I would imagine that you have AUTOWHITELIST ON and that your customer
has his own E-mail address in his Web mail address book. This E-mail
appears to have forged his address, and this would cause it to be
whitelisted. If not, check for other forms of Mail From whitelisting.
This could also be in the form of "[EMAIL PROTECTED]".
Matt
Kim Premuda wrote:
Our IMail server trapped a spam message that was whitelisted by Declude
JunkMail. The header of the message is shown below:
Received: from fastwave.net [210.221.79.126] by ns3.fastwave.net
(SMTPD32-8.05) id AB32D5301D8; Sat, 29 Jan 2005
10:51:30 -0800
Message-ID: <[EMAIL PROTECTED]>
Return-Path: [EMAIL PROTECTED]
From: "Kevin John" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Subject: I got XP and Office Xp cheap.
Date: Sun, 30 Jan 2005 03:52:40 +0900
X-Mailer: Version 1.32
Content-Type: text/html; charset="ISO-8859-1"
MIME-Version: 1.0
X-Priority: 1
X-Declude-Sender: [EMAIL PROTECTED] [210.221.79.126]
X-Declude-Spoolname: Ddb320d5301d8d507.SMD
X-Note:
--------------------------------------------------------------------------------
X-Note: Scanned by Declude JunkMail, Version 1.82
X-Spam-Tests-Failed: Whitelisted TOTAL [0]
X-Note: This E-mail was sent from [No Reverse DNS] ([210.221.79.126]).
X-Note:
--------------------------------------------------------------------------------
From: [EMAIL PROTECTED]
X-RCPT-TO: <[EMAIL PROTECTED]>
Status: R
X-UIDL: 397015868
Note that the 'X-Declude-Sender:' line contains a valid e-mail address
(altered for this list) on our IMail server, yet the originating IP address
[210.221.79.126]is located in Korea. We are not whitelisting the
[210.221.79.126] IP address. Is this an indication that our customer's e-mail
account has been compromised and is being used to propagate spam into our
network? Or, is there some other explanation?
TIA
--
Kim W. Premuda
FastWave Internet Services
San Diego, CA
--
---
[This E-mail scanned for viruses by Declude Virus]
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
--
=====================================================
MailPure custom filters for Declude JunkMail Pro.
http://www.mailpure.com/software/
=====================================================
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
