[Mdaemon-L] Spam Lolos
On 25/05/21 21.40, Bambang Setiawan via Mdaemon-L wrote: Mohon bantuan analisanya, untuk spam yang berhasil lolos ini kenapa ya pak, Karena messagenya dikirim melalui server yang legalitasnya sesuai ketentuan dari Internet Mail, sehingga lolos screening legalitas checknya MDaemon. Spam macam ini umumnya terjadi akibat ada akun kena hijack, sehingga sender mailnya bisa sangat bervariasi. Dalam kasus seperti ini hanya antispam content filtering yang bisa menangani, karena indikasi spam adanya di content message bukan di message header. Tue 2021-05-25 20:47:30.958: [13909663] Passing message through Outbreak Protection... Tue 2021-05-25 20:47:30.958: [13909663] * Message-ID: <4.0.9d.293.8r385u03trn952...@fdydo.co.jp> Tue 2021-05-25 20:47:30.958: [13909663] * Reference-ID: str=0001.0A67340D.60ACC854.002D,ss=3,sh,re=0.000,recu=0.000,reip=0.000,pt=C_5816,cl=4,cld=1,fgs=0 Tue 2021-05-25 20:47:30.958: [13909663] * Virus result: 0 - Clean Tue 2021-05-25 20:47:30.959: [13909663] * Spam result: 4 - Spam (confirmed) Tue 2021-05-25 20:47:30.959: [13909663] * IWF result: 0 - Clean Tue 2021-05-25 20:47:30.959: [13909663] End Outbreak Protection results Tue 2021-05-25 20:47:30.961: [13909663] Passing message through Spam Filter (Size: 3882)... Tue 2021-05-25 20:47:31.340: [13909663] * 2.5 MDAEMON_OP_SPAM_HIGH MDaemon: spam/phish Tue 2021-05-25 20:47:31.340: [13909663] * 0.5 PDS_BTC_ID FP reduced Bitcoin ID Tue 2021-05-25 20:47:31.340: [13909663] End SpamAssassin results Tue 2021-05-25 20:47:31.340: [13909663] Spam Filter score/req: 3.00/10.0 Dari log terlihat bahwa sebenarnya message itu tidak lolos spam filter, dalam hal ini Outbreak Protection mendeteksinya sebagai spam. Tetapi karena setting OP untuk spam tidak reject, untuk menghindari false positive result, maka mail nya diteruskan ke local queue. https://www.mail-archive.com/mdaemon-l@dutaint.com/msg37676.html X-Spam-Report: * 2.5 MDAEMON_OP_SPAM_HIGH MDaemon: spam/phish * 0.5 PDS_BTC_ID FP reduced Bitcoin ID X-Spam-Processed: mail.persada.id, Tue, 25 May 2021 20:47:34 +0700 (processed during SMTP session) X-MDOP-RefID: str=0001.0A67340D.60ACC854.002D,ss=3,sh,re=0.000,recu=0.000,reip=0.000,pt=C_5816,cl=4,cld=1,fgs=0 (_st=4 _vt=0 _iwf=0) Lakukan filter terhadap message dimana Outbreak Protection mendeteksi sebagai spam, pindahkan ke holding queue atau quarantine queue (agar Administrator mendapat notification adanya mail disitu). Setelah itu secara manual pilah message yang asli spam untuk dihapus, sementara non-spam (false positive result) laporkan ke MDaemon.com (dari Right-Mouse Clik menu pilih "Report to MDaemon.com as Spam False Positive) agar kedepannya tidak lagi terjadi FP result. Content Filter Rulenya bisa seperti ini http://mdaemon.dutaint.co.id/mdaemon/21.0.1/cf_creating_a_new_content_filter_rule.html RuleName=Outbreak Protection Spam Detection Enable=Yes ThisRuleCondition=All ProcessQueue=BOTH Condition01=If define header X-Spam-Report contains MDAEMON_OP_SPAM_HIGH Action01=Copy Message to folder \\mdaemon\queues\holding (atau ke \\mdaemon\Cfilter\quarant) Action02=Delete the Message Kalau tidak sabar menunggu response dari MDaemon.com untuk perbaikkan Spam False Positive, boleh masukkan From address atau sender address kedalam Antispam Whitelist No Filtering http://mdaemon.dutaint.co.id/mdaemon/21.0.1/sf_white_list.html -- syafril --- Syafril Hermansyah -- --[mdaemon-l]-- Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette Arsip: http://mdaemon-l.dutaint.com Dokumentasi : http://mdaemon.dutaint.co.id Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com Versi terakhir: MDaemon 21.0.2, SecurityGateway 8.0.1
