{Disarmed} RE: {Disarmed} RE: PDF-Corruption
Heino Backhaus
heino.backhaus at fink-computer.de
Wed Apr 8 09:37:26 UTC 2015
Hi,
my sugestion is to change
Use TNEF Contents = replace
to
Use TNEF Contents = add
so, in this case, the attachments in winmal.dat are extracted and
attachend to the mail. The winmail.dat stais in the mail. So you can (if
you got an MS Outlook) take a look into the winmail.dat to see if
the original pdf-file is viewable and compare it to the, via tnef,
extracted one.
Hope this helps.
Am 08.04.2015 um 11:23 schrieb Mohammed Ejaz:
> My existing settings as follows
>
> Expand TNEF = no
>
> Use TNEF Contents = replace
>
> TNEF Expander = /usr/bin/tnef --maxsize=100000000
>
> You want me to replace with the below???
>
> Expand TNEF = yes
>
> Use TNEF Contents = replace
>
> Since the other one TNEF expander is similar your one and mine.
>
> And do the test??
>
> Ejaz
>
> -----Original Message-----
> From: MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info] On
> Behalf Of Heino Backhaus
> Sent: Wednesday, April 08, 2015 12:03 PM
> To: MailScanner Discussion
> Subject: Re: {Disarmed} RE: PDF-Corruption
>
> Hi Ejaz,
>
> I'm using the following settings:
>
> Expand TNEF = yes
>
> Use TNEF Contents = replace
>
> ...
>
> TNEF Expander = /opt/MailScanner/bin/tnef --maxsize=100000000
>
> These are very similar to yours and it's just running fine for me. In
> your case I would try this:
>
> Use TNEF Contents = add
>
> So, if the receipient's got an MS Outlook you/she/he can take a look at
> the contents of the winmail.dat an see if the pdf-file is viewable and
> compare it to the extracted one.
>
> cu
>
> -Heino
>
> Am 08.04.2015 um 10:32 schrieb Mohammed Ejaz:
>
> > Hi
>
> >
>
> > The problem is we cannot tell end user before sending an email to us,
>
> > use only rich/plain or html text etc… So it should be control from
>
> > our mailgatways is it??
>
> >
>
> > Thank in advance really I do appreciate your great support.
>
> >
>
> > Ejaz
>
> >
>
> > *From:*MailScanner [mailto:mailscanner-bounces at lists.mailscanner.info]
>
> > *On Behalf Of *Jerry Benton
>
> > *Sent:* Tuesday, April 07, 2015 12:45 PM
>
> > *To:* MailScanner Discussion
>
> > *Subject:* Re: PDF-Corruption
>
> >
>
> > One user is using Rich Text, the other is not.
>
> >
>
> >
>
> > -
>
> >
>
> > Jerry Benton
>
> >
>
> > www.mailborder.com <http://www.mailborder.com>
> <http://www.mailborder.com>
>
> >
>
> > On Apr 7, 2015, at 5:45 AM, Mohammed Ejaz <mejaz at cyberia.net.sa
>
> > <mailto:mejaz at cyberia.net.sa>> wrote:
>
> >
>
> > All.
>
> >
>
> > The same PDF file when other user whose also using an exchange
>
> > server, we are receiving it perfectly which is being relayed
>
> > through same MailScanner.
>
> >
>
> > The PDF are getting corrupted from few exchange servers only. What
>
> > could be the reason.
>
> >
>
> > Ejaz
>
> >
>
> > *From:*MailScanner
>
> > [mailto:mailscanner-bounces at lists.mailscanner.info]*On Behalf
>
> > Of*Alex Neuman
>
> > *Sent:*Monday, April 06, 2015 8:07 PM
>
> > *To:*MailScanner Discussion
>
> > *Subject:*Re: PDF-Corruption
>
> >
>
> > If it did, indeed, stop it - though from experience it's more likely
>
> > a TNEF issue.
>
> >
>
> > I'd switch the TNEF unpacker to the internal and/or verify that the
>
> > latest perl modules/tnef programs are installed, to be on the
> safe side.
>
> >
>
> > Web Bug from
>
> >
>
> > http://t.signaleuna.com/e1t/o/5/f18dQhb0S7ks8dDMPbW2n0x6l2B9gXrN7sKj6v
>
> > 5dcLCW8qSMPl2zhrHPN4WJlXjQFLCHVLXL-m1k1H6H0?si=5887134288314368&pi=05c
>
> > c99e4-a934-4057-8312-5895ed2ee49c
>
> >
>
> >
>
> >
>
> > *Alex Neuman van der Hans*
>
> > Reliant Technologies / Vida Digital
>
> > http://vidadigital.com.pa/
>
> >
>
> > Mobile: +507 6781-9505
>
> > Work: *MailScanner has detected a possible fraud attempt from
>
> > "+5078326725" claiming to be* +507 832-6725 <*MailScanner has
> detected a possible fraud attempt from "+5078326725" claiming to be*
> http://+5078326725/>
>
> > Work (USA): +1 (440) 253-9789
>
> >
>
> > Skype: AlexNeuman
>
> >
>
> >
>
> > Don't miss Vida Digital on LiveStream
>
> >
> <http://t.signaleuna.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XZsQByMPN7d-5TTRYFRKW7fsH1M56dwbYf6CVDXz02?t=http%3A%2F%2Fnew.livestream.com%2Faccounts%2F5061819&si=5887134288314368&pi=05cc99e4-a934-4057-8312-5895ed2ee49c>!
