I've set up MD (2.42)/SA (2.63) (SM 8.12.11) on a new system we just put into production and I'm getting a lot of quarantined messages including the following rule match.
I've replaced the real local domain w/mydomain.com
++++++++++++++++++++++++++++++++++++++++++++++++++++++
MSGID_FROM_MTA_SHORT Message-Id was added by a relay
I don't recall this rule popping up regularly in past MD/SA systems.
Here our some sample headers from several such quarantined message
Here are the message headers: From: "Mail Delivery Subsystem" <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Returned mail: Data format error Date: Mon, 26 Jul 2004 09:42:16 -0700 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart_000_0000_527A4796.921FD844" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
----------
Here are the headers for quarantined part 1:
Content-Type: application/octet-stream;
name="mydomain.com"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="mydomain.com"+++++++++++++++++++++++++++++++++++++++++
MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=200407221954=" To: [EMAIL PROTECTED] From: 123Greetings.com <[EMAIL PROTECTED]> X-Mailer: 695B0DF8.1344C3FE.2d0cbc0154fc684d85195ead9a0d1b5c Subject: Enter to WIN a Portable DVD Player! Organization: 123Greetings.com
++++++++++++++++++++++++++++++++++++++++++++
Here's another rule match that has me perplexed - NO_REAL_NAME From: does not include a real name
Content analysis details: (7.1 points, 5.0 required)
pts rule name description ---- ---------------------- -------------------------------------------------- 0.3 NO_REAL_NAME From: does not include a real name 0.1 MICROSOFT_EXECUTABLE RAW: Message includes Microsoft executable program 3.7 MSGID_FROM_MTA_SHORT Message-Id was added by a relay 3.0 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook
Here are the message headers: From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Returned mail: see transcript for details Date: Mon, 26 Jul 2004 10:11:37 -0700 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart_000_0000_DCAE6AD4.11583A44" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
----------
Here are the headers for quarantined part 1:
Content-Type: application/octet-stream;
name="aij.scr"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="aij.scr"-- Thank You
Bill Friedman lingua franca networking lfnetworking.com 510-508-5539
_______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
