[Declude.JunkMail] BadHeaders?
Hi Everyone, We have an application that generates email using Cold Fusion. The application sends email to me. The email never goes outside of our servers. Declude is flagging the email as having BadHeaders: X-RBL-Warning: BADHEADERS: This E-mail was sent from a broken mail client [8004000e]. I don't have a clear understanding of what BadHeaders evaluates. I realize I can whitelist the email but what I really want to do is figure out how to fix how Cold Fusion formats the email so that it does not trigger the BadHeaders test. We do send email via other applications to outside users and so fixing this problem will help insure delivery to those people, too. Thanks, Dave --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] BadHeaders?
The E-mail failed the BADHEADERS test. This means the email failed with a violation of the RFC. This specific code indicates a incorrect Message-ID: in the header. David B -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave Beckstrom Sent: Wednesday, April 30, 2008 12:36 PM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] BadHeaders? Hi Everyone, We have an application that generates email using Cold Fusion. The application sends email to me. The email never goes outside of our servers. Declude is flagging the email as having BadHeaders: X-RBL-Warning: BADHEADERS: This E-mail was sent from a broken mail client [8004000e]. I don't have a clear understanding of what BadHeaders evaluates. I realize I can whitelist the email but what I really want to do is figure out how to fix how Cold Fusion formats the email so that it does not trigger the BadHeaders test. We do send email via other applications to outside users and so fixing this problem will help insure delivery to those people, too. Thanks, Dave --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] BadHeaders?
David, Thank you for the explanation. I actually wrote the code that generates the Message-ID. Do you happen to have a link to documentation that would show the proper format for the Message-ID? Thanks, Dave -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Wednesday, April 30, 2008 11:55 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] BadHeaders? The E-mail failed the BADHEADERS test. This means the email failed with a violation of the RFC. This specific code indicates a incorrect Message-ID: in the header. David B -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave Beckstrom Sent: Wednesday, April 30, 2008 12:36 PM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] BadHeaders? Hi Everyone, We have an application that generates email using Cold Fusion. The application sends email to me. The email never goes outside of our servers. Declude is flagging the email as having BadHeaders: X-RBL-Warning: BADHEADERS: This E-mail was sent from a broken mail client [8004000e]. I don't have a clear understanding of what BadHeaders evaluates. I realize I can whitelist the email but what I really want to do is figure out how to fix how Cold Fusion formats the email so that it does not trigger the BadHeaders test. We do send email via other applications to outside users and so fixing this problem will help insure delivery to those people, too. Thanks, Dave --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] BadHeaders?
Unfortunately you will have to search the RFC's I will check the Declude code to see if there are any references in the comments. IF there are I will let you know. David Barker -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave Beckstrom Sent: Wednesday, April 30, 2008 1:17 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] BadHeaders? David, Thank you for the explanation. I actually wrote the code that generates the Message-ID. Do you happen to have a link to documentation that would show the proper format for the Message-ID? Thanks, Dave -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Wednesday, April 30, 2008 11:55 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] BadHeaders? The E-mail failed the BADHEADERS test. This means the email failed with a violation of the RFC. This specific code indicates a incorrect Message-ID: in the header. David B -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave Beckstrom Sent: Wednesday, April 30, 2008 12:36 PM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] BadHeaders? Hi Everyone, We have an application that generates email using Cold Fusion. The application sends email to me. The email never goes outside of our servers. Declude is flagging the email as having BadHeaders: X-RBL-Warning: BADHEADERS: This E-mail was sent from a broken mail client [8004000e]. I don't have a clear understanding of what BadHeaders evaluates. I realize I can whitelist the email but what I really want to do is figure out how to fix how Cold Fusion formats the email so that it does not trigger the BadHeaders test. We do send email via other applications to outside users and so fixing this problem will help insure delivery to those people, too. Thanks, Dave --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] badheaders
Hi, IKEA sends a big mailrun, headers for one of the mail is below. If I check the BADHEADERS code 802d at tools.declude.com I get: SMTP Dialog MX record Lookup failed (error #0 (). Trying A record for ...A record Lookup failed (error #0 (). You need an MX record for in order to send mail to it. Sorry! but that seems not correct somehow. Who ...needs an MX record for ...WHAT... in order to send mail to it? Does 217.150.51.120 need to have an MX record? Is THAT the BAD in de HEADER? Seems to me something with the badheader code 802d isn't right. --quote- Received: from mr120.yzmail.nl [217.170.51.120] by student.tio.nl with ESMTP (SMTPD-9.21) id A10B0A28; Thu, 06 Dec 2007 11:38:03 +0100 Message-Id: [EMAIL PROTECTED] Received: from unknown (HELO localhost.localdomain) ([172.16.0.213]) by mr120.yzmail.nl with ESMTP; 06 Dec 2007 09:41:58 +0100 Content-Type: multipart/alternative; boundary=--=_1196930458-27165-74380 Content-Transfer-Encoding: binary MIME-Version: 1.0 From: IKEA FAMILY [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [SPAM: 26]Comfortabel slapen - IKEA FAMILY MAIL december 2007 Return-Path: [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] X-Mailer: Yourzine.nl X-IMAIL-SPAM-VALFROM: (d10a064b3ec9) X-RBL-Warning: BADHEADERS: This E-mail was sent from a broken mail client [802d]. X-RBL-Warning: FROMNOMATCH: Env sender ([EMAIL PROTECTED]) From: ([EMAIL PROTECTED]) mismatch. X-RBL-Warning: SUBCHARS-50: Subject with at least 50 characters found. X-Declude-Sender: [EMAIL PROTECTED] [217.170.51.120] X-Declude-Spoolname: Dd10a064b3ec9.smd X-Declude-RefID: str=0001.0A0B0204.4757C53F.0119,ss=3,sh,fgs=0 X-Declude-Note: Scanned by Declude 4.3.46 for spam. http://www.declude.com/x-note.htm; X-Declude-Scan: Incoming Score [26] at 11:38:27 on 06 Dec 2007 X-Declude-Fail: BADHEADERS [8], FROMNOMATCH [3], SUBCHARS-50 [1], SPAMSUBJECT [12], SPAMHOLD [20], ZEROHOUR [14] X-Country-Chain: NETHERLANDS-destination X-fpReview-Weight: 26 --quote- Met vriendelijke groet, Bonno Bloksma hoofd systeembeheer tio hogeschool hospitality en toerisme begijnenhof 8-12 / 5611 el eindhoven t 040 296 28 28 / f 040 237 35 20 [EMAIL PROTECTED] / www.tio.nl --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Badheaders and un-decoded mail