[Mdaemon-L] Spam Lolos
Dear Pak Syafril,
Mohon bantuan analisanya, untuk spam yang berhasil lolos ini kenapa ya
pak, terima kasih
Lognya sbb :
Tue 2021-05-25 20:47:29.264: [13909663] Session 13909663; child 0001
Tue 2021-05-25 20:47:29.264: [13909663] Accepting SMTP connection from
59.84.175.233:29451 to 124.81.84.135:25
Tue 2021-05-25 20:47:29.264: [13909663] Location Screen says connection
is from Japan, Asia
Tue 2021-05-25 20:47:29.265: [13909663] --> 220 mail.persada.id ESMTP
MDaemon 21.0.1; Tue, 25 May 2021 20:47:29 +0700
Tue 2021-05-25 20:47:29.368: [13909663] <-- EHLO mgsp102.cybermail.jp
Tue 2021-05-25 20:47:29.368: [13909663] --> 250-mail.persada.id Hello
mgsp102.cybermail.jp [59.84.175.233], pleased to meet you
Tue 2021-05-25 20:47:29.368: [13909663] --> 250-ETRN
Tue 2021-05-25 20:47:29.368: [13909663] Location Screening hiding AUTH
from country Japan, Asia
Tue 2021-05-25 20:47:29.368: [13909663] --> 250-8BITMIME
Tue 2021-05-25 20:47:29.368: [13909663] --> 250-ENHANCEDSTATUSCODES
Tue 2021-05-25 20:47:29.368: [13909663] --> 250 SIZE
Tue 2021-05-25 20:47:29.467: [13909663] <-- MAIL
FROM:
Tue 2021-05-25 20:47:29.477: [13909663] Performing PTR lookup
(233.175.84.59.IN-ADDR.ARPA)
Tue 2021-05-25 20:47:29.656: [13909663] * D=233.175.84.59.IN-ADDR.ARPA
TTL=(1440) PTR=[mgsp102.cybermail.jp]
Tue 2021-05-25 20:47:29.797: [13909663] * D=mgsp102.cybermail.jp
TTL=(30) A=[59.84.175.233]
Tue 2021-05-25 20:47:29.797: [13909663] End PTR results
Tue 2021-05-25 20:47:29.800: [13909663] Performing IP lookup
(mgsp102.cybermail.jp)
Tue 2021-05-25 20:47:29.801: [13909663] * D=mgsp102.cybermail.jp
TTL=(30) A=[59.84.175.233]
Tue 2021-05-25 20:47:29.801: [13909663] End IP lookup results
Tue 2021-05-25 20:47:29.807: [13909663] Performing IP lookup (fdydo.co.jp)
Tue 2021-05-25 20:47:29.851: [13909663] * D=fdydo.co.jp TTL=(60)
A=[202.189.180.66]
Tue 2021-05-25 20:47:30.083: [13909663] * P=010 S=000 D=fdydo.co.jp
TTL=(5) MX=[mg.cybermail.jp] {59.84.175.228}
Tue 2021-05-25 20:47:30.083: [13909663] End IP lookup results
Tue 2021-05-25 20:47:30.085: [13909663] Performing SPF lookup
(mgsp102.cybermail.jp / 59.84.175.233)
Tue 2021-05-25 20:47:30.203: [13909663] * Result: none; no SPF record
in DNS
Tue 2021-05-25 20:47:30.203: [13909663] End SPF results
Tue 2021-05-25 20:47:30.203: [13909663] Performing SPF lookup
(fdydo.co.jp / 59.84.175.233)
Tue 2021-05-25 20:47:30.224: [13909663] * Policy: v=spf1
include:spfcm.cybermail.jp +ip4:153.149.98.115/32 -all
Tue 2021-05-25 20:47:30.224: [13909663] * Evaluating
include:spfcm.cybermail.jp: performing lookup
Tue 2021-05-25 20:47:30.328: [13909663] * Policy: v=spf1
ip4:59.84.175.224/27 ip4:120.137.171.0/25 ip4:27.121.5.128/25
ip4:59.84.175.64/26 ip4:42.125.229.64/26 ip4:168.138.218.72
ip4:158.101.93.181 ip4:168.138.36.14 ip4:168.138.33.163
ip4:158.101.76.206 ip4:158.101.133.234 ip4:158.
