Do you whitelist AUTH? Darin.
----- Original Message ----- From: "Darrell ([EMAIL PROTECTED])" <[EMAIL PROTECTED]> To: <[email protected]> Sent: Friday, May 26, 2006 1:58 PM Subject: Re: [Declude.JunkMail] Spam says it was whitelisted Kyle Fisher writes: > 05/26/2006 00:16:57.630 q8f41090e0000cd10.smd Skipping4 E-mail from > [EMAIL PROTECTED] ; whitelisted [EMAIL PROTECTED] ]. The logs say somewhere you are whitelisting yourself as a sender. Possibly you may also be whitelisting your domain (log entries look pretty much the same in those cases. The message below was forged using your email address as a sender. Typically you should not whitelist based on email addresses as its easy for that to be abused. Darrell ------------------------------------------- Check out http://www.invariantsystems.com for utilities for Declude, Imail, mxGuard, and ORF. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Colbeck, Andrew > Sent: Friday, May 26, 2006 11:28 AM > To: [email protected] > Subject: RE: [Declude.JunkMail] Spam says it was whitelisted > > And what does the Declude log show if you do a: > > > Find /I "8f41090e0000cd10" dec0526.log > > > Andrew 8) > > > > >> -----Original Message----- >> From: [EMAIL PROTECTED] >> [mailto:[EMAIL PROTECTED] On Behalf Of Kyle Fisher >> Sent: Friday, May 26, 2006 9:07 AM >> To: [email protected] >> Subject: RE: [Declude.JunkMail] Spam says it was whitelisted >> >> Here is one I received. I not seeing the AUTH in the log so >> I don't think they used my account. >> >> >> 05:26 00:16 SMTPD(8f41090e0000cd10) [208.191.89.12] connect >> 68.250.139.149 port 1835 >> 05:26 00:16 SMTPD(8f41090e0000cd10) [68.250.139.149] EHLO >> 68-250-139-149.ded.ameritech.net >> 05:26 00:16 SMTPD(8f41090e0000cd10) [68.250.139.149] MAIL >> FROM:<[EMAIL PROTECTED]> >> 05:26 00:16 SMTPD(8f41090e0000cd10) [68.250.139.149] RCPT >> TO:<[EMAIL PROTECTED]> >> 05:26 00:16 SMTPD(8f41090e0000cd10) [68.250.139.149] DATA >> >> 05:26 00:16 SMTPD(8f41090e0000cd10) [68.250.139.149] >> D:\IMail\spool\D8f41090e0000cd10.SMD 8585 >> >> 05:26 00:16 SMTPD(8f41090e0000cd10) performing antispam checks >> >> 05:26 00:16 SMTP-(8f41090e0000cd10) processing >> D:\IMail\spool\q8f41090e0000cd10.smd >> >> 05:26 00:16 SMTP-(8f41090e0000cd10) ldeliver esc5.net >> kfisher-main (1) [EMAIL PROTECTED] 9099 >> >> >> >> Received: from 68-250-139-149.ded.ameritech.net >> [68.250.139.149] by esc5.net with ESMTP >> (SMTPD-8.22) id AF4233E8; Fri, 26 May 2006 00:16:50 -0500 >> Return-path: <[EMAIL PROTECTED]> >> Envelope-to: [EMAIL PROTECTED] >> Delivery-date: Fri, 26 May 2006 00:16:34 -0600 >> Received: from [54.202.40.178] (helo=67403648) >> by 68-250-139-149.ded.ameritech.net with smtp (Exim >> 4.60 (FreeBSD)) >> (envelope-from <[EMAIL PROTECTED]>) >> id M3Q3-r2OV5CP-oX >> for [EMAIL PROTECTED]; Fri, 26 May 2006 00:16:34 -0600 >> Received: from muzieknummeriek.nl (27477441257 [8355651465]) >> by 82.165.167.174 (Qmailv1) with ESMTP id 1I6HR1W6 >> for <[EMAIL PROTECTED]>; Fri, 26 May 2006 00:16:19 -0600 >> Date: Fri, 26 May 2006 00:16:19 -0600 >> From: "Jay T Malloy" <[EMAIL PROTECTED]> >> X-Mailer: The Bat! (v2.00.4) Personal >> X-Priority: 3 >> Message-ID: <[EMAIL PROTECTED]> >> Subject: We cure any desease! >> MIME-Version: 1.0 >> Content-Type: multipart/alternative; >> boundary="----------SIC3WNR0DUSQYT6" >> X-Declude-Sender: [EMAIL PROTECTED] [68.250.139.149] >> X-Declude-Spoolname: D8f41090e0000cd10.smd >> X-Note: This E-mail was scanned by Region 5 ESC using Declude >> JunkMail for spam. >> X-Country-Chain: UNITED STATES->destination >> X-Note: Total spam weight of this E-mail is 0 >> X-Note: Spam tests: Whitelisted >> X-Note: Reverse DNS: 68-250-139-149.ded.ameritech.net >> ([68.250.139.149]) >> X-Note: HELO/EHLO Received: 68-250-139-149.ded.ameritech.net >> X-Note: Header code: 8400000a >> X-Note: Queue name: D8f41090e0000cd10.smd >> X-RCPT-TO: <[EMAIL PROTECTED]> >> Status: U >> X-UIDL: 448590122 >> X-IMail-ThreadID: 8f41090e0000cd10 >> >> >> -----Original Message----- >> From: [EMAIL PROTECTED] >> [mailto:[EMAIL PROTECTED] On Behalf Of Darrell >> ([EMAIL PROTECTED]) >> Sent: Friday, May 26, 2006 8:59 AM >> To: [email protected] >> Subject: Re: [Declude.JunkMail] Spam says it was whitelisted >> >> Kyle, >> >> What do the logs say? WHITELIST AUTH? Whitelisted due to a >> users address book? Only the logs will say for sure. >> >> Darrell >> ------------------------------------------- >> Quickly and easily review false positives with fpReview. >> http://www.invariantsystems.com >> >> Kyle Fisher writes: >> >> > I am checking over this header and trying to determine how it could >> > have been whitelisted. One thing I don't understand is >> that I delete >> everything >> > from Vietnam. But if it shows its whitelisted I'm sure all other >> > tests stop. >> > >> > >> > >> > Thanks >> > >> > >> > >> > Kyle >> > >> > >> > >> > >> > >> > Received: from localhost [203.210.153.25] by esc5.net with ESMTP >> > >> > (SMTPD-8.22) id AB1435B4; Thu, 25 May 2006 20:34:12 -0500 >> > >> > Return-path: <[EMAIL PROTECTED]> >> > >> > Envelope-to: [EMAIL PROTECTED] >> > >> > Delivery-date: Fri, 26 May 2006 20:35:40 +0700 >> > >> > Received: from [112.61.205.8] (helo=23216878) >> > >> > by localhost with smtp (Exim 4.60 (FreeBSD)) >> > >> > (envelope-from <[EMAIL PROTECTED]>) >> > >> > id 8alMf-61wVc1-A2 >> > >> > for [EMAIL PROTECTED]; Fri, 26 May 2006 20:35:40 +0700 >> > >> > Received: from 888teleman.com (12611570 [238713367]) >> > >> > by 127.38.184.174 (Qmailv1) with ESMTP id BGSV3NCW >> > >> > for <[EMAIL PROTECTED]>; Fri, 26 May 2006 19:35:25 +0700 >> > >> > Date: Fri, 26 May 2006 19:35:25 +0700 >> > >> > From: "Marvin B. Vasquez" <[EMAIL PROTECTED]> >> > >> > X-Mailer: The Bat! (v2.00.4) Personal >> > >> > X-Priority: 3 >> > >> > Message-ID: <[EMAIL PROTECTED]> >> > >> > Subject: Full of health. >> > >> > MIME-Version: 1.0 >> > >> > Content-Type: multipart/alternative; >> > >> > boundary="----------FQW2ETB3DIRHR11GCT0" >> > >> > X-Declude-Sender: [EMAIL PROTECTED] [203.210.153.25] >> > >> > X-Declude-Spoolname: D5b130a170000b677.smd >> > >> > X-Note: This E-mail was scanned by Region 5 ESC using >> Declude JunkMail >> > for spam. >> > >> > X-Country-Chain: [IANA Reserved]->VIET NAM->destination >> > >> > X-Note: Total spam weight of this E-mail is 0 >> > >> > X-Note: Spam tests: Whitelisted >> > >> > X-Note: Reverse DNS: adsl.hnpt.com.vn ([203.210.153.25]) >> > >> > X-Note: HELO/EHLO Received: localhost >> > >> > X-Note: Header code: a400010b >> > >> > X-Note: Queue name: D5b130a170000b677.smd >> > >> > X-RCPT-TO: <[EMAIL PROTECTED]> >> > >> > Status: U >> > >> > X-UIDL: 448590113 >> > >> > X-IMail-ThreadID: 5b130a170000b677 >> > >> --- >> This E-mail came from the Declude.JunkMail mailing list. To >> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and >> type "unsubscribe Declude.JunkMail". The archives can be >> found at http://www.mail-archive.com. >> >> --- >> This E-mail came from the Declude.JunkMail mailing list. To >> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and >> type "unsubscribe Declude.JunkMail". The archives can be >> found at http://www.mail-archive.com. >> > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