>
> >
>
> > Saturdays 8am-10am on Máxima 91.7FM Panama
>
> >
>
> >
>
> > Follow *@AlexNeuman
>
> >
> <http://t.signaleuna.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XZsQByMPN7d-5TTRYFRKW7fsH1M56dwbYf6CVDXz02?t=https%3A%2F%2Ftwitter.com%2Falexneuman&si=5887134288314368&pi=05cc99e4-a934-4057-8312-5895ed2ee49c>*
> on
>
> > Twitter
>
> > Like Vida Digital
>
> >
> <http://t.signaleuna.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XZsQByMPN7d-5TTRYFRKW7fsH1M56dwbYf6CVDXz02?t=https%3A%2F%2Ffacebook.com%2Fvidadigital%2F&si=5887134288314368&pi=05cc99e4-a934-4057-8312-5895ed2ee49c>
> on
>
> > Facebook
>
> >
>
> > Follow VidaDigital
>
> >
> <http://t.signaleuna.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XZsQByMPN7d-5TTRYFRKW7fsH1M56dwbYf6CVDXz02?t=http%3A%2F%2Finstagram.com%2Fvidadigital&si=5887134288314368&pi=05cc99e4-a934-4057-8312-5895ed2ee49c>
> on
>
> > Instagram
>
> >
>
> > Subscribe to Vida Digital
>
> >
> <http://t.signaleuna.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XZsQByMPN7d-5TTRYFRKW7fsH1M56dwbYf6CVDXz02?t=https%3A%2F%2Fyoutube.com%2Freliantpty&si=5887134288314368&pi=05cc99e4-a934-4057-8312-5895ed2ee49c>
> on
>
> > Youtube
>
> >
>
> > On Mon, Apr 6, 2015 at 11:57 AM, Jerry Benton
>
> > <jerry.benton at mailborder.com <mailto:jerry.benton at mailborder.com
> <mailto:jerry.benton at mailborder.com%20%3cmailto:jerry.benton at mailborder.com>>>
>
> > wrote:
>
> >
>
> > “... until you figure out which one is stopping or corrupting the
> PDF.”
>
> >
>
> > I saw it. Still applies.
>
> >
>
> >
>
> > -
>
> >
>
> > Jerry Benton
>
> >
>
> > www.mailborder.com <http://www.mailborder.com>
> <http://www.mailborder.com/>
>
> >
>
> > On Apr 6, 2015, at 12:55 PM, Alex Neuman
>
> > <alex at vidadigital.com.pa <mailto:alex at vidadigital.com.pa
> <mailto:alex at vidadigital.com.pa%20%3cmailto:alex at vidadigital.com.pa>>>
> wrote:
>
> >
>
> > I believe he mentioned the PDF's are being corrupted, not
> stopped.
>
> >
>
> >
>
> >
>
> > *Alex Neuman van der Hans*
>
> > Reliant Technologies / Vida Digital
>
> > http://vidadigital.com.pa/
>
> >
>
> > Mobile: +507 6781-9505
>
> > Work: *MailScanner has detected a possible fraud attempt from
>
> > "+5078326725" claiming to be* +507 832-6725 <*MailScanner has
> detected a possible fraud attempt from "+5078326725" claiming to be*
> http://+5078326725/>
>
> > Work (USA): +1 (440) 253-9789
>
> >
>
> > Skype: AlexNeuman
>
> >
>
> >
>
> > Don't miss Vida Digital on LiveStream
>
> >
> <http://t.signaleuna.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XZsQByMPN7d-5TTRYFRKW7fsH1M56dwbYf6CVDXz02?t=http%3A%2F%2Fnew.livestream.com%2Faccounts%2F5061819&si=5887134288314368&pi=d0bd9672-4c8e-4fdc-d8b7-d16ad2ae3c23>!