Tue 2021-05-25 20:47:30.328: [13909663] * Evaluating
ip4:59.84.175.224/27: match
Tue 2021-05-25 20:47:30.328: [13909663] * Evaluating
include:spfcm.cybermail.jp: match
Tue 2021-05-25 20:47:30.328: [13909663] * Result: pass
Tue 2021-05-25 20:47:30.328: [13909663] End SPF results
Tue 2021-05-25 20:47:30.328: [13909663] --> 250 2.1.0 Sender OK
Tue 2021-05-25 20:47:30.427: [13909663] <-- RCPT TO:
Tue 2021-05-25 20:47:30.434: [13909663] Performing DNS-BL lookup
(59.84.175.233 - connecting IP)
Tue 2021-05-25 20:47:30.451: [13909663] * zen.spamhaus.org - passed
Tue 2021-05-25 20:47:30.545: [13909663] * bl.spamcop.net - passed
Tue 2021-05-25 20:47:30.545: [13909663] End DNS-BL results
Tue 2021-05-25 20:47:30.547: [13909663] --> 250 2.1.5 Recipient OK
Tue 2021-05-25 20:47:30.646: [13909663] <-- DATA
Tue 2021-05-25 20:47:30.648: [13909663] --> 354 Enter mail, end with
.
Tue 2021-05-25 20:47:30.846: [13909663] Message size: 3882 bytes
Tue 2021-05-25 20:47:30.848: [13909663] Performing DKIM verification
Tue 2021-05-25 20:47:30.848: [13909663] * File:
c:\mdaemon\queues\temp\md500106109.tmp
Tue 2021-05-25 20:47:30.848: [13909663] * Message-ID:
<4.0.9d.293.8r385u03trn952...@fdydo.co.jp>
Tue 2021-05-25 20:47:30.848: [13909663] * Result: neutral
Tue 2021-05-25 20:47:30.848: [13909663] End DKIM results
Tue 2021-05-25 20:47:30.856: [13909663] Performing DMARC processing
Tue 2021-05-25 20:47:30.856: [13909663] * File:
c:\mdaemon\queues\temp\md500106109.tmp
Tue 2021-05-25 20:47:30.856: [13909663] * Message-ID:
<4.0.9d.293.8r385u03trn952...@fdydo.co.jp>
Tue 2021-05-25 20:47:30.856: [13909663] * Author domain: fdydo.co.jp
Tue 2021-05-25 20:47:30.856: [13909663] * Organizational domain:
fdydo.co.jp
Tue 2021-05-25 20:47:30.856: [13909663] * Query domain: _dmarc.fdydo.co.jp
Tue 2021-05-25 20:47:30.889: [13909663] * No DMARC policy record found
Tue 2021-05-25 20:47:30.889: [13909663] * Action taken: none
Tue 2021-05-25 20:47:30.889: [13909663] * Result: none
Tue 2021-05-25 20:47:30.889: [13909663] End DMARC results
Tue 2021-05-25
[mdaemon-l] Spam Lolos
On 03/12/18 09.18, Bambang Setiawan via mdaemon-l (mdaemon-l@dutaint.com) wrote: > Apakah ada trik khusus untuk mencegah 2 email spam terlampir pak ? > karena bisa lolos dari mdaemon. > > > > Log 1 : > > Sat 2018-12-01 20:16:00.022: 03: --> 250 mail.persada.id Hello > 4edental.com [173.198.27.3], pleased to meet you > Sat 2018-12-01 20:16:00.240: 02: <-- MAIL FROM: Lengkapi semua log lengkap 1 session. mulai dari Sat 2018-12-01 20:16:00.022: Session ; child yyy s.d Sat 2018-12-01 20:16:03.563: 01: SMTP session successful (Bytes in/out: 31440/361) -- syafril --- Syafril Hermansyah MDaemon-L Moderators, running MDaemon 