[Mdaemon-L] Spam Lolos
On 25/05/21 21.40, Bambang Setiawan via Mdaemon-L wrote: Mohon bantuan analisanya, untuk spam yang berhasil lolos ini kenapa ya pak, Karena messagenya dikirim melalui server yang legalitasnya sesuai ketentuan dari Internet Mail, sehingga lolos screening legalitas checknya MDaemon. Spam macam ini umumnya terjadi akibat ada akun kena hijack, sehingga sender mailnya bisa sangat bervariasi. Dalam kasus seperti ini hanya antispam content filtering yang bisa menangani, karena indikasi spam adanya di content message bukan di message header. Tue 2021-05-25 20:47:30.958: [13909663] Passing message through Outbreak Protection... Tue 2021-05-25 20:47:30.958: [13909663] * Message-ID: <4.0.9d.293.8r385u03trn952...@fdydo.co.jp> Tue 2021-05-25 20:47:30.958: [13909663] * Reference-ID: str=0001.0A67340D.60ACC854.002D,ss=3,sh,re=0.000,recu=0.000,reip=0.000,pt=C_5816,cl=4,cld=1,fgs=0 Tue 2021-05-25 20:47:30.958: [13909663] * Virus result: 0 - Clean Tue 2021-05-25 20:47:30.959: [13909663] * Spam result: 4 - Spam (confirmed) Tue 2021-05-25 20:47:30.959: [13909663] * IWF result: 0 - Clean Tue 2021-05-25 20:47:30.959: [13909663] End Outbreak Protection results Tue 2021-05-25 20:47:30.961: [13909663] Passing message through Spam Filter (Size: 3882)... Tue 2021-05-25 20:47:31.340: [13909663] * 2.5 MDAEMON_OP_SPAM_HIGH MDaemon: spam/phish Tue 2021-05-25 20:47:31.340: [13909663] * 0.5 PDS_BTC_ID FP reduced Bitcoin ID Tue 2021-05-25 20:47:31.340: [13909663] End SpamAssassin results Tue 2021-05-25 20:47:31.340: [13909663] Spam Filter score/req: 3.00/10.0 Dari log terlihat bahwa sebenarnya message itu tidak lolos spam filter, dalam hal ini Outbreak Protection mendeteksinya sebagai spam. Tetapi karena setting OP untuk spam tidak reject, untuk menghindari false positive result, maka mail nya diteruskan ke local queue. https://www.mail-archive.com/mdaemon-l@dutaint.com/msg37676.html X-Spam-Report: * 2.5 MDAEMON_OP_SPAM_HIGH MDaemon: spam/phish * 0.5 PDS_BTC_ID FP reduced Bitcoin ID X-Spam-Processed: mail.persada.id, Tue, 25 May 2021 20:47:34 +0700 (processed during SMTP session) X-MDOP-RefID: str=0001.0A67340D.60ACC854.002D,ss=3,sh,re=0.000,recu=0.000,reip=0.000,pt=C_5816,cl=4,cld=1,fgs=0 (_st=4 _vt=0 _iwf=0) Lakukan filter terhadap message dimana Outbreak Protection mendeteksi sebagai spam, pindahkan ke holding queue atau quarantine queue (agar Administrator mendapat notification adanya mail disitu). Setelah itu secara manual pilah message yang asli spam untuk dihapus, sementara non-spam (false positive result) laporkan ke MDaemon.com (dari Right-Mouse Clik menu pilih "Report to MDaemon.com as Spam False Positive) agar kedepannya tidak lagi terjadi FP result. Content Filter Rulenya bisa seperti ini http://mdaemon.dutaint.co.id/mdaemon/21.0.1/cf_creating_a_new_content_filter_rule.html RuleName=Outbreak Protection Spam Detection Enable=Yes ThisRuleCondition=All ProcessQueue=BOTH Condition01=If define header X-Spam-Report contains MDAEMON_OP_SPAM_HIGH Action01=Copy Message to folder \\mdaemon\queues\holding (atau ke \\mdaemon\Cfilter\quarant) Action02=Delete the Message Kalau tidak sabar menunggu response dari MDaemon.com untuk perbaikkan Spam False Positive, boleh masukkan From address atau sender address kedalam Antispam Whitelist No Filtering http://mdaemon.dutaint.co.id/mdaemon/21.0.1/sf_white_list.html -- syafril --- Syafril Hermansyah -- --[mdaemon-l]-- Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette Arsip: http://mdaemon-l.dutaint.com Dokumentasi : http://mdaemon.dutaint.co.id Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com Versi terakhir: MDaemon 21.0.2, SecurityGateway 8.0.1
