RE: [Declude.JunkMail] Message not scanned
Actually, not until after I sent the second time. It seems that there was a much bigger problem. For some reason, Hijack had decided after several months that now my incoming postfix gateway was trying to relay through our server and was therefore holding SOME BUT NOT ALL incoming email. I was one of those affected, so I wasn't getting any mail. I didn't see my first post or your response (the answer, btw, is no such errors in my event log), so I thought it didn't go and resent. I still don't know why Hijack decided to flag my gateway and hold its messages (ALL messages in HOLD2 were verified to be destined for local users). I still don't know why it only held SOME messages (around 2500 messages were held out of a total volume of around 10,000 that went through the gateway yesterday). I still don't know why these messages were delivered without being scanned by Declude (unless that is a feature of Hijack, that it runs before AV or JM and doesn't rescan re-queued email; and if so it should be changed to at least run after AV). I have added an ALLOWIP for my gateway, since I don't want to turn Hijack off. BTW, I worked with Ralph Krausse at Declude and with Eric Shanbrom at Ipswitch and both were extremely helpful in diagnosing this problem. Thank you both very much. Dan Horne -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Wednesday, June 01, 2005 2:53 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] Message not scanned Did you not see my response to your earlier post? John T eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Dan Horne Sent: Wednesday, June 01, 2005 10:53 AM To: Declude.JunkMail@declude.com Subject: [Declude.JunkMail] Message not scanned I have received a couple of messages in the last two days in my inbox that were NOT scanned by Declude. I thought the headers below were strange, since they seem to have MIME segments in them. However, another message in my inbox that was spam (below my hold weight) also has similar MIME segments, but was scanned by Declude, evidenced by the Declude headers. The Declude headers are not present (I add several headers with Declude) in the email below. The line X-Virus-Scanned: amavisd-new 2.3.0 (20050424) at taisweb.net was added by my gateway postfix box that scans messages with clamav. When searching the Declude logs, the queue number 9F3B01A60A71 does not appear. Neither does a07e06888a82, though I wouldn't expect it to as that is the forward message, which should appear after Declude scans. Version info: Imail v8.2 HF2, Declude Junkmail Pro/Virus Standard/Hijack v2.0.6.10. For reference, I have attached a file with the headers of the other spam message I mentioned, so you can see what kind of headers I add that are missing below. IMAIL LOG SMTPD (9f3b01a60a71) [172.20.5.2] connect 68.118.154.7 port 60324 SMTPD (9f3b01a60a71) [68.118.154.7] EHLO mx2.rmslink.net SMTPD (9f3b01a60a71) [68.118.154.7] MAIL FROM:[EMAIL PROTECTED] SMTPD (9f3b01a60a71) [68.118.154.7] RCPT TO:[EMAIL PROTECTED] SMTPD (9f3b01a60a71) [x] looking up taisweb.net in HOSTS SMTPD (9f3b01a60a71) [68.118.154.7] DATA SMTPD (9f3b01a60a71) [68.118.154.7] S:\imail\spool\D9f3b01a60a71.SMD 4808 SMTP () Info - Adding Queue file S:\imail\spool\Q9F3B01A60A71.SMD SMTP (9f3b01a60a71) processing S:\imail\spool\Q9F3B01A60A71.SMD SMTP (9f3b01a60a71) ldeliver mail.taisweb.net copyall-main (1) [EMAIL PROTECTED] 4808 SMTP (9f3b01a60a71) forwarded message to [EMAIL PROTECTED] using new file: a07e06888a82 SMTP (9f3b01a60a71) finished S:\imail\spool\Q9F3B01A60A71.SMD status=1 HEADERS-- Microsoft Mail Internet Headers Version 2.0 Received: from mail.taisweb.net ([68.118.153.2]) by ex1.wilcoxent.net with Microsoft SMTPSVC(6.0.3790.211); Wed, 1 Jun 2005 07:48:14 -0400 Received: from SMTP32-FWD by mail.taisweb.net (SMTP32) id