18.5.1-64 bit Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon. There are three kinds of men. The ones that learn by readin’. The few who learn by observation. The rest of them have to pee on the electric fence for themselves. --- Will Rogers -- --[mdaemon-l]-- Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette Arsip: http://mdaemon-l.dutaint.com Dokumentasi : http://mdaemon.dutaint.co.id Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com Versi terakhir MD 18.5.1, SG 5.5.0
[mdaemon-l] Spam Lolos
Dear Pak Syafril,
Apakah ada trik khusus untuk mencegah 2 email spam terlampir pak ?
karena bisa lolos dari mdaemon.
Terima kasih.
Log 1 :
Sat 2018-12-01 20:16:00.022: 03: --> 250 mail.persada.id Hello
4edental.com [173.198.27.3], pleased to meet you
Sat 2018-12-01 20:16:00.240: 02: <-- MAIL FROM:
Sat 2018-12-01 20:16:00.243: 05: Performing PTR lookup
(3.27.198.173.IN-ADDR.ARPA)
Sat 2018-12-01 20:16:00.514: 05: * D=3.27.198.173.IN-ADDR.ARPA TTL=(60)
PTR=[rrcs-173-198-27-3.west.biz.rr.com]
Sat 2018-12-01 20:16:00.772: 05: * D=rrcs-173-198-27-3.west.biz.rr.com
TTL=(60) A=[173.198.27.3]
Sat 2018-12-01 20:16:00.772: 05: End PTR results
Sat 2018-12-01 20:16:00.775: 05: Performing IP lookup (4edental.com)
Sat 2018-12-01 20:16:00.777: 05: * D=4edental.com TTL=(29)
A=[192.169.188.49]
Sat 2018-12-01 20:16:00.777: 05: End IP lookup results
Sat 2018-12-01 20:16:00.781: 05: Performing IP lookup (4edental.com)
Sat 2018-12-01 20:16:00.783: 05: * D=4edental.com TTL=(29)
A=[192.169.188.49]
Sat 2018-12-01 20:16:00.785: 05: * P=000 S=000 D=4edental.com TTL=(59)
MX=[mail.4edental.com] {173.198.27.3}
Sat 2018-12-01 20:16:00.785: 05: End IP lookup results
Sat 2018-12-01 20:16:00.786: 09: Performing SPF lookup (4edental.com /
173.198.27.3)
Sat 2018-12-01 20:16:00.786: 09: * Policy (cache): v=spf1 +a +mx
include:marketheroSPF.smtp.com ?all
Sat 2018-12-01 20:16:00.788: 09: * Evaluating +a: no match
Sat 2018-12-01 20:16:00.793: 09: * Evaluating +mx: match
Sat 2018-12-01 20:16:00.793: 09: * Result: pass
Sat 2018-12-01 20:16:00.793: 09: End SPF results
Sat 2018-12-01 20:16:00.793: 03: --> 250 2.1.0 Sender OK
Sat 2018-12-01 20:16:01.001: 02: <-- RCPT TO:
Sat 2018-12-01 20:16:01.047: 05: Performing DNS-BL lookup (173.198.27.3
- connecting IP)
Sat 2018-12-01 20:16:01.064: 05: * zen.spamhaus.org - passed
Sat 2018-12-01 20:16:01.301: 05: * bl.spamcop.net - passed
Sat 2018-12-01 20:16:01.301: 05: End DNS-BL results
Sat 2018-12-01 20:16:01.302: 03: --> 250 2.1.5 Recipient OK
Sat 2018-12-01 20:16:01.518: 02: <-- DATA
Sat 2018-12-01 20:16:01.519: 01: Creating temp file (SMTP):
c:\mdaemon\queues\temp\md5051645.tmp
Sat 2018-12-01 20:16:01.519: 03: --> 354 Enter mail, end with .
