Hi,
Ninja uses RBLs and is also discarding spams. As for the
Messagelabs guys, I hardly see why thay are still doing business with
them... They are not willing to help a lot. They were supposed to
investigate and create a report of their findings and the result was
the 3 spam sample I posted... what an investigation and report.
That's why I turned myself to this list to try to get outside thoughts
about the situations.
On Jan 17, 2008 11:26 AM, Don Andrews <[EMAIL PROTECTED]> wrote:
> Don't know anything about Ninja - does it or can it be configured to
> reject rather than discard spam?
>
> Perhaps you need to have your HQ guys get Message Labs to work with
> (rather than against) you to help determine what's happening.
>
> -----Original Message-----
> From: M Bruyere [mailto:[EMAIL PROTECTED]
> Sent: Thursday, January 17, 2008 8:18 AM
> To: MS-Exchange Admin Issues
>
> Subject: [JUNK] Re: [JUNK] problem with messagelabs
>
> Hi,
> At my site I use Ninja to spam filter. It can't be a station that
> is infected because the public IP is dedicated to the mail server
> using a static NAT. The workstations are actually using another IP to
> hit the internet.
>
> As for the headers, the only data I had from MessageLabs was the 3
> samples I pasted in the original post. I searched the message-id and
> some keywords on my exchange servers but can't find anything so they
> are not sent through our server.
>
> Thanks.
>
>
>
> On Jan 17, 2008 11:09 AM, Don Andrews <[EMAIL PROTECTED]> wrote:
> > Do you reject spam? Or is it possible that one or more machines at
> your
> > site are infected? Do the headers indicate that the spam is
> definitely
> > being sent from your server to HQ?
> >
> >
> > -----Original Message-----
> > From: M Bruyere [mailto:[EMAIL PROTECTED]
> > Sent: Thursday, January 17, 2008 7:40 AM
> > To: MS-Exchange Admin Issues
> > Subject: [JUNK] problem with messagelabs
> >
> > Hi guys,
> > I have a problem sending messages to a site (our HQ) that
> > is protected by Messagelabs. In fact the problem is that they are
> > throttling our connections because they say that we re sending spam.
> > They provided the following samples to prove their point. After
> > looking at all the configs and all, I can't see how we could be
> > sending those. I suspect that the informations are spoofed "a la joe
> > job" and that's what affect us. Anyone can give me any inputs on how
> > to deal with this because I can't find anything wrong on our system
> > and they keep throttling over and over limiting the contacts from our
> > site ti the HQ, which is at the very least annoying.
> >
> > If you have any ideas that could help me to stop this from happening,
> > it would be very appreciated.
> >
> > Please note that the domain name has been changed. You can contact me
> > off list if you need/want more specific details.
> >
> > //Spam sample 1
> >
> > Received: from desktop3 ([190.40.182.39]) by mail.MY_DOMAIN.com with
> > Microsoft SMTPSVC(6.0.3790.0);
> > Mon, 7 Jan 2008 19:42:52 -0500
> > Received: from 60.52.18.165 (HELO localhost.localdomain)
> (63.51.17.146)
> > by 64.53.15.110 with SMTP; Mon, 7 Jan 2008 19:42:35 +0500
> > Date: Mon, 7 Jan 2008 19:42:35 +0500
> > Message-Id: <[EMAIL PROTECTED]>
> > X-Mailer: MIME::Lite 3.01 (F2.72; A1.62; B3.01; Q3.01)
> > X-Header-CompanyDBUserName: hpccm
> > X-Header-MasterId: 072480
> > X-Header-Versions: [EMAIL PROTECTED]
> > X-FID: 51E85DBC-2586-39AF-B9E4-67CDEA83DCB2
> > Content-Type: text/plain;
> > charset="us-ascii"
> > Content-Transfer-Encoding: 7bit
> > To: <[EMAIL PROTECTED]>
> > From: "Marvin Casey" <[EMAIL PROTECTED]>
> > Subject: Re: Your Mortgage Refiinance
> > Return-Path: [EMAIL PROTECTED]
> > X-OriginalArrivalTime: 08 Jan 2008 00:42:52.0344 (UTC)
> > FILETIME=[66978B80:01C8518F]
> >
> > Morttggage - lower your rrate!