>
> >
>
> > Saturdays 8am-10am on Máxima 91.7FM Panama
>
> >
>
> >
>
> > Follow *@AlexNeuman
>
> >
> <http://t.signaleuna.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XZsQByMPN7d-5TTRYFRKW7fsH1M56dwbYf6CVDXz02?t=https%3A%2F%2Ftwitter.com%2Falexneuman&si=5887134288314368&pi=d0bd9672-4c8e-4fdc-d8b7-d16ad2ae3c23>*
> on
>
> > Twitter
>
> > Like Vida Digital
>
> >
> <http://t.signaleuna.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XZsQByMPN7d-5TTRYFRKW7fsH1M56dwbYf6CVDXz02?t=https%3A%2F%2Ffacebook.com%2Fvidadigital%2F&si=5887134288314368&pi=d0bd9672-4c8e-4fdc-d8b7-d16ad2ae3c23>
> on
>
> > Facebook
>
> >
>
> > Follow VidaDigital
>
> >
> <http://t.signaleuna.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XZsQByMPN7d-5TTRYFRKW7fsH1M56dwbYf6CVDXz02?t=http%3A%2F%2Finstagram.com%2Fvidadigital&si=5887134288314368&pi=d0bd9672-4c8e-4fdc-d8b7-d16ad2ae3c23>
> on
>
> > Instagram
>
> >
>
> > Subscribe to Vida Digital
>
> >
> <http://t.signaleuna.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XZsQByMPN7d-5TTRYFRKW7fsH1M56dwbYf6CVDXz02?t=https%3A%2F%2Fyoutube.com%2Freliantpty&si=5887134288314368&pi=d0bd9672-4c8e-4fdc-d8b7-d16ad2ae3c23>
> on
>
> > Youtube
>
> >
>
> > On Mon, Apr 6, 2015 at 11:29 AM, Jerry Benton
>
> > <jerry.benton at mailborder.com
>
> > <mailto:jerry.benton at mailborder.com>> wrote:
>
> >
>
> > The PDF probably has a disallowed MIME type in the document.
>
> > Edit your MIME types config file in /etc/MailScanner and allow
>
> > all MIME types. Resend the email and see if it gets through. If
>
> > it does, enable each MIME type until you figure out which one is
>
> > stopping or corrupting the PDF. Note that there is a problem
>
> > with the current Linux “file” command that has been causing
>
> > problems with a lot of applications.
>
> >
>
> > This may or may not be your problem, but of the customers I have
>
> > dealt with at Mailborder complaining of this issue, this is
>
> > often the problem.
>
> >
>
> >
>
> > -
>
> >
>
> > Jerry Benton
>
> >
>
> > www.mailborder.com <http://www.mailborder.com>
> <http://www.mailborder.com/>
>
> >
>
> > On Apr 6, 2015, at 12:04 PM, Mohammed Ejaz
>
> > <mejaz at cyberia.net.sa <mailto:mejaz at cyberia.net.sa
> <mailto:mejaz at cyberia.net.sa%20%3cmailto:mejaz at cyberia.net.sa>>> wrote:
>
> >
>
> > Thanks a lot sorry to disturb you, I called during your
>
> > meeting. As I was unaware about it.
>
> >
>
> > *_This is what all I have for Tnef settings in my
>
> > mailscanner. _*Does Any modification required ??? Please
>
> > advice.
>
> >
>
> > Again thank you for your time.
>
> >
>
> > *__*
>
> >
>
> > *__*
>
> >
>
> > Expand TNEF attachments using an external program (or a Perl
>
> > module)?
>
> >
>
> > # within the TNEF attachment will not be checked against the
>
> > filename rules.
>
> >
>
> > Expand TNEF = no
>
> >
>
> > # When the TNEF (winmail.dat) attachments are expanded,
>
> > should the
>
> >
>
> > # in "Outlook Rich Text Format" (TNEF) will be able to read
>
> > the attachments
>
> >
>
> > # no => Leave winmail.dat TNEF attachments alone.
>
> >
>
> > # TNEF messages being doubled in size.
>
> >
>
> > # replace => Replace the winmail.dat TNEF attachment with
>
> > the files it
>
> >
>
> > Use TNEF Contents = replace
>
> >
>
> > # We are working on a replacement for the TNEF decoder.
>
> >
>
> > Deliver Unparsable TNEF = yes
>
> >
>
> > # Where the MS-TNEF expander is installed.
>
> >
>
> > # the external TNEF expander binary,
>
> >
>
> > # may be. It helps protect against Denial Of Service attacks
>
> > in TNEF files.
>
> >
>
> > #TNEF Expander = internal
>
> >
>
> > TNEF Expander = /usr/bin/tnef --maxsize=100000000
>
> >
>
> > # The maximum length of time the TNEF Expander is allowed to
>
> > run for 1 message.
>
> >
>
> > TNEF Timeout = 120
>
> >
>
> > # maybe TNEF files to not be archives as they are really
>
> > just another way
>
> >
>
> > # tnef -- "winmail.dat" files created by Microsoft
>
> > Exchange or Outlook
>
> >
>
> > I believe Mailborder and FSL systems provide official
> support.