A9F3B01A60A71; Wed, 1 Jun 2005 07:48:14 Received: from mx2.rmslink.net [68.118.154.7] by mail.taisweb.net with ESMTP (SMTPD-8.20) id AF3C0298; Wed, 01 Jun 2005 07:42:52 -0400 Received: from localhost (localhost [127.0.0.1]) by mx2.rmslink.net (Postfix) with ESMTP id 2F58139863 for [EMAIL PROTECTED]; Wed, 1 Jun 2005 07:20:47 -0400 (EDT) Received: from gatesalbert.com (81-202-101-107.user.ono.com [81.202.101.107]) by mx2.rmslink.net (Postfix) with SMTP id 46D5B39845 for [EMAIL PROTECTED]; Wed, 1 Jun 2005 07:20:40 -0400 (EDT) From: Feli Ridgeway [EMAIL PROTECTED] To: Napier Kincaid [EMAIL PROTECTED] Subject: Re: Really Works GGood Date: Wed, 1 Jun 2005 06:42:20 -0500 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary
Re: [Declude.JunkMail] Message not scanned
Hi Dan, Here are some thoughts - I still don't know why Hijack decided to flag my gateway and hold its messages (ALL messages in HOLD2 were verified to be destined for local users). Hijack cares about the senders - not the recipients I do believe I still don't know why it only held SOME messages (around 2500 messages were held out of a total volume of around 10,000 that went through the gateway yesterday). What do hijack the logs say? [They may explain just what happened. If not run on high so next time more info may be avail] Were all the held mail prefaced with the gateway ip? [Just to be sure they all came from the gateway] Do you have the line in hijack.cfg "ALLOWIP gateway ip ? ["An ALLOWIP line will let an IP address send unlimited E-mail"] Best, -Nick I still don't know why these messages were delivered without being scanned by Declude (unless that is a "feature" of Hijack, that it runs before AV or JM and doesn't rescan re-queued email; and if so it should be changed to at least run after AV). I have added an ALLOWIP for my gateway, since I don't want to turn Hijack off. BTW, I worked with Ralph Krausse at Declude and with Eric Shanbrom at Ipswitch and both were extremely helpful in diagnosing this problem. Thank you both very much. Dan Horne -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of John Tolmachoff (Lists) Sent: Wednesday, June 01, 2005 2:53 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] Message not scanned Did you not see my response to your earlier post? John T eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED]] On Behalf Of Dan Horne Sent: Wednesday, June 01, 2005 10:53 AM To: Declude.JunkMail@declude.com Subject: [Declude.JunkMail] Message not scanned I have received a couple of messages in the last two days in my inbox that were NOT scanned by Declude. I thought the headers below were strange, since they seem to have MIME segments in them. However, another message in my inbox that was spam (below my hold weight) also has similar MIME segments, but was scanned by Declude, evidenced by the Declude headers. The Declude headers are not present (I add several headers with Declude) in the email below. The line "X-Virus-Scanned: amavisd-new 2.3.0 (20050424) at taisweb.net" was added by my gateway postfix box that scans messages with clamav. When searching the Declude logs, the queue number 9F3B01A60A71 does not appear. Neither does a07e06888a82, though I wouldn't expect it to as that is the forward message, which should appear after Declude scans. Version info: Imail v8.2 HF2, Declude Junkmail Pro/Virus Standard/Hijack v2.0.6.10. For reference, I have attached a file with the headers of the other spam message I mentioned, so you can see what kind of headers I add that are missing below. IMAIL LOG SMTPD (9f3b01a60a71) [172.20.5.2] connect 68.118.154.7 port 60324 SMTPD (9f3b01a60a71) [68.118.154.7] EHLO mx2.rmslink.net SMTPD (9f3b01a60a71) [68.118.154.7] MAIL FROM:[EMAIL PROTECTED] SMTPD (9f3b01a60a71) [68.118.154.7] RCPT TO:[EMAIL PROTECTED] SMTPD (9f3b01a60a71) [x] looking up taisweb.net in