[MBF]Re: False positive on McAfee

2013-10-07 Thread Linda Pagillo 
You're welcome Katie J

 

Linda Pagillo
Mail's Best Friend
Email: linda.pagi...@mailsbestfriend.com
Web: www.mailsbestfriend.com
Office: 703.988.3605 x7016
Mobile: 931-284-9291

 

MBF

 

From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com]
On Behalf Of Katie La Salle-Lowery
Sent: Monday, October 07, 2013 2:19 PM
To: community@mailsbestfriend.com
Subject: [MBF]Re: False positive on McAfee

 

Thanks, Linda.  

I didn't look at blacklists because the headers showed McAfee.  Silly me!
The client has found a rootkit on one of the machines in their network.  

 

 

  centric logo - signature sized

 

Katie LaSalle-Lowery

ka...@centric.net

1120 S. Russell; Ste B

Missoula, MT 59801

ph (406)549-3337

fax (406)541-9338

 

From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com]
On Behalf Of Linda Pagillo
Sent: Monday, October 07, 2013 10:58 AM
To: community@mailsbestfriend.com
Subject: [MBF]Re: False positive on McAfee

 

Hi Katie. I did a lookup on the sender's IP - 209.137.225.54. It seems that
IP is on several, major real-time blacklists.

 

b.barracudacentral.org - Barracuda Reputation Block List

hostkarma.junkemailfilter.com - Hostkarma

all.spamrats.com - SpamRATS! all

xbl.spamhaus.org - Spamhaus XBL Exploits Block List

zen.spamhaus.org - Spamhaus ZEN Combined Block List

cbl.abuseat.org - Composite Blocking List

 

It looks like the admin of that mail server needs to find out what caused
the IP to land on all of those lists, fix the issue then request removal.

 

 

Linda Pagillo
Mail's Best Friend
Email: linda.pagi...@mailsbestfriend.com
Web: www.mailsbestfriend.com
Office: 703.988.3605 x7016
Mobile: 931-284-9291

 

MBF

 

From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com]
On Behalf Of Katie La Salle-Lowery
Sent: Monday, October 07, 2013 11:35 AM
To: community@mailsbestfriend.com
Subject: [MBF]False positive on McAfee

 

Hello, 

Please cc spamfil...@centric.net on any responses to this thread so they
don't get caught in our filter.  

 

One of our hosting client's messages are getting caught by the McAfee filter
in Declude.  It has a few other issues, but McAfee is the biggie.   

Attached is an example.  Here are the headers:

Received: from CustomPC [209.137.225.54] by mail.centric.net with ESMTP

  (SMTPD-12.3.0.100) id 6eb4000972d8def1; Mon, 7 Oct 2013 10:22:32 -0600

From: "Jared Barnard" 

To: 

Subject: Mail

Date: Mon, 7 Oct 2013 10:22:35 -0600

Message-ID: <003a01cec379$6f023d80$4d06b880$@com>

MIME-Version: 1.0

Content-Type: multipart/mixed;

boundary="=_NextPart_000_003B_01CEC347.2467CD80"

X-Mailer: Microsoft Office Outlook 12.0

Thread-Index: Ac7DeW50L495rxr9QfykRzOo0EY9VA==

Content-Language: en-us

X-MessageSniffer-Identifier: C:\IMail\spool\proc\work\D6eb4000972d8def1.smd

X-GBUdb-Analysis: 0, 209.137.225.54, Ugly c=0.297854 p=-0.22 Source
Normal

X-MessageSniffer-Scan-Result: 0

X-MessageSniffer-Rules:

0-0-0-32767-c

X-RBL-Warning: NOLEGITCONTENT: No content unique to legitimate E-mail
detected.

X-RBL-Warning: IPNOTINMX: 

X-RBL-Warning: CMDSPACE: Space found in RCPT TO: command.

X-RBL-Warning: WEIGHT10: Weight of 12 reaches or exceeds the limit of 10.

