Hi
there,
I have a strange
problem. I have a domain-wide rule that redirects mails if one of
the X-IMAIL phrases is found in the header. Now for one specific user it
does not work. He always reports of spam mails he gets, but when I manually
check those headers, I find the X-IMAIL phrases, so the AntiSpam routines have
correctly reported those mails to be spam.
The rule is
simple:
If
Header
Contains X-IMAIL-SPAM-PHRASE
And
Header Does
not contain spam.iff.uni-stuttgart.de
Redirect
to
(The And-part is to
prevent the rule on the virtual IPless host spam.iff.uni-stuttgart.de to loop
endlessly)
It's an outbound
rule, since we only use Aliases on IMail that forward to an Exchange
server.
Here is the header
of such a mail:
Microsoft Mail Internet Headers Version 2.0
Received: from iff.uni-stuttgart.de ([153.96.24.28]) by iff-exchange1.050.iff with Microsoft SMTPSVC(6.0.3790.0);
Wed, 28 Apr 2004 04:57:15 +0200
Received: from d199-126-185-115.abhsia.telus.net [199.126.185.115] by iff.uni-stuttgart.de
(SMTPD32-8.05) id ACB2386008A; Wed, 28 Apr 2004 04:53:38 +0200
X-Message-Info: 241UKSQA30RND_UC_CHAR[1-3]s715/UOTiOdqGET7ecISJo34amVZJ
Received: from headlight ([71.27.70.116])
by 486mc.superb.bernoulli.greenbelt.hongkong.com
(InterMail vA.4.01.59.84 9-5-6-046-393-362602) with ESMTP
id <[EMAIL PROTECTED]>
for <[EMAIL PROTECTED]>; Wed, 28 Apr 2004 06:54:48 +0300
Message-ID: <[EMAIL PROTECTED]>
Reply-To: "Alton Irving" <[EMAIL PROTECTED]>
From: "Alton Irving" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Subject: bryant
Date: Wed, 28 Apr 2004 04:55:48 +0100
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="--22970344086609648158"
X-IMAIL-SPAM-DNSBL: (cbl.abuseat.org,59113610,127.0.0.2)
X-HH-ASC-STATUSDETAILS: FOUND(hosting.com/cable/)
X-HH-ASC-STATUS: spam
X-HH-ASC-PROBLEMS: FOUND(hosting.com/cable/),
X-HH-ASC-BLACKWORDS: hosting.com/cable/
X-HH-ASC-INFO: V1.0 Release 05 (185/10 black/white words loaded)
X-IMAIL-SPAM-PHRASE: cablefilterz
Return-Path: [EMAIL PROTECTED]
X-OriginalArrivalTime: 28 Apr 2004 02:57:15.0662 (UTC) FILETIME=[8309BAE0:01C42CCC]
Received: from iff.uni-stuttgart.de ([153.96.24.28]) by iff-exchange1.050.iff with Microsoft SMTPSVC(6.0.3790.0);
Wed, 28 Apr 2004 04:57:15 +0200
Received: from d199-126-185-115.abhsia.telus.net [199.126.185.115] by iff.uni-stuttgart.de
(SMTPD32-8.05) id ACB2386008A; Wed, 28 Apr 2004 04:53:38 +0200
X-Message-Info: 241UKSQA30RND_UC_CHAR[1-3]s715/UOTiOdqGET7ecISJo34amVZJ
Received: from headlight ([71.27.70.116])
by 486mc.superb.bernoulli.greenbelt.hongkong.com
(InterMail vA.4.01.59.84 9-5-6-046-393-362602) with ESMTP
id <[EMAIL PROTECTED]>
for <[EMAIL PROTECTED]>; Wed, 28 Apr 2004 06:54:48 +0300
Message-ID: <[EMAIL PROTECTED]>
Reply-To: "Alton Irving" <[EMAIL PROTECTED]>
From: "Alton Irving" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Subject: bryant
Date: Wed, 28 Apr 2004 04:55:48 +0100
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="--22970344086609648158"
X-IMAIL-SPAM-DNSBL: (cbl.abuseat.org,59113610,127.0.0.2)
X-HH-ASC-STATUSDETAILS: FOUND(hosting.com/cable/)
X-HH-ASC-STATUS: spam
X-HH-ASC-PROBLEMS: FOUND(hosting.com/cable/),
X-HH-ASC-BLACKWORDS: hosting.com/cable/
X-HH-ASC-INFO: V1.0 Release 05 (185/10 black/white words loaded)
X-IMAIL-SPAM-PHRASE: cablefilterz
Return-Path: [EMAIL PROTECTED]
X-OriginalArrivalTime: 28 Apr 2004 02:57:15.0662 (UTC) FILETIME=[8309BAE0:01C42CCC]
As you can see there
are multiple tags that indicate spam (X-HH-ASC-STATUS: and X-IMAIL-SPAM-DNSBL:).
There are similar rules for those tags as well, which are also not
activated.
The user who
still gets spam is named [EMAIL PROTECTED]. Is there anything that could lead IMail to the assumption to
use "jon" as a white listed word or something like that? The white list does not
contain anything with "jon" or something like that (and even if it would it
would then not even create those X-IMAIL tags at
all).
Since jon@ is an alias, there is no
user-based rule. This problem does not exist for *any* other of the ~100 users,
who are configured exactly the same way.
Anybody
any idea?
IMail
8.05 HF2, Windows Server 2003.