[Mdaemon-L] Spam Lolos
Dear Pak Syafril, Mohon bantuan analisanya, untuk spam yang berhasil lolos ini kenapa ya pak, terima kasih Lognya sbb : Tue 2021-05-25 20:47:29.264: [13909663] Session 13909663; child 0001 Tue 2021-05-25 20:47:29.264: [13909663] Accepting SMTP connection from 59.84.175.233:29451 to 124.81.84.135:25 Tue 2021-05-25 20:47:29.264: [13909663] Location Screen says connection is from Japan, Asia Tue 2021-05-25 20:47:29.265: [13909663] --> 220 mail.persada.id ESMTP MDaemon 21.0.1; Tue, 25 May 2021 20:47:29 +0700 Tue 2021-05-25 20:47:29.368: [13909663] <-- EHLO mgsp102.cybermail.jp Tue 2021-05-25 20:47:29.368: [13909663] --> 250-mail.persada.id Hello mgsp102.cybermail.jp [59.84.175.233], pleased to meet you Tue 2021-05-25 20:47:29.368: [13909663] --> 250-ETRN Tue 2021-05-25 20:47:29.368: [13909663] Location Screening hiding AUTH from country Japan, Asia Tue 2021-05-25 20:47:29.368: [13909663] --> 250-8BITMIME Tue 2021-05-25 20:47:29.368: [13909663] --> 250-ENHANCEDSTATUSCODES Tue 2021-05-25 20:47:29.368: [13909663] --> 250 SIZE Tue 2021-05-25 20:47:29.467: [13909663] <-- MAIL FROM: Tue 2021-05-25 20:47:29.477: [13909663] Performing PTR lookup (233.175.84.59.IN-ADDR.ARPA) Tue 2021-05-25 20:47:29.656: [13909663] * D=233.175.84.59.IN-ADDR.ARPA TTL=(1440) PTR=[mgsp102.cybermail.jp] Tue 2021-05-25 20:47:29.797: [13909663] * D=mgsp102.cybermail.jp TTL=(30) A=[59.84.175.233] Tue 2021-05-25 20:47:29.797: [13909663] End PTR results Tue 2021-05-25 20:47:29.800: [13909663] Performing IP lookup (mgsp102.cybermail.jp) Tue 2021-05-25 20:47:29.801: [13909663] * D=mgsp102.cybermail.jp TTL=(30) A=[59.84.175.233] Tue 2021-05-25 20:47:29.801: [13909663] End IP lookup results Tue 2021-05-25 20:47:29.807: [13909663] Performing IP lookup (fdydo.co.jp) Tue 2021-05-25 20:47:29.851: [13909663] * D=fdydo.co.jp TTL=(60) A=[202.189.180.66] Tue 2021-05-25 20:47:30.083: [13909663] * P=010 S=000 D=fdydo.co.jp TTL=(5) MX=[mg.cybermail.jp] {59.84.175.228} Tue 2021-05-25 20:47:30.083: [13909663] End IP lookup results Tue 2021-05-25 20:47:30.085: [13909663] Performing SPF lookup (mgsp102.cybermail.jp / 59.84.175.233) Tue 2021-05-25 20:47:30.203: [13909663] * Result: none; no SPF record in DNS Tue 2021-05-25 20:47:30.203: [13909663] End SPF results Tue 2021-05-25 20:47:30.203: [13909663] Performing SPF lookup (fdydo.co.jp / 59.84.175.233) Tue 2021-05-25 20:47:30.224: [13909663] * Policy: v=spf1 include:spfcm.cybermail.jp +ip4:153.149.98.115/32 -all Tue 2021-05-25 20:47:30.224: [13909663] * Evaluating include:spfcm.cybermail.jp: performing lookup Tue 2021-05-25 20:47:30.328: [13909663] * Policy: v=spf1 ip4:59.84.175.224/27 ip4:120.137.171.0/25 ip4:27.121.5.128/25 ip4:59.84.175.64/26 ip4:42.125.229.64/26 ip4:168.138.218.72 ip4:158.101.93.181 ip4:168.138.36.14 ip4:168.138.33.163 ip4:158.101.76.206 