X-Declude-Sender: jbarn...@missoulaconcrete.com [209.137.225.54]

X-Declude-Spoolname: D6eb4000972d8def1.smd

X-Declude-RefID: 

X-Declude-Note: Scanned by Centric Internet Services using Declude 4.12.01
for spam. "http://www.declude.com/x-note.htm";

X-Declude-Scan: Incoming Score [12] at 10:22:40 on 07 Oct 2013

X-Declude-Fail: HOSTKARMA-BLACK [5], MCAFEE [10], CMDSPACE [0],
HAM-INDICATOR [-2], WEIGHT10 [10]

X-Country-Chain: UNITED STATES->destination

X-RCPT-TO: 

Status:  

X-UIDL: 681075816

X-IMail-ThreadID: 6eb4000972d8def1

 

Thanks, 

 

 

  centric logo - signature sized

 

Katie LaSalle-Lowery

ka...@centric.net

1120 S. Russell; Ste B

Missoula, MT 59801

ph (406)549-3337

fax (406)541-9338

 

 

 

<><>

[MBF]Re: False positive on McAfee

2013-10-07 Thread Katie La Salle-Lowery 
Thanks, Linda.  

I didn't look at blacklists because the headers showed McAfee.  Silly me!
The client has found a rootkit on one of the machines in their network.  

 

 

  centric logo - signature sized

 

Katie LaSalle-Lowery

ka...@centric.net

1120 S. Russell; Ste B

Missoula, MT 59801

ph (406)549-3337

fax (406)541-9338

 

From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com]
On Behalf Of Linda Pagillo
Sent: Monday, October 07, 2013 10:58 AM
To: community@mailsbestfriend.com
Subject: [MBF]Re: False positive on McAfee

 

Hi Katie. I did a lookup on the sender's IP - 209.137.225.54. It seems that
IP is on several, major real-time blacklists.

 

b.barracudacentral.org - Barracuda Reputation Block List

hostkarma.junkemailfilter.com - Hostkarma

all.spamrats.com - SpamRATS! all

xbl.spamhaus.org - Spamhaus XBL Exploits Block List

zen.spamhaus.org - Spamhaus ZEN Combined Block List

cbl.abuseat.org - Composite Blocking List

 

It looks like the admin of that mail server needs to find out what caused
the IP to land on all of those lists, fix the issue then request removal.

 

 

Linda Pagillo
Mail's Best Friend
Email: linda.pagi...@mailsbestfriend.com
Web: www.mailsbestfriend.com
Office: 703.988.3605 x7016
Mobile: 931-284-9291

 

MBF

 

From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com]
On Behalf Of Katie La Salle-Lowery
Sent: Monday, October 07, 2013 11:35 AM
To: community@mailsbestfriend.com
Subject: [MBF]False positive on McAfee

 

Hello, 

Please cc spamfil...@centric.net on any responses to this thread so they
don't get caught in our filter.  

 

One of our hosting client's messages are getting caught by the McAfee filter
in Declude.  It has a few other issues, but McAfee is the biggie.   

Attached is an example.  Here are the headers:

Received: from CustomPC [209.137.225.54] by mail.centric.net with ESMTP

  (SMTPD-12.3.0.100) id 6eb4000972d8def1; Mon, 7 Oct 2013 10:22:32 -0600

From: "Jared Barnard" 

To: 

Subject: Mail

Date: Mon, 7 Oct 2013 10:22:35 -0600

Message-ID: <003a01cec379$6f023d80$4d06b880$@com>

MIME-Version: 1.0

Content-Type: multipart/mixed;

boundary="=_NextPart_000_003B_01CEC347.2467CD80"

X-Mailer: Microsoft Office Outlook 12.0

Thread-Index: Ac7DeW50L495rxr9QfykRzOo0EY9VA==

Content-Language: en-us

X-MessageSniffer-Identifier: C:\IMail\spool\proc\work\D6eb4000972d8def1.smd

X-GBUdb-Analysis: 0, 209.137.225.54, Ugly c=0.297854 p=-0.22 Source
Normal

X-MessageSniffer-Scan-Result: 0

X-MessageSniffer-Rules:

0-0-0-32767-c

X-RBL-Warning: NOLEGITCONTENT: No content unique to legitimate E-mail
detected.

X-RBL-Warning: IPNOTINMX: 

X-RBL-Warning: CMDSPACE: Space found in RCPT TO: command.

X-RBL-Warning: WEIGHT10: Weight of 12 reaches or exceeds the limit of 10.