HOSTS SMTPD (9f3b01a60a71) [68.118.154.7] DATA SMTPD (9f3b01a60a71) [68.118.154.7] S:\imail\spool\D9f3b01a60a71.SMD 4808 SMTP () Info - Adding Queue file S:\imail\spool\Q9F3B01A60A71.SMD SMTP (9f3b01a60a71) processing S:\imail\spool\Q9F3B01A60A71.SMD SMTP (9f3b01a60a71) ldeliver mail.taisweb.net copyall-main (1) [EMAIL PROTECTED] 4808 SMTP (9f3b01a60a71) forwarded message to [EMAIL PROTECTED] using new file: a07e06888a82 SMTP (9f3b01a60a71) finished S:\imail\spool\Q9F3B01A60A71.SMD status=1 HEADERS-- Microsoft Mail Internet Headers Version 2.0 Received: from mail.taisweb.net ([68.118.153.2]) by ex1.wilcoxent.net with Microsoft SMTPSVC(6.0.3790.211); Wed, 1 Jun 2005 07:48:14 -0400 Received: from SMTP32-FWD by mail.taisweb.net (SMTP32) id A9F3B01A60A71; Wed, 1 Jun 2005 07:48:14 Received: from mx2.rmslink.net [68.118.154.7] by mail.taisweb.net with ESMTP (SMTPD-8.20) id AF3C0298; Wed, 01 Jun 2005 07:42:52 -0400 Received: from localhost (localhost [127.0.0.1]) by mx2.rmslink.net (Postfix) with ESMTP id 2F58139863 for [EMAIL PROTECTED]; Wed, 1 Jun 2005 07:20:47 -0400 (EDT) Received: from gatesalbert.com (81-202-101-107.user.ono.com [81.202.101.107]) by mx2.rmslink.net (Postfix) with SMTP id 46D5B39845 for [EMAIL PROTECTED]; Wed, 1 Jun 2005 07:20:40 -0400 (EDT) From: "Feli Ridgeway" [EMAIL PROTECTED] To: "Napier Kincaid" [EMAIL PROTECTED] Subject: Re: Really Works GGood Date: Wed, 1 Jun 2005 06:42:20 -0500 MIME-Vers
RE: [Declude.JunkMail] Message not scanned
"Hijack cares about the senders - not the recipients I do believe" Yes, but Hijack should be OUTGOING only. These emails were obviously incoming. What do hijack the logs say? 06/01/2005 08:53:13 QAFB901A60E85 [EMAIL PROTECTED] is not local.06/01/2005 08:53:13 QAFB901A60E85 Outgoing from 68.118.154.7: threshold 2 reached; SPAM: HOLDING PERMANENTLY That is a sample of one of the held emails (loglevel high). It clearly says [EMAIL PROTECTED] is not local, but that address is set up as an alias on our server (It forwards to AOL). The domain burnsandco.com is local and it contains an address of pattinelson. Another: 06/01/2005 08:58:05 QB0DC01820EDC [EMAIL PROTECTED] is not local.06/01/2005 08:58:05 QB0DC01820EDC Outgoing from 68.118.154.7: threshold 2 reached; SPAM: HOLDING PERMANENTLY Again, this one clearly states that [EMAIL PROTECTED] is not local but the address is set up on our server. This one is not an alias and is not forwarded anywhere. The log shows between those two entries (among many other "is not local" entries) that several messages coming in from the gateway ARE in fact treated as local:06/01/2005 08:56:50 QB09201A00EC7 Incoming from 68.118.154.7: OK. and 06/01/2005 08:56:53 QB09501980ECB Incoming from 68.118.154.7: OK. Were all the held mail prefaced with the gateway ip? Yes, every single one of nearly 5000.. Do you have the line in hijack.cfg "ALLOWIP gateway ip ? I do now, but I shouldn't need to. The problem is thatHijack somehow started incorrectly identifying local addresses. For example if I go back tothe previous day'slog and look I see that all emails coming from the gateway for local addresses are correctly identified as local addresses and get an OK line. 05/31/2005 16:27:38 QC8BA02143290 Incoming from 68.118.154.7: OK.05/31/2005 16:27:39 QC8BA020E3292 Incoming from 68.118.154.7: OK.05/31/2005 16:27:47 QC8C202223294 Incoming from 68.118.154.7: OK.05/31/2005 16:27:53 QC8C8021A3296 Incoming from 68.118.154.7: OK.05/31/2005 16:28:00 QC8D002143298 Incoming from 68.118.154.7: OK.05/31/2005 16:28:18 QC8E2020E329A Incoming from 68.118.154.7: OK.05/31/2005 16:28:27 QC8EB0222329C Incoming from 68.118.154.7: OK.05/31/2005 16:28:27 QC8EB021A329E Incoming from 68.118.154.7: OK.05/31/2005 16:28:48 QC900022232A3 Incoming from 68.118.154.7: OK.05/31/2005 16:28:50 QC902021A32A5 Incoming from 68.118.154.7: OK.05/31/2005 16:29:01 