Hi, A client sent this email back to me saying that they cannot read it. Well no wonder the message did not get un-decoded properly. I have two questions: 1) The badheaders code (8c02) means that there was no This E-mail has no From: header. And yet it appears to have one two lines after the X-Mailer: Groupwise 6.5. So why the badheaders code? 2) What could have caused the message to be un-decodable when it reached the final destination? Thanks Goran -Original Message- From: Sent: Monday, September 25, 2006 3:05 PM Subject: X-Mailer: Groupwise 6.5 Message-ID: [EMAIL PROTECTED] From: Line Desrosiers [EMAIL PROTECTED] Subject: =?UTF-8?B?UsOpcC4gOiBSRTog?= To: Joe User [EMAIL PROTECTED] Content-Type: multipart/alternative; boundary=LPHMXLZMXOMRLFKSEJCW X-MXRate-Prob: -1 X-MXRate-Country: CA X-MXRate-Action: ALLOW X-Alligate-ReceivingIP: [192.168.170.2] X-Alligate-Grey: Skipped X-RBL-Warning: BADHEADERS: This E-mail was sent from a broken mail client [8c02]. X-RBL-Warning: BASE64: A binary encoded text or HTML section was found in this E-mail. X-RBL-Warning: GOODREVDNS: Message failed GOODREVDNS test (line 30, weight -30) X-RBL-Warning: BYPASS: Message failed BYPASS test (line 8, weight 0) X-Declude-Sender: [EMAIL PROTECTED] [159.33.1.177] X-Declude-Spoolname: D288e01860770.smd X-Declude-RefID: X-Note: X-Note: Process Time: Scanned at 15:06:03 on 25 Sep 2006 X-Note: Reverse DNS: Sent from gwtor-out1.cbc.ca ([159.33.1.177]). X-Note: Country Path: CANADA-destination X-Note: X-Note: Tests Failed: BADHEADERS [2], BASE64 [4], GOODREVDNS [-30], BYPASS [0] X-Note: X-Note: Header Code: 8c02 X-Note: IP4R: 177.1.33.159 X-Note: MAILFROMBL: .radio-canada.ca X-Note: RHS BL: radio-canada.ca X-Note: Remote IP: 159.33.1.177 X-Note: X-Note: Recpient(s): [EMAIL PROTECTED] X-Note: Sender: [EMAIL PROTECTED] X-Note: Spool File: D288e01860770.smd X-Note: X-Note: This E-mail was scanned by Declude JunkMail version 4.3.7 X-Note: Total spam weight of this E-mail is -32. X-fpReview-Weight: -32 X-Note: Return-Path: [EMAIL PROTECTED] X-OriginalArrivalTime: 25 Sep 2006 19:06:07.0399 (UTC) FILETIME=[A7C4DB70:01C6E0D5] --LPHMXLZMXOMRLFKSEJCW Content-Type: text/plain; charset=utf-8 Content-Language: Content-Transfer-Encoding: base64 Qm9uam91ciBNb25zaWV1ciBMYWxvbmRlLA0KDQpKZSB2aWVucyB0b3V0IGp1c3RlIGRlIHZv dXMg ZW52b3llciBwYXIgdMOpbMOpY29waWVyIGF1IDQxNi0yMTQtNDQxMiwgIm1vbiBjb3Vycmll bCBx dWUgamUgdm91cyBhZHJlc3NhaXMgISENCg0KTWVyY2kgw6AgbCdhdmFuY2UgISENCg0KDQoN Cg0K DQpMaW5lIERlc3Jvc2llcnMNClJhZGlvLUNhbmFkYQ0KRGlyZWN0aW9uIGRlcyBvcMOpcmF0 aW9u cywNCkZpbmFuY2VtZW50IGV0IFJlbGF0aW9ucyBkJ2FmZmFpcmVzDQpUw6lsOiAgKDUxNCkt NTk3 Etc etc etc --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] BADHEADERS
Hi, Can someone point me to detailed info on what the BADHEADERS test looks at and/or how this error can be remedied? Already looked in the declude manual, not enough info. Thanks, Andrew ISP guy --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] BADHEADERS
Here ya go Andy: http://www.declude.com/tools/header.php -Nick [EMAIL PROTECTED] wrote: Hi, Can someone point me to detailed info on what the BADHEADERS test looks at and/or how this error can be remedied? Already looked in the declude manual, not enough info. Thanks, Andrew ISP guy --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] BADHEADERS and HELOBOGUS coming up a lot
These tests (especially BADHEADERS) seem to be catching a lot of legit mail lately. I've attached one of the headers It seems like many of the emails are sent from Exchange servers. What exactly makes the headers bad?Any ideas? Received: from ss_email.ssc.internal [216.201.186.154] by Rogersbenefit.com with ESMTP (SMTPD-8.21) id AA0C60F44; Wed, 17 Aug 2005 10:55:24 -0700 X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: multipart/mixed; boundary=_=_NextPart_001_01C5A354.6BB3DE4D Subject: FW: Erecycler - Request for quote Date: Wed, 17 Aug 2005 12:52:22 -0500 Message-ID: [EMAIL PROTECTED] http://68.167.205.203:8383/Xa4139bcbc899cb92c89cefa5b204/newmsg.cgi?mbx=bulk[EMAIL PROTECTED] X-MS-Has-Attach: yes X-MS-TNEF-Correlator: Thread-Topic: Erecycler - Request for quote Thread-Index: AcWilPivw61uWKcZTbmhEGnyYpc9YgAvrosg X-Priority: 1 Priority: Urgent Importance: high From: Carrie MateerEMAIL PROTECTED X-RBL-Warning: BADHEADERS: This E-mail was sent from a broken mail client [840a]. X-RBL-Warning: HELOBOGUS: Domain ss_email.ssc.internal has no MX or A records [0301]. X-Declude-Sender: EMAIL PROTECTED [216.201.186.154] X-Note: Scanned by Declude JunkMail http://www.declude.com/x-note.htm X-Spam-Tests-Failed: BADHEADERS, HELOBOGUS, WEIGHT10 [13] X-Note: Scanned by Declude JunkMail http://www.declude.com/x-note.htm X-Note: This E-mail was sent from mail2.sleepersewell.com ([216.201.186.154]). X-RCPT-TO:EMAIL PROTECTED http://68.167.205.203:8383/Xa4139bcbc899cb92c89cefa5b204/newmsg.cgi?mbx=bulk[EMAIL PROTECTED] Status: R X-UIDL: 417013027 X-IMail-ThreadID: 7a0c0e8c19d1 --- [This E-mail was scanned for viruses.] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] BADHEADERS and HELOBOGUS coming up a lot
Kevin, Microsoft E-mail clients have a nasty habit of excluding the To when there are only CC or BCC recipients. You will almost exclusively see this on some sort of E-mail blast from Exchange servers. The proper (RFC compliant) way to construct the headers when no To address is specified would be to do something like the following: To: undisclosed-recipients:; You aren't going to fix the issues with the sender in this case unless you convince them to put at least one To address in because this is a flaw that Microsoft created. It would be easier to just whitelist them. One other recommendation would be to lower the scores of the BADHEADERS, SPAMHEADERS and HELOBOGUS tests. IMO, the default config is weighted a little heavy with these tests, and they are not highly accurate, and they will often enough trigger on legitimate E-mail in groups. Matt Kevin Rogers wrote: Thanks for showing me that sweet tool, Nick. Has anyone come across this error enough to know which mail client was sending it or if it could be sent legitmately but still gets flagged? Not having a To: is pretty bad I assume. Thanks. Nick Hayer wrote: Hi Kevin, Kevin Rogers wrote: These tests (especially BADHEADERS) seem to be catching a lot of legit mail lately. I've attached one of the headers It seems like many of the emails are sent from Exchange servers. What exactly makes the headers bad?Any ideas? Here is what made this one fail the BADHEADERS test: http://www.declude.com/tools/header.php?code=840a -Nick Received: from ss_email.ssc.internal [216.201.186.154] by Rogersbenefit.com with ESMTP (SMTPD-8.21) id AA0C60F44; Wed, 17 Aug 2005 10:55:24 -0700 X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: multipart/mixed; boundary=_=_NextPart_001_01C5A354.6BB3DE4D Subject: FW: Erecycler - Request for quote Date: Wed, 17 Aug 2005 12:52:22 -0500 Message-ID: [EMAIL PROTECTED] http://68.167.205.203:8383/Xa4139bcbc899cb92c89cefa5b204/newmsg.cgi?mbx=bulk[EMAIL PROTECTED] X-MS-Has-Attach: yes X-MS-TNEF-Correlator: Thread-Topic: Erecycler - Request for quote Thread-Index: AcWilPivw61uWKcZTbmhEGnyYpc9YgAvrosg X-Priority: 1 Priority: Urgent Importance: high From: Carrie MateerEMAIL PROTECTED X-RBL-Warning: BADHEADERS: This E-mail was sent from a broken mail client [840a]. X-RBL-Warning: HELOBOGUS: Domain ss_email.ssc.internal has no MX or A records [0301]. X-Declude-Sender: EMAIL PROTECTED [216.201.186.154] X-Note: Scanned by Declude JunkMail http://www.declude.com/x-note.htm X-Spam-Tests-Failed: BADHEADERS, HELOBOGUS, WEIGHT10 [13] X-Note: Scanned by Declude JunkMail http://www.declude.com/x-note.htm X-Note: This E-mail was sent from mail2.sleepersewell.com ([216.201.186.154]). X-RCPT-TO:EMAIL PROTECTED http://68.167.205.203:8383/Xa4139bcbc899cb92c89cefa5b204/newmsg.cgi?mbx=bulk[EMAIL PROTECTED] Status: R X-UIDL: 417013027 X-IMail-ThreadID: 7a0c0e8c19d1 --- [This E-mail was scanned for viruses.] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses.] --- [This E-mail was scanned for viruses.] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] BADHEADERS and HELOBOGUS coming up a lot
Hi Kevin, This email is more our/your FYI than much an answer to your question: We've also noticed this on other tests of Declude that are built in; but not much on BADHEADERS. Decludes BADHEADERS test is a good test and accurate in our opinion; but we have lowered the score on this test as well as SPAMHEADERS and HELOBOGUS. We and (myself; now living outside of USA.. Where email bounces thru servers to USA and then back to me from USA (to another Country) have notice the ROUTING test will fail on email received to me; when it is received by a Country I am in; and where I have respond/created an email to that Country. And that email is legit. I use SMTP to our servers in USA; so this bypasses our Declude (incoming authorize email). Also so does the NOPOSTMASTER and NOABUSE fail here. Many ISP's (at least in Eastern Europe) do not use these anymore. Although, yes an RFC requirement, they have chose to disregard that rule; and not setup those addresses. We have disable these tests in Declude due to a number of false positives. At first we lowered the weight returned by these tests... Then later removed them completely. We have learned over the past year, that most of the built-in tests of Declude are not effective like they were in the past. Now yes, DNS lookup tests are good if you use an active source. Very good. And in our experience in just the past year, external tests called by Declude like SNIFFER and Invariant Systems ... Very, very, effective. Infact, we have removed most of our BODY, HEADERS, and SUBJECT filters; infact about 95% of them. We also do use a few of Matt's filters for scam detection; but have lowered much these weights as Invariant's URI program and SNIFFER takes the most blunt in punishing the email. Matt, on this list, is very good. :-) (in my opinion). So is Andy and Darrell. I have learned a lot about them just by being silent on the list and observing their feedbacks. Now, our servers have only received a maximum of 12,356 emails a day (last peak recorded on 8/4/2005). I know other ISP's / servers that use Declude receive more or less then us.) The above is based on our usage and feedback. Each ISP/email server can be different. -Erik -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kevin Rogers Sent: Thursday, August 18, 2005 9:48 PM To: Declude.JunkMail@declude.com Subject: [Declude.JunkMail] BADHEADERS and HELOBOGUS coming up a lot These tests (especially BADHEADERS) seem to be catching a lot of legit mail lately. I've attached one of the headers It seems like many of the emails are sent from Exchange servers. What exactly makes the headers bad?Any ideas? Received: from ss_email.ssc.internal [216.201.186.154] by Rogersbenefit.com with ESMTP (SMTPD-8.21) id AA0C60F44; Wed, 17 Aug 2005 10:55:24 -0700 X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: multipart/mixed; boundary=_=_NextPart_001_01C5A354.6BB3DE4D Subject: FW: Erecycler - Request for quote Date: Wed, 17 Aug 2005 12:52:22 -0500 Message-ID: [EMAIL PROTECTED] http://68.167.205.203:8383/Xa4139bcbc899cb92c89cefa5b204/newmsg.cgi?mbx=bul k[EMAIL PROTECTED] X-MS-Has-Attach: yes X-MS-TNEF-Correlator: Thread-Topic: Erecycler - Request for quote Thread-Index: AcWilPivw61uWKcZTbmhEGnyYpc9YgAvrosg X-Priority: 1 Priority: Urgent Importance: high From: Carrie MateerEMAIL PROTECTED X-RBL-Warning: BADHEADERS: This E-mail was sent from a broken mail client [840a]. X-RBL-Warning: HELOBOGUS: Domain ss_email.ssc.internal has no MX or A records [0301]. X-Declude-Sender: EMAIL PROTECTED [216.201.186.154] X-Note: Scanned by Declude JunkMail http://www.declude.com/x-note.htm X-Spam-Tests-Failed: BADHEADERS, HELOBOGUS, WEIGHT10 [13] X-Note: Scanned by Declude JunkMail http://www.declude.com/x-note.htm X-Note: This E-mail was sent from mail2.sleepersewell.com ([216.201.186.154]). X-RCPT-TO:EMAIL PROTECTED http://68.167.205.203:8383/Xa4139bcbc899cb92c89cefa5b204/newmsg.cgi?mbx=bul k[EMAIL PROTECTED] Status: R X-UIDL: 417013027 X-IMail-ThreadID: 7a0c0e8c19d1 --- [This E-mail was scanned for viruses.] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] BADHEADERS and HELOBOGUS coming up a lot
Hi You are using both Sniffer and the Invariant Systems URI tests together? Maybe I was even denser than I thought, but I thought they sort of duplicated each other. Thanks, Rob snip on We have learned over the past year, that most of the built-in tests of Declude are not effective like they were in the past. Now yes, DNS lookup tests are good if you use an active source. Very good. And in our experience in just the past year, external tests called by Declude like SNIFFER and Invariant Systems ... Very, very, effective. Infact, we have removed most of our BODY, HEADERS, and SUBJECT filters; infact about 95% of them. We also do use a few of Matt's filters for scam detection; but have lowered much these weights as Invariant's URI program and SNIFFER takes the most blunt in punishing the email. Matt, on this list, is very good. :-) (in my opinion). So is Andy and Darrell. I have learned a lot about them just by being silent on the list and observing their feedbacks. snip off --- [This E-mail scanned for viruses by Declude Virus] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] BADHEADERS fix in 2.x too aggressive?
