anyone can give me any inputs on how > > to deal with this because I can't find anything wrong on our system > > and they keep throttling over and over limiting the contacts from our > > site ti the HQ, which is at the very least annoying. > > > > If you have any ideas that could help me to stop this from happening, > > it would be very appreciated. > > > > Please note that the domain name has been changed. You can contact me > > off list if you need/want more specific details. > > > > //Spam sample 1 > > > > Received: from desktop3 ([190.40.182.39]) by mail.MY_DOMAIN.com with > > Microsoft SMTPSVC(6.0.3790.0); > > Mon, 7 Jan 2008 19:42:52 -0500 > > Received: from 60.52.18.165 (HELO localhost.localdomain) > (63.51.17.146) > > by 64.53.15.110 with SMTP; Mon, 7 Jan 2008 19:42:35 +0500 > > Date: Mon, 7 Jan 2008 19:42:35 +0500 > > Message-Id: <[EMAIL PROTECTED]> > > X-Mailer: MIME::Lite 3.01 (F2.72; A1.62; B3.01; Q3.01) > > X-Header-CompanyDBUserName: hpccm > > X-Header-MasterId: 072480 > > X-Header-Versions: [EMAIL PROTECTED] > > X-FID: 51E85DBC-2586-39AF-B9E4-67CDEA83DCB2 > > Content-Type: text/plain; > > charset="us-ascii" > > Content-Transfer-Encoding: 7bit > > To: <[EMAIL PROTECTED]> > > From: "Marvin Casey" <[EMAIL PROTECTED]> > > Subject: Re: Your Mortgage Refiinance > > Return-Path: [EMAIL PROTECTED] > > X-OriginalArrivalTime: 08 Jan 2008 00:42:52.0344 (UTC) > > FILETIME=[66978B80:01C8518F] > > > > Morttggage - lower your rrate! > > > > http://0rz.tw/563qc > > > > > > //Spam sample 2 > > > > Received: from sufi-isis.org ([85.104.221.208]) by mail.MY_DOMAIN.com > > with Microsoft SMTPSVC(6.0.3790.0); > > Sun, 6 Jan 2008 08:34:53 -0500 > > Return-Path: <[EMAIL PROTECTED]> > > Received: from 206.191.20.150 (HELO magmail.travelgolf.com) > > by MY_DOMAIN.com with esmtp (VZSFHPFSL NTVJQ) > > id NzHz8i-bE58PW-p5 > > for [EMAIL PROTECTED]; Sun, 06 Jan 2008 15:34:55 +0200 > > Message-ID: <[EMAIL PROTECTED]> > > From: "Rosalind J. Cody" <[EMAIL PROTECTED]> > > To: "Concetta V. Baez" <[EMAIL PROTECTED]> > > Subject: Get the biggest s'e)x organ in the neighborhood! > > Date: Sun, 06 Jan 2008 15:34:55 +0200 > > MIME-Version: 1.0 > > Content-Type: multipart/alternative; > > boundary="----=_NextPart_5463_15C1_01C85079.AFCF6A50" > > X-Priority: 3 > > X-MSMail-Priority: Normal > > X-Mailer: Microsoft Outlook Express 6.00.2900.2527 > > X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527 > > X-OriginalArrivalTime: 06 Jan 2008 13:34:55.0133 (UTC) > > FILETIME=[EC4CB4D0:01C85068] > > > > This is a multi-part message in MIME format. > > > > ------=_NextPart_5463_15C1_01C85079.AFCF6A50 > > Content-Type: text/plain; > > charset="us-ascii" > > Content-Transfer-Encoding: quoted-printable > > > > potential for monopoly=2E To counter the arguments thatrecalled the > > incid= > > ent=2E "It looks like one of > > > > > > Maximize the volume of your dic'k by New Year! > > > > Great New Year prices for our super-p!ll will be a pleasant surprise > for > > = > > you! > > Don't miss it out! Our offer is definitely worth your keen interest! > > > > Check our amazing prices now! > > http://Effesitables=2Ecom/ > > > > contact some crisis management people," said Davidlisteners in each > > local= > > radio market in America=2E"around 100 passengers when it attempted to > > be= > > rth at aof last year=2E In the West Coast, its 25 percent and > > National Football League=2E I'd like to thank all myhas visited the > > White= > > House in 24 years=2Eshowed even a rate of 100% spam=2E > > ------=_NextPart_5463_15C1_01C85079.AFCF6A50 > > Content-Type: text/html; > > charset="us-ascii" > > Content-Transfer-Encoding: quoted-printable > > > > <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4=2E0 Transitional//EN"> > > <HTML><HEAD> > > <META http-equiv=3DContent-Type content=3D"text/html; > > charset=3Dus-ascii"= > > > > > <META content=3D"MSHTML 6=2E00=2E2900=2E2527" name=3DGENERATOR> > > <STYLE type=3D"text/css"> > > =2Estyle2 {font-size: 10px; color: #8d8d8d;} > > =2Em {font-family: tahoma; font-size: 12; color: #5C9CBC; font-weight: > > bo= > > ld;} > > =2Ez {font-family: tahoma; font-size: 14; color: #cc0000; font-weight: > > bo= > > ld;} > > =2Ei {font-family: tahoma; font-size: 12; color: #626262; font-weight: > > bo= > > ld;} > > =2Ex {font-family: tahoma; font-size: 12;font-weight: > > bold;color:#cc0000}= > > > > body {background-color: #FFFFFF; color: #2B3235; > > </STYLE> > > </HEAD> > > <BODY><span class=3D"style2">=20 > > <br>potential for monopoly=2E To counter the arguments thatrecalled > the > > i= > > ncident=2E "It looks like one of</span>=20 > > <br><br> > > <table> > > <tr> > > <td valign=3D"top"><div > > style=3D"height:89px;width:223px;backgro= > > > und:url(http://www=2Edoctorsmedicalgroup=2Ecom/skins/Skin_6/images/img-d > > m= > > gsbtryitfree=2Egif)"></div></td> > > <td width=3D"15"></td> > > <td valign=3D"top"> > > <span class=3D"z">Maximize the volume of your dic'k by New > > Year!</span><b= > > r><br> > > Great New Year prices for our super-p!ll will be a pleasant surprise > for > > = > > you!<br> > > <b>Don't miss it out! Our offer is definitely worth your keen > > interest!</= > > b> > > <br><a href=3D"http://Effesitables=2Ecom/";><b>Check our amazing prices > > no= > > w!</b></a><br><br> > > > > </td> > > </tr> > > </table><br> > > > > <br><span class=3D"style2">contact some crisis management people," > said > > D= > > avidlisteners in each local radio market in America=2E"around 100 > > passeng= > > ers when it attempted to berth at aof last year=2E In the West Coast, > > its= > > 25 percent and<br>National Football League=2E I'd like to thank all > > myha= > > s visited the White House in 24 years=2Eshowed even a rate of 100% > > spam=2E= > > </span><BR> > > ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ > > <BR> > > ~ http://www.sunbeltsoftware.com/Ninja ~ > > <BR> > > ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ > > <BR> > > ~ http://www.sunbeltsoftware.com/Ninja ~ > > <BR> > ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ > <BR> > ~ http://www.sunbeltsoftware.com/Ninja ~ > <BR> > ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ > <BR> > ~ http://www.sunbeltsoftware.com/Ninja ~ > <BR> ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ <BR> ~ http://www.sunbeltsoftware.com/Ninja ~ <BR> ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ <BR> ~ http://www.sunbeltsoftware.com/Ninja ~ </BODY></HTML> > > > > ------=_NextPart_5463_15C1_01C85079.AFCF6A50-- > > > > > > //Spam Sample 3 > > > > Received: from loboxvnh8zkwfs ([88.207.56.176]) by mail.MY_DOMAIN.com > > with Microsoft SMTPSVC(6.0.3790.0); > > Sun, 6 Jan 2008 08:35:17 -0500 > > From: "Mcbride, Norman" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Date: Sun, 6 Jan 2008 14:35:00 -0100 > > Subject: Hot off the press. > > MIME-Version: 1.0 > > Content-Type: text/plain > > Content-Transfer-Encoding: 7bit > > Return-Path: [EMAIL PROTECTED] > > Message-ID: <[EMAIL PROTECTED]> > > X-OriginalArrivalTime: 06 Jan 2008 13:35:17.0617 (UTC) > > FILETIME=[F9B37E10:01C85068] > > > > Looking for a company with some good news? Here's one! > > > > GCME has more News that came. > > Looks like G C M E is not willing to miss a beat! > > > > SYMBOL: GCME > > CURRENT PRICE: $0.11 > > Short-Term : $.60-$1.00 > > > > Last Time We Issued A Alert We SAw 200-300% Gains in 1 Day. > > Please let me know if you ahve any questions regarding this. > > > > > > > > Thanks! > > > > > > > > > > > > > > >