QC90D020E32A8 Incoming from 68.118.154.7: OK.05/31/2005 16:29:01 QC90D022232AA Incoming from 68.118.154.7: OK.05/31/2005 16:29:03 QC90F021A32AC Incoming from 68.118.154.7: OK.05/31/2005 16:29:04 QC910021432AE Incoming from 68.118.154.7: OK.05/31/2005 16:29:14 QC91A020E32B0 Incoming from 68.118.154.7: OK.05/31/2005 16:29:19 QC91F021A32B3 Incoming from 68.118.154.7: OK.05/31/2005 16:29:21 QC921021432B5 Incoming from 68.118.154.7: OK.05/31/2005 16:29:31 QC92B021A32B9 Incoming from 68.118.154.7: OK.05/31/2005 16:29:31 QC92B021432BB Incoming from 68.118.154.7: OK.05/31/2005 16:29:33 QC92C020E32BD Incoming from 68.118.154.7: OK. This particular problem did not start until yesterday and ended when I put in the ALLOWIP line. Looking through the entire log shows no incorrect identifications on that day. This happened suddenly and I don't know why (when last we spoke, neither did Declude). From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of NIck HayerSent: Thursday, June 02, 2005 8:51 AMTo: Declude.JunkMail@declude.comSubject: Re: [Declude.JunkMail] Message not scanned Hi Dan,Here are some thoughts - I still don't know why Hijack decided to flag my gateway and hold its messages (ALL messages in HOLD2 were verified to be destined for local users). Hijack cares about the senders - not the recipients I do believe I still don't know why it only held SOME messages (around 2500 messages were held out of a total volume of around 10,000 that went through the gateway yesterday).What do hijack the logs say? [They may explain just what happened. If not run on high so next time more info may be avail]Were all the held mail prefaced with the gateway ip? [Just to be sure they all came from the gateway]Do you have the line in hijack.cfg "ALLOWIP gateway ip ? ["An ALLOWIP line will let an IP address send unlimited E-mail"]Best,-Nick I still don't know why these messages were delivered without being scanned by Declude (unless that is a "feature" of Hijack, that it runs before AV or JM and doesn't rescan re-queued email; and if so it should be changed to at least run after AV). I have added an ALLOWIP for my gateway, since I don't want to turn Hijack off. BTW, I worked with Ralph Krausse at Declude and with Eric Shanbrom at Ipswitch and both were extremely helpful in diagnosing this problem. Thank you b
[Declude.JunkMail] Message not scanned
I have received a couple of messages in the last two days in my inbox that were NOT scanned by Declude. I thought the headers below were strange, since they seem to have MIME segments in them. However, another message in my inbox that was spam (below my hold weight) also has similar MIME segments, but was scanned by Declude, evidenced by the Declude headers. The Declude headers are not present (I add several headers with Declude) in the email below. The line X-Virus-Scanned: amavisd-new 2.3.0 (20050424) at taisweb.net was added by my gateway postfix box that scans messages with clamav. When searching the Declude logs, the queue number 9F3B01A60A71 does not appear. Neither does a07e06888a82, though I wouldn't expect it to as that is the forward message, which should appear after Declude scans. Version info: Imail v8.2 HF2, Declude Junkmail Pro/Virus Standard/Hijack v2.0.6.10. For reference, I have attached a file with the headers of the other spam message I mentioned, so you can see what kind of headers I add that are missing below. IMAIL LOG SMTPD (9f3b01a60a71) [172.20.5.2] connect 68.118.154.7 port 60324 SMTPD (9f3b01a60a71) [68.118.154.7] EHLO mx2.rmslink.net SMTPD (9f3b01a60a71) [68.118.154.7] MAIL FROM:[EMAIL PROTECTED] SMTPD (9f3b01a60a71) [68.118.154.7] RCPT TO:[EMAIL PROTECTED] SMTPD (9f3b01a60a71) [x] looking up taisweb.net in HOSTS SMTPD (9f3b01a60a71) [68.118.154.7] DATA SMTPD (9f3b01a60a71) [68.118.154.7] S:\imail\spool\D9f3b01a60a71.SMD 4808 SMTP () Info - Adding Queue file S:\imail\spool\Q9F3B01A60A71.SMD SMTP (9f3b01a60a71) processing S:\imail\spool\Q9F3B01A60A71.SMD SMTP (9f3b01a60a71) ldeliver mail.taisweb.net copyall-main (1) [EMAIL PROTECTED] 4808 SMTP (9f3b01a60a71) forwarded message to [EMAIL PROTECTED] using new file: a07e06888a82 SMTP (9f3b01a60a71) finished S:\imail\spool\Q9F3B01A60A71.SMD status=1 HEADERS-- Microsoft Mail Internet Headers Version 2.0 Received: from mail.taisweb.net ([68.118.153.2]) by ex1.wilcoxent.net with Microsoft SMTPSVC(6.0.3790.211); Wed, 1 Jun 2005 07:48:14 -0400 Received: from SMTP32-FWD by mail.taisweb.net (SMTP32) id A9F3B01A60A71; Wed, 1 Jun 2005 07:48:14 Received: from mx2.rmslink.net [68.118.154.7] by mail.taisweb.net with ESMTP (SMTPD-8.20) id AF3C0298; Wed, 01 Jun 2005 07:42:52 -0400 Received: from localhost (localhost [127.0.0.1]) by mx2.rmslink.net (Postfix) with ESMTP id 2F58139863 for [EMAIL PROTECTED]; Wed, 1 Jun 2005 07:20:47 -0400 (EDT) Received: from gatesalbert.com (81-202-101-107.user.ono.com [81.202.101.107]) by mx2.rmslink.net (Postfix) with SMTP id 46D5B39845 for [EMAIL PROTECTED]; Wed, 1 Jun 2005 07:20:40 -0400 (EDT) From: Feli Ridgeway [EMAIL PROTECTED] To: Napier Kincaid [EMAIL PROTECTED] Subject: Re: Really Works GGood Date: Wed, 1 Jun 2005 06:42:20 -0500 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary==_NextPart_000_0057_01C5669E.F7E87600 X-Priority: 3 X-MSMail-Priority: Normal X-Unsent: 1 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Message-Id: [EMAIL PROTECTED] X-Virus-Scanned: amavisd-new 2.3.0 (20050424) at taisweb.net Return-Path: [EMAIL PROTECTED] X-OriginalArrivalTime: 01 Jun 2005 11:48:14.0907 (UTC) FILETIME=[CB72F8B0:01C5669F] --=_NextPart_000_0057_01C5669E.F7E87600 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable --=_NextPart_000_0057_01C5669E.F7E87600 Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: quoted-printable --=_NextPart_000_0057_01C5669E.F7E87600-- Microsoft Mail Internet Headers Version 2.0 Received: from mail.taisweb.net ([68.118.153.2]) by ex1.wilcoxent.net with Microsoft SMTPSVC(6.0.3790.211); Wed, 1 Jun 2005 00:10:34 -0400 Received: from SMTP32-FWD by mail.taisweb.net (SMTP32) id A3504026B1C60; Wed, 1 Jun 2005 00:10:33 -0400 Received: from mx2.rmslink.net [68.118.154.7] by mail.taisweb.net with ESMTP (SMTPD-8.20) id A504026C; Wed, 01 Jun 2005 00:09:40 -0400 Received: from localhost (localhost [127.0.0.1]) by mx2.rmslink.net (Postfix) with ESMTP id 4BA6F3983D; Tue, 31 May 2005 23:47:41 -0400 (EDT) Received: from ndl1mr1-a-fixed.sancharnet.in (ndl1mr1-a-fixed.sancharnet.in [61.0.0.45]) by mx2.rmslink.net (Postfix) with ESMTP id 61E7B3982E; Tue, 31 May 2005 23:47:39 -0400 (EDT) Disposition-Notification-To: [EMAIL PROTECTED] Received: from conversion-daemon.ndl1mr1-a-fixed.sancharnet.in by ndl1mr1-a-fixed.sancharnet.in (iPlanet Messaging Server 5.2 Patch 2 (built Jul 14 2004)) id 0IHE00F010BGGA@ (original mail from [EMAIL PROTECTED]); Wed, 01 Jun 2005 09:39:37 +0530 (IST) Received: from v0p7w2 ([61.0.196.170]) by ndl1mr1-a-fixed.sancharnet.in (iPlanet Messaging Server 5.2 Patch 2 (built Jul 14 2004)) with ESMTPA id 0IHE00LQH0VTMC@; Wed, 01
RE: [Declude.JunkMail] Message not scanned
Check your server event log for Error messages Event ID 4 Source SRV. John T eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Dan Horne Sent: Wednesday, June 01, 2005 5:58 AM To: Declude.JunkMail@declude.com Subject: [Declude.JunkMail] Message not scanned I have received a couple of messages in the last two days in my inbox that were NOT scanned by Declude. I thought the headers below were strange, since they seem to have MIME segments in them. However, another message in my inbox that was spam (below my hold weight) also has similar MIME segments, but was scanned by Declude, evidenced by the Declude headers. The Declude headers are