Title: Message I've noticed quite a few spams, possibly from the same outfit, that are including an old date in the header, which is possibly static: Received: from minusplus.com [83.195.193.238] by mail.bentall.com (SMTPD32-8.14) id A3013C2E00CE; Sat, 26 Feb 2005 15:15:13 -0800Date: 1 Dec 2004 10:42:52 -0500Content-type: text/plainFrom: Lisa Stuart [EMAIL PROTECTED]To: mungedMessage-ID: [EMAIL PROTECTED]Subject: R0lex for $200 I'm pretty sure that the old versions of declude triggered BADHEADERS if the date was too far out of alignment with the current date. I checked the Release Notes web page to get the right version of Declude for my subject line, but that page makes no mention of the fix that was released just after the new year when a fix for a hardcoded "2004" was causing a false positive in BADHEADERS. Andrew 8( -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Scott FisherSent: Friday, February 25, 2005 6:41 PMTo: Declude.JunkMail@declude.comSubject: Re: [Declude.JunkMail] Spammed on port 2525 I'd picked 2525 before I really knew about 25. What really irks me is that Imail has made no provisions to accomodate a port 587. It can't be two hard to accomodate another SMTP port... most of the code is that same as the port 25 code... This has been an issue for over a year and no word from Ipswitch. I was very surprised to see spam coming in on the port 2525. It looked to be from Zombie proxies at least 15 different. So somebody out there is trying different port numbers. - Original Message - From: Matt To: Declude.JunkMail@declude.com Sent: Friday, February 25, 2005 7:22 PM Subject: Re: [Declude.JunkMail] Spammed on port 2525 SMTP AUTH on port 587 isn't required by the RFC...it just simply makes a whole ton of sense in most setups. Considering that this is a standard port, and it will most likely find its way through broadband provider's blocks since it is reserved for this use and likely to be restricted to authenticated E-mail in most cases in the near future, it is advisable to use it all other things being equal. Considering that Scott is already promoting port 2525 and having configured some of his clients for that, there is no harm in continuing the practice in lieu of support for SMTP AUTH-only connections on this port in his mail server. I am guessing that in the future we will also see E-mail clients fail over from port 25 to 587 automatically, making support for this transparent and hands-free. That is not likely at all to happen with port 2525, and it would seem that port 2525 is more likely to be blocked as a security measure.The choice is really about what you already have and how far into the future you wish to plan for/speculate about.MattJohn Tolmachoff (Lists) wrote: See my thoughts on the Imail forum on 587. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of MattSent: Friday, February 25, 2005 4:50 PMTo: Declude.JunkMail@declude.comSubject: Re: [Declude.JunkMail] Spammed on port 2525 Here's what I am using for a mail server located at 192.168.1.1 for this example. IMail is configured to listen on port 587, but to the outside world it appears as both port 25 and 587. Even though one would think that you didn't have to NAT 587 to 587, in this case you do because of the other rules for that IP (or so I was told). I assume that you are configured differently and that does matter, so you might want to share that before making the edits yourself. ip nat inside source static tcp 192.168.1.1 25 192.168.1.1 25 extendable no-aliasip nat inside source static tcp 192.168.1.1 587 192.168.1.1 25 extendable no-aliasip nat inside source static tcp 192.168.1.1 587 192.168.1.1 587 extendable no-aliasI assume that you know how to config term your router. If not, it won't be straight forward without a crib sheet or experienced help to guide you through it rather than risk messing it up.MattScott Fisher wrote: I use port 2525 to bypass port 25 blocking for my employees. I was just checking my logs and I've been receiving spam on port 2525 Can anyone share the necessary Cisco IOS commands to let the Cisco router do port translation? P.S. IOS isn't my primary language... -- =MailPure custom filters for Declude JunkMail
[Declude.JunkMail] BADHEADERS code 8400000a
Scott, I've been laying low on this one for a while, but BADHEADERS hits for not having a proper To address is commonly producing false positives on my system with personal E-mail, some of which will cause the messages to be held. The issue here (just in case it was forgotten) is that Microsoft allows seemingly all of their mail clients to send without specifying a To address, in which case this test gets tripped. This happens mostly on newsletters or BCC blasts, but it also happens on personal E-mail on occasion, and it is very highly associated with legit E-mail instead of spam (at least on my system). When sending from an Exchange Web mail client, the BASE64 test also gets tripped, so this can be problematic based on associations as well. Would you please remove this from hitting, or at least give us an entry to turn it off? Thanks, Matt -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] BADHEADERS code 8400000a
I've been laying low on this one for a while, but BADHEADERS hits for not having a proper To address is commonly producing false positives on my system with personal E-mail, some of which will cause the messages to be held. The issue here (just in case it was forgotten) is that Microsoft allows seemingly all of their mail clients to send without specifying a To address, in which case this test gets tripped. This happens mostly on newsletters or BCC blasts, but it also happens on personal E-mail on occasion, and it is very highly associated with legit E-mail instead of spam (at least on my system). When sending from an Exchange Web mail client, the BASE64 test also gets tripped, so this can be problematic based on associations as well. Would you please remove this from hitting, or at least give us an entry to turn it off? What version of Declude JunkMail are you using? The latest interim release will not trigger the BADHEADERS test if there is a Bcc: header but no To: header (whereas previous versions would), since it is technically OK to have no To: header if there is a Bcc: header. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] BADHEADERS code 8400000a
I'm using i20 currently. Note that IE and probably Exchange as well,
will allow a CC field with no To and it would previously produce the
same results, I mention this because you didn't mention the exception ,
only the BCC exception. People do of course send out to lists using the
CC field, especially since IE doesn't show the BCC field by default.
I definitely got an FP this morning on this using a BCC to multiple
addresses:
From [EMAIL PROTECTED] Thu Jan 22 11:09:35 2004
Received: from *.*.*.org [209.105.181.131] by *.com with
ESMTP
(SMTPD32-8.05) id A5BB61017C; Thu, 22 Jan 2004 11:09:31 -0500
X-Exclaimer-OnMessagePostCategorize-{71daf94f-e3fe-4bbf-865a-6309cc88575e}:
C:\Program Files\eXclaimer\eXclaimer.dll - 2.0.4.67
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Content-Transfer-Encoding: 7bit
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary=_=_NextPart_001_01C3E102.1D744C46
Subject: [11] Moms
Date: Thu, 22 Jan 2004 11:09:29 -0500
Message-ID:
[EMAIL PROTECTED]
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: Moms
thread-index: AcPg93uCfg9mp7t5Qme9dmWnmlCzmgACj/+A
From: Patti Tripoli [EMAIL PROTECTED]
X-MailPure:
==
X-MailPure: NOLEGITCONTENT: Failed, no legitimate content detected
(weight 0).
X-MailPure: HELOBOGUS: Failed, bogus connecting server name (weight 4).
X-MailPure: BASE64: Failed, base64 encoded plain text or HTML (weight 3).
X-MailPure: CONCEALED: Failed, concealed message (weight 1).
X-MailPure: BADHEADERS: Failed, non-RFC compliant headers [840a]
(weight 4).
X-MailPure: SNIFFER-WHITE: Failed, listed in the White Rules category
(weight 0).
X-MailPure: WORDFILTER-BODY: Message failed WORDFILTER-BODY test (line
43, weight 1).
