Hi, Ninja uses RBLs and is also discarding spams. As for the Messagelabs guys, I hardly see why thay are still doing business with them... They are not willing to help a lot. They were supposed to investigate and create a report of their findings and the result was the 3 spam sample I posted... what an investigation and report. That's why I turned myself to this list to try to get outside thoughts about the situations.
On Jan 17, 2008 11:26 AM, Don Andrews <[EMAIL PROTECTED]> wrote: > Don't know anything about Ninja - does it or can it be configured to > reject rather than discard spam? > > Perhaps you need to have your HQ guys get Message Labs to work with > (rather than against) you to help determine what's happening. > > -----Original Message----- > From: M Bruyere [mailto:[EMAIL PROTECTED] > Sent: Thursday, January 17, 2008 8:18 AM > To: MS-Exchange Admin Issues > > Subject: [JUNK] Re: [JUNK] problem with messagelabs > > Hi, > At my site I use Ninja to spam filter. It can't be a station that > is infected because the public IP is dedicated to the mail server > using a static NAT. The workstations are actually using another IP to > hit the internet. > > As for the headers, the only data I had from MessageLabs was the 3 > samples I pasted in the original post. I searched the message-id and > some keywords on my exchange servers but can't find anything so they > are not sent through our server. > > Thanks. > > > > On Jan 17, 2008 11:09 AM, Don Andrews <[EMAIL PROTECTED]> wrote: > > Do you reject spam? Or is it possible that one or more machines at > your > > site are infected? Do the headers indicate that the spam is > definitely > > being sent from your server to HQ? > > > > > > -----Original Message----- > > From: M Bruyere [mailto:[EMAIL PROTECTED] > > Sent: Thursday, January 17, 2008 7:40 AM > > To: MS-Exchange Admin Issues > > Subject: [JUNK] problem with messagelabs > > > > Hi guys, > > I have a problem sending messages to a site (our HQ) that > > is protected by Messagelabs. In fact the problem is that they are > > throttling our connections because they say that we re sending spam. > > They provided the following samples to prove their point. After > > looking at all the configs and all, I can't see how we could be > > sending those. I suspect that the informations are spoofed "a la joe > > job" and that's what affect us. Anyone can give me any inputs on how > > to deal with this because I can't find anything wrong on our system > > and they keep throttling over and over limiting the contacts from our > > site ti the HQ, which is at the very least annoying. > > > > If you have any ideas that could help me to stop this from happening, > > it would be very appreciated. > > > > Please note that the domain name has been changed. You can contact me > > off list if you need/want more specific details. > > > > //Spam sample 1 > > > > Received: from desktop3 ([190.40.182.39]) by mail.MY_DOMAIN.com with > > Microsoft SMTPSVC(6.0.3790.0); > > Mon, 7 Jan 2008 19:42:52 -0500 > > Received: from 60.52.18.165 (HELO localhost.localdomain) > (63.51.17.146) > > by 64.53.15.110 with SMTP; Mon, 7 Jan 2008 19:42:35 +0500 > > Date: Mon, 7 Jan 2008 19:42:35 +0500 > > Message-Id: <[EMAIL PROTECTED]> > > X-Mailer: MIME::Lite 3.01 (F2.72; A1.62; B3.01; Q3.01) > > X-Header-CompanyDBUserName: hpccm > > X-Header-MasterId: 072480 > > X-Header-Versions: [EMAIL PROTECTED] > > X-FID: 51E85DBC-2586-39AF-B9E4-67CDEA83DCB2 > > Content-Type: text/plain; > > charset="us-ascii" > > Content-Transfer-Encoding: 7bit > > To: <[EMAIL PROTECTED]> > > From: "Marvin Casey" <[EMAIL PROTECTED]> > > Subject: Re: Your Mortgage Refiinance > > Return-Path: [EMAIL PROTECTED] > > X-OriginalArrivalTime: 08 Jan 2008 00:42:52.0344 (UTC) > > FILETIME=[66978B80:01C8518F] > > > > Morttggage - lower your rrate! > > > > http://0rz.tw/563qc > > > > > > //Spam sample 2 > > > > Received: from sufi-isis.org ([85.104.221.208]) by mail.MY_DOMAIN.com > > with Microsoft SMTPSVC(6.0.3790.0); > > Sun, 6 Jan 2008 08:34:53 -0500 > > Return-Path: <[EMAIL PROTECTED]> > > Received: from 206.191.20.150 (HELO magmail.travelgolf.com) > > by MY_DOMAIN.com with esmtp (VZSFHPFSL NTVJQ) > > id NzHz8i-bE58PW-p5 > > for [EMAIL PROTECTED]; Sun, 06 Jan 2008 15:34:55 +0200 > > Message-ID: <[EMAIL PROTECTED]> > > From: "Rosalind J. Cody" <[EMAIL PROTECTED]> > > To: "Concetta V. Baez" <[EMAIL PROTECTED]> > > Subject: Get the biggest s'e)x organ in the neighborhood! > > Date: Sun, 06 Jan 2008 15:34:55 +0200 > > MIME-Version: 1.0 > > Content-Type: multipart/alternative; > > boundary="----=_NextPart_5463_15C1_01C85079.AFCF6A50" > > X-Priority: 3 > > X-MSMail-Priority: Normal > > X-Mailer: Microsoft Outlook Express 6.00.2900.2527 > > X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527 > > X-OriginalArrivalTime: 06 Jan 2008 13:34:55.0133 (UTC) > > FILETIME=[EC4CB4D0:01C85068] > > > > This