>
> >
>
> > Do you have any contacts email/phone numbers
>
> >
>
> > Ejaz
>
> >
>
> > *From:* MailScanner
>
> > [mailto:mailscanner-bounces at lists.mailscanner.info] *On
>
> > Behalf Of *Alex Neuman
>
> > *Sent:* Monday, April 06, 2015 6:43 PM
>
> > *To:* MailScanner discussion
>
> > *Subject:* RE: PDF-Corruption
>
> >
>
> > I believe Mailborder and FSL systems provide official
> support.
>
> >
>
> > Try modifying your TNEF decoder settings in MailScanner.conf.
>
> >
>
> > On Apr 6, 2015 9:36 AM, "Mohammed Ejaz"
>
> > <mejaz at cyberia.net.sa <mailto:mejaz at cyberia.net.sa
> <mailto:mejaz at cyberia.net.sa%20%3cmailto:mejaz at cyberia.net.sa>>> wrote:
>
> >
>
> > Thanks,
>
> >
>
> > I cannot ask the customer as so many of them are complaining
>
> > for the same, I can make any exception from my side from
>
> > the MailScanner configuration.
>
> >
>
> > Is there any officially support for mailscanner?? As I
>
> > wanted to subscribe it.
>
> >
>
> > Ejaz
>
> >
>
> > *From:* MailScanner
>
> > [mailto:mailscanner-bounces at lists.mailscanner.info
>
> > <mailto:mailscanner-bounces at lists.mailscanner.info>] *On
>
> > Behalf Of *Alex Neuman
>
> > *Sent:* Monday, April 06, 2015 5:25 PM
>
> > *To:* MailScanner Discussion
>
> > *Subject:* Re: PDF-Corruption
>
> >
>
> > Do an MD5SUM of the PDF file before and after processing.
>
> >
>
> > Also, ask the originator NOT to use TNEF encoding (Rich Text
>
> > Format).
>
> >
>
> > Web Bug from
>
> >
>
> > http://t.signaleuna.com/e1t/o/5/f18dQhb0S7ks8dDMPbW2n0x6l2B9gXrN7sKj6v
>
> > 5dcLCW8qSMPl2zhrHPN4WJlXjQFLCHVLXL-m1k1H6H0?si=5887134288314368&pi=8f4
>
> > 1d298-9289-4b2f-8696-168d37d56000
>
> >
>
> >
>
> >
>
> > *Alex Neuman van der Hans*
>
> > Reliant Technologies / Vida Digital
>
> > http://vidadigital.com.pa/
>
> >
>
> > Mobile: +507 6781-9505 <tel:%2B507%206781-9505>
>
> > Work: *MailScanner has detected a possible fraud attempt
>
> > from "+5078326725" claiming to be* +507 832-6725
>
> > <*MailScanner has detected a possible fraud attempt from
> "+5078326725" claiming to be* http://+5078326725/>
>
> > Work (USA): +1 (440) 253-9789
>
> > <tel:%2B1%20%28440%29%20253-9789>
>
> >
>
> > Skype: AlexNeuman
>
> >
>
> >
>
> > Don't miss Vida Digital on LiveStream
>
> >
> <http://t.signaleuna.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XZsQByMPN7d-5TTRYFRKW7fsH1M56dwbYf6CVDXz02?t=http%3A%2F%2Fnew.livestream.com%2Faccounts%2F5061819&si=5887134288314368&pi=8f41d298-9289-4b2f-8696-168d37d56000>!
>
> >
>
> > Saturdays 8am-10am on Máxima 91.7FM Panama
>
> >
>
> >
>
> > Follow *@AlexNeuman
>
> >
> <http://t.signaleuna.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XZsQByMPN7d-5TTRYFRKW7fsH1M56dwbYf6CVDXz02?t=https%3A%2F%2Ftwitter.com%2Falexneuman&si=5887134288314368&pi=8f41d298-9289-4b2f-8696-168d37d56000>*
> on
>
> > Twitter
>
> > Like Vida Digital
>
> >
> <http://t.signaleuna.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XZsQByMPN7d-5TTRYFRKW7fsH1M56dwbYf6CVDXz02?t=https%3A%2F%2Ffacebook.com%2Fvidadigital%2F&si=5887134288314368&pi=8f41d298-9289-4b2f-8696-168d37d56000>
> on
>
> > Facebook
>
> >
>
> > Follow VidaDigital
>
> >
> <http://t.signaleuna.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XZsQByMPN7d-5TTRYFRKW7fsH1M56dwbYf6CVDXz02?t=http%3A%2F%2Finstagram.com%2Fvidadigital&si=5887134288314368&pi=8f41d298-9289-4b2f-8696-168d37d56000>
> on
>
> > Instagram
>
> >
>
> > Subscribe to Vida Digital
>
> >
> <http://t.signaleuna.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XZsQByMPN7d-5TTRYFRKW7fsH1M56dwbYf6CVDXz02?t=https%3A%2F%2Fyoutube.com%2Freliantpty&si=5887134288314368&pi=8f41d298-9289-4b2f-8696-168d37d56000>
> on
>
> > Youtube
>
> >
>
> > On Mon, Apr 6, 2015 at 8:31 AM, Mohammed Ejaz
>
> > <mejaz at cyberia.net.sa <mailto:mejaz at cyberia.net.sa
> <mailto:mejaz at cyberia.net.sa%20%3cmailto:mejaz at cyberia.net.sa>>> wrote:
>
> >
>
> > Hello.
