[Declude.JunkMail] COPYTO Oddity
I've change the IP number of my server and I've noticed this oddity. Email's that score between 100 and 199, I send a copy to a spam mailbox to scan: WEIGHT100COPY COPYTO mailto:[EMAIL PROTECTED] [EMAIL PROTECTED] After my IP address change, the copyto message is being scanned again by Declude. I would have thought the message shouldn't be scanned again by Declude. Any ideas? Here are some headers: Extra received header: Received: from imail.Farmprogress.com [192.168.191.6] by imail.Farmprogress.com with ESMTP (SMTPD-9.22) id A7BD01FC; Tue, 04 Dec 2007 15:33:49 -0600 Received: from mx1.farmprogress.com [192.168.191.14] by imail.Farmprogress.com with ESMTP (SMTPD-9.22) id A7A70330; Tue, 04 Dec 2007 15:33:27 -0600 Received: from forever21.com [12.129.230.91] by mx1.farmprogress.com (Alligate(TM) SMTP Gateway v3.7.10.21) with ESMPT id [EMAIL PROTECTED] for [EMAIL PROTECTED]; Tue, 04 Dec 2007 15:33:23 -0600 X-VirtualServerGroup: Default X-Destination-ID: [EMAIL PROTECTED] X-MailingID: 0::0::0::030884 X-SMFBL: YXNjaGFyZmVuQGZhcm1wcm9ncmVzcy5jb20= X-Mailer: StrongMail Enterprise 3.2.1(3.00.215) Received: from mail04 by forever21.com (StrongMail Enterprise 3.2.1(3.00.215)); Tue, 04 Dec 2007 13:33:38 -0800 X-SMHeaderMap: mid=X-MailingID DomainKey-Signature: a=rsa-sha1; c=nofws; s=onlinepromo; d=forever21.com; q=dns; b=ncw9REjUL4WsRgooMtB40+CfmDvpeiUhlzJIn3WP9jYCBAUgkOs+Acw70VZSuGXfywj5yvy1p9 vhtFKtCNMP/a7WvVwE/ozcEbUZ87FkTa6Pld5ssUiV1k1ORcLF0V9Ks0ygEf8sNHRTe9f9XcM7U6 /BbOI6EY7XEoRz75PA0Ok= Message-ID: [EMAIL PROTECTED] return-path: [EMAIL PROTECTED] mime-version: 1.0 from: Twelvebytwelve [EMAIL PROTECTED] to: [EMAIL PROTECTED] date: 4 Dec 2007 13:34:01 -0800 Subject: [Possible SPAM]Button Up!! Coats With A French Accent content-type: text/html; charset=us-ascii content-transfer-encoding: quoted-printable X-MXRate-Prob: -1 X-MXRate-Country: US X-MXRate-Action: ALLOW X-Alligate-ReceivingIP: [192.168.191.14] X-Alligate-Grey: Skipped X-Alligate-REVDNS: mx11.forever21.com X-Alligate-Spam: NOSUBD; X-Alligate-ID: 30642 X-RBL-Warning: MXRATE-WHITE-LAST: GOOD SENDER X-RBL-Warning: IPNOTINMX: X-RBL-Warning: MPPT-SIZE-XS: Message failed MPPT-SIZE-XS: 4 X-RBL-Warning: MPPT-MXQUALIFIER: Message failed MPPT-MXQUALIFIER: 512 X-RBL-Warning: MPM-STATICSPAMMER: Message failed MPM-STATICSPAMMER: 1048576 X-RBL-Warning: SNIFFER-NOTFOUND: Message failed SNIFFER-NOTFOUND: 0. X-RBL-Warning: COUNTRY-0POINT: Message failed COUNTRY-0POINT test (line 6, weight 0) X-Declude-RefID: X-FarmProgress: = Inbound Header (incoming) = X-FarmProgress: Spam weight: 165. X-FarmProgress: Tests Failed: MXRATE-WHITE-LAST, IPNOTINMX, SPFPASS, MPPT-SIZE-XS, MPPT-MXQUALIFIER, MPM-STATICSPAMMER, SNIFFER-NOTFOUND, COUNTRY-0POINT, WEIGHT100, WEIGHT100COPY. X-FarmProgress: Tests Failed: MXRATE-WHITE-LAST [-15], IPNOTINMX [0], SPFPASS [0], MPPT-SIZE-XS [10], MPPT-MXQUALIFIER [0], MPM-STATICSPAMMER [180], SNIFFER-NOTFOUND [0], COUNTRY-0POINT [0], WEIGHT100 [100], WEIGHT100COPY [100] X-FarmProgress: Scan Time: 04 Dec 2007 at 15:33:49 