Why is this domain spoofing.

Alex Neuman alex at rtpty.com
Mon Nov 9 16:50:17 GMT 2009 

Spam is one thing, your antivirus kicking in because your newsletter's  
overcomplicated, unnecessary HTML-laden format matches a phishing-type  
message is another.
You would have to correct that - since nothing guarantees the other  
end (the recipient's server) won't think the same thing, even though  
you whitelist it on your side.
Disable virus scanning for those IPs (a bad thing, if you ask me) or  
modify the signatures in your AV to avoid the false positive, if you  
want the problem to go away (as opposed to solving it).

On Nov 9, 2009, at 11:08 AM, Robert Lopez wrote:

> Yesterday ever member of the honor society at this college had their
> news letter blocked for Phishing.Heuristics.Email.SpoofedDomain .
>
> It is not clear to me why. It appears to me the domain is always
> ptk.org and elist.ptk.org is simply a mail system within that domain
> so nothing is spoofed.
>
> After they were blocked last month I thought I white listed them:
> From:      12.230.142.18  OK  # elist.ptk.org
> From:      12.230.142.9    OK  # ptk.org
> are already in /etc/MailScanner/rules/spam.whitelist.rules
>
> How can I prevent these from being blocked?  Am I misunderstanding how
> to whitelist SpoofedDomain-s?
>
> This is the report:
> The following e-mails were found to have: Virus Detected
>
>    Sender: golden_key_news_brief_htm-return-296-xxxxxx=cnm.edu at elist.ptk.org
> IP Address: 12.230.142.18
> Recipient: xxxxxx at cnm.edu
>   Subject: GOLDEN KEY NEWS BRIEFS FOR November  6, 2009
> MessageID: 53BDB10A5.B6931
> Quarantine:
>    Report: Clamd:  message was infected:
> Phishing.Heuristics.Email.SpoofedDomain
>
> Full headers are:
>
> Received: from elist.ptk.org (elist.ptk.org [12.230.142.18])
> 	by mg06.cnm.edu (Postfix) with ESMTP id 53BDB10A5
> 	for <xxxxxx at cnm.edu>; Sat,  7 Nov 2009 10:40:20 -0700 (MST)
> Received: (qmail 27695 invoked by alias); 6 Nov 2009 17:41:40 -0600
> Mailing-List: contact golden_key_news_brief_htm-help at elist.ptk.org;
> run by ezmlm
> Precedence: bulk
> X-No-Archive: yes
> List-Post: <mailto:golden_key_news_brief_htm at elist.ptk.org>
> List-Help: <mailto:golden_key_news_brief_htm-help at elist.ptk.org>
> List-Unsubscribe:
> <mailto:golden_key_news_brief_htm-unsubscribe-rganley=cnm.edu at elist.ptk.org 
> >
> List-Subscribe: <mailto:golden_key_news_brief_htm-subscribe at elist.ptk.org 
> >
> X-You-are-Subscribed-As: <xxxxxx at cnm.edu>
> From: Golden Key News Brief <news_service at ptk.org>
> To: GKNB subscribers <xxxxxx at cnm.edu>
> Mime-Version: 1.0
> Content-Type: text/html
> Delivered-To: mailing list golden_key_news_brief_htm at elist.ptk.org
> Date: Fri,  6 Nov 2009 23:41:40 +0000
> Subject: GOLDEN KEY NEWS BRIEFS FOR November  6, 2009
> Message-Id: <20091107174020.53BDB10A5 at mg06.cnm.edu>
>
>
>
>
> -- 
> Robert Lopez
> Unix Systems Administrator
> Central New Mexico Community College (CNM)
> 525 Buena Vista SE
> Albuquerque, New Mexico 87106
> -- 
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list