Sat 2018-12-01 20:16:02.371: 01: Message size: 31331 bytesSat 2018-12-01
20:16:02.373: 10: Performing DKIM lookup
Sat 2018-12-01 20:16:02.373: 10: * File:
c:\mdaemon\queues\temp\md5051645.tmp
Sat 2018-12-01 20:16:02.373: 10: * Message-ID:
<3560106752968319675.c23ca084ce13a...@persada.id>
Sat 2018-12-01 20:16:02.373: 10: * Result: neutral
Sat 2018-12-01 20:16:02.373: 10: End DKIM results
Sat 2018-12-01 20:16:02.377: 19: Performing DMARC processing
Sat 2018-12-01 20:16:02.377: 19: * File:
c:\mdaemon\queues\temp\md5051645.tmp
Sat 2018-12-01 20:16:02.377: 19: * Message-ID:
<3560106752968319675.c23ca084ce13a...@persada.id>
Sat 2018-12-01 20:16:02.377: 19: * Author domain: 4edental.com
Sat 2018-12-01 20:16:02.377: 19: * Organizational domain: 4edental.com
Sat 2018-12-01 20:16:02.377: 19: * Query domain: _dmarc.4edental.com
Sat 2018-12-01 20:16:02.395: 19: * No DMARC policy record found
Sat 2018-12-01 20:16:02.395: 19: * Action taken: none
Sat 2018-12-01 20:16:02.395: 19: * Result: none
Sat 2018-12-01 20:16:02.395: 19: End DMARC results
Sat 2018-12-01 20:16:02.397: 06: Passing message through AntiVirus
(Size: 31331)...
Sat 2018-12-01 20:16:02.472: 06: * Message is clean (no viruses found)
Sat 2018-12-01 20:16:02.472: 06: End AntiVirus results
Sat 2018-12-01 20:16:02.472: 11: Passing message through ClamAV Plugin
(c:\mdaemon\queues\temp\md5051645.tmp)...
Sat 2018-12-01 20:16:02.472: 11: * Message-ID:
<3560106752968319675.c23ca084ce13a...@persada.id>
Sat 2018-12-01 20:16:02.549: 11: * Virus result: 0 - clean
Sat 2018-12-01 20:16:02.700: 11: Passing message through Outbreak
Protection...
Sat 2018-12-01 20:16:02.700: 11: * Message-ID:
<3560106752968319675.c23ca084ce13a...@persada.id>
Sat 2018-12-01 20:16:02.700: 11: * Reference-ID:
str=0001.0A150207.5C028993.0015,ss=3,re=0.000,recu=0.000,reip=0.000,vtr=str,vl=0,pt=F_42288174,cl=4,cld=1,fgs=0
Sat 2018-12-01 20:16:02.700: 11: * Virus result: 0 - Clean
Sat 2018-12-01 20:16:02.700: 11: * Spam result: 4 - Spam (confirmed)
Sat 2018-12-01 20:16:02.700: 11: * IWF result: 0 - Clean
Sat 2018-12-01 20:16:02.701: 11: End Outbreak Protection results
Sat 2018-12-01 20:16:02.701: 07: Passing message through Spam Filter
(Size: 31352)...