> >
> > http://0rz.tw/563qc
> >
> >
> > //Spam sample 2
> >
> > Received: from sufi-isis.org ([85.104.221.208]) by mail.MY_DOMAIN.com
> > with Microsoft SMTPSVC(6.0.3790.0);
> > Sun, 6 Jan 2008 08:34:53 -0500
> > Return-Path: <[EMAIL PROTECTED]>
> > Received: from 206.191.20.150 (HELO magmail.travelgolf.com)
> > by MY_DOMAIN.com with esmtp (VZSFHPFSL NTVJQ)
> > id NzHz8i-bE58PW-p5
> > for [EMAIL PROTECTED]; Sun, 06 Jan 2008 15:34:55 +0200
> > Message-ID: <[EMAIL PROTECTED]>
> > From: "Rosalind J. Cody" <[EMAIL PROTECTED]>
> > To: "Concetta V. Baez" <[EMAIL PROTECTED]>
> > Subject: Get the biggest s'e)x organ in the neighborhood!
> > Date: Sun, 06 Jan 2008 15:34:55 +0200
> > MIME-Version: 1.0
> > Content-Type: multipart/alternative;
> > boundary="----=_NextPart_5463_15C1_01C85079.AFCF6A50"
> > X-Priority: 3
> > X-MSMail-Priority: Normal
> > X-Mailer: Microsoft Outlook Express 6.00.2900.2527
> > X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527
> > X-OriginalArrivalTime: 06 Jan 2008 13:34:55.0133 (UTC)
> > FILETIME=[EC4CB4D0:01C85068]
> >
> > This is a multi-part message in MIME format.
> >
> > ------=_NextPart_5463_15C1_01C85079.AFCF6A50
> > Content-Type: text/plain;
> > charset="us-ascii"
> > Content-Transfer-Encoding: quoted-printable
> >
> > potential for monopoly=2E To counter the arguments thatrecalled the
> > incid=
> > ent=2E "It looks like one of
> >
> >
> > Maximize the volume of your dic'k by New Year!
> >
> > Great New Year prices for our super-p!ll will be a pleasant surprise
> for
> > =
> > you!
> > Don't miss it out! Our offer is definitely worth your keen interest!
> >
> > Check our amazing prices now!
> > http://Effesitables=2Ecom/
> >
> > contact some crisis management people," said Davidlisteners in each
> > local=
> > radio market in America=2E"around 100 passengers when it attempted to
> > be=
> > rth at aof last year=2E In the West Coast, its 25 percent and
> > National Football League=2E I'd like to thank all myhas visited the
> > White=
> > House in 24 years=2Eshowed even a rate of 100% spam=2E
> > ------=_NextPart_5463_15C1_01C85079.AFCF6A50
> > Content-Type: text/html;
> > charset="us-ascii"
> > Content-Transfer-Encoding: quoted-printable
> >
> > <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4=2E0 Transitional//EN">
> > <HTML><HEAD>
> > <META http-equiv=3DContent-Type content=3D"text/html;
> > charset=3Dus-ascii"=
> > >
> > <META content=3D"MSHTML 6=2E00=2E2900=2E2527" name=3DGENERATOR>
> > <STYLE type=3D"text/css">
> > =2Estyle2 {font-size: 10px; color: #8d8d8d;}
> > =2Em {font-family: tahoma; font-size: 12; color: #5C9CBC; font-weight:
> > bo=
> > ld;}
> > =2Ez {font-family: tahoma; font-size: 14; color: #cc0000; font-weight:
> > bo=
> > ld;}
> > =2Ei {font-family: tahoma; font-size: 12; color: #626262; font-weight:
> > bo=
> > ld;}
> > =2Ex {font-family: tahoma; font-size: 12;font-weight:
> > bold;color:#cc0000}=
> >
> > body {background-color: #FFFFFF; color: #2B3235;
> > </STYLE>
