Re: whitelist_from_rcvd hits only sometimes
On 28.02.19 12:44, Helmut Schneider wrote: >I'm trying to find out why a message sometimes hits >whitelist_from_rcvd and sometimes does not. I checked the headers >again and again but cannot see the difference. > >whitelist_from_rcvd quarant...@eu.quarantine.symantec.com >messagelabs.com whitelist_from_rcvd >quarant...@eu.quarantine.symantec.com messagelabs.net >Miss: On Fri, 1 Mar 2019 17:46:55 +0100 Matus UHLAR - fantomas wrote: this looks like the "mydomain Content Filter" has modified the message headers so spamassassin didn't parse them properly. Do you have the original file? On 01.03.19 17:41, RW wrote: I removed the SpamAssassin lines and fixed the wrapping before testing. There was no problem in parsing it. maybe the original mail was broken in a way SA could not parse it. hard to decide with only pasted content. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. I wonder how much deeper the ocean would be without sponges.
Re: whitelist_from_rcvd hits only sometimes
On Fri, 1 Mar 2019 17:46:55 +0100 Matus UHLAR - fantomas wrote: > On 28.02.19 12:44, Helmut Schneider wrote: > >I'm trying to find out why a message sometimes hits > >whitelist_from_rcvd and sometimes does not. I checked the headers > >again and again but cannot see the difference. > > > >whitelist_from_rcvd quarant...@eu.quarantine.symantec.com > >messagelabs.com whitelist_from_rcvd > >quarant...@eu.quarantine.symantec.com messagelabs.net > > > >Miss: > > this looks like the "mydomain Content Filter" has modified the message > headers so spamassassin didn't parse them properly. > Do you have the original file? I removed the SpamAssassin lines and fixed the wrapping before testing. There was no problem in parsing it.
Re: whitelist_from_rcvd hits only sometimes
On 28.02.19 12:44, Helmut Schneider wrote: I'm trying to find out why a message sometimes hits whitelist_from_rcvd and sometimes does not. I checked the headers again and again but cannot see the difference. whitelist_from_rcvd quarant...@eu.quarantine.symantec.com messagelabs.com whitelist_from_rcvd quarant...@eu.quarantine.symantec.com messagelabs.net Miss: this looks like the "mydomain Content Filter" has modified the message headers so spamassassin didn't parse them properly. Do you have the original file? X-Spam-Score: 19.767 X-Spam-Level: *** X-Spam-Status: Yes, score=19.767 tagged_above=- required=6.3 tests=[BAYES_99=6.5, BAYES_999=6.5, HELO_MISC_IP=0.25, HTML_MESSAGE=0.001, INTERNETX_UCE_NOT_REG=5, MIME_HTML_ONLY=0.723, RCVD_IN_DNSWL_NONE=-0.0001, RDNS_NONE=0.793] autolearn=no autolearn_force=no Received: from deaugmail02.mydomain.com ([127.0.0.1]) by localhost (deaugmail02.mydomain.com [127.0.0.1]) (amavisd-new,port 10024) with ESMTP id TbYATLBnkUKk for ; Tue, 26 Feb 2019 01:19:03 +0100 (CET) MIME-Version: 1.0 Subject: [mydomain Content Filter] [EXT] Email Quarantine: You have 2 new emails Received: from deaugmail01-in.mydomain.com (mailin.desog.mydomain.com [172.20.16.