We had a similar issue with Message labs once. A discussion involving our IP Addresses as shown in DNS and the source IP Addresses did result in us being unblocked. We are a moderately large company and though polite, I was obviously irritated. Not sure if that helped or hindered.
Steven On Jan 17, 2008 8:46 AM, Don Andrews <[EMAIL PROTECTED]> wrote: > [opinion on] > Well, if the headers prove that the messages are not coming via your > mail server, you should be quite justified in requesting that > messagelabs unblock you and perhaps whitelist you as being part of the > same company. > > My perception of messagelabs is not getting any better. > [opinion off] > > -----Original Message----- > From: M Bruyere [mailto:[EMAIL PROTECTED] > Sent: Thursday, January 17, 2008 8:42 AM > To: MS-Exchange Admin Issues > > Subject: [JUNK] Re: [JUNK] Re: [JUNK] problem with messagelabs > > Hi, > Ninja uses RBLs and is also discarding spams. As for the > Messagelabs guys, I hardly see why thay are still doing business with > them... They are not willing to help a lot. They were supposed to > investigate and create a report of their findings and the result was > the 3 spam sample I posted... what an investigation and report. > That's why I turned myself to this list to try to get outside thoughts > about the situations. > > > On Jan 17, 2008 11:26 AM, Don Andrews <[EMAIL PROTECTED]> wrote: > > Don't know anything about Ninja - does it or can it be configured to > > reject rather than discard spam? > > > > Perhaps you need to have your HQ guys get Message Labs to work with > > (rather than against) you to help determine what's happening. > > > > -----Original Message----- > > From: M Bruyere [mailto:[EMAIL PROTECTED] > > Sent: Thursday, January 17, 2008 8:18 AM > > To: MS-Exchange Admin Issues > > > > Subject: [JUNK] Re: [JUNK] problem with messagelabs > > > > Hi, > > At my site I use Ninja to spam filter. It can't be a station that > > is infected because the public IP is dedicated to the mail server > > using a static NAT. The workstations are actually using another IP to > > hit the internet. > > > > As for the headers, the only data I had from MessageLabs was the 3 > > samples I pasted in the original post. I searched the message-id and > > some keywords on my exchange servers but can't find anything so they > > are not sent through our server. > > > > Thanks. > > > > > > > > On Jan 17, 2008 11:09 AM, Don Andrews <[EMAIL PROTECTED]> wrote: > > > Do you reject spam? Or is it possible that one or more machines at > > your > > > site are infected? Do the headers indicate that the spam is > > definitely > > > being sent from your server to HQ? > > > > > > > > > -----Original Message----- > > > From: M Bruyere [mailto:[EMAIL PROTECTED] > > > Sent: Thursday, January 17, 2008 7:40 AM > > > To: MS-Exchange Admin Issues > > > Subject: [JUNK] problem with messagelabs > > > > > > Hi guys, > > > I have a problem sending messages to a site (our HQ) that > > > is protected by Messagelabs. In fact the problem is that they are > > > throttling our connections because they say that we re sending spam. > > > They provided the following samples to prove their point. After > > > looking at all the configs and all, I can't see how we could be > > > sending those. I suspect that the informations are spoofed "a la joe > > > job" and that's what affect us. Anyone can give me any inputs on how > > > to deal with this because I can't find anything wrong on our system > > > and they keep throttling over and over limiting the contacts from > our > > > site ti the HQ, which is at the very least annoying. > > > > > > If you have any ideas that could help me to stop this from > happening, > > > it would be very appreciated. > > > > > > Please note that the domain name has been changed. You can contact > me > > > off list if you need/want more specific details. > > > > > > //Spam sample 1 > > > > > > Received: from desktop3 ([190.40.182.39]) by mail.MY_DOMAIN.com with > > > Microsoft SMTPSVC(6.0.3790.0); > > > Mon, 7 Jan 2008 19:42:52 -0500 > > > Received: from 60.52.18.165 (HELO localhost.localdomain) > > (63.51.17.146) > > > by 64.53.15.110 with SMTP; Mon, 7 Jan 2008 19:42:35 +0500 > > > Date: Mon, 7 Jan 2008 19:42:35 +0500 > > > Message-Id: <[EMAIL PROTECTED]> > > > X-Mailer: MIME::Lite 3.01 (F2.72; A1.62; B3.01; Q3.01) > > > X-Header-CompanyDBUserName: hpccm > > > X-Header-MasterId: 072480 > > > X-Header-Versions: [EMAIL PROTECTED] > > > X-FID: 51E85DBC-2586-39AF-B9E4-67CDEA83DCB2 > > > Content-Type: text/plain; > > > charset="us-ascii" > > > Content-Transfer-Encoding: 7bit > > > To: <[EMAIL PROTECTED]> > > > From: "Marvin Casey" <[EMAIL PROTECTED]> > > > Subject: Re: Your Mortgage Refiinance > > > Return-Path: [EMAIL PROTECTED] > > > X-OriginalArrivalTime: 08 Jan 2008 00:42:52.0344 (UTC) > > > FILETIME=[66978B80:01C8518F] > > > > > > Morttggage - lower your rrate! > > > > > > http://0rz.tw/563qc > > > > > > > > > //Spam sample 2 > > > > > > Received: from sufi-isis.org ([85.104.221.208]) by > mail.MY_DOMAIN.com > > > with Microsoft SMTPSVC(6.0.3790.0); > > > Sun, 6 Jan 2008 08:34:53 -0500 > > > Return-Path: <[EMAIL PROTECTED]> > > > Received: from 206.191.20.150 (HELO magmail.travelgolf.com) > > > by MY_DOMAIN.com with esmtp (VZSFHPFSL NTVJQ) > > > id NzHz8i-bE58PW-p5 > > > for [EMAIL PROTECTED]; Sun, 06 Jan 2008 15:34:55 > +0200 > > > Message-ID: <[EMAIL PROTECTED]> > > > From: "Rosalind J. Cody" <[EMAIL PROTECTED]> > > > To: "Concetta V. Baez" <[EMAIL PROTECTED]> > > > Subject: Get the biggest s'e)x organ in the neighborhood! > > > Date: Sun, 06 Jan 2008 15:34:55 +0200 > > > MIME-Version: 1.0 > > > Content-Type: multipart/alternative; > > > boundary="----=_NextPart_5463_15C1_01C85079.AFCF6A50" > > > X-Priority: 3 > > > X-MSMail-Priority: Normal > > > X-Mailer: Microsoft Outlook Express 6.00.2900.2527 > > > X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527 > > > X-OriginalArrivalTime: 06 Jan 2008 13:34:55.0133 (UTC) > > > FILETIME=[EC4CB4D0:01C85068] > > > > > > This is a multi-part message in MIME format. > > > > > > ------=_NextPart_5463_15C1_01C85079.AFCF6A50 > > > Content-Type: text/plain; > > > charset="us-ascii" > > > Content-Transfer-Encoding: quoted-printable > > > > > > potential for monopoly=2E To counter the arguments thatrecalled the > > > incid= > > > ent=2E "It looks like one of > > > > > > > > > Maximize the volume of your dic'k by New Year! > > > > > > Great New Year prices for our super-p!ll will be a pleasant surprise > > for > > > = > > > you! > > > Don't miss it out! Our offer is definitely worth your keen interest! > > > > > > Check our amazing prices now! > > > http://Effesitables=2Ecom/ > > > > > > contact some crisis management people," said Davidlisteners in each > > > local= > > > radio market in America=2E"around 100 passengers when it attempted > to > > > be= > > > rth at aof last year=2E In the West Coast, its 25 percent and > > > National Football League=2E I'd like to thank all myhas visited the > > > White= > > > House in 24 years=2Eshowed even a rate of 100% spam=2E > > > ------=_NextPart_5463_15C1_01C85079.AFCF6A50 > > > Content-Type: text/html; > > > charset="us-ascii" > > > Content-Transfer-Encoding: quoted-printable > > > > > > <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4=2E0 Transitional//EN"> > > > <HTML><HEAD> > > > <META http-equiv=3DContent-Type content=3D"text/html; > > > charset=3Dus-ascii"= > > > > > > > <META content=3D"MSHTML 6=2E00=2E2900=2E2527" name=3DGENERATOR> > > > <STYLE type=3D"text/css"> > > > =2Estyle2 {font-size: 10px; color: #8d8d8d;} > > > =2Em {font-family: tahoma; font-size: 12; color: #5C9CBC; > font-weight: > > > bo= > > > ld;} > > > =2Ez {font-family: tahoma; font-size: 14; color: #cc0000; > font-weight: > > > bo= > > > ld;} > > > =2Ei {font-family: tahoma; font-size: 12; color: #626262; > font-weight: > > > bo= > > > ld;} > > > =2Ex {font-family: tahoma; font-size: 12;font-weight: > > > bold;color:#cc0000}= > > > > > > body {background-color: #FFFFFF; color: #2B3235; > > > </STYLE> > > > </HEAD> > > > <BODY><span class=3D"style2">=20 > > > <br>potential for monopoly=2E To counter the arguments thatrecalled > > the > > > i= > > > ncident=2E "It looks like one of</span>=20 > > > <br><br> > > > <table> > > > <tr> > > > <td valign=3D"top"><div > > > style=3D"height:89px;width:223px;backgro= > > > > > > und:url(http://www=2Edoctorsmedicalgroup=2Ecom/skins/Skin_6/images/img-d > > > m= > > > gsbtryitfree=2Egif)"></div></td> > > > <td width=3D"15"></td> > > > <td valign=3D"top"> > > > <span class=3D"z">Maximize the volume of your dic'k by New > > > Year!</span><b= > > > r><br> > > > Great New Year prices for our super-p!ll will be a pleasant surprise > > for > > > = > > > you!<br> > > > <b>Don't miss it out! Our offer is definitely worth your keen > > > interest!</= > > > b> > > > <br><a href=3D"http://Effesitables=2Ecom/"><b>Check our amazing > prices > > > no= > > > w!</b></a><br><br> > > > > > > </td> > > > </tr> > > > </table><br> > > > > > > <br><span class=3D"style2">contact some crisis management people," > > said > > > D= > > > avidlisteners in each local radio market in America=2E"around 100 > > > passeng= > > > ers when it attempted to berth at aof last year=2E In the West > Coast, > > > its= > > > 25 percent and<br>National Football League=2E I'd like to thank all > > > myha= > > > s visited the White House in 24 years=2Eshowed even a rate of 100% > > > spam=2E= > > > </span><BR> > > > ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ > > > <BR> > > > ~ http://www.sunbeltsoftware.com/Ninja ~ > > > <BR> > > > ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ > > > <BR> > > > ~ http://www.sunbeltsoftware.com/Ninja ~ > > > <BR> > > ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ > > <BR> > > ~ http://www.sunbeltsoftware.com/Ninja ~ > > <BR> > > ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ > > <BR> > > ~ http://www.sunbeltsoftware.com/Ninja ~ > > <BR> > ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ > <BR> > ~ http://www.sunbeltsoftware.com/Ninja ~ > <BR> > ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ > <BR> > ~ http://www.sunbeltsoftware.com/Ninja ~ > <BR> ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ <BR> ~ http://www.sunbeltsoftware.com/Ninja ~ </BODY></HTML> > > > > > > ------=_NextPart_5463_15C1_01C85079.AFCF6A50-- > > > > > > > > > //Spam Sample 3 > > > > > > Received: from loboxvnh8zkwfs ([88.207.56.176]) by > mail.MY_DOMAIN.com > > > with Microsoft SMTPSVC(6.0.3790.0); > > > Sun, 6 Jan 2008 08:35:17 -0500 > > > From: "Mcbride, Norman" <[EMAIL PROTECTED]> > > > To: <[EMAIL PROTECTED]> > > > Date: Sun, 6 Jan 2008 14:35:00 -0100 > > > Subject: Hot off the press. > > > MIME-Version: 1.0 > > > Content-Type: text/plain > > > Content-Transfer-Encoding: 7bit > > > Return-Path: [EMAIL PROTECTED] > > > Message-ID: <[EMAIL PROTECTED]> > > > X-OriginalArrivalTime: 06 Jan 2008 13:35:17.0617 (UTC) > > > FILETIME=[F9B37E10:01C85068] > > > > > > Looking for a company with some good news? Here's one! > > > > > > GCME has more News that came. > > > Looks like G C M E is not willing to miss a beat! > > > > > > SYMBOL: GCME > > > CURRENT PRICE: $0.11 > > > Short-Term : $.60-$1.00 > > > > > > Last Time We Issued A Alert We SAw 200-300% Gains in 1 Day. > > > Please let me know if you ahve any questions regarding this. > > > > > > > > > > > > Thanks! > > > > > > > > > > > > > > > > > > > > > > > > > > > > > >