Fwd: Why is this domain spoofing.

Robert Lopez rlopezcnm at gmail.com
Mon Nov 9 16:18:30 GMT 2009 

---------- Forwarded message ----------
From: Robert Lopez <rlopezcnm at gmail.com>
Date: Mon, Nov 9, 2009 at 9:08 AM
Subject: Why is this domain spoofing.
To: MailScanner discussion <mailscanner at lists.mailscanner.info>


Yesterday ever member of the honor society at this college had their
news letter blocked for Phishing.Heuristics.Email.SpoofedDomain .

It is not clear to me why. It appears to me the domain is always
ptk.org and elist.ptk.org is simply a mail system within that domain
so nothing is spoofed.

After they were blocked last month I thought I white listed them:
From:      12.230.142.18  OK  # elist.ptk.org
From:      12.230.142.9    OK  # ptk.org
are already in /etc/MailScanner/rules/spam.whitelist.rules

How can I prevent these from being blocked?  Am I misunderstanding how
to whitelist SpoofedDomain-s?

This is the report:
The following e-mails were found to have: Virus Detected

   Sender: golden_key_news_brief_htm-return-296-xxxxxx=cnm.edu at elist.ptk.org
IP Address: 12.230.142.18
 Recipient: xxxxxx at cnm.edu
  Subject: GOLDEN KEY NEWS BRIEFS FOR November  6, 2009
 MessageID: 53BDB10A5.B6931
Quarantine:
   Report: Clamd:  message was infected:
Phishing.Heuristics.Email.SpoofedDomain

Full headers are:

 Received: from elist.ptk.org (elist.ptk.org [12.230.142.18])
       by mg06.cnm.edu (Postfix) with ESMTP id 53BDB10A5
       for <xxxxxx at cnm.edu>; Sat,  7 Nov 2009 10:40:20 -0700 (MST)
 Received: (qmail 27695 invoked by alias); 6 Nov 2009 17:41:40 -0600
 Mailing-List: contact golden_key_news_brief_htm-help at elist.ptk.org;
run by ezmlm
 Precedence: bulk
 X-No-Archive: yes
 List-Post: <mailto:golden_key_news_brief_htm at elist.ptk.org>
 List-Help: <mailto:golden_key_news_brief_htm-help at elist.ptk.org>
 List-Unsubscribe:
<mailto:golden_key_news_brief_htm-unsubscribe-rganley=cnm.edu at elist.ptk.org>
 List-Subscribe: <mailto:golden_key_news_brief_htm-subscribe at elist.ptk.org>
 X-You-are-Subscribed-As: <xxxxxx at cnm.edu>
 From: Golden Key News Brief <news_service at ptk.org>
 To: GKNB subscribers <xxxxxx at cnm.edu>
 Mime-Version: 1.0
 Content-Type: text/html
 Delivered-To: mailing list golden_key_news_brief_htm at elist.ptk.org
 Date: Fri,  6 Nov 2009 23:41:40 +0000
 Subject: GOLDEN KEY NEWS BRIEFS FOR November  6, 2009
 Message-Id: <20091107174020.53BDB10A5 at mg06.cnm.edu>




--
Robert Lopez
Unix Systems Administrator
Central New Mexico Community College (CNM)
525 Buena Vista SE
Albuquerque, New Mexico 87106


I should have cut and paste instead of retyping. I actually have "yes"
instead of "OK" in spam.whitelist.rules
-- 
Robert Lopez
Unix Systems Administrator
Central New Mexico Community College (CNM)
525 Buena Vista SE
Albuquerque, New Mexico 87106

More information about the MailScanner mailing list