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by deaugmail02.mydomain.com (Postfix) with ESMTPS for ; Tue, 26 Feb 2019 01:19:03 +0100 (CET) Received: from mail6.bemta25.messagelabs.com (mail6.bemta25.messagelabs.com [195.245.230.106]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256bits)) (No client certificate requested) by deaugmail01-in.mydomain.com (Postfix) with ESMTPS id CC521D3AD2F for ; Tue, 26 Feb 2019 01:19:03 +0100 (CET) Received: from [46.226.52.194] (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256 bits)) by server-2.bemta.az-b.eu-west-1.aws.symcld.net id 45/A1-14990-7F5847C5; Tue, 26 Feb 2019 00:19:03 + Received: (qmail 17246 invoked from network); 26 Feb 2019 00:19:02 - Received: from mail-css2-1.ld1.messagelabs.net (HELO inbound.prqfe006003.mgmt.messagelabs.net) (95.131.104.177) by server-22.tower-282.messagelabs.com with DHE-RSA-AES256-GCM-SHA384 encrypted SMTP; 26 Feb 2019 00:19:02 - Received: from [127.0.0.1] ([127.0.0.1:38688] helo=prqfe006003.mgmt.messagelabs.net) by prqfe006003.mgmt.messagelabs.net (envelope-from ) (ecelerity 4.2.28.58446 r(Core:4.2.28.1)) with ESMTPS(cipher=AES256-SHA256) id DB/F9-02397-6F5847C5; Tue, 26 Feb 2019 00:19:02 + To: intern...@mydomain.com Date: Tue, 26 Feb 2019 00:19:02 + Message-Id: <20190226001902.43540a5f10d008b5d2c8...@quarantine.messagelabs.com> From: Email Quarantine -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. You have the right to remain silent. Anything you say will be misquoted, then used against you.
Re: whitelist_from_rcvd hits only sometimes
On Thu, 28 Feb 2019 12:44:16 +0100 Helmut Schneider wrote: > Hi, > > I'm trying to find out why a message sometimes hits > whitelist_from_rcvd and sometimes does not. I checked the headers > again and again but cannot see the difference. I couldn't reproduce this with the email labelled as 'miss'. It may be that there was a difference in the headers at the time of scanning.
whitelist_from_rcvd hits only sometimes
Hi, I'm trying to find out why a message sometimes hits whitelist_from_rcvd and sometimes does not. I checked the headers again and again but cannot see the difference. whitelist_from_rcvd quarant...@eu.quarantine.symantec.com messagelabs.com whitelist_from_rcvd quarant...@eu.quarantine.symantec.com messagelabs.net Hit: X-Spam-Score: -17.777 X-Spam-Level: X-Spam-Status: No, score=-17.777 tagged_above=- required=6.3 tests=[BAYES_50=1.5, HTML_MESSAGE=0.001, MIME_HTML_ONLY=0.723, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, USER_IN_WHITELIST=-20] autolearn=no autolearn_force=no Received: from deaugmail02.mydomain.com ([127.0.0.1]) by localhost (deaugmail02.mydomain.com [127.0.0.1]) (amavisd-new,port 10024) with ESMTP id QJysMQERq-OY for ; Tue, 26 Feb 2019 01:10:19 +0100 (CET) Received: from deaugmail01-in.mydomain.com (deaugmail01-in.mydomain.com[172.20.16.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by deaugmail02.mydomain.com (Postfix) with ESMTPS for ; Tue, 26 Feb 2019 01:10:19 +0100 (CET) Received: from mail6.bemta26.messagelabs.com (mail6.bemta26.messagelabs.com [85.158.142.155]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256bits)) (No client certificate requested) by deaugmail01-in.mydomain.com (Postfix) with ESMTPS id 05CD8D3ABE1 for ; Tue, 26 Feb 2019 01:10:18 +0100 (CET) Received: from [85.158.142.194] (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256 bits)) by server-4.bemta.az-b.eu-central-1.aws.symcld.net id 06/5B-03001-AE3847C5; Tue, 26 Feb 2019 00:10:18 + X-Env-Sender: bounce-notifications-verp-1abcbf9c040cf77c0...