>
> >
>
> > One of my user keep complaining that he is unable to
>
> > receive the PDF attachment properly, they are getting
>
> > corrupted. But when I check my logs it doesn’t show any
>
> > problem. Now my concern is how to justify the customer the
>
> > problem is from his side or from my MailScanner. Please
>
> > advice. Thanks for your usual co-operation.
>
> >
>
> > *_Below are the logs for the corrupted attachement/message
>
> > _*
>
> >
>
> > Apr 6 15:27:08 nmersal MailScanner[23116]: Message
>
> > C98395DF459.A2E18 from 150.70.237.8
>
> > (eyad.nashed at natcom.com.sa <mailto:eyad.nashed at natcom.com.sa>
>
> > <mailto:eyad.nashed at natcom.com.sa>) to unitedgroup.com.sa
>
> > <http://unitedgroup.com.sa/> is too big for spam checks
>
> > (497744 > 150000 bytes)
>
> >
>
> > Apr 6 15:27:08 nmersal MailScanner[23116]: Requeue:
>
> > C98395DF459.A2E18 to 555C55DF544
>
> >
>
> > Apr 6 15:27:08 nmersal MailScanner[23116]: Logging message
>
> > C98395DF459.A2E18 to SQL
>
> >
>
> > Apr 6 15:27:08 nmersal MailScanner[24178]:
>
> > C98395DF459.A2E18: Logged to MailWatch SQL
>
> >
>
> > *_Mail watch screen shot for the same message. _*
>
> >
>
> > *Received on:*
>
> >
>
> >
>
> >
>
> > 06/04/15 15:27:08
>
> >
>
> > *Received by:*
>
> >
>
> >
>
> >
>
> > nmersal.cyberia.net.sa <http://nmersal.cyberia.net.sa/>
>
> >
>
> > *Received from:*
>
> >
>
> >
>
> >
>
> > 150.70.237.8
>
> >
>
> >
>
> >
>
> > [Add to Whitelist
>
> >
> <http://nmersal.cyberia.net.sa/mailscanner/lists.php?host=150.70.237.8&from=eyad.nashed@natcom.com.sa&to=makhan@unitedgroup.com.sa,cabinader@unitedgroup.com.sa&type=h&list=w>
> |
>
> > Add to Blacklist
>
> >
>
> > <http://nmersal.cyberia.net.sa/mailscanner/lists.php?host=150.70.237.8
>
> >
> &from=eyad.nashed at natcom.com.sa&to=makhan at unitedgroup.com.sa,cabinader
> <mailto:&from=eyad.nashed at natcom.com.sa&to=makhan at unitedgroup.com.sa,cabinader>
>
> > @unitedgroup.com.sa&type=h&list=b>]
>
> >
>
> > *Received Via:*
>
> >
>
> >
>
> >
>
> > *IP Address*
>
> >
>
> >
>
> >
>
> > *Hostname*
>
> >
>
> >
>
> >
>
> > *Country*
>
> >
>
> >
>
> >
>
> > *RBL*
>
> >
>
> >
>
> >
>
> > *Spam*
>
> >
>
> >
>
> >
>
> > *Virus*
>
> >
>
> >
>
> >
>
> > *All*
>
> >
>
> > 150.70.237.8
>
> >
>
> >
>
> >
>
> > rout01.hes.trendmicro.eu
>
> > <http://rout01.hes.trendmicro.eu/>
>
> >
>
> >
>
> >
>
> > (GeoIP Lookup Failed)
>
> >
>
> >
>
> >
>
> >
>
> > [<http://www.mxtoolbox.com/SuperTool.aspx?action=blacklist:150.70.237.
