On 24 Apr 2018, at 20:10 (-0400), L A Walsh wrote:
These headers (not these values) are in most or all of my emails.
In one email on the net they were adjacent to SA's headers (but they
aren't in my emails). I was wondering if anyone knew what
product might be inserting these headers:
X-CSC: 0
X-CHA: v=1.1 cv=6jkfEoj2u7Yj9etNrzOg8LH7MfGxzbc6Xn0EJkmycus= c=1 sm=1
a=nDghuxUhq_wA:10 a=CxQU8S3nryls5r8B3V4N1Q==:17
a=3Y9Ew-73vc-33Fzs_NIA:9
a=wPNLvfGTeEIA:10 a=z11Dn8fxQD8A:10 a=Pmo6RyrIMpYA:10
a=zoqau9DHoPcA:10
a=zE7RolXeqPMA:10 a=CxQU8S3nryls5r8B3V4N1Q==:117
X-CTCH-Spam: Unknown
X-CTCH-RefID:
str=0001.0A020207.521CE122.0254,ss=1,re=0.000,recu=0.000,reip=0.000,cl=1,cld=1,fgs=0
X-WHL: SLR
The X-CTCH-* headers are a sign of filtering software from Cyren
(formerly Commtouch,) which has been resold or integrated by multiple
vendors of commercial email filtering products, including Sophos and
Ipswitch.
I don't know if it is related, but some evidence of scanning by
something
called 'ironport', as well as by Semantec.
I'm trying to track down what is scanning my email at an upstream mail
host
as they've rejected random emails on initial rcpt of the msg --
without
accepting the message and bouncing it, but just not accepting it
with the message:
User and password not set, continuing without authentication.
<email_addr> 64.29.145.41 failed after I sent the message.
Remote host said: 550 5.7.1 vB73jgO3003858 This message has been
blocked for containing SPAM-like characteristics.
What email SW censors things by rejecting them before accepting them?
That is not a unique feature, and is widely regarded as a best practice.
A MTA which accepts mail and later decides that it is spam has an
insoluble problem: pass along mail which is probably malicious, bounce
it to an inherently untrustworthy sender address that may belong to an
innocent victim, or drop it silently.
Since this mail is being rejected immediately, you have an obvious place
to go to get the problem fixed: whoever runs the server you're
submitting mail to. Presumably that is an entity with whom you have a
direct relationship.
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Currently Seeking Steady Work: https://linkedin.com/in/billcole
