The issue uncovered back when this was first released was that mail hosts using Declude and CMDSPACE will find that Outlook 2003 mail clients will fail CMDSPACE when they use your server as outgoing SMTP in a direct connection. The fix for this is to use IMail 8 and WHITELIST AUTH. Admins using IMail 7 should probably avoid this test unless they can bypass scoring such clients. It appears that all of Microsoft's latest generation of clients, even ones used on the Mac, will fail when directly connecting to your server.
From watching CMDSPACE, I have found that it is most problematic with automated messages, such as postmaster bounces, password retrieval scripts and other types of system notifications. The correlation with BADHEADERS isn't large, but if you have SPAMHEADERS scoring for a missing Message-ID tag. There's one piece of spamware that is used by legit companies sometimes for newsletters that will fail this test, and because of the normal conditions for such a thing being used, there's a fairly high correlation of CMDSPACE and HELOBOGUS.
I've been scoring this at 3 points with a hold weight of 10. It definitely causes problems when scored higher. While it's very accurate, especially for zombies, it hits so frequently that you have to watch out for issues. I would suggest dropping the recommended weight to 30% of hold weight, or at least being much more conservative.
Matt
R. Scott Perry wrote:
[responding to two posts]
For some reason this isn't coming up in the archives (though I know I've seen it)
Can someone shoot me the config line for the new CMDSPACE ?
CMDSPACE cmdspace x x 8 0
> As I have understand CMDSPACE will be triggered also from every message send
> out from MS Outlook 2003 because they don't follow certain rules. Right?
No -- that's the SPAMHEADERS test that Outlook 2003 will fail.
I just checked the CMDSPACE test yesterday on 5,000 legitimate E-mails we've received recently, and only 2 failed the CMDSPACE test (both apparently because they are using proprietary mailservers). Even if a MUA (mail client) like Outlook has the flaws that the CMDSPACE test looks for, it won't be able to fail the test unless it connects directly to your mailserver. So while it is unlikely that any MUAs have this flaw, even if they do, it shouldn't affect the usefulness of the test.
This should be a very good test.
-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000.
Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection.
Find out what you've been missing: Ask for a free 30-day evaluation.
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
-- ===================================================== MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =====================================================
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