ip4:158.101.133.234 ip4:158. Tue 2021-05-25 20:47:30.328: [13909663] * Evaluating ip4:59.84.175.224/27: match Tue 2021-05-25 20:47:30.328: [13909663] * Evaluating include:spfcm.cybermail.jp: match Tue 2021-05-25 20:47:30.328: [13909663] * Result: pass Tue 2021-05-25 20:47:30.328: [13909663] End SPF results Tue 2021-05-25 20:47:30.328: [13909663] --> 250 2.1.0 Sender OK Tue 2021-05-25 20:47:30.427: [13909663] <-- RCPT TO: Tue 2021-05-25 20:47:30.434: [13909663] Performing DNS-BL lookup (59.84.175.233 - connecting IP) Tue 2021-05-25 20:47:30.451: [13909663] * zen.spamhaus.org - passed Tue 2021-05-25 20:47:30.545: [13909663] * bl.spamcop.net - passed Tue 2021-05-25 20:47:30.545: [13909663] End DNS-BL results Tue 2021-05-25 20:47:30.547: [13909663] --> 250 2.1.5 Recipient OK Tue 2021-05-25 20:47:30.646: [13909663] <-- DATA Tue 2021-05-25 20:47:30.648: [13909663] --> 354 Enter mail, end with . Tue 2021-05-25 20:47:30.846: [13909663] Message size: 3882 bytes Tue 2021-05-25 20:47:30.848: [13909663] Performing DKIM verification Tue 2021-05-25 20:47:30.848: [13909663] * File: c:\mdaemon\queues\temp\md500106109.tmp Tue 2021-05-25 20:47:30.848: [13909663] * Message-ID: <4.0.9d.293.8r385u03trn952...@fdydo.co.jp> Tue 2021-05-25 20:47:30.848: [13909663] * Result: neutral Tue 2021-05-25 20:47:30.848: [13909663] End DKIM results Tue 2021-05-25 20:47:30.856: [13909663] Performing DMARC processing Tue 2021-05-25 20:47:30.856: [13909663] * File: c:\mdaemon\queues\temp\md500106109.tmp Tue 2021-05-25 20:47:30.856: [13909663] * Message-ID: <4.0.9d.293.8r385u03trn952...@fdydo.co.jp> Tue 2021-05-25 20:47:30.856: [13909663] * Author domain: fdydo.co.jp Tue 2021-05-25 20:47:30.856: [13909663] * Organizational domain: fdydo.co.jp Tue 2021-05-25 20:47:30.856: [13909663] * Query domain: _dmarc.fdydo.co.jp Tue 2021-05-25 20:47:30.889: [13909663] * No DMARC policy record found Tue 2021-05-25 20:47:30.889: [13909663] * Action taken: none Tue 2021-05-25 20:47:30.889: [13909663] * Result: none Tue 2021-05-25 20:47:30.889: [13909663] End DMARC results Tue 2021-05-25
[mdaemon-l] Spam Lolos
On 03/12/18 09.18, Bambang Setiawan via mdaemon-l (mdaemon-l@dutaint.com) wrote: > Apakah ada trik khusus untuk mencegah 2 email spam terlampir pak ? > karena bisa lolos dari mdaemon. > > > > Log 1 : > > Sat 2018-12-01 20:16:00.022: 03: --> 250 mail.persada.id Hello > 4edental.com [173.198.27.3], pleased to meet you > Sat 2018-12-01 20:16:00.240: 02: <-- MAIL FROM: Lengkapi semua log lengkap 1 session. mulai dari Sat 2018-12-01 20:16:00.022: Session ; child yyy s.d Sat 2018-12-01 20:16:03.563: 01: SMTP session successful (Bytes in/out: 31440/361) -- syafril --- Syafril Hermansyah MDaemon-L Moderators, running MDaemon 18.5.1-64 bit Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon. There are three kinds of men. The ones that learn by readin’. The few who learn by observation. The rest of them have to pee on the electric fence for themselves. --- Will Rogers -- --[mdaemon-l]-- Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette Arsip: http://mdaemon-l.dutaint.com Dokumentasi : http://mdaemon.dutaint.co.id Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com Versi terakhir MD 18.5.1, SG 5.5.0
[mdaemon-l] Spam Lolos