X-MailPure: RECIPIENTS - [EMAIL PROTECTED]
X-MailPure:
==
X-MailPure: Spam Score: 11
X-MailPure: Scan Time: 11:09:35 on 01/22/2004
X-MailPure: Spool File: Df5bb0061017ca15e.SMD
X-MailPure: Server Name: *.*.*.org
X-MailPure: SMTP Sender: [EMAIL PROTECTED]
X-MailPure: Received From: *-*-*-*.*.*.net
[*.*.*.*]
X-MailPure:
==
X-MailPure: Spam and virus blocking services provided by MailPure.com
X-MailPure:
==
X-Declude-Date: 01/22/2004 16:09:29 [0]
X-RCPT-TO: [EMAIL PROTECTED]
Status: R
X-UIDL: 372977713
R. Scott Perry wrote:
I've been laying low on this one for a while, but BADHEADERS hits for
not having a proper To address is commonly producing false positives
on my system with personal E-mail, some of which will cause the
messages to be held. The issue here (just in case it was forgotten)
is that Microsoft allows seemingly all of their mail clients to send
without specifying a To address, in which case this test gets
tripped. This
happens mostly on newsletters or BCC blasts, but it also happens on
personal E-mail on occasion, and it is very highly associated with
legit E-mail instead of spam (at least on my system). When sending
from an Exchange Web mail client, the BASE64 test also gets tripped,
so this can be problematic based on associations as well.
Would you please remove this from hitting, or at least give us an
entry to turn it off?
What version of Declude JunkMail are you using? The latest interim
release will not trigger the BADHEADERS test if there is a Bcc: header
but no To: header (whereas previous versions would), since it is
technically OK to have no To: header if there is a Bcc: header.
-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
Declude Virus: Catches known viruses and is the leader in mailserver
vulnerability detection.
Find out what you've been missing: Ask about our free 30-day evaluation.
---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail. The archives can be found
at http://www.mail-archive.com.
--
=
MailPure custom filters for Declude JunkMail Pro.
http://www.mailpure.com/software/
=
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail. The archives can be found
at http://www.mail-archive.com.
Re: [Declude.JunkMail] BADHEADERS code 8400000a
I'm using i20 currently. Note that IE and probably Exchange as well, will allow a CC field with no To and it would previously produce the same results, I mention this because you didn't mention the exception , only the BCC exception. People do of course send out to lists using the CC field, especially since IE doesn't show the BCC field by default. It does seem odd the way that RFCs allow the lone Bcc: header, but not a lone Cc: header. I definitely got an FP this morning on this using a BCC to multiple addresses: The problem here is that Microsoft forgot to add a Bcc: header. It's one of those weird things, that a Bcc: header is required even though one would think that a Bcc: header shouldn't be present (since it won't be completely b or blind if the header is there). But if there is to To: header, the Bcc: header should be there. However, it seems that little spam actually has this problem, so we will consider removing it from the BADHEADERS test. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] BADHEADERS code 8400000a
Very much appreciated. Back when I did a review of hits for this, I think it was over 95% FP's. Even if that isn't accurate, it's problematic enough to allow us to turn it off. Thanks, Matt R. Scott Perry wrote: I'm using i20 currently. Note that IE and probably Exchange as well, will allow a CC field with no To and it would previously produce the same results, I mention this because you didn't mention the exception , only the BCC exception. People do of course send out to lists using the CC field, especially since IE doesn't show the BCC field by default. It does seem odd the way that RFCs allow the lone Bcc: header, but not a lone Cc: header. I definitely got an FP this morning on this using a BCC to multiple addresses: The problem here is that Microsoft forgot to add a Bcc: header. It's one of those weird things, that a Bcc: header is required even though one would think that a Bcc: header shouldn't be present (since it won't be completely b or blind if the header is there). But if there is to To: header, the Bcc: header should be there. However, it seems that little spam actually has this problem, so we will consider removing it from the BADHEADERS test. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] BADHEADERS on Message ID
Scott, BADHEADERS caught the following E-mail for the Message ID. I'm not sure if this is an RFC issue or not though, thinking that it might be due to the fact that the ID starts with a period, or maybe because it includes a comma??? Could you clarify that this is definitely a valid BADHEADERS hit? Thanks, Matt Received: from mm-outgoing-101.amazon.com [207.171.188.101] by **.com with ESMTP (SMTPD32-8.05) id AA4B4210244; Tue, 20 Jan 2004 10:33:31 -0500 Received: from mail-ems-101.amazon.com by mm-outgoing-101.amazon.com with ESMTP (crosscheck: mail-ems-101.amazon.com [10.16.42.228]) id i0KED5Vu024987; Tue, 20 Jan 2004 06:13:05 -0800 Received: by mail-ems-101.amazon.com id AAA-batch-00866,29; 20 Jan 2004 06:12:55 -0800 Date: 20 Jan 2004 06:12:55 -0800 Message-ID: .AAA-batch-00866,[EMAIL PROTECTED] X-AMAZON-TRACK: batch To: [EMAIL PROTECTED] From: Amazon.com [EMAIL PROTECTED] Subject: [19] Save 26% on Keep It Simple by Keb Mo Content-Type: multipart/alternative; boundary=mUlTiPaRtBoUnDaRy MIME-Version: 1.0 X-MailPure: == X-MailPure: SPAMCOP(DYNA): Failed, listed in bl.spamcop.net (weight 4). X-MailPure: SPAMCOP(ALL): Failed, listed in bl.spamcop.net (weight 2). X-MailPure: IPNOTINMX: Failed, IP is not listed in MX or A records (weight 0). X-MailPure: BADHEADERS: Failed, non-RFC compliant headers [8008000e] (weight 4). X-MailPure: SNIFFER-GENERAL: Failed, listed in the General category (weight 6). X-MailPure: GIBBERISH: Message failed GIBBERISH test (line 386, weight 4) (weight capped at 4). X-MailPure: RECIPIENTS - [EMAIL PROTECTED] X-MailPure: == X-MailPure: Spam Score: 19 X-MailPure: Scan Time: 10:33:44 on 01/20/2004 X-MailPure: Spool File: D4a4b04210244087e.SMD X-MailPure: Server Name: mm-outgoing-101.amazon.com X-MailPure: SMTP Sender: [EMAIL PROTECTED] X-MailPure: Received From: mm-outgoing-101.amazon.com [207.171.188.101] X-MailPure: == X-MailPure: Spam and virus blocking services provided by MailPure.com X-MailPure: == X-Declude-Date: 01/20/2004 14:12:55 [80] X-RCPT-TO: [EMAIL PROTECTED] Status: R X-UIDL: 372977314 -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] BADHEADERS on Message ID
BADHEADERS caught the following E-mail for the Message ID. I'm not sure if this is an RFC issue or not though, thinking that it might be due to the fact that the ID starts with a period, or maybe because it includes a comma??? Could you clarify that this is definitely a valid BADHEADERS hit? It definitely is: Message-ID: .AAA-batch-00866,[EMAIL PROTECTED] The comma is illegal in a Message-ID: header (unless it is quoted, although I've never seen a Message-ID: header that was quoted). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE : [Declude.JunkMail] BADHEADERS Question
Hi, Do you know also how to fix too that with ASPMAil ? Thanks Mehdi Blagui -Message d'origine- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] De la part de Jose Gosende Envoyé : lundi 11 août 2003 15:49 À : [EMAIL PROTECTED] Objet : RE: [Declude.JunkMail] BADHEADERS Question Interesting. Thanks for the info! Jose -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of R. Scott Perry Sent: Monday, August 11, 2003 10:43 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] BADHEADERS Question Legitimate email is failing the BADHEADERS test. Do I need to modify something on my server so this test does not fail? You need to modify something on the mail client (the program sending the E-mail is broken). Most likely, upgrading the mail client will fix the problem. Why would I need to upgrade my mail client? Because most people don't like running broken software on their servers. Most likely, you're running a beta version of the software involved. It's a ColdFusion page that's sending the email, by the way. AH! That explains the problem. http://www.mail-archive.com/[EMAIL PROTECTED]/msg00661.html covers getting CF not to fail the SPAMHEADERS test. Most likely, another broken part of CF (a bogus HELO/EHLO) is causing IMail to add a broken header (since IMail generates the header on the assumption that the HELO/EHLO information is valid), causing it to fail the BADHEADERS test. But, that problem will actually go away with the information at the above URL (since CF will add the header that IMail was adding). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE : [Declude.JunkMail] BADHEADERS Question
