Daniel, you hit the point on the web tracking tool. After I saved
the file to a .msg format I found out that the problem was the
attached file and not the message itself (next time, I'll check attachements as
well).
The
user had attached an .htm file which had this code:
<a target="_top" href="http://t.extreme-dm.com/?login=stonewea">
<img src="http://www.stonewear.com/images/trans4.gif"
border=0>
<img src="http://www.stonewear.com/images/trans4.gif"
border=0>
Therefore IMail blocked it.
(We
have extreme-dm.com blocked in our firewall so I couldn't check what are they
about.)
I didn't mean to conclude that extreme-dm.com looks
like extremehealthus.com. Of course they are not the same or look
alike except for the 'extreme' part. What I meant was that IMail
seemed to be looking for the 1st occurrence of the word
'extreme'.
Anyway,
mistery solved, thanks y'all.
Elliott
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Daniel Donnelly
Sent: Monday, January 17, 2005 4:41 PM
To: [email protected]
Subject: RE: [IMail Forum] Antispam: wrong domain blocked?
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Daniel Donnelly
Sent: Monday, January 17, 2005 4:41 PM
To: [email protected]
Subject: RE: [IMail Forum] Antispam: wrong domain blocked?
That domain "extreme-dm.com" is in the url-domain-bl.txt (12/04) and when I searched for 'extreme' I did not get your domain (but a bunch of others!).Seems "extreme-dm.com" has a web tracking package and it embeds the domain name (and some variations) into the HTTP content, for that purpose. If your domains use this tool, then you probably should remove it from the url blacklist file.I'd say your conclusion (extremehealthus.com looks like extreme-dm.com) is incorrect...Maybe you should have a domain without Anti-spam (IP based) for collecting the spam messages and replying to them (I'm guessing on that reply bit, based on the 'root-reply' destination address).HTH,Daniel Donnelly-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of Elliott Bujan
Sent: Monday, January 17, 2005 3:11 PM
To: [email protected]
Subject: [IMail Forum] Antispam: wrong domain blocked?I have the antispam Domain URL black list enable and when there is a 'positive' it will send it to a specific account, with the default prefix subject (X-IMail-SPAM-URL-DBL)I've seen quite a bit false positives and inmediately go to find the domain under the url-domain-bl.txt file (using notepad because that little window is useless). If I find the domain, I delete the entry, save the file and restart SMTP and Queue manager (I don't know if I have to restart them).If I don't find the entry, I go to the Tursted Addresses tab and add the email address or domain and restart SMTP and Queue manager. Sometimes this doesn't work either, those false positives keep getting blocked, and today I found that with one in particular that made me think that the filter is not matching the exact domain name but anything that contains the word, ie:The domain to be allowed in this case is extremehealthus.comsyslog entry01:17 13:14 SMTPD(0e85000b0284ce68) [192.9.200.77] RCPT TO: <[EMAIL PROTECTED]>
01:17 13:14 SMTPD(0e85000b0284ce68) [192.9.200.77] D:\imail\spool\D0e85000b0284ce68.SMD 14732
01:17 13:14 SMTP-(0e85000b0284ce68) processing D:\imail\spool\Q0e85000b0284ce68.SMD
01:17 13:14 SMTP-(0e85000b0284ce68) ldeliver mail.initialplants.com root-spam (1) [EMAIL PROTECTED] 14754
01:17 13:14 SMTP-(0e85000b0284ce68) finished D:\imail\spool\Q0e85000b0284ce68.SMD status=1Spam log entry01:17 13:14 SMTP(0e85000b0284ce68) Got Content Filter for mail.initialplants.com
01:17 13:14 SMTP(0e85000b0284ce68) scanning the subject for phrases
01:17 13:14 SMTP(0e85000b0284ce68) performing statistical analysis
01:17 13:14 SMTP(0e85000b0284ce68) matched URL Domain [t.extreme-dm.com]so, extremehealthus.com looks like extreme-dm.com.I appreciate any direction on thisThank you,
Elliott
===============================
Elliott Bujan
Initial Tropical Plants - USA
(847) 634 4250 ext. 99281
[EMAIL PROTECTED]
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________