not present (I add several headers with Declude) in the email below. The line X-Virus-Scanned: amavisd-new 2.3.0 (20050424) at taisweb.net was added by my gateway postfix box that scans messages with clamav. When searching the Declude logs, the queue number 9F3B01A60A71 does not appear. Neither does a07e06888a82, though I wouldn't expect it to as that is the forward message, which should appear after Declude scans. Version info: Imail v8.2 HF2, Declude Junkmail Pro/Virus Standard/Hijack v2.0.6.10. For reference, I have attached a file with the headers of the other spam message I mentioned, so you can see what kind of headers I add that are missing below. IMAIL LOG SMTPD (9f3b01a60a71) [172.20.5.2] connect 68.118.154.7 port 60324 SMTPD (9f3b01a60a71) [68.118.154.7] EHLO mx2.rmslink.net SMTPD (9f3b01a60a71) [68.118.154.7] MAIL FROM:[EMAIL PROTECTED] SMTPD (9f3b01a60a71) [68.118.154.7] RCPT TO:[EMAIL PROTECTED] SMTPD (9f3b01a60a71) [x] looking up taisweb.net in HOSTS SMTPD (9f3b01a60a71) [68.118.154.7] DATA SMTPD (9f3b01a60a71) [68.118.154.7] S:\imail\spool\D9f3b01a60a71.SMD 4808 SMTP () Info - Adding Queue file S:\imail\spool\Q9F3B01A60A71.SMD SMTP (9f3b01a60a71) processing S:\imail\spool\Q9F3B01A60A71.SMD SMTP (9f3b01a60a71) ldeliver mail.taisweb.net copyall-main (1) [EMAIL PROTECTED] 4808 SMTP (9f3b01a60a71) forwarded message to [EMAIL PROTECTED] using new file: a07e06888a82 SMTP (9f3b01a60a71) finished S:\imail\spool\Q9F3B01A60A71.SMD status=1 HEADERS-- Microsoft Mail Internet Headers Version 2.0 Received: from mail.taisweb.net ([68.118.153.2]) by ex1.wilcoxent.net with Microsoft SMTPSVC(6.0.3790.211); Wed, 1 Jun 2005 07:48:14 -0400 Received: from SMTP32-FWD by mail.taisweb.net (SMTP32) id A9F3B01A60A71; Wed, 1 Jun 2005 07:48:14 Received: from mx2.rmslink.net [68.118.154.7] by mail.taisweb.net with ESMTP (SMTPD-8.20) id AF3C0298; Wed, 01 Jun 2005 07:42:52 -0400 Received: from localhost (localhost [127.0.0.1]) by mx2.rmslink.net (Postfix) with ESMTP id 2F58139863 for [EMAIL PROTECTED]; Wed, 1 Jun 2005 07:20:47 -0400 (EDT) Received: from gatesalbert.com (81-202-101-107.user.ono.com [81.202.101.107]) by mx2.rmslink.net (Postfix) with SMTP id 46D5B39845 for [EMAIL PROTECTED]; Wed, 1 Jun 2005 07:20:40 -0400 (EDT) From: Feli Ridgeway [EMAIL PROTECTED] To: Napier Kincaid [EMAIL PROTECTED] Subject: Re: Really Works GGood Date: Wed, 1 Jun 2005 06:42:20 -0500 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary==_NextPart_000_0057_01C5669E.F7E87600 X-Priority: 3 X-MSMail-Priority: Normal X-Unsent: 1 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Message-Id: [EMAIL PROTECTED] X-Virus-Scanned: amavisd-new 2.3.0 (20050424) at taisweb.net Return-Path: [EMAIL PROTECTED] X-OriginalArrivalTime: 01 Jun 2005 11:48:14.0907 (UTC) FILETIME=[CB72F8B0:01C5669F] --=_NextPart_000_0057_01C5669E.F7E87600 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable --=_NextPart_000_0057_01C5669E.F7E87600 Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: quoted-printable --=_NextPart_000_0057_01C5669E.F7E87600-- --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Message not scanned
I have received a couple of messages in the last two days in my inbox that were NOT scanned by Declude. I thought the headers below were strange, since they seem to have MIME segments in them. However, another message in my inbox that was spam (below my hold weight) also has similar MIME segments, but was scanned by Declude, evidenced by the Declude headers. The Declude headers are not present (I add several headers with Declude) in the email below. The line X-Virus-Scanned: amavisd-new 2.3.0 (20050424) at taisweb.net was added by my gateway postfix box that scans messages with clamav. When searching the Declude logs, the queue number 9F3B01A60A71 does not appear. Neither does a07e06888a82, though I wouldn't expect