Sat 2018-12-01 20:16:03.342: 07: * 2.5 MDAEMON_OP_SPAM_HIGH MDaemon:
spam/phish
Sat 2018-12-01 20:16:03.342: 07: * 0.0 HTML_MESSAGE BODY: HTML included
in message
Sat 2018-12-01 20:16:03.342: 07: * 1.1 MIME_HTML_ONLY BODY: Message
only has text/html MIME parts
Sat 2018-12-01 20:16:03.342: 07: * 0.7 HTML_IMAGE_ONLY_20 BODY: HTML:
images with 1600-2000 bytes of words
Sat 2018-12-01 20:16:03.342: 07: * 0.4 RDNS_DYNAMIC Delivered to
internal network by host with
Sat
[MDaemon-L] Spam Lolos dari SpamAssassin
Dear pak Syafril dan rekan2
Belakangan beberapa spam mulai lolos dari spamassassin contoh nya seperti
terlampir
Mohon masukannya pak Syafril untuk mengatasi nya, apa perlu Bayesian
scorenya saya kecil kan,
saat ini konfigursinya
*A messages is spam if it scores greater or equal to [7]
*SMTP rejects messages with scores greater or equal to [10]
Terminix Kasih,
Zhia Chandra | IT Dept
M: +62 811 110 8790 - 8699953 | P: +62 251 8313 070 ext.236 | F: +62 251
8353 508
save forest and trees, Keep it on screen - think before you print - email dan
informasi yang terkandung bersifat rahasia dan dimaksudkan semata-mata untuk
penggunaan pribadi atau secara organisasi perusahaan untuk kegiatan yang
berhubungan dengan kegiatan usaha PT. Agricon Putra Citra Optima. Jika anda
bukan penerima email yang dimaksud harap langsung menghapus email ini dari
sistem anda. Jika anda menerima email ini dalam keadaan rusak/error harap
segera menghubungi kami dengan membalas/melanjutkan email tersebut ke
i...@terminix.co.id atau menghubungi IT Dept di +62251 8313070 - 236, kemudian
hapus email tersebut bersama semua lampirannya. PT. Agricon Putra Citra Optima
tidak bertanggung jawab terhadap kerusakan yang terjadi akibat email tersebut.
Fri 2013-04-19 03:19:50: --
Fri 2013-04-19 03:22:07: Session 397816; child 1
Fri 2013-04-19 03:22:07: Accepting SMTP connection from [85.174.26.159:63435]
to [172.16.99.6:25]
Fri 2013-04-19 03:22:07: -- 220 terminix.co.id ESMTP MDaemon 13.0.4; Fri, 19
Apr 2013 03:22:07 +0700
Fri 2013-04-19 03:22:08: -- HELO 85.174.26.159
Fri 2013-04-19 03:22:08: -- 250 terminix.co.id Hello 85.174.26.159, pleased to
meet you
Fri 2013-04-19 03:22:09: -- MAIL FROM:e63...@greencafe.com
Fri 2013-04-19 03:22:09: Performing PTR lookup (159.26.174.85.IN-ADDR.ARPA)
Fri 2013-04-19 03:22:10: * D=159.26.174.85.IN-ADDR.ARPA TTL=(60)
PTR=[dsl-85-174-26-159.avtlg.ru]
Fri 2013-04-19 03:22:10: * Gathering A records...