Do you know also how to fix too that with ASPMAil ? Upgrading ASPMail to the latest version should take care of the problem. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] BADHEADERS Question
Legitimate email is failing the BADHEADERS test. Do I need to modify something on my server so this test does not fail? Thanks --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] BADHEADERS Question
Legitimate email is failing the BADHEADERS test. Do I need to modify something on my server so this test does not fail? You need to modify something on the mail client (the program sending the E-mail is broken). Most likely, upgrading the mail client will fix the problem. Why would I need to upgrade my mail client? Because most people don't like running broken software on their servers. Most likely, you're running a beta version of the software involved. It's a ColdFusion page that's sending the email, by the way. AH! That explains the problem. http://www.mail-archive.com/[EMAIL PROTECTED]/msg00661.html covers getting CF not to fail the SPAMHEADERS test. Most likely, another broken part of CF (a bogus HELO/EHLO) is causing IMail to add a broken header (since IMail generates the header on the assumption that the HELO/EHLO information is valid), causing it to fail the BADHEADERS test. But, that problem will actually go away with the information at the above URL (since CF will add the header that IMail was adding). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] BADHEADERS Question
Interesting. Thanks for the info! Jose -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of R. Scott Perry Sent: Monday, August 11, 2003 10:43 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] BADHEADERS Question Legitimate email is failing the BADHEADERS test. Do I need to modify something on my server so this test does not fail? You need to modify something on the mail client (the program sending the E-mail is broken). Most likely, upgrading the mail client will fix the problem. Why would I need to upgrade my mail client? Because most people don't like running broken software on their servers. Most likely, you're running a beta version of the software involved. It's a ColdFusion page that's sending the email, by the way. AH! That explains the problem. http://www.mail-archive.com/[EMAIL PROTECTED]/msg00661.html covers getting CF not to fail the SPAMHEADERS test. Most likely, another broken part of CF (a bogus HELO/EHLO) is causing IMail to add a broken header (since IMail generates the header on the assumption that the HELO/EHLO information is valid), causing it to fail the BADHEADERS test. But, that problem will actually go away with the information at the above URL (since CF will add the header that IMail was adding). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] BADHEADERS Question
Legitimate email is failing the BADHEADERS test. Do I need to modify something on my server so this test does not fail? You need to modify something on the mail client (the program sending the E-mail is broken). Most likely, upgrading the mail client will fix the problem. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] BADHEADERS Question
Why would I need to upgrade my mail client? It's a ColdFusion page that's sending the email, by the way. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of R. Scott Perry Sent: Monday, August 11, 2003 10:26 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] BADHEADERS Question Legitimate email is failing the BADHEADERS test. Do I need to modify something on my server so this test does not fail? You need to modify something on the mail client (the program sending the E-mail is broken). Most likely, upgrading the mail client will fix the problem. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] BADHEADERS Code a400010b -- not at /tools/header?
Scott/All, I can't retrieve the extended info for code a400010b. Does anyone have it on hand? -Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] BADHEADERS Code a400010b -- not at/tools/header?
I can't retrieve the extended info for code a400010b. Does anyone have it on hand? That one is caused by a missing To: header. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[2]: [Declude.JunkMail] BADHEADERS Code a400010b -- not at /tools/header?
I can't retrieve the extended info for code a400010b. Does anyone have it on hand? That one is caused by a missing To: header. Thanks--I would've caught it if I'd had the original e-mail, but I just had the alert. Is it indeed not at /tools/badheaders? -Sandy --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[2]: [Declude.JunkMail] BADHEADERS Code a400010b -- not at/tools/header?
Thanks--I would've caught it if I'd had the original e-mail, but I just had the alert. Is it indeed not at /tools/badheaders? No, it isn't -- the problem is that there were some other flags in there that were causing the lookup tool to fail. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] BADHEADERS Test question
Getting to me...look here, you say you been thinking again! Sounds like a retread coming off to me... Jim Rooth Klotron, Inc. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of John Tolmachoff Sent: Friday, September 27, 2002 01:00 To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] BADHEADERS Test question Thanks Scott, I meant to say SPAMHEADERS in lieu of BADHEADERS...to ya'll I was RFC ignorant...you had to figure the rest of the ignorance out on your own...LOL Me thinks you have been spending too much time around a truck stop again Jim. The diesel fumes are getting to you again. :-) John Tolmachoff IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] BADHEADERS Test question
Hello All, So far I've been very happy with JunkMail. I'm only running a few tests and it's catching a lot of spam and porn. However, I'm noticing the occasional legitimate email from badly formatted clients. For example, JunkMail caught a confirmation email from an online service that one of my co-workers signed up for. This was a good email but it had badly formatted headers. Fortunately, I'm not rejecting or deleting emails as of yet but eventually I will. How do you all deal with emails that fail the BADHEADERS test because of poor mail clients/senders but are legit emails that need to be delivered? I'm looking for my next step in configuring JunkMail. Any advice is appreciated. Troy D. Hilton SofWerks LLC. [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] BADHEADERS Test question
I do it by a weight system. Thee are a few of the tests that really have less value in catching legitimate spam. For instance if you give a heavy weight to noabuse, you will not receive any mail from Microsoft as they do not want the emails telling them they are screwing up so therefore they do not have an 'abuse' account. BADHEADERS, in my opinion, should have a lower value. Many servers out there are legitimate but have RFC ignorant people running them. I know, cause I am one ignorant son of a gun when it comes to RFC! Jim Rooth Klotron, Inc. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Troy Hilton Sent: Thursday, September 26, 2002 15:53 To: Declude Junkmail Forum (E-mail) Subject: [Declude.JunkMail] BADHEADERS Test question Hello All, So far I've been very happy with JunkMail. I'm only running a few tests and it's catching a lot of spam and porn. However, I'm noticing the occasional legitimate email from badly formatted clients. For example, JunkMail caught a confirmation email from an online service that one of my co-workers signed up for. This was a good email but it had badly formatted headers. Fortunately, I'm not rejecting or deleting emails as of yet but eventually I will. How do you all deal with emails that fail the BADHEADERS test because of poor mail clients/senders but are legit emails that need to be delivered? I'm looking for my next step in configuring JunkMail. Any advice is appreciated. Troy D. Hilton SofWerks LLC. [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] BADHEADERS Test question