it to as that is the forward message, which should appear after Declude scans. Version info: Imail v8.2 HF2, Declude Junkmail Pro/Virus Standard/Hijack v2.0.6.10. For reference, I have attached a file with the headers of the other spam message I mentioned, so you can see what kind of headers I add that are missing below. IMAIL LOG SMTPD (9f3b01a60a71) [172.20.5.2] connect 68.118.154.7 port 60324 SMTPD (9f3b01a60a71) [68.118.154.7] EHLO mx2.rmslink.net SMTPD (9f3b01a60a71) [68.118.154.7] MAIL FROM:[EMAIL PROTECTED] SMTPD (9f3b01a60a71) [68.118.154.7] RCPT TO:[EMAIL PROTECTED] SMTPD (9f3b01a60a71) [x] looking up taisweb.net in HOSTS SMTPD (9f3b01a60a71) [68.118.154.7] DATA SMTPD (9f3b01a60a71) [68.118.154.7] S:\imail\spool\D9f3b01a60a71.SMD 4808 SMTP () Info - Adding Queue file S:\imail\spool\Q9F3B01A60A71.SMD SMTP (9f3b01a60a71) processing S:\imail\spool\Q9F3B01A60A71.SMD SMTP (9f3b01a60a71) ldeliver mail.taisweb.net copyall-main (1) [EMAIL PROTECTED] 4808 SMTP (9f3b01a60a71) forwarded message to [EMAIL PROTECTED] using new file: a07e06888a82 SMTP (9f3b01a60a71) finished S:\imail\spool\Q9F3B01A60A71.SMD status=1 HEADERS-- Microsoft Mail Internet Headers Version 2.0 Received: from mail.taisweb.net ([68.118.153.2]) by ex1.wilcoxent.net with Microsoft SMTPSVC(6.0.3790.211); Wed, 1 Jun 2005 07:48:14 -0400 Received: from SMTP32-FWD by mail.taisweb.net (SMTP32) id A9F3B01A60A71; Wed, 1 Jun 2005 07:48:14 Received: from mx2.rmslink.net [68.118.154.7] by mail.taisweb.net with ESMTP (SMTPD-8.20) id AF3C0298; Wed, 01 Jun 2005 07:42:52 -0400 Received: from localhost (localhost [127.0.0.1]) by mx2.rmslink.net (Postfix) with ESMTP id 2F58139863 for [EMAIL PROTECTED]; Wed, 1 Jun 2005 07:20:47 -0400 (EDT) Received: from gatesalbert.com (81-202-101-107.user.ono.com [81.202.101.107]) by mx2.rmslink.net (Postfix) with SMTP id 46D5B39845 for [EMAIL PROTECTED]; Wed, 1 Jun 2005 07:20:40 -0400 (EDT) From: Feli Ridgeway [EMAIL PROTECTED] To: Napier Kincaid [EMAIL PROTECTED] Subject: Re: Really Works GGood Date: Wed, 1 Jun 2005 06:42:20 -0500 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary==_NextPart_000_0057_01C5669E.F7E87600 X-Priority: 3 X-MSMail-Priority: Normal X-Unsent: 1 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Message-Id: [EMAIL PROTECTED] X-Virus-Scanned: amavisd-new 2.3.0 (20050424) at taisweb.net Return-Path: [EMAIL PROTECTED] X-OriginalArrivalTime: 01 Jun 2005 11:48:14.0907 (UTC) FILETIME=[CB72F8B0:01C5669F] --=_NextPart_000_0057_01C5669E.F7E87600 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable --=_NextPart_000_0057_01C5669E.F7E87600 Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: quoted-printable --=_NextPart_000_0057_01C5669E.F7E87600-- Microsoft Mail Internet Headers Version 2.0 Received: from mail.taisweb.net ([68.118.153.2]) by ex1.wilcoxent.net with Microsoft SMTPSVC(6.0.3790.211); Wed, 1 Jun 2005 00:10:34 -0400 Received: from SMTP32-FWD by mail.taisweb.net (SMTP32) id A3504026B1C60; Wed, 1 Jun 2005 00:10:33 -0400 Received: from mx2.rmslink.net [68.118.154.7] by mail.taisweb.net with ESMTP (SMTPD-8.20) id A504026C; Wed, 01 Jun 2005 00:09:40 -0400 Received: from localhost (localhost [127.0.0.1]) by mx2.rmslink.net (Postfix) with ESMTP id 4BA6F3983D; Tue, 31 May 2005 23:47:41 -0400 (EDT) Received: from ndl1mr1-a-fixed.sancharnet.in (ndl1mr1-a-fixed.sancharnet.in [61.0.0.45]) by mx2.rmslink.net (Postfix) with ESMTP id 61E7B3982E; Tue, 31 May 2005 23:47:39 -0400 (EDT) Disposition-Notification-To: [EMAIL PROTECTED] Received: from conversion-daemon.ndl1mr1-a-fixed.sancharnet.in by ndl1mr1-a-fixed.sancharnet.in (iPlanet Messaging Server 5.2 Patch 2 (built Jul 14 2004)) id 0IHE00F010BGGA@ (original mail from [EMAIL PROTECTED]); Wed, 01 Jun 2005 09:39:37 +0530 (IST) Received: from v0p7w2 ([61.0.196.170]) by ndl1mr1-a-fixed.sancharnet.in (iPlanet Messaging Server 5.2 Patch 2 (built Jul 14 2004)) with ESMTPA id 0IHE00LQH0VTMC@; Wed, 01