>
> > 8>]
>
> >
>
> >
>
> >
>
> >
>
> > [<http://nmersal.cyberia.net.sa/mailscanner/rep_message_listing.php?re
>
> > lay=150.70.237.8&isspam=1>]
>
> >
>
> >
>
> >
>
> >
>
> > [<http://nmersal.cyberia.net.sa/mailscanner/rep_message_listing.php?re
>
> > lay=150.70.237.8&isvirus=1>]
>
> >
>
> >
>
> >
>
> >
>
> > [<http://nmersal.cyberia.net.sa/mailscanner/rep_message_listing.php?re
>
> > lay=150.70.237.8>]
>
> >
>
> > 10.36.162.83
>
> >
>
> >
>
> >
>
> > (Reverse Lookup Failed)
>
> >
>
> >
>
> >
>
> > (GeoIP Lookup Failed)
>
> >
>
> >
>
> >
>
> >
>
> > [<http://www.mxtoolbox.com/SuperTool.aspx?action=blacklist:10.36.162.8
>
> > 3>]
>
> >
>
> >
>
> >
>
> >
>
> > [<http://nmersal.cyberia.net.sa/mailscanner/rep_message_listing.php?re
>
> > lay=10.36.162.83&isspam=1>]
>
> >
>
> >
>
> >
>
> >
>
> > [<http://nmersal.cyberia.net.sa/mailscanner/rep_message_listing.php?re
>
> > lay=10.36.162.83&isvirus=1>]
>
> >
>
> >
>
> >
>
> >
>
> > [<http://nmersal.cyberia.net.sa/mailscanner/rep_message_listing.php?re
>
> > lay=10.36.162.83>]
>
> >
>
> > 89.237.187.138
>
> >
>
> >
>
> >
>
> > SJV-EXHC1.natcom.com.sa <http://sjv-exhc1.natcom.com.sa/>
>
> >
>
> >
>
> >
>
> > (GeoIP Lookup Failed)
>
> >
>
> >
>
> >
>
> >
>
> > [<http://www.mxtoolbox.com/SuperTool.aspx?action=blacklist:89.237.187.
>
> > 138>]
>
> >
>
> >
>
> >
>
> >
>
> > [<http://nmersal.cyberia.net.sa/mailscanner/rep_message_listing.php?re
>
> > lay=89.237.187.138&isspam=1>]
>
> >
>
> >
>
> >
>
> >
>
> > [<http://nmersal.cyberia.net.sa/mailscanner/rep_message_listing.php?re
>
> > lay=89.237.187.138&isvirus=1>]
>
> >
>
> >
>
> >
>
> >
>
> > [<http://nmersal.cyberia.net.sa/mailscanner/rep_message_listing.php?re
>
> > lay=89.237.187.138>]
>
> >
>
> > 172.16.200.106
>
> >
>
> >
>
> >
>
> > (Reverse Lookup Failed)
>
> >
>
> >
>
> >
>
> > (GeoIP Lookup Failed)
>
> >
>
> >
>
> >
>
> >
>
> > [<http://www.mxtoolbox.com/SuperTool.aspx?action=blacklist:172.16.200.
>
> > 106>]
>
> >
>
> >
>
> >
>
> >
>
> > [<http://nmersal.cyberia.net.sa/mailscanner/rep_message_listing.php?re
>
> > lay=172.16.200.106&isspam=1>]
>
> >
>
> >
>
> >
>
> >
>
> > [<http://nmersal.cyberia.net.sa/mailscanner/rep_message_listing.php?re
>
> > lay=172.16.200.106&isvirus=1>]
>
> >
>
> >
>
> >
>
> >
>
> > [<http://nmersal.cyberia.net.sa/mailscanner/rep_message_listing.php?re
>
> > lay=172.16.200.106>]
>
> >
>
> > 172.16.200.105
>
> >
>
> >
>
> >
>
> > (Reverse Lookup Failed)
>
> >
>
> >
>
> >
>
> > (GeoIP Lookup Failed)
>
> >
>
> >
>
> >
>
> >
>
> > [<http://www.mxtoolbox.com/SuperTool.aspx?action=blacklist:172.16.200.
