Email detected as spam but not tagged

Rob Sterenborg R.Sterenborg at netsourcing.nl
Thu Jul 22 16:36:50 IST 2010


> >>> Below is the email header with relevant Postfix/MailScanner
> >> logs.
> >>> Using this information, can anyone tell me why these emails
> >> weren't
> >>> tagged? If more info is needed, please let me know.
> 
> 
> I looked at your OP at
> <http://lists.mailscanner.info/pipermail/mailscanner/2010-
> July/096286.html>,
> and it seems clear that MailScanner did scan this message.

Yes it did. It's just that *some* emails aren't tagged and I can't see why.

> The first few headers at the top of the message are
> 
> X-MimeOLE: Produced By Microsoft Exchange V6.5
> Received: from mx1.domain2.local ([ip.addr]) by
> mx2.domain2.local with
>  Microsoft SMTPSVC(6.0.3790.1830); Sat, 17 Jul 2010 23:35:37
> +0200
> MIME-Version: 1.0
> Content-Type: multipart/alternative;
> 	boundary="----_=_NextPart_004_01CB25F7.FEAB9A80"
> Received: from mx3.domain1.nl ([ip.addr]) by mx1.domain2.local
> with
>  Microsoft SMTPSVC(6.0.3790.1830); Sat, 17 Jul 2010 23:35:12
> +0200
> Received: from overscan.fr (web5.overscan.com [91.121.209.115])
> by
>  mx3.domain1.nl (Postfix) with ESMTP id 1EB923AA63 for
>  <user at domain2.nl>; Sat, 17 Jul 2010 23:35:09 +0200 (CEST)
> 
> It appears that mx1.domain2.local (or possibly
> mx2.domain2.local) has munged the message somehow as evidenced
> by the MIME-Version: and Content-Type: headers inserted between
> the received headers at that point. Is it possible that this is
> also responsible for dropping the MailScanner headers?

Unfortunately I cannot publicly disclose the real host-/domainnames; the logs would be clearer then.
Mx3 is the mailrelay which runs MS, so this host should insert the headers.
MX1 is the receiving frontend Exchange server, mx2 is the receiving backend Exchange server. I've checked with the Exchange admins and it seems they are also running Trend software and it could be it's doing unwanted things to the email. We're looking into that.

> Other than that, I have no ideas. It might help to know the
> MailScanner version. It appears to be older than 4.78.3 because
> the logs show spam scanning before virus scanning

Yes, it's an older version of MailScanner: 4.65.3. New relays with 4.79.11 installs are in the making but not yet finished/fully tested.


--
Rob



More information about the MailScanner mailing list