Dear Pak Syafril, Apakah ada trik khusus untuk mencegah 2 email spam terlampir pak ? karena bisa lolos dari mdaemon. Terima kasih. Log 1 : Sat 2018-12-01 20:16:00.022: 03: --> 250 mail.persada.id Hello 4edental.com [173.198.27.3], pleased to meet you Sat 2018-12-01 20:16:00.240: 02: <-- MAIL FROM: Sat 2018-12-01 20:16:00.243: 05: Performing PTR lookup (3.27.198.173.IN-ADDR.ARPA) Sat 2018-12-01 20:16:00.514: 05: * D=3.27.198.173.IN-ADDR.ARPA TTL=(60) PTR=[rrcs-173-198-27-3.west.biz.rr.com] Sat 2018-12-01 20:16:00.772: 05: * D=rrcs-173-198-27-3.west.biz.rr.com TTL=(60) A=[173.198.27.3] Sat 2018-12-01 20:16:00.772: 05: End PTR results Sat 2018-12-01 20:16:00.775: 05: Performing IP lookup (4edental.com) Sat 2018-12-01 20:16:00.777: 05: * D=4edental.com TTL=(29) A=[192.169.188.49] Sat 2018-12-01 20:16:00.777: 05: End IP lookup results Sat 2018-12-01 20:16:00.781: 05: Performing IP lookup (4edental.com) Sat 2018-12-01 20:16:00.783: 05: * D=4edental.com TTL=(29) A=[192.169.188.49] Sat 2018-12-01 20:16:00.785: 05: * P=000 S=000 D=4edental.com TTL=(59) MX=[mail.4edental.com] {173.198.27.3} Sat 2018-12-01 20:16:00.785: 05: End IP lookup results Sat 2018-12-01 20:16:00.786: 09: Performing SPF lookup (4edental.com / 173.198.27.3) Sat 2018-12-01 20:16:00.786: 09: * Policy (cache): v=spf1 +a +mx include:marketheroSPF.smtp.com ?all Sat 2018-12-01 20:16:00.788: 09: * Evaluating +a: no match Sat 2018-12-01 20:16:00.793: 09: * Evaluating +mx: match Sat 2018-12-01 20:16:00.793: 09: * Result: pass Sat 2018-12-01 20:16:00.793: 09: End SPF results Sat 2018-12-01 20:16:00.793: 03: --> 250 2.1.0 Sender OK Sat 2018-12-01 20:16:01.001: 02: <-- RCPT TO: Sat 2018-12-01 20:16:01.047: 05: Performing DNS-BL lookup (173.198.27.3 - connecting IP) Sat 2018-12-01 20:16:01.064: 05: * zen.spamhaus.org - passed Sat 2018-12-01 20:16:01.301: 05: * bl.spamcop.net - passed Sat 2018-12-01 20:16:01.301: 05: End DNS-BL results Sat 2018-12-01 20:16:01.302: 03: --> 250 2.1.5 Recipient OK Sat 2018-12-01 20:16:01.518: 02: <-- DATA Sat 2018-12-01 20:16:01.519: 01: Creating temp file (SMTP): c:\mdaemon\queues\temp\md5051645.tmp Sat 2018-12-01 20:16:01.519: 03: --> 354 Enter mail, end with . Sat 2018-12-01 20:16:02.371: 01: Message size: 31331 bytesSat 2018-12-01 20:16:02.373: 10: Performing DKIM lookup Sat 2018-12-01 20:16:02.373: 10: * File: c:\mdaemon\queues\temp\md5051645.tmp Sat 2018-12-01 20:16:02.373: 10: * Message-ID: <3560106752968319675.c23ca084ce13a...@persada.id> Sat 2018-12-01 20:16:02.373: 10: * Result: neutral Sat 2018-12-01 20:16:02.373: 10: End DKIM results Sat 2018-12-01 20:16:02.377: 19: Performing DMARC processing Sat 2018-12-01 20:16:02.377: 19: * File: c:\mdaemon\queues\temp\md5051645.tmp Sat 2018-12-01 20:16:02.377: 19: * Message-ID: <3560106752968319675.c23ca084ce13a...@persada.id> Sat 2018-12-01 20:16:02.377: 19: * Author domain: 4edental.com Sat 2018-12-01 20:16:02.377: 19: * Organizational domain: 4edental.com Sat 2018-12-01 20:16:02.377: 19: * Query domain: _dmarc.4edental.com Sat 2018-12-01 20:16:02.395: 19: * No DMARC policy record found Sat 2018-12-01 20:16:02.395: 19: * Action taken: none Sat 2018-12-01 20:16:02.395: 19: * Result: none Sat 2018-12-01 20:16:02.395: 19: End DMARC results Sat 2018-12-01 20:16:02.397: 06: Passing message through AntiVirus (Size: 31331)... Sat 2018-12-01 20:16:02.472: 06: * Message is clean (no viruses found) Sat 2018-12-01 20:16:02.472: 06: End AntiVirus results Sat 2018-12-01 20:16:02.472: 11: Passing message through ClamAV Plugin (c:\mdaemon\queues\temp\md5051645.tmp)... Sat 2018-12-01 20:16:02.472: 11: * Message-ID: <3560106752968319675.c23ca084ce13a...