So far I've been very happy with JunkMail. I'm only running a few tests and it's catching a lot of spam and porn. However, I'm noticing the occasional legitimate email from badly formatted clients. For example, JunkMail caught a confirmation email from an online service that one of my co-workers signed up for. This was a good email but it had badly formatted headers. Fortunately, I'm not rejecting or deleting emails as of yet but eventually I will. How do you all deal with emails that fail the BADHEADERS test because of poor mail clients/senders but are legit emails that need to be delivered? I'm looking for my next step in configuring JunkMail. Any advice is appreciated. I think that Jim's suggestion of relying on the weighting system is the best answer. My personal opinion, though, is that the BADHEADERS test should have a high weight towards the weighting system, as no mail client should be sending out E-mail with non-RFC-compliant headers -- that's very bad. Given how much spam has increased lately, I think we're getting to the point where broken E-mail headers can't be ignored any longer. Note that the problem doesn't lie with the overworked mail server administrator on the other side -- it lies in the company that designed the mail client, that they are collecting money from. The SPAMHEADERS test (headers that are technically RFC-compliant , but spamlike) will catch E-mail from quite a few poorly designed web sites, and *should* be fixed, but since the headers are RFC-compliant, a lower weight should be used with the SPAMHEADERS test. Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] BADHEADERS Test question
Thanks Scott, I meant to say SPAMHEADERS in lieu of BADHEADERS...to ya'll I was RFC ignorant...you had to figure the rest of the ignorance out on your own...LOL Me thinks you have been spending too much time around a truck stop again Jim. The diesel fumes are getting to you again. :-) John Tolmachoff IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] badheaders test
Hello all, Can anyone shed any light on exactly what the BADHEADERS test checks for? I've got a client that is sending me legitimate emails but it's failing the BADHEADERS test and I can't see why. Thanks. Troy D. Hilton SofWerks LLC. [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] badheaders test
Can anyone shed any light on exactly what the BADHEADERS test checks for? It checks for E-mail headers that are broken (non-RFC-compliant). There are a number of different things that it looks for. I've got a client that is sending me legitimate emails but it's failing the BADHEADERS test and I can't see why. To find out, you need to find the code that Declude JunkMail assigned the E-mail (such as 80200202). If you use the WARN action, this will appear in the E-mail headers. Otherwise, you will need to look in the log file. You can look up the code using the BADHEADERS lookup at www.declude.com/tools . The most common reason an E-mail will fail the BADHEADERS test is because it is missing a Date: header (or has no time zone or an incorrect time zone). This is illegal, and will often cause E-mail to get lost on a server or mail client. Upgrading the software sending the E-mail will take care of the problem in almost all cases. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] badheaders test
Can anyone shed any light on exactly what the BADHEADERS test checks for? It checks for E-mail headers that are broken (non-RFC-compliant). There are a number of different things that it looks for. OK. I've got a client that is sending me legitimate emails but it's failing the BADHEADERS test and I can't see why. To find out, you need to find the code that Declude JunkMail assigned the E-mail (such as 80200202). If you use the WARN action, this will appear in the E-mail headers. Otherwise, you will need to look in the log file. Ah, that explains why I can't see the code in the headers. You can look up the code using the BADHEADERS lookup at www.declude.com/tools . The most common reason an E-mail will fail the BADHEADERS test is because it is missing a Date: header (or has no time zone or an incorrect time zone). This is illegal, and will often cause E-mail to get lost on a server or mail client. Upgrading the software sending the E-mail will take care of the problem in almost all cases. Cool. Thanks Scott. Troy --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Badheaders, Eudora and Incredimail
Hi there, I'm new to this list and to Declude for that matter. I can say however that it does a terrific job. I need your advise on the following: A lot of legitimate e-mail is getting caught because of badheaders. Although we have set revdns, noabuse, nopostmaster and routing to ignore it appears that they add weight when combined. We've also discovered that the way Eudora and Incredimail write header information makes most if not all mail originating from these mail clients be caught as spam because of badheaders Is there any workaround? Best regards Lachezar --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Badheaders, Eudora and Incredimail
Thanks for the prompt reply, THis is the header from one of the incredimail messages: Received: from Tyrone Sons [196.31.58.242] by tibiyo.com (SMTPD32-7.04) id A7DA483E01C8; Tue, 03 Sep 2002 09:42:18 +0200 MIME-Version: 1.0 Message-Id: 3D74673B.1E.19449@Tyrone Sons.realnet.co.sz Date: Tue, 3 Sep 2002 09:39:39 +0200 (South Africa Standard Time) Content-Type: Multipart/related; type=multipart/alternative; boundary=Boundary-00=_3MQUP4J1VA40 X-Mailer: IncrediMail 2001 (1750690) From: Tyrone Sons [EMAIL PROTECTED] X-FID: FEFCEF83-591F-11D4-AF87-0050DAC67E11 X-FVER: 2.0 X-FIT: Letter X-FCOL: Old Papers X-FCAT: Stationery X-FDIS: Celtic Myth X-Extensions: SU1CTDEsNDEsgUmBSTgsODQsOMGVTY3FhThNhYUoiU0kOMGdTYGBjYEoJDSZnSyFhUksSU1CTDIs MCwsSU1CTDMsMCws X-BG: AAE092E1-BF0E-11D6-8F75-00C0CA1101D1 X-BGT: repeat X-BGC: #ddbb99 X-BGPX: left X-BGPY: 0px X-ASN: EE860250-5330-11D4-BA52-0050DAC68030 X-ASNF: 0 X-ASH: EE860250-5330-11D4-BA52-0050DAC68030 X-ASHF: 1 X-AN: A5BE2A00-37CC-11D4-BA36-0050DAC68030 X-ANF: 0 X-AP: A5BE2A00-37CC-11D4-BA36-0050DAC68030 X-APF: 1 X-AD: 7E485C40-4138-11D4-BA3D-0050DAC68030 X-ADF: 0 X-AUTO: X-ASN,X-ASH,X-AN,X-AP,X-AD X-CNT: ; X-Priority: 3 To: [EMAIL PROTECTED] Subject: Not sending mail Reply-To: Tyrone Sons [EMAIL PROTECTED] X-Declude-Sender: [EMAIL PROTECTED] [196.31.58.242] X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. X-Spam-Tests-Failed: BADHEADERS X-RCPT-TO: [EMAIL PROTECTED] Status: U X-UIDL: 323286068 The following is the header from a Eudora mail client: Received: from johnresting [196.31.58.24] by realnet.co.sz (SMTPD32-7.06) id A891E79A011E; Tue, 03 Sep 2002 17:43:13 +0200 X-Sender: [EMAIL PROTECTED] X-Mailer: QUALCOMM Windows Eudora Pro Version 4.0.1 Date: Tue, 03 Sep 2002 17:45:53 +0200 To: [EMAIL PROTECTED] From: John Resting [EMAIL PROTECTED] Subject: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Message-Id: 200209031743796.SM00321@johnresting X-Declude-Sender: [EMAIL PROTECTED] [196.31.58.24] X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. X-Spam-Tests-Failed: None X-RCPT-TO: [EMAIL PROTECTED] Status: U X-UIDL: 912182731 I guess that the reason for the spam test being none is that I whitelisted the [EMAIL PROTECTED] e-mail address, and yes your note on the IP address is correct as there is an IP address instead of the server name. Best regards Lachezar -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of R. Scott Perry Sent: Tuesday, September 03, 2002 4:29 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Badheaders, Eudora and Incredimail A lot of legitimate e-mail is getting caught because of badheaders. That is very bad. Note that any E-mail failing the BADHEADERS test is likely to get caught