Hi,
I'm trying to find out why a message sometimes hits whitelist_from_rcvd
and sometimes does not. I checked the headers again and again but
cannot see the difference.
whitelist_from_rcvd quarant...@eu.quarantine.symantec.com messagelabs.com
whitelist_from_rcvd quarant...@eu.quarantine.symantec.com messagelabs.net
Hit:
X-Spam-Score: -17.777
X-Spam-Level:
X-Spam-Status: No, score=-17.777 tagged_above=-9999 required=6.3
tests=[BAYES_50=1.5, HTML_MESSAGE=0.001, MIME_HTML_ONLY=0.723,
RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001,
USER_IN_WHITELIST=-20] autolearn=no autolearn_force=no
Received: from deaugmail02.mydomain.com ([127.0.0.1])
by localhost (deaugmail02.mydomain.com [127.0.0.1])
(amavisd-new,port 10024)
with ESMTP id QJysMQERq-OY for <hel...@mydomain.com>;
Tue, 26 Feb 2019 01:10:19 +0100 (CET)
Received: from deaugmail01-in.mydomain.com
(deaugmail01-in.mydomain.com[172.20.16.23])
(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
(No client certificate requested)
by deaugmail02.mydomain.com (Postfix) with ESMTPS
for <hel...@mydomain.com>; Tue, 26 Feb 2019 01:10:19 +0100 (CET)
Received: from mail6.bemta26.messagelabs.com
(mail6.bemta26.messagelabs.com [85.158.142.155])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256bits))
(No client certificate requested)
by deaugmail01-in.mydomain.com (Postfix) with ESMTPS id 05CD8D3ABE1
for <hel...@mydomain.com>; Tue, 26 Feb 2019 01:10:18 +0100 (CET)
Received: from [85.158.142.194] (using TLSv1.2 with cipher
DHE-RSA-AES256-GCM-SHA384 (256 bits))
by server-4.bemta.az-b.eu-central-1.aws.symcld.net id
06/5B-03001-AE3847C5; Tue, 26 Feb 2019 00:10:18 +0000
X-Env-Sender:
bounce-notifications-verp-1abcbf9c040cf77c0...@eu.quarantine.symantec.com
X-Msg-Ref: server-21.tower-239.messagelabs.com!1551139817!1629604!1
X-Originating-IP: [95.131.104.177]
X-StarScan-Received:
X-StarScan-Version: 9.31.5; banners=-,-,-
X-VirusChecked: Checked
Received: (qmail 17691 invoked from network); 26 Feb 2019 00:10:18 -0000
Received: from mail-css2-1.ld1.messagelabs.net (HELO
inbound.prqfe006002.mgmt.messagelabs.net) (95.131.104.177)
by server-21.tower-239.messagelabs.com with DHE-RSA-AES256-GCM-SHA384
encrypted SMTP; 26 Feb 2019 00:10:18 -0000
Received: from [127.0.0.1] ([127.0.0.1:53790]
helo=prqfe006002.mgmt.messagelabs.net)
by prqfe006002.mgmt.messagelabs.net (envelope-from
<bounce-notifications-verp-1abcbf9c040cf77c0...@eu.quarantine.symantec.com>)
(ecelerity 4.2.28.58446 r(Core:4.2.28.1)) with ESMTPS
(cipher=AES256-SHA256)
id 38/2F-02400-9E3847C5; Tue, 26 Feb 2019 00:10:17 +0000
To: hel...@mydomain.com
Date: Tue, 26 Feb 2019 00:10:17 +0000
Message-Id:
<20190226001017.439d763f554cfe22dfd4...@quarantine.messagelabs.com>
From: Email Quarantine <quarant...@eu.quarantine.symantec.com>
Miss:
X-Spam-Score: 19.767
X-Spam-Level: *******************
X-Spam-Status: Yes, score=19.767 tagged_above=-9999 required=6.3
tests=[BAYES_99=6.5, BAYES_999=6.5, HELO_MISC_IP=0.25,
HTML_MESSAGE=0.001, INTERNETX_UCE_NOT_REG=5, MIME_HTML_ONLY=0.723,
RCVD_IN_DNSWL_NONE=-0.0001, RDNS_NONE=0.793]
autolearn=no autolearn_force=no
Received: from deaugmail02.mydomain.com ([127.0.0.1])
by localhost (deaugmail02.mydomain.com [127.0.0.1]) (amavisd-new,port
10024)
with ESMTP id TbYATLBnkUKk for <intern...@mydomain.com>;
Tue, 26 Feb 2019 01:19:03 +0100 (CET)
MIME-Version: 1.0
Subject: [mydomain Content Filter] [EXT] Email Quarantine: You have 2 new
emails
Received: from deaugmail01-in.mydomain.com (mailin.desog.mydomain.com
[172.20.16.23])
(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
(No client certificate requested)
by deaugmail02.mydomain.com (Postfix) with ESMTPS
for <intern...@mydomain.com>; Tue, 26 Feb 2019 01:19:03 +0100 (CET)
Received: from mail6.bemta25.messagelabs.com
(mail6.bemta25.messagelabs.com [195.245.230.106])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256bits))
(No client certificate requested)
by deaugmail01-in.mydomain.com (Postfix) with ESMTPS id CC521D3AD2F
for <intern...@mydomain.com>; Tue, 26 Feb 2019 01:19:03 +0100 (CET)
Received: from [46.226.52.194] (using TLSv1.2 with cipher
DHE-RSA-AES256-GCM-SHA384 (256 bits))
by server-2.bemta.az-b.eu-west-1.aws.symcld.net id
45/A1-14990-7F5847C5; Tue, 26 Feb 2019 00:19:03 +0000
Received: (qmail 17246 invoked from network); 26 Feb 2019 00:19:02 -0000
Received: from mail-css2-1.ld1.messagelabs.net (HELO
inbound.prqfe006003.mgmt.messagelabs.net) (95.131.104.177)
by server-22.tower-282.messagelabs.com with DHE-RSA-AES256-GCM-SHA384
encrypted SMTP; 26 Feb 2019 00:19:02 -0000
Received: from [127.0.0.1] ([127.0.0.1:38688]
helo=prqfe006003.mgmt.messagelabs.net)
by prqfe006003.mgmt.messagelabs.net (envelope-from
<bounce-notifications-verp-e83dc883168742e50...@eu.quarantine.symantec.com>)
(ecelerity 4.2.28.58446 r(Core:4.2.28.1)) with
ESMTPS(cipher=AES256-SHA256)
id DB/F9-02397-6F5847C5; Tue, 26 Feb 2019 00:19:02 +0000
To: intern...@mydomain.com
Date: Tue, 26 Feb 2019 00:19:02 +0000
Message-Id:
<20190226001902.43540a5f10d008b5d2c8...@quarantine.messagelabs.com>
From: Email Quarantine <quarant...@eu.quarantine.symantec.com>
Thank you!
