I have seen it also, but infrequently. The msg will arrive with the
Declude headers in the body and the usual headers missing or
incomplete. I didn't trouble shoot it, but will do so with the next
one to compare notes. We're also running IM 8.21 and the latest
release of Declude.
Wednesday, January 25, 2006, 12:23:13 AM, Karen Mitchell [EMAIL PROTECTED]
wrote:
KM I have been having problems with incomplete or broken headers in
KM lots of spam messages. Sometimes I will see the missing headers in
KM the body of the message, sometimes not. See below for example.
KM The subject when the message arrived in the inbox was: Subject:
KM EXPLICIT: Nice online dating booty call service.. Kind of caught
KM my eye because I have a porn filter for EXPLICIT: in the subject.
KM So the porn filter wasn't triggered. PORNLIST filter
KM d:\IMail\Declude\pornlist.txt x 5 0 with a routeto in the default file.
KM The log told me that Q file exceeds 512 bytes in size.
KM Ipswitch's knowledge base tells me that this was triggered because of the
KM auto-deny hack attempts was checked in smtp. It didn't deny it
KM however, since the message was delivered. None of the rules in
KM either Outlook or imail web interface were triggered because the header is
incomplete.
KM I turned off the auto-deny and haven't seen any more messages yet.
KM My question is, has anyone noticed anything like this, and is
KM this feature broken or is their another factor involved.
KM Declude 3.0.5.23
KM Imail 8.21
KM Karen M. Mitchell
KM Senior NewMedia Systems Administrator
KM AccuWeather, Inc.
KM 385 Science Park Road
KM State College, PA 16803
KM Get the best weather on the web - http://www.accuweather.com
KM
KM Imail header via web interface
KM Received: from 247.red-217-216-60.user.auna.net [217.216.60.247] by
ntms1.accuweather.com
KM (SMTPD-8.21) id A811033C; Tue, 24 Jan 2006 19:36:33 -0500
KM Received: from airy d's (implement.catapultrascal.com
KM [150.150.225.86]) by 217.216.60.247 (6.8.6/8.9.9) with ESMTP id
FMZT153754637
KM for [EMAIL PROTECTED]; Tue, 24 Jan 2006 22:30:33 -0200
KM Status: R
KM X-UIDL: 1033884398
KM X-IMail-ThreadID: c80f03434a54
KM Complete message from Outlook Express.
KM Received: from 247.red-217-216-60.user.auna.net [217.216.60.247] by
ntms1.accuweather.com
KM (SMTPD-8.21) id A811033C; Tue, 24 Jan 2006 19:36:33 -0500
KM Received: from airy d's (implement.catapultrascal.com
KM [150.150.225.86]) by 217.216.60.247 (6.8.6/8.9.9) with ESMTP id
FMZT153754637
KM for [EMAIL PROTECTED]; Tue, 24 Jan 2006 22:30:33 -0200
KM Message-ID: [EMAIL PROTECTED]
KM Reply-To: Erna Moran [EMAIL PROTECTED]
KM From: Erna Moran [EMAIL PROTECTED]
KM Location: cleave iv chloroplatinate
KM Delivery-Notification: No
KM To: removed [EMAIL PROTECTED]
KM Subject: EXPLICIT: Nice online dating booty call service.
KM Date: Tue, 24 Jan 2006 17:30:33 -0700
KM MIME-Version: 1.0
KM Content-Type: multipart/alternative;
KM boundary=--693861316335815
KM 693861316335815
KM Content-Type: text/html;
KM charset=iso-3436-3
KM Content-Transfer-Encoding: quoted-printable
KM X-RCPT-TO: [EMAIL PROTECTED]
KM Status: U
KM X-UIDL: 1033884398
KM X-IMail-ThreadID: c80f03434a54
KM It as the same experieneeCan swim under water.Imagine the lok on your khi=
KM ldren or grandjhildrens faxes when they open the mail box to find a someth=
KM ing with their name on it. The air. This way. =0A table
KM trtda
KM =0Ahref=3Dhttp://silverdates.com/7654/index.html?1886040get y=
KM our booty call on right nowbrimg
KM =0Asrc=3Dhttp://harddate.com/7654/2383=
.jpg border=3D0br=0Apnr=0A/a=0Alvq=0A=0A I Great to have another to=
KM py o your book let alone an autographed one. You leave enough information =
KM on their publid site to find out what presahool the child attends. I T ent=
KM ertain people with your writing.p=0Aa
KM href=3D=0Ahttp://dategnome.com/?q=
KM Message-Id: [EMAIL PROTECTED]
KM Subject: SPAM:
KM X-RBL-Warning: BADHEADERS: This E-mail was sent from a broken mail client
[a004010f].
KM X-RBL-Warning: CMDSPACE: Space found in RCPT TO: command.
KM X-RBL-Warning: HELOBOGUS: Domain 247.red-217-216-60.user.auna.net has no MX
or A records [0301].
KM X-RBL-Warning: ROUTING: This E-mail was routed in a poor manner consistent
with spam [a004010f].
KM X-RBL-Warning: WEIGHT10: Weight of 21 reaches or exceeds the limit of 10.
KM X-Declude-Sender: [EMAIL PROTECTED] [217.216.60.247]
KM X-Declude-Spoolname: Dc80f03434a54.smd
KM X-Declude-Note: Scanned by Declude 3.0.5.23
KM (http://www.declude.com/x-note.htm) for spam.
KM X-Declude-Scan: Score [21] at 19:36:39 on 24 Jan 2006
KM X-Declude-Tests: BADHEADERS, CMDSPACE, HELOBOGUS, ROUTING, WEIGHT10,
WEIGHT13
I wish to stop getting these, thanks! - fp=0A/a =0Atable bgcolor=3Dw=
hite
KM /td/tr/table=0Atrtd=0A table width=3D100%
KM /td /tr/table=0Atrtd=0A table cellspacing=3D1
width=3D100=
%
KM /td/tr /table=0Atr=0Atd/td/tr/table=0A
KM