on other servers, as well. Although we have set revdns, noabuse, nopostmaster and routing to ignore it appears that they add weight when combined. That is correct, unless you disable those tests, or set the weight to 0. The IGNORE action only affects the test that it is used with, and does not take away the weight for that test. We've also discovered that the way Eudora and Incredimail write header information makes most if not all mail originating from these mail clients be caught as spam because of badheaders Is there any workaround? I often get mail from people using Eudora and Incredimail, and they do not fail the BADHEADERS test. So it is likely a problem with the specific version(s) that you are running, or a setup error. There is a bug in some versions of Eudora that can cause the BADHEADERS test to fail if an IP address is entered as the name of the server. Eudora will accept this, but assume that it is a host name (not an IP), so when it generates the Message-ID: header, it uses the format for a hostname rather than an IP, which breaks the header. If you post the full headers of one of the E-mails that was caught (actually, one for Eudora and one for Incredimail would be best), I can take a look to see what is wrong. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Badheaders, Eudora and Incredimail
THis is the header from one of the incredimail messages: Message-Id: 3D74673B.1E.19449@Tyrone Sons.realnet.co.sz This one looks like Incredimail doesn't do an incredible job checking host names -- the last I checked, host names could not include a space in them. :) The following is the header from a Eudora mail client: ... I guess that the reason for the spam test being none is that I whitelisted the [EMAIL PROTECTED] e-mail address, and yes your note on the IP address is correct as there is an IP address instead of the server name. Actually, the I address isn't the issue here (although the X-Sender: [EMAIL PROTECTED] should be X-Sender: johnrest@[192.168.0.1], the RFCs allow anything in the X- headers, so it is technically valid. This E-mail didn't fail the BADHEADERS test here, just the SPAMHEADERS test (because it was sent without a Message-ID: header). I'm guessing the version of Eudora they are running is a beta version, as I haven't heard of any legitimate mail clients that don't add the Message-ID: header (usually it's poorly designed web apps that have that problem). -Scott --- Declude: Anti-virus, Anti-spam and Anti-hijacking solutions for IMail. http://www.declude.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Badheaders.
Scott.. Thanks a lot. -Zul - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, May 13, 2002 8:50 PM Subject: Re: [Declude.JunkMail] Badheaders. One of our developer created a vb program to send mail using our smtp server but the mail failed the BADHEADERS spam test. Can anyone please give me more info on the BADHEADERS spam test or how to rectify this ? To find out, you need to find the code that Declude JunkMail assigned the E-mail (such as 80200202). If you use the WARN action, this will appear in the E-mail headers. Otherwise, you will need to look in the log file. You can look up the code using the BADHEADERS lookup at www.declude.com/tools . The most common reason an E-mail will fail the BADHEADERS test is because it is missing a Date: header (or has no time zone or an incorrect time zone). This is illegal, and will often cause E-mail to get lost on a server or mail client. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
[Declude.JunkMail] Badheaders.
Hi, One of ourdeveloper created a vb program to send mail using our smtp server but the mail failed the BADHEADERS spam test. Can anyone please give me more info on the BADHEADERS spam test or how to rectify this ? Thanks. -Zul
Re: [Declude.JunkMail] Badheaders.
One of our developer created a vb program to send mail using our smtp server but the mail failed the BADHEADERS spam test. Can anyone please give me more info on the BADHEADERS spam test or how to rectify this ? To find out, you need to find the code that Declude JunkMail assigned the E-mail (such as 80200202). If you use the WARN action, this will appear in the E-mail headers. Otherwise, you will need to look in the log file. You can look up the code using the BADHEADERS lookup at www.declude.com/tools . The most common reason an E-mail will fail the BADHEADERS test is because it is missing a Date: header (or has no time zone or an incorrect time zone). This is illegal, and will often cause E-mail to get lost on a server or mail client. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
[Declude.JunkMail] badheaders?
I have a message that was flagged as having bad headers. I tried figuring out the code so that I could use your badheader lookup, but I can't figure out what I'm supposed to use in there. Here are the headers. Received: from SMTP32-FWD by sirc.ca (SMTP32) id A0157; Thu, 18 Apr 2002 08:03:41 -0400 Received: from eagle.dnt.dialog.com [198.81.232.107] by sirc.ca with ESMTP (SMTPD32-7.05) id A60B47370116; Thu, 18 Apr 2002 08:03:23 -0400 Received: (from edd@localhost) by eagle.dnt.dialog.com (8.9.3/8.9.3) id FAA08293 for [EMAIL PROTECTED]; Thu, 18 Apr 2002 05:05:33 -0700 (PDT) Date: Thu, 18 Apr 2002 05:05:33 -0700 (PDT) From: EDD Master Account [EMAIL PROTECTED] Message-Id: [EMAIL PROTECTED] Subject: [May be SPAM:BADHEADERS]DDDOPING-P234: PR S17/5/ALL ADDR ACAD002 Reply-To: X-Label: 16012925 X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. X-Spam-Tests-Failed: BADHEADERS. X-Mozilla-Status2: -- Susan Duncan ([EMAIL PROTECTED]) TEL:(613) 231-SIRC x225 Director of Computer Operations, SIRC FAX:(613) 231-3739 http://www.sportquest.com/ http://www.canadiansport.com/ --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
Re: [Declude.JunkMail] badheaders?
I have a message that was flagged as having bad headers. I tried figuring out the code so that I could use your badheader lookup, but I can't figure out what I'm supposed to use in there. Here are the headers. To find the code, you have the use the WARN action, or check the Declude JunkMail log file. My guess, looking at the headers, is that the problem is that there is no To: header, which is required. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
[Declude.JunkMail] BADHEADERS and SPAMHEADERS
Should a legitimate email ever fail both BADHEADERS and SPAMHEADERS? [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
Re: [Declude.JunkMail] BADHEADERS and SPAMHEADERS
Should a legitimate email ever fail both BADHEADERS and SPAMHEADERS? No. No legitimate mail should ever fail the BADHEADERS test. A legitimate mail will only fail that test if it comes from a broken mail client. Legitimate mail may fail the SPAMHEADERS test, if it is sent from a poorly designed mail client (usually one where the programmers felt it would be OK for some of the mail it sends to be marked as spam, in return for cheaper product). The BADHEADERS and SPAMHEADERS tests look for different problems, so it is possible for an E-mail to fail both of them. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
Re: H:Re: [Declude.JunkMail] BADHEADERS and SPAMHEADERS
What is a broken mail client? A mail client that doesn't work. For example, if you use Outlook, and your E-mail address is [EMAIL PROTECTED], but it creates an E-mail header From: [EMAIL PROTECTED], that would be an example of a broken mail client. There are some older E-mail clients and lots of web server applications that are broken. Most people consider legitimate mail to mean any mail that they want, even if it comes from a broken mail client. However, mail sent from a broken mail client is very volatile, and may not reach the recipient's mail client or may become malformed along the way or just disappear. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
[Declude.JunkMail] BADHEADERS customization
Is there anything we can do to customize the way BADHEADERS tests? If there are several tests that it does, I would like to be able to turn on or off those components that give us false positives but be able to use this test for components that always find spam. SPAMHEADERS also? --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