X-Declude-Sender: jbarn...@missoulaconcrete.com [209.137.225.54]

X-Declude-Spoolname: D6eb4000972d8def1.smd

X-Declude-RefID: 

X-Declude-Note: Scanned by Centric Internet Services using Declude 4.12.01
for spam. "http://www.declude.com/x-note.htm";

X-Declude-Scan: Incoming Score [12] at 10:22:40 on 07 Oct 2013

X-Declude-Fail: HOSTKARMA-BLACK [5], MCAFEE [10], CMDSPACE [0],
HAM-INDICATOR [-2], WEIGHT10 [10]

X-Country-Chain: UNITED STATES->destination

X-RCPT-TO: 

Status:  

X-UIDL: 681075816

X-IMail-ThreadID: 6eb4000972d8def1

 

Thanks, 

 

 

  centric logo - signature sized

 

Katie LaSalle-Lowery

ka...@centric.net

1120 S. Russell; Ste B

Missoula, MT 59801

ph (406)549-3337

fax (406)541-9338

 

 

 

<><>

[MBF]Re: False positive on McAfee

2013-10-07 Thread Linda Pagillo 
Hi Katie. I did a lookup on the sender's IP - 209.137.225.54. It seems that
IP is on several, major real-time blacklists.

 

b.barracudacentral.org - Barracuda Reputation Block List

hostkarma.junkemailfilter.com - Hostkarma

all.spamrats.com - SpamRATS! all

xbl.spamhaus.org - Spamhaus XBL Exploits Block List

zen.spamhaus.org - Spamhaus ZEN Combined Block List

cbl.abuseat.org - Composite Blocking List

 

It looks like the admin of that mail server needs to find out what caused
the IP to land on all of those lists, fix the issue then request removal.

 

 

Linda Pagillo
Mail's Best Friend
Email: linda.pagi...@mailsbestfriend.com
Web: www.mailsbestfriend.com
Office: 703.988.3605 x7016
Mobile: 931-284-9291

 

MBF

 

From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com]
On Behalf Of Katie La Salle-Lowery
Sent: Monday, October 07, 2013 11:35 AM
To: community@mailsbestfriend.com
Subject: [MBF]False positive on McAfee

 

Hello, 

Please cc spamfil...@centric.net on any responses to this thread so they
don't get caught in our filter.  

 

One of our hosting client's messages are getting caught by the McAfee filter
in Declude.  It has a few other issues, but McAfee is the biggie.   

Attached is an example.  Here are the headers:

Received: from CustomPC [209.137.225.54] by mail.centric.net with ESMTP

  (SMTPD-12.3.0.100) id 6eb4000972d8def1; Mon, 7 Oct 2013 10:22:32 -0600

From: "Jared Barnard" 

To: 

Subject: Mail

Date: Mon, 7 Oct 2013 10:22:35 -0600

Message-ID: <003a01cec379$6f023d80$4d06b880$@com>

MIME-Version: 1.0

Content-Type: multipart/mixed;

boundary="=_NextPart_000_003B_01CEC347.2467CD80"

X-Mailer: Microsoft Office Outlook 12.0

Thread-Index: Ac7DeW50L495rxr9QfykRzOo0EY9VA==

Content-Language: en-us

X-MessageSniffer-Identifier: C:\IMail\spool\proc\work\D6eb4000972d8def1.smd

X-GBUdb-Analysis: 0, 209.137.225.54, Ugly c=0.297854 p=-0.22 Source
Normal

X-MessageSniffer-Scan-Result: 0

X-MessageSniffer-Rules:

0-0-0-32767-c

X-RBL-Warning: NOLEGITCONTENT: No content unique to legitimate E-mail
detected.

X-RBL-Warning: IPNOTINMX: 

X-RBL-Warning: CMDSPACE: Space found in RCPT TO: command.

X-RBL-Warning: WEIGHT10: Weight of 12 reaches or exceeds the limit of 10.

X-Declude-Sender: jbarn...@missoulaconcrete.com [209.137.225.54]

X-Declude-Spoolname: D6eb4000972d8def1.smd

X-Declude-RefID: 

X-Declude-Note: Scanned by Centric Internet Services using Declude 4.12.01
for spam. "http://www.declude.com/x-note.htm";

X-Declude-Scan: Incoming Score [12] at 10:22:40 on 07 Oct 2013

X-Declude-Fail: HOSTKARMA-BLACK [5], MCAFEE [10], CMDSPACE [0],
HAM-INDICATOR [-2], WEIGHT10 [10]

X-Country-Chain: UNITED STATES->destination

X-RCPT-TO: 

Status:  

X-UIDL: 681075816

X-IMail-ThreadID: 6eb4000972d8def1

 

Thanks, 

 

 

  centric logo - signature sized

 

Katie LaSalle-Lowery

ka...@centric.net

1120 S. Russell; Ste B

Missoula, MT 59801

ph (406)549-3337

fax (406)541-9338

 

 

 

<><>