>
> > 105>]
>
> >
>
> >
>
> >
>
> >
>
> > [<http://nmersal.cyberia.net.sa/mailscanner/rep_message_listing.php?re
>
> > lay=172.16.200.105&isspam=1>]
>
> >
>
> >
>
> >
>
> >
>
> > [<http://nmersal.cyberia.net.sa/mailscanner/rep_message_listing.php?re
>
> > lay=172.16.200.105&isvirus=1>]
>
> >
>
> >
>
> >
>
> >
>
> > [<http://nmersal.cyberia.net.sa/mailscanner/rep_message_listing.php?re
>
> > lay=172.16.200.105>]
>
> >
>
> > 94.96.34.151
>
> >
>
> >
>
> >
>
> > (Reverse Lookup Failed)
>
> >
>
> >
>
> >
>
> > (GeoIP Lookup Failed)
>
> >
>
> >
>
> >
>
> >
>
> > [<http://www.mxtoolbox.com/SuperTool.aspx?action=blacklist:94.96.34.15
>
> > 1>]
>
> >
>
> >
>
> >
>
> >
>
> > [<http://nmersal.cyberia.net.sa/mailscanner/rep_message_listing.php?re
>
> > lay=94.96.34.151&isspam=1>]
>
> >
>
> >
>
> >
>
> >
>
> > [<http://nmersal.cyberia.net.sa/mailscanner/rep_message_listing.php?re
>
> > lay=94.96.34.151&isvirus=1>]
>
> >
>
> >
>
> >
>
> >
>
> > [<http://nmersal.cyberia.net.sa/mailscanner/rep_message_listing.php?re
>
> > lay=94.96.34.151>]
>
> >
>
> > *ID:*
>
> >
>
> >
>
> >
>
> > C98395DF459.A2E18
>
> >
>
> > *Message Headers:*
>
> >
>
> >
>
> >
>
> > Received: from rout01.hes.trendmicro.eu
>
> > <http://rout01.hes.trendmicro.eu/> (rout01.hes.trendmicro.eu
>
> > <http://rout01.hes.trendmicro.eu/> [150.70.237.8])
>
> > by nmersal.cyberia.net.sa
>
> > <http://nmersal.cyberia.net.sa/> (Postfix) with ESMTP id
>
> > C98395DF459;
>
> > Mon, 6 Apr 2015 15:27:04 +0300 (AST)
>
> > Received: from outmta.starcloud.com
>
> > <http://outmta.starcloud.com/> (unknown [10.36.162.83])
>
> > by rout01.hes.trendmicro.eu
>
> > <http://rout01.hes.trendmicro.eu/> (Postfix) with SMTP id
>
> > A01EA740040;
>
> > Mon, 6 Apr 2015 12:24:17 +0000 (UTC)
>
> > Received: from SJV-EXHC1.natcom.com.sa
>
> > <http://sjv-exhc1.natcom.com.sa/> (unknown [89.237.187.138])
>
> > by relay03.hes.trendmicro.eu
>
> > <http://relay03.hes.trendmicro.eu/> (Postfix) with ESMTPS id
>
> > 0CADD108003B;
>
> > Mon, 6 Apr 2015 12:24:13 +0000 (UTC)
>
> > Received: from SJV-EXMB1.natcom.com.sa
>
> > <http://sjv-exmb1.natcom.com.sa/> ([172.16.200.106]) by
>
> > SJV-EXHC1.natcom.com.sa
>
> > <http://sjv-exhc1.natcom.com.sa/> ([172.16.200.105]) with
>
> > mapi id 14.03.0174.001; Mon,
>
> > 6 Apr 2015 15:24:12 +0300
>
> > From: Eyad Nashed <eyad.nashed at natcom.com.sa
>
> > <mailto:eyad.nashed at natcom.com.sa>>
>
> > To: Charbel Abi Nader <cabinader at unitedgroup.com.sa
>
> > <mailto:cabinader at unitedgroup.com.sa>>
>
> > CC: Mustafa Khan <makhan at unitedgroup.com.sa
>
> > <mailto:makhan at unitedgroup.com.sa>>, Hekmat Qassem
>
> > <hekmatq at natcom.com.sa
> <mailto:hekmatq at natcom.com.sa
> <mailto:hekmatq at natcom.com.sa%20%3cmailto:hekmatq at natcom.com.sa>>>
>
> > Subject: RE: Cisco Access Point Quotation
>
> > Thread-Topic: Cisco Access Point Quotation
>
> > Thread-Index:
>
> > AdAuOXu58spz1ZodRhu5UQn57fO5pwE1hzOAAun77JAMaolAgAAAsNaw
>
> > Date: Mon, 6 Apr 2015 12:24:11 +0000
>
> > Message-ID:
>
> >
> <FBD94B164BE21A4393DB52F7CD6C8DFD16D46764 at SJV-EXMB1.natcom.com.sa
>
> >
> <mailto:FBD94B164BE21A4393DB52F7CD6C8DFD16D46764 at SJV-EXMB1.natcom.com.sa>>
>
> > References:
>
> >