is a multi-part message in MIME format. > > > > ------=_NextPart_5463_15C1_01C85079.AFCF6A50 > > Content-Type: text/plain; > > charset="us-ascii" > > Content-Transfer-Encoding: quoted-printable > > > > potential for monopoly=2E To counter the arguments thatrecalled the > > incid= > > ent=2E "It looks like one of > > > > > > Maximize the volume of your dic'k by New Year! > > > > Great New Year prices for our super-p!ll will be a pleasant surprise > for > > = > > you! > > Don't miss it out! Our offer is definitely worth your keen interest! > > > > Check our amazing prices now! > > http://Effesitables=2Ecom/ > > > > contact some crisis management people," said Davidlisteners in each > > local= > > radio market in America=2E"around 100 passengers when it attempted to > > be= > > rth at aof last year=2E In the West Coast, its 25 percent and > > National Football League=2E I'd like to thank all myhas visited the > > White= > > House in 24 years=2Eshowed even a rate of 100% spam=2E > > ------=_NextPart_5463_15C1_01C85079.AFCF6A50 > > Content-Type: text/html; > > charset="us-ascii" > > Content-Transfer-Encoding: quoted-printable > > > > <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4=2E0 Transitional//EN"> > > <HTML><HEAD> > > <META http-equiv=3DContent-Type content=3D"text/html; > > charset=3Dus-ascii"= > > > > > <META content=3D"MSHTML 6=2E00=2E2900=2E2527" name=3DGENERATOR> > > <STYLE type=3D"text/css"> > > =2Estyle2 {font-size: 10px; color: #8d8d8d;} > > =2Em {font-family: tahoma; font-size: 12; color: #5C9CBC; font-weight: > > bo= > > ld;} > > =2Ez {font-family: tahoma; font-size: 14; color: #cc0000; font-weight: > > bo= > > ld;} > > =2Ei {font-family: tahoma; font-size: 12; color: #626262; font-weight: > > bo= > > ld;} > > =2Ex {font-family: tahoma; font-size: 12;font-weight: > > bold;color:#cc0000}= > > > > body {background-color: #FFFFFF; color: #2B3235; > > </STYLE> > > </HEAD> > > <BODY><span class=3D"style2">=20 > > <br>potential for monopoly=2E To counter the arguments thatrecalled > the > > i= > > ncident=2E "It looks like one of</span>=20 > > <br><br> > > <table> > > <tr> > > <td valign=3D"top"><div > > style=3D"height:89px;width:223px;backgro= > > > und:url(http://www=2Edoctorsmedicalgroup=2Ecom/skins/Skin_6/images/img-d > > m= > > gsbtryitfree=2Egif)"></div></td> > > <td width=3D"15"></td> > > <td valign=3D"top"> > > <span class=3D"z">Maximize the volume of your dic'k by New > > Year!</span><b= > > r><br> > > Great New Year prices for our super-p!ll will be a pleasant surprise > for > > = > > you!<br> > > <b>Don't miss it out! Our offer is definitely worth your keen > > interest!</= > > b> > > <br><a href=3D"http://Effesitables=2Ecom/"><b>Check our amazing prices > > no= > > w!</b></a><br><br> > > > > </td> > > </tr> > > </table><br> > > > > <br><span class=3D"style2">contact some crisis management people," > said > > D= > > avidlisteners in each local radio market in America=2E"around 100 > > passeng= > > ers when it attempted to berth at aof last year=2E In the West Coast, > > its= > > 25 percent and<br>National Football League=2E I'd like to thank all > > myha= > > s visited the White House in 24 years=2Eshowed even a rate of 100% > > spam=2E= > > </span><BR> > > ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ > > <BR> > > ~ http://www.sunbeltsoftware.com/Ninja ~ > > <BR> > > ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ > > <BR> > > ~ http://www.sunbeltsoftware.com/Ninja ~ > > <BR> > ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ > <BR> > ~ http://www.sunbeltsoftware.com/Ninja ~ > <BR> > ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ > <BR> > ~ http://www.sunbeltsoftware.com/Ninja ~ > <BR> ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ <BR> ~ http://www.sunbeltsoftware.com/Ninja ~ </BODY></HTML> > > > > ------=_NextPart_5463_15C1_01C85079.AFCF6A50-- > > > > > > //Spam Sample 3 > > > > Received: from loboxvnh8zkwfs ([88.207.56.176]) by mail.MY_DOMAIN.com > > with Microsoft SMTPSVC(6.0.3790.0); > > Sun, 6 Jan 2008 08:35:17 -0500 > > From: "Mcbride, Norman" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Date: Sun, 6 Jan 2008 14:35:00 -0100 > > Subject: Hot off the press. > > MIME-Version: 1.0 > > Content-Type: text/plain > > Content-Transfer-Encoding: 7bit > > Return-Path: [EMAIL PROTECTED] > > Message-ID: <[EMAIL PROTECTED]> > > X-OriginalArrivalTime: 06 Jan 2008 13:35:17.0617 (UTC) > > FILETIME=[F9B37E10:01C85068] > > > > Looking for a company with some good news? Here's one! > > > > GCME has more News that came. > > Looks like G C M E is not willing to miss a beat! > > > > SYMBOL: GCME > > CURRENT PRICE: $0.11 > > Short-Term : $.60-$1.00 > > > > Last Time We Issued A Alert We SAw 200-300% Gains in 1 Day. > > Please let me know if you ahve any questions regarding this. > > > > > > > > Thanks! > > > > > > > > > > > > > > >