> > </HEAD>
> > <BODY><span class=3D"style2">=20
> > <br>potential for monopoly=2E To counter the arguments thatrecalled
> the
> > i=
> > ncident=2E "It looks like one of</span>=20
> > <br><br>
> > <table>
> > <tr>
> > <td valign=3D"top"><div
> > style=3D"height:89px;width:223px;backgro=
> >
> und:url(http://www=2Edoctorsmedicalgroup=2Ecom/skins/Skin_6/images/img-d
> > m=
> > gsbtryitfree=2Egif)"></div></td>
> > <td width=3D"15"></td>
> > <td valign=3D"top">
> > <span class=3D"z">Maximize the volume of your dic'k by New
> > Year!</span><b=
> > r><br>
> > Great New Year prices for our super-p!ll will be a pleasant surprise
> for
> > =
> > you!<br>
> > <b>Don't miss it out! Our offer is definitely worth your keen
> > interest!</=
> > b>
> > <br><a href=3D"http://Effesitables=2Ecom/";><b>Check our amazing prices
> > no=
> > w!</b></a><br><br>
> >
> > </td>
> > </tr>
> > </table><br>
> >
> > <br><span class=3D"style2">contact some crisis management people,"
> said
> > D=
> > avidlisteners in each local radio market in America=2E"around 100
> > passeng=
> > ers when it attempted to berth at aof last year=2E In the West Coast,
> > its=
> > 25 percent and<br>National Football League=2E I'd like to thank all
> > myha=
> > s visited the White House in 24 years=2Eshowed even a rate of 100%
> > spam=2E=
> > </span><BR>
> > ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~
> > <BR>
> > ~ http://www.sunbeltsoftware.com/Ninja ~
> > <BR>
> > ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~
> > <BR>
> > ~ http://www.sunbeltsoftware.com/Ninja ~
> > <BR>
> ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~
> <BR>
> ~ http://www.sunbeltsoftware.com/Ninja ~
> <BR>
> ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~
> <BR>
> ~ http://www.sunbeltsoftware.com/Ninja ~
> <BR>
~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~
<BR>
~ http://www.sunbeltsoftware.com/Ninja ~
</BODY></HTML>
> >
> > ------=_NextPart_5463_15C1_01C85079.AFCF6A50--
> >
> >
> > //Spam Sample 3
> >
> > Received: from loboxvnh8zkwfs ([88.207.56.176]) by mail.MY_DOMAIN.com
> > with Microsoft SMTPSVC(6.0.3790.0);
> > Sun, 6 Jan 2008 08:35:17 -0500
> > From: "Mcbride, Norman" <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>
> > Date: Sun, 6 Jan 2008 14:35:00 -0100
> > Subject: Hot off the press.
> > MIME-Version: 1.0
> > Content-Type: text/plain
> > Content-Transfer-Encoding: 7bit
> > Return-Path: [EMAIL PROTECTED]
> > Message-ID: <[EMAIL PROTECTED]>
> > X-OriginalArrivalTime: 06 Jan 2008 13:35:17.0617 (UTC)
> > FILETIME=[F9B37E10:01C85068]
> >
> > Looking for a company with some good news? Here's one!
> >
> > GCME has more News that came.
> > Looks like G C M E is not willing to miss a beat!
> >
> > SYMBOL: GCME
> > CURRENT PRICE: $0.11
> > Short-Term : $.60-$1.00
> >
> > Last Time We Issued A Alert We SAw 200-300% Gains in 1 Day.
> > Please let me know if you ahve any questions regarding this.
> >
> >
> >
> > Thanks!
> >
> >
> >
> >
> >
>
>
>
>
>