@persada.id> Sat 2018-12-01 20:16:02.549: 11: * Virus result: 0 - clean Sat 2018-12-01 20:16:02.700: 11: Passing message through Outbreak Protection... Sat 2018-12-01 20:16:02.700: 11: * Message-ID: <3560106752968319675.c23ca084ce13a...@persada.id> Sat 2018-12-01 20:16:02.700: 11: * Reference-ID: str=0001.0A150207.5C028993.0015,ss=3,re=0.000,recu=0.000,reip=0.000,vtr=str,vl=0,pt=F_42288174,cl=4,cld=1,fgs=0 Sat 2018-12-01 20:16:02.700: 11: * Virus result: 0 - Clean Sat 2018-12-01 20:16:02.700: 11: * Spam result: 4 - Spam (confirmed) Sat 2018-12-01 20:16:02.700: 11: * IWF result: 0 - Clean Sat 2018-12-01 20:16:02.701: 11: End Outbreak Protection results Sat 2018-12-01 20:16:02.701: 07: Passing message through Spam Filter (Size: 31352)... Sat 2018-12-01 20:16:03.342: 07: * 2.5 MDAEMON_OP_SPAM_HIGH MDaemon: spam/phish Sat 2018-12-01 20:16:03.342: 07: * 0.0 HTML_MESSAGE BODY: HTML included in message Sat 2018-12-01 20:16:03.342: 07: * 1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts Sat 2018-12-01 20:16:03.342: 07: * 0.7 HTML_IMAGE_ONLY_20 BODY: HTML: images with 1600-2000 bytes of words Sat 2018-12-01 20:16:03.342: 07: * 0.4 RDNS_DYNAMIC Delivered to internal network by host with Sat
[MDaemon-L] Spam Lolos dari SpamAssassin
Dear pak Syafril dan rekan2 Belakangan beberapa spam mulai lolos dari spamassassin contoh nya seperti terlampir Mohon masukannya pak Syafril untuk mengatasi nya, apa perlu Bayesian scorenya saya kecil kan, saat ini konfigursinya *A messages is spam if it scores greater or equal to [7] *SMTP rejects messages with scores greater or equal to [10] Terminix Kasih, Zhia Chandra | IT Dept M: +62 811 110 8790 - 8699953 | P: +62 251 8313 070 ext.236 | F: +62 251 8353 508 save forest and trees, Keep it on screen - think before you print - email dan informasi yang terkandung bersifat rahasia dan dimaksudkan semata-mata untuk penggunaan pribadi atau secara organisasi perusahaan untuk kegiatan yang berhubungan dengan kegiatan usaha PT. Agricon Putra Citra Optima. Jika anda bukan penerima email yang dimaksud harap langsung menghapus email ini dari sistem anda. Jika anda menerima email ini dalam keadaan rusak/error harap segera menghubungi kami dengan membalas/melanjutkan email tersebut ke i...@terminix.co.id atau menghubungi IT Dept di +62251 8313070 - 236, kemudian hapus email tersebut bersama semua lampirannya. PT. Agricon Putra Citra Optima tidak bertanggung jawab terhadap kerusakan yang terjadi akibat email tersebut. Fri 2013-04-19 03:19:50: -- Fri 2013-04-19 03:22:07: Session 397816; child 1 Fri 2013-04-19 03:22:07: Accepting SMTP connection from [85.174.26.159:63435] to [172.16.99.6:25] Fri 2013-04-19 03:22:07: -- 220 terminix.co.id ESMTP MDaemon 13.0.4; Fri, 19 Apr 2013 03:22:07 +0700 Fri 2013-04-19 03:22:08: -- HELO 85.174.26.159 Fri 2013-04-19 03:22:08: -- 250 terminix.co.id Hello 85.174.26.159, pleased to meet you Fri 2013-04-19 03:22:09: -- MAIL FROM:e63...