Re: MSGID_FROM_MTA_SHORT

27 Jul 2004 02:11:00 -0000


I've set up MD (2.42)/SA (2.63) (SM 8.12.11) on a new system we just put into production
and I'm getting a lot of quarantined messages including the following rule match.

I've replaced the real local domain w/mydomain.com

++++++++++++++++++++++++++++++++++++++++++++++++++++++

MSGID_FROM_MTA_SHORT   Message-Id was added by a relay

I don't recall this rule popping up regularly in past MD/SA systems. Here our some sample headers from several such quarantined message

Here are the message headers:
From: "Mail Delivery Subsystem" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Returned mail: Data format error
Date: Mon, 26 Jul 2004 09:42:16 -0700
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----=_NextPart_000_0000_527A4796.921FD844"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000

----------
Here are the headers for quarantined part 1:
Content-Type: application/octet-stream;
   name="mydomain.com"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
   filename="mydomain.com"

+++++++++++++++++++++++++++++++++++++++++

MIME-Version: 1.0
Content-Type: multipart/mixed;  boundary="=200407221954="
To: [EMAIL PROTECTED]
From: 123Greetings.com <[EMAIL PROTECTED]>
X-Mailer: 695B0DF8.1344C3FE.2d0cbc0154fc684d85195ead9a0d1b5c
Subject: Enter to WIN a Portable DVD Player!
Organization: 123Greetings.com

++++++++++++++++++++++++++++++++++++++++++++

Here's another rule match that has me perplexed - NO_REAL_NAME From: does not include a real name


Content analysis details:   (7.1 points, 5.0 required)

pts rule name description
---- ---------------------- --------------------------------------------------
0.3 NO_REAL_NAME From: does not include a real name
0.1 MICROSOFT_EXECUTABLE RAW: Message includes Microsoft executable program
3.7 MSGID_FROM_MTA_SHORT Message-Id was added by a relay
3.0 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook

Here are the message headers:
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Returned mail: see transcript for details
Date: Mon, 26 Jul 2004 10:11:37 -0700
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----=_NextPart_000_0000_DCAE6AD4.11583A44"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000

----------
Here are the headers for quarantined part 1:
Content-Type: application/octet-stream;
   name="aij.scr"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
   filename="aij.scr"

Reply via email to