Fri 2013-04-19 03:22:11: * No A records found
Fri 2013-04-19 03:22:11: End PTR results
Fri 2013-04-19 03:22:11: Performing IP lookup (greencafe.com)
Fri 2013-04-19 03:22:11: * D=greencafe.com TTL=(58) A=[68.178.169.201]
Fri 2013-04-19 03:22:11: * P=010 S=000 D=greencafe.com TTL=(55)
MX=[southtrail.greencafe.com] {72.167.112.11}
Fri 2013-04-19 03:22:11: End IP lookup results
Fri 2013-04-19 03:22:11: Performing SPF lookup (greencafe.com / 85.174.26.159)
Fri 2013-04-19 03:22:11: * Result: none; no SPF record in DNS
Fri 2013-04-19 03:22:11: End SPF results
Fri 2013-04-19 03:22:11: -- 250 e63...@greencafe.com, Sender ok
Fri 2013-04-19 03:22:12: -- RCPT TO:zhia.chan...@terminix.co.id
Fri 2013-04-19 03:22:12: -- 250 zhia.chan...@terminix.co.id, Recipient ok
Fri 2013-04-19 03:22:13: -- DATA
Fri 2013-04-19 03:22:13: Creating temp file (SMTP):
e:\mdaemon\queues\temp\md50001034471.tmp
Fri 2013-04-19 03:22:13: -- 354 Enter mail, end with CRLF.CRLF
Fri 2013-04-19 03:22:14: Message size: 668 bytes
Fri 2013-04-19 03:22:14: Performing DKIM lookup
Fri 2013-04-19 03:22:14: * File: e:\mdaemon\queues\temp\md50001034471.tmp
Fri 2013-04-19 03:22:14: * Message-ID: 000901ce3c72$2fe63f40$746dc072@adminqvk
Fri 2013-04-19 03:22:14: * Result: neutral
Fri 2013-04-19 03:22:14: End DKIM results
Fri 2013-04-19 03:22:14: Performing DomainKeys lookup (Sender:
e63...@greencafe.com)
Fri 2013-04-19 03:22:14: * File: e:\mdaemon\queues\temp\md50001034471.tmp
Fri 2013-04-19 03:22:14: * Message-ID: 000901ce3c72$2fe63f40$746dc072@adminqvk
Fri 2013-04-19 03:22:14: * Querying for policy: greencafe.com
Fri 2013-04-19 03:22:14: *Querying: _domainkey.greencafe.com ...
Fri 2013-04-19 03:22:14: *DNS: * Name server reports domain name unknown
Fri 2013-04-19 03:22:14: * Result: neutral
Fri 2013-04-19 03:22:14: End DomainKeys results
Fri 2013-04-19 03:22:14: Passing message through AntiVirus (Size: 668)...
Fri 2013-04-19 03:22:14: * Message is clean (no viruses found)
Fri 2013-04-19 03:22:14: End AntiVirus results
Fri 2013-04-19 03:22:14: Passing message through Spam Filter (Size: 668)...
Fri 2013-04-19 03:22:15: * 2.3 FSL_HELO_BARE_IP_1 FSL_HELO_BARE_IP_1
Fri 2013-04-19 03:22:15: * 0.0 TVD_RCVD_IP4 TVD_RCVD_IP4
Fri 2013-04-19 03:22:15: * 0.0 TVD_RCVD_IP TVD_RCVD_IP
Fri 2013-04-19 03:22:15: * 3.2 FH_DATE_PAST_20XX The date is grossly in the
future.
Fri 2013-04-19 03:22:15: * 1.2 RCVD_NUMERIC_HELO Received: contains an IP
address used for HELO
Fri 2013-04-19 03:22:15: * -100 USER_IN_WHITELIST_TO address is listed in
'whitelist_to'
Fri 2013-04-19 03:22:15: * 0.0 NORMAL_HTTP_TO_IP URI: Uses a dotted-decimal IP
address in URL
Fri 2013-04-19 03:22:15: * 6.0 BAYES_80 BODY: Bayes spam probability is 80 to
95%
Fri 2013-04-19 03:22:15: * [score: 0.8951]
Fri 2013-04-19 03:22:15: * 0.6 URIBL_SC_SURBL Contains an URL listed in the SC
SURBL blocklist
Fri 2013-04-19 03:22:15: * [URIs: 78.90.213.244]
Fri 2013-04-19 03:22:15: * 1.7 URIBL_BLACK Contains an