@eu.quarantine.symantec.com X-Msg-Ref: server-21.tower-239.messagelabs.com!1551139817!1629604!1 X-Originating-IP: [95.131.104.177] X-StarScan-Received: X-StarScan-Version: 9.31.5; banners=-,-,- X-VirusChecked: Checked Received: (qmail 17691 invoked from network); 26 Feb 2019 00:10:18 - Received: from mail-css2-1.ld1.messagelabs.net (HELO inbound.prqfe006002.mgmt.messagelabs.net) (95.131.104.177) by server-21.tower-239.messagelabs.com with DHE-RSA-AES256-GCM-SHA384 encrypted SMTP; 26 Feb 2019 00:10:18 - Received: from [127.0.0.1] ([127.0.0.1:53790] helo=prqfe006002.mgmt.messagelabs.net) by prqfe006002.mgmt.messagelabs.net (envelope-from ) (ecelerity 4.2.28.58446 r(Core:4.2.28.1)) with ESMTPS (cipher=AES256-SHA256) id 38/2F-02400-9E3847C5; Tue, 26 Feb 2019 00:10:17 + To: hel...@mydomain.com Date: Tue, 26 Feb 2019 00:10:17 + Message-Id: <20190226001017.439d763f554cfe22dfd4...@quarantine.messagelabs.com> From: Email Quarantine Miss: X-Spam-Score: 19.767 X-Spam-Level: *** X-Spam-Status: Yes, score=19.767 tagged_above=- required=6.3 tests=[BAYES_99=6.5, BAYES_999=6.5, HELO_MISC_IP=0.25, HTML_MESSAGE=0.001, INTERNETX_UCE_NOT_REG=5, MIME_HTML_ONLY=0.723, RCVD_IN_DNSWL_NONE=-0.0001, RDNS_NONE=0.793] autolearn=no autolearn_force=no Received: from deaugmail02.mydomain.com ([127.0.0.1]) by localhost (deaugmail02.mydomain.com [127.0.0.1]) (amavisd-new,port 10024) with ESMTP id TbYATLBnkUKk for ; Tue, 26 Feb 2019 01:19:03 +0100 (CET) MIME-Version: 1.0 Subject: [mydomain Content Filter] [EXT] Email Quarantine: You have 2 new emails Received: from deaugmail01-in.mydomain.com (mailin.desog.mydomain.com [172.20.16.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by deaugmail02.mydomain.com (Postfix) with ESMTPS for ; Tue, 26 Feb 2019 01:19:03 +0100 (CET) Received: from mail6.bemta25.messagelabs.com (mail6.bemta25.messagelabs.com [195.245.230.106]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256bits)) (No client certificate requested) by deaugmail01-in.mydomain.com (Postfix) with ESMTPS id CC521D3AD2F for ; Tue, 26 Feb 2019 01:19:03 +0100 (CET) Received: from [46.226.52.194] (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256 bits)) by server-2.bemta.az-b.eu-west-1.aws.symcld.net id 45/A1-14990-7F5847C5; Tue, 26 Feb 2019 00:19:03 + Received: (qmail 17246 invoked from network); 26 Feb 2019 00:19:02 - Received: from mail-css2-1.ld1.messagelabs.net (HELO inbound.prqfe006003.mgmt.messagelabs.net) (95.131.104.177) by server-22.tower-282.messagelabs.com with DHE-RSA-AES256-GCM-SHA384 encrypted SMTP; 26 Feb 2019 00:19:02 - Received: from [127.0.0.1] ([127.0.0.1:38688] helo=prqfe006003.mgmt.messagelabs.net) by prqfe006003.mgmt.messagelabs.net (envelope-from ) (ecelerity 4.2.28.58446 r(Core:4.2.28.1)) with ESMTPS(cipher=AES256-SHA256) id DB/F9-02397-6F5847C5; Tue, 26 Feb 2019 00:19:02 + To: intern...@mydomain.com Date: Tue, 26 Feb 2019 00:19:02 + Message-Id: <20190226001902.43540a5f10d008b5d2c8...@quarantine.messagelabs.com> From: Email Quarantine Thank you!