RE: [Declude.JunkMail] Message not scanned
Did you not see my response to your earlier post? John T eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Dan Horne Sent: Wednesday, June 01, 2005 10:53 AM To: Declude.JunkMail@declude.com Subject: [Declude.JunkMail] Message not scanned I have received a couple of messages in the last two days in my inbox that were NOT scanned by Declude. I thought the headers below were strange, since they seem to have MIME segments in them. However, another message in my inbox that was spam (below my hold weight) also has similar MIME segments, but was scanned by Declude, evidenced by the Declude headers. The Declude headers are not present (I add several headers with Declude) in the email below. The line X-Virus-Scanned: amavisd-new 2.3.0 (20050424) at taisweb.net was added by my gateway postfix box that scans messages with clamav. When searching the Declude logs, the queue number 9F3B01A60A71 does not appear. Neither does a07e06888a82, though I wouldn't expect it to as that is the forward message, which should appear after Declude scans. Version info: Imail v8.2 HF2, Declude Junkmail Pro/Virus Standard/Hijack v2.0.6.10. For reference, I have attached a file with the headers of the other spam message I mentioned, so you can see what kind of headers I add that are missing below. IMAIL LOG SMTPD (9f3b01a60a71) [172.20.5.2] connect 68.118.154.7 port 60324 SMTPD (9f3b01a60a71) [68.118.154.7] EHLO mx2.rmslink.net SMTPD (9f3b01a60a71) [68.118.154.7] MAIL FROM:[EMAIL PROTECTED] SMTPD (9f3b01a60a71) [68.118.154.7] RCPT TO:[EMAIL PROTECTED] SMTPD (9f3b01a60a71) [x] looking up taisweb.net in HOSTS SMTPD (9f3b01a60a71) [68.118.154.7] DATA SMTPD (9f3b01a60a71) [68.118.154.7] S:\imail\spool\D9f3b01a60a71.SMD 4808 SMTP () Info - Adding Queue file S:\imail\spool\Q9F3B01A60A71.SMD SMTP (9f3b01a60a71) processing S:\imail\spool\Q9F3B01A60A71.SMD SMTP (9f3b01a60a71) ldeliver mail.taisweb.net copyall-main (1) [EMAIL PROTECTED] 4808 SMTP (9f3b01a60a71) forwarded message to [EMAIL PROTECTED] using new file: a07e06888a82 SMTP (9f3b01a60a71) finished S:\imail\spool\Q9F3B01A60A71.SMD status=1 HEADERS-- Microsoft Mail Internet Headers Version 2.0 Received: from mail.taisweb.net ([68.118.153.2]) by ex1.wilcoxent.net with Microsoft SMTPSVC(6.0.3790.211); Wed, 1 Jun 2005 07:48:14 -0400 Received: from SMTP32-FWD by mail.taisweb.net (SMTP32) id A9F3B01A60A71; Wed, 1 Jun 2005 07:48:14 Received: from mx2.rmslink.net [68.118.154.7] by mail.taisweb.net with ESMTP (SMTPD-8.20) id AF3C0298; Wed, 01 Jun 2005 07:42:52 -0400 Received: from localhost (localhost [127.0.0.1]) by mx2.rmslink.net (Postfix) with ESMTP id 2F58139863 for [EMAIL PROTECTED]; Wed, 1 Jun 2005 07:20:47 -0400 (EDT) Received: from gatesalbert.com (81-202-101-107.user.ono.com [81.202.101.107]) by mx2.rmslink.net (Postfix) with SMTP id 46D5B39845 for [EMAIL PROTECTED]; Wed, 1 Jun 2005 07:20:40 -0400 (EDT) From: Feli Ridgeway [EMAIL PROTECTED] To: Napier Kincaid [EMAIL PROTECTED] Subject: Re: Really Works GGood Date: Wed, 1 Jun 2005 06:42:20 -0500 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary==_NextPart_000_0057_01C5669E.F7E87600 X-Priority: 3 X-MSMail-Priority: Normal X-Unsent: 1 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Message-Id: [EMAIL PROTECTED] X-Virus-Scanned: amavisd-new 2.3.0 (20050424) at taisweb.net Return-Path: [EMAIL PROTECTED] X-OriginalArrivalTime: 01 Jun 2005 11:48:14.0907 (UTC) FILETIME=[CB72F8B0:01C5669F] --=_NextPart_000_0057_01C5669E.F7E87600 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable --=_NextPart_000_0057_01C5669E.F7E87600 Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: quoted-printable --=_NextPart_000_0057_01C5669E.F7E87600-- --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
