Stock rules match legitimate e-mail

Thu, 22 Mar 2007 07:46:02 -0800 

A legitimate e-mail passed through my system yesterday that matched three stock
rules with default scores:

1.9 RATWARE_OUTLOOK_NONAME
1.4 RATWARE_MS_HASH
2.2 MSGID_DOLLARS

Because this is a legitimate e-mail from a legitimate server, does that mean
these particular stock rules need a score adjustment or are they maybe a little
outdated?  Message headers follow:





Return-path: <[EMAIL PROTECTED]>
Received: from outbound-smtp.firstam.com (outbound-smtp3.firstam.com
[69.87.54.8])
        by mail1.electronet.net (8.14.0/8.14.0) with ESMTP id l2LL3o67001535
        for <[EMAIL PROTECTED]>; Wed, 21 Mar 2007 17:03:51 -0400
Received: from 10.48.129.31 by outbound-smtp.firstam.com with ESMTP (
 Hello SMTP Relay); Wed, 21 Mar 2007 14:03:35 -0700
X-Server-Uuid: 6B41F939-E8F2-471D-A9AE-316CEEC949DD
Received: from unknown (HELO fahqsna01smxs12.corp.firstam.com) (
 [172.17.247.12]) by FAEMSNA01SMXS02.FIRSTAM.COM with ESMTP; 21 Mar 2007
 14:03:32 -0700
Received: from TISELRG01SMXS02.corp.firstam.com ([172.27.10.100]) by
 fahqsna01smxs12.corp.firstam.com with Microsoft SMTPSVC(6.0.3790.1830);
 Wed, 21 Mar 2007 14:03:31 -0700
Received: from 172.17.22.206 ([172.17.22.206]) by
 TISELRG01SMXS02.corp.firstam.com ([172.27.10.100]) with Microsoft
 Exchange Server HTTP-DAV ; Wed, 21 Mar 2007 21:03:29 +0000
Message-ID: <[EMAIL PROTECTED]>
MIME-Version: 1.0
X-MimeOLE: Produced By Microsoft Exchange V6.5
From: "Escalona, Edith" <[EMAIL PROTECTED]>
Subject: *****SPAM***** RE: family names
Date: Wed, 21 Mar 2007 17:03:28 -0400
X-Priority: 3
To: "Curt Hunter" <[EMAIL PROTECTED]>
X-OriginalArrivalTime: 21 Mar 2007 21:03:31.0275 (UTC)
 FILETIME=[615CC9B0:01C76BFC]
X-TMWD-Spam-Summary: SEV=1.1; DFV=A2007032108; IFV=2.0.6,4.0-7;
 RPD=4.00.0004;
 
RPDID=303030312E30413031303230372E34363031394441382E303030353A5343464D4135343334
32342D462D2F4E4553574B563534472F71554B6D71577A564237673D3D;
 ENG=IBF; TS=20070321220337; CAT=NONE; CON=NONE;
X-WSS-ID: 6A1F422F4I018575-01-01
Content-Type: multipart/mixed; boundary="----------=_1174511032-11972-52"
X-Spam-Score: 5.403 (*****) MSGID_DOLLARS,RATWARE_MS_HASH,RATWARE_OUTLOOK_NONAME





Jason A. Bertoch
Network Administrator
[EMAIL PROTECTED]
ElectroNet Intermedia Consulting
3411 Capital Medical Blvd.
Tallahassee, FL 32308
(V) 850.222.0229 (F) 850.222.8771

Reply via email to