X-FarmProgress: Spool Name: Dc7a7021d148d.smd X-FarmProgress: Server Name: forever21.com X-FarmProgress: SMTP Sender: [EMAIL PROTECTED] X-FarmProgress: Received From: mx11.forever21.com [12.129.230.91] X-FarmProgress: Country Chain: UNITED STATES-destination X-FarmProgress: Header code: e X-FarmProgress: == X-FarmProgress: This E-mail was scanned by Farm Progress Companies using Declude 4.3.64 X-FarmProgress: == X-Declude-RefID: Second pass on the email: X-FarmProgress: = Inbound Header (incoming) = X-FarmProgress: Spam weight: 0. X-FarmProgress: Tests Failed: Whitelisted. X-FarmProgress: Tests Failed: Whitelisted X-FarmProgress: Scan Time: 04 Dec 2007 at 15:33:56 X-FarmProgress: Spool Name: Dc7bd02171491.smd X-FarmProgress: Server Name: imail.Farmprogress.com X-FarmProgress: SMTP Sender: mailto:[EMAIL PROTECTED] [EMAIL PROTECTED] X-FarmProgress: Received From: (Private IP) [192.168.191.6] X-FarmProgress: Country Chain: X-FarmProgress: Header code: 0 X-FarmProgress: == X-FarmProgress: This E-mail was scanned by Farm Progress Companies using Declude 4.3.64 X-FarmProgress: == X-RCPT-TO: [EMAIL PROTECTED] Status: X-UIDL: 392717547 X-IMail-ThreadID: c7bd02171491 Scott Fisher Dir of IT Farm Progress Companies 191 S Gary Ave Carol Stream, IL 60188 Tel: 630-462-2323 This email message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not
Re: [Declude.JunkMail] COPYTO Oddity
This appears to be an IMail behavior and not caused by Declude. There are double IMail headers in there, and they have different spool names too. This may be due to domains being configured for different IP's in IMail. This might require some registry hacking to straighten out. You should check and make sure that the branch with the intended IP is also associated with the domain branch in question. I could reference my own system for how this is configured if you want to share an export of this with me off-line. My system does something similar and it isn't double scanning, so it must like the way that things appear in my registry. Matt Scott Fisher wrote: I've change the IP number of my server and I've noticed this oddity. Email's that score between 100 and 199, I send a copy to a spam mailbox to scan: WEIGHT100COPY COPYTO [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] After my IP address change, the copyto message is being scanned again by Declude. I would have thought the message shouldn't be scanned again by Declude. Any ideas? Here are some headers: Extra received header: *Received: from imail.Farmprogress.com [192.168.191.6] by imail.Farmprogress.com with ESMTP (SMTPD-9.22) id A7BD01FC; Tue, 04 Dec 2007 15:33:49 -0600* Received: from mx1.farmprogress.com [192.168.191.14] by imail.Farmprogress.com with ESMTP (SMTPD-9.22) id A7A70330; Tue, 04 Dec 2007 15:33:27 -0600 Received: from forever21.com [12.129.230.91] by mx1.farmprogress.com (Alligate(TM) SMTP Gateway v3.7.10.21) with ESMPT id [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] for [EMAIL PROTECTED] mailto:[EMAIL PROTECTED]; Tue, 04 Dec 2007 15:33:23 -0600 X-VirtualServerGroup: Default X-Destination-ID: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] X-MailingID: 0::0::0::030884 X-SMFBL: YXNjaGFyZmVuQGZhcm1wcm9ncmVzcy5jb20= X-Mailer: StrongMail Enterprise 3.2.1(3.00.215) Received: from mail04 by forever21.com (StrongMail Enterprise 3.2.1(3.00.215)); Tue, 04 Dec 2007 13:33:38 -0800 X-SMHeaderMap: mid=X-MailingID DomainKey-Signature: a=rsa-sha1; c=nofws; s=onlinepromo; d=forever21.com; q=dns; b=ncw9REjUL4WsRgooMtB40+CfmDvpeiUhlzJIn3WP9jYCBAUgkOs+Acw70VZSuGXfywj5yvy1p9vhtFKtCNMP/a7WvVwE/ozcEbUZ87FkTa6Pld5ssUiV1k1ORcLF0V9Ks0ygEf8sNHRTe9f9XcM7U6/BbOI6EY7XEoRz75PA0Ok= Message-ID: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] return-path: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mime-version: 1.0 from: Twelvebytwelve [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] to: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] date: 4 Dec 2007 13:34:01 -0800 Subject: [Possible SPAM]Button Up!! Coats With A French Accent content-type: text/html; charset=us-ascii content-transfer-encoding: quoted-printable X-MXRate-Prob: -1 X-MXRate-Country: US X-MXRate-Action: ALLOW X-Alligate-ReceivingIP: [192.168.191.14] X-Alligate-Grey: Skipped X-Alligate-REVDNS: mx11.forever21.com X-Alligate-Spam: NOSUBD; X-Alligate-ID: 30642 X-RBL-Warning: MXRATE-WHITE-LAST: GOOD SENDER X-RBL-Warning: IPNOTINMX: X-RBL-Warning: MPPT-SIZE-XS: Message failed MPPT-SIZE-XS: 4 X-RBL-Warning: MPPT-MXQUALIFIER: Message failed MPPT-MXQUALIFIER: 512 X-RBL-Warning: MPM-STATICSPAMMER: Message failed MPM-STATICSPAMMER: 1048576 X-RBL-Warning: SNIFFER-NOTFOUND: Message failed SNIFFER-NOTFOUND: 0. X-RBL-Warning: COUNTRY-0POINT: Message failed COUNTRY-0POINT test (line 6, weight 0) X-Declude-RefID: X-FarmProgress: = Inbound Header (incoming) = X-FarmProgress: Spam weight: 165. X-FarmProgress: Tests Failed: MXRATE-WHITE-LAST, IPNOTINMX, SPFPASS, MPPT-SIZE-XS, MPPT-MXQUALIFIER, MPM-STATICSPAMMER, SNIFFER-NOTFOUND, COUNTRY-0POINT, WEIGHT100, WEIGHT100COPY. X-FarmProgress: Tests Failed: MXRATE-WHITE-LAST [-15], IPNOTINMX [0], SPFPASS [0], MPPT-SIZE-XS [10], MPPT-MXQUALIFIER [0], MPM-STATICSPAMMER [180], SNIFFER-NOTFOUND [0], COUNTRY-0POINT [0], WEIGHT100 [100], WEIGHT100COPY [100] X-FarmProgress: Scan Time: 04 Dec 2007 at 15:33:49 X-FarmProgress: Spool Name: Dc7a7021d148d.smd X-FarmProgress: Server Name: forever21.com X-FarmProgress: SMTP Sender: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] X-FarmProgress: Received From: mx11.forever21.com [12.129.230.91] X-FarmProgress: Country Chain: UNITED STATES-destination X-FarmProgress: Header code: e X-FarmProgress: == X-FarmProgress: This E-mail was scanned by Farm Progress Companies using Declude 4.3.64 X-FarmProgress: == X-Declude-RefID: Second pass on the email: *X-FarmProgress: = Inbound Header (incoming) = X-FarmProgress: Spam weight: 0. X-FarmProgress: Tests Failed: Whitelisted. X-FarmProgress: Tests Failed: Whitelisted X-FarmProgress: Scan Time: 04 Dec 2007 at 15:33:56 X-FarmProgress: Spool Name: Dc7bd02171491.smd X-FarmProgress: Server Name:
