I had this mail fail both SPAMDOMAINS and HELOBOGUS. The message is an OK message the syslog shows the message actually arriving from a hotmail server. Should this not have been OK or do I have something wrong?
The problem here is with your HOP/IPBYPASS settings:
Received: from hotmail.com [65.54.169.8] by mx2.netraprise.com with ESMTP (SMTPD32-7.15) id A9BB58029C; Wed, 16 Jul 2003 11:13:47 -0500 Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Wed, 16 Jul 2003 09:13:46 -0700 Received: from 204.220.153.70 by by3fd.bay3.hotmail.msn.com with HTTP; Wed, 16 Jul 2003 16:13:46 GMT
Here, we see that your mailserver received the E-mail from 65.54.169.8 -- and that's the IP that you want Declude JunkMail to scan, since that isn't a trusted mailserver (one under your control). However:
Msg failed HELOBOGUS (Domain 204.220.153.70 has no MX or A records.). Action=WARN.
Msg failed SPAMDOMAINS (Spamdomain 'msn.com' found: Address of [EMAIL PROTECTED] sent from invalid 70.reverse.microgistix.com.).
Here, Declude JunkMail is looking at the 3rd Received: header for the IP (and HELO/EHLO), which is why it is getting a domain named "204.220.153.70" and a reverse IP of 70.reverse.microgistix.com.
In this case, you should use "HOP 0" -- I'm guessing you are using "HOP 2", which you should not be using ("HOP 2" should be used if there are two mailservers of yours in front of your IMail server).
-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection.
Find out what you have been missing: Ask for a free 30-day evaluation.
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.