@greencafe.com Fri 2013-04-19 03:22:09: Performing PTR lookup (159.26.174.85.IN-ADDR.ARPA) Fri 2013-04-19 03:22:10: * D=159.26.174.85.IN-ADDR.ARPA TTL=(60) PTR=[dsl-85-174-26-159.avtlg.ru] Fri 2013-04-19 03:22:10: * Gathering A records... Fri 2013-04-19 03:22:11: * No A records found Fri 2013-04-19 03:22:11: End PTR results Fri 2013-04-19 03:22:11: Performing IP lookup (greencafe.com) Fri 2013-04-19 03:22:11: * D=greencafe.com TTL=(58) A=[68.178.169.201] Fri 2013-04-19 03:22:11: * P=010 S=000 D=greencafe.com TTL=(55) MX=[southtrail.greencafe.com] {72.167.112.11} Fri 2013-04-19 03:22:11: End IP lookup results Fri 2013-04-19 03:22:11: Performing SPF lookup (greencafe.com / 85.174.26.159) Fri 2013-04-19 03:22:11: * Result: none; no SPF record in DNS Fri 2013-04-19 03:22:11: End SPF results Fri 2013-04-19 03:22:11: -- 250 e63...@greencafe.com, Sender ok Fri 2013-04-19 03:22:12: -- RCPT TO:zhia.chan...@terminix.co.id Fri 2013-04-19 03:22:12: -- 250 zhia.chan...@terminix.co.id, Recipient ok Fri 2013-04-19 03:22:13: -- DATA Fri 2013-04-19 03:22:13: Creating temp file (SMTP): e:\mdaemon\queues\temp\md50001034471.tmp Fri 2013-04-19 03:22:13: -- 354 Enter mail, end with CRLF.CRLF Fri 2013-04-19 03:22:14: Message size: 668 bytes Fri 2013-04-19 03:22:14: Performing DKIM lookup Fri 2013-04-19 03:22:14: * File: e:\mdaemon\queues\temp\md50001034471.tmp Fri 2013-04-19 03:22:14: * Message-ID: 000901ce3c72$2fe63f40$746dc072@adminqvk Fri 2013-04-19 03:22:14: * Result: neutral Fri 2013-04-19 03:22:14: End DKIM results Fri 2013-04-19 03:22:14: Performing DomainKeys lookup (Sender: e63...@greencafe.com) Fri 2013-04-19 03:22:14: * File: e:\mdaemon\queues\temp\md50001034471.tmp Fri 2013-04-19 03:22:14: * Message-ID: 000901ce3c72$2fe63f40$746dc072@adminqvk Fri 2013-04-19 03:22:14: * Querying for policy: greencafe.com Fri 2013-04-19 03:22:14: *Querying: _domainkey.greencafe.com ... Fri 2013-04-19 03:22:14: *DNS: * Name server reports domain name unknown Fri 2013-04-19 03:22:14: * Result: neutral Fri 2013-04-19 03:22:14: End DomainKeys results Fri 2013-04-19 03:22:14: Passing message through AntiVirus (Size: 668)... Fri 2013-04-19 03:22:14: * Message is clean (no viruses found) Fri 2013-04-19 03:22:14: End AntiVirus results Fri 2013-04-19 03:22:14: Passing message through Spam Filter (Size: 668)... Fri 2013-04-19 03:22:15: * 2.3 FSL_HELO_BARE_IP_1 FSL_HELO_BARE_IP_1 Fri 2013-04-19 03:22:15: * 0.0 TVD_RCVD_IP4 TVD_RCVD_IP4 Fri 2013-04-19 03:22:15: * 0.0 TVD_RCVD_IP TVD_RCVD_IP Fri 2013-04-19 03:22:15: * 3.2 FH_DATE_PAST_20XX The date is grossly in the future. Fri 2013-04-19 03:22:15: * 1.2 RCVD_NUMERIC_HELO Received: contains an IP address used for HELO Fri 2013-04-19 03:22:15: * -100 USER_IN_WHITELIST_TO address is listed in 'whitelist_to' Fri 2013-04-19 03:22:15: * 0.0 NORMAL_HTTP_TO_IP URI: Uses a dotted-decimal IP address in URL Fri 2013-04-19 03:22:15: * 6.0 BAYES_80 BODY: Bayes spam probability is 80 to 95% Fri 2013-04-19 03:22:15: * [score: 0.8951] Fri 2013-04-19 03:22:15: * 0.6 URIBL_SC_SURBL Contains an URL listed in the SC SURBL blocklist Fri 2013-04-19 03:22:15: * [URIs: 78.90.213.244] Fri 2013-04-19 03:22:15: * 1.7 URIBL_BLACK Contains an