> <5D03A0A65DC66246BD036492B3B4155D0125B0EFA0C0 at SRV-EXCHANGE.unitedgroup.com.sa
>
> >
> <mailto:5D03A0A65DC66246BD036492B3B4155D0125B0EFA0C0 at SRV-EXCHANGE.unitedgroup.com.sa>>
>
> > In-Reply-To:
>
> >
> <5D03A0A65DC66246BD036492B3B4155D0125B0EFA0C0 at SRV-EXCHANGE.unitedgroup.com.sa
>
> >
> <mailto:5D03A0A65DC66246BD036492B3B4155D0125B0EFA0C0 at SRV-EXCHANGE.unitedgroup.com.sa>>
>
> > Accept-Language: en-US
>
> > Content-Language: en-US
>
> > X-MS-Has-Attach: yes
>
> > X-MS-TNEF-Correlator:
>
> > x-originating-ip: [94.96.34.151]
>
> > Content-Type: multipart/mixed;
>
> >
>
> >
> boundary="_009_FBD94B164BE21A4393DB52F7CD6C8DFD16D46764SJVEXMB1natcomc_"
>
> > MIME-Version: 1.0
>
> > X-TMASE-Version: StarCloud-1.3-7.6.1031-21452.007
>
> > X-TMASE-Result: 10--28.541000-7.000000
>
> > X-TMASE-MatchedRID:
>
> > OoEa6u7Uk5/uYusHgJkgyp4oketYmk9n6twe66otJ9OPIHWegpZ5EAhQ
>
> >
>
> >
>
> > G0AY/U6PNaks11cFGww8fzOIin7ZEjahjZPEodkXlNc2tyboPcIUFDkgqWz8Dv/rGk9ZgE
>
> > ve5PR
>
> >
>
> >
>
> > Aib0WZrLaY2ziQGT+Uik9yXybJEtFlVHM/F6YkvRTQ6yD6LF7xfFJXtgF4GFLArfwhXClR
>
> > wk/W3
>
> >
>
> >
>
> > 2/OuaH/Sukbkm96eJb0cTnofRVtgp2XqsJnwiP2SF2LrPGWWbWC28gYpoLqXT/93Vx7XRx
>
> > YRCMk
>
> >
>
> >
>
> > pFgMaSq8bSjbtGbq7iL8o3USqxxWjSwZ6aRtol7LWxNF43hsRRI7YhsiSUzzE2zDRfhGX9
>
> > jTVgr
>
> >
>
> >
>
> > vxTVwyJwqdB+bLvyLQ/thUNmOVzLzzuzg6dga4JMkOX0UoduuVvo8FSqar5SA4eV6z+cHC
>
> > e0E4q
>
> >
>
> >
>
> > Q/W7LyPumyOC/eNMcAvP4B9GVGgcXGp2ggKr4hkdSfJOV3AHEH1bhq4z+yfQ6qdxtMsrhe
>
> > Pwhb7
>
> >
>
> >
>
> > LgNO0TcBMoZsDvj0dGdzDPcLC41P0peXGEEBlv6r3HCixfuKcc4ri4RJV/1ec4Knh54Lbx
>
> > FLzYP
>
> >
>
> >
>
> > EEL4mjDpxqo7r+PMiApVk/D2Quxsyw+ZJnFumTvCHzUQQGBcv5Ya9RJuA7S28vyRIpB9YR
>
> > Hfthv
>
> >
>
> >
>
> > /CmUfxQjizXtCXfTWYqLLUX2mAtB6yOrxc8xu3cF/0kiqyh4xtv4pHoS4V1QU3rTZ0JuCx
>
> > GdJ4e
>
> >
>
> >
>
> > SxuIY9yaXhPhnUZ2CIg7tJ//usYvptQwz5tsim/y00tE9StbJC/aADPDwzUBTQ8e8uxTND
>
> > UDi9i
>
> >
>
> >
>
> > 0VZ/saFVw7sdMuf1sfC3MwiLDSgX5C7r6SH87G0EHapv1eJ+Ojezwlfd8ercmmD7/hK1/g
>
> > T2zXY
>
> >
>
> >
> a9/nevhSSrPew45P9xmfnR7MeqDN3DiEIyq8qXPrX/pP+hVVyeIFeyseOJMLfvt9m2c3oFdCEso
>
> > 7pnCj3Td6w7ozQLgmIj9pQ1oyg==
>
> >
>
> > *From:*
>
> >
>
> >
>
> >
>
> > eyad.nashed at natcom.com.sa <mailto:eyad.nashed at natcom.com.sa>
>
> > <mailto:eyad.nashed at natcom.com.sa>
>
> >
>
> >
>
> >
>
> > [Add to Whitelist
>
> >
> <http://nmersal.cyberia.net.sa/mailscanner/lists.php?host=150.70.237.8&from=eyad.nashed@natcom.com.sa&to=makhan@unitedgroup.com.sa,cabinader@unitedgroup.com.sa&type=f&list=w>
> |
>
> > Add to Blacklist
>
> >
>
> > <http://nmersal.cyberia.net.sa/mailscanner/lists.php?host=150.70.237.8
>
> >
> &from=eyad.nashed at natcom.com.sa&to=makhan at unitedgroup.com.sa,cabinader
> <mailto:&from=eyad.nashed at natcom.com.sa&to=makhan at unitedgroup.com.sa,cabinader>
>
> > @unitedgroup.com.sa&type=f&list=b>]
>
> >
>
> > *To:*
>
> >
>
> >
>
> >
>
> > makhan at unitedgroup.com.sa <mailto:makhan at unitedgroup.com.sa>
> <mailto:makhan at unitedgroup.com.sa>
>
> > cabinader at unitedgroup.com.sa <mailto:cabinader at unitedgroup.com.sa>
>
> > <mailto:cabinader at unitedgroup.com.sa>
>
> >
>
> > *Subject:*
>
> >
>
> >
>
> >
>
> > RE: Cisco Access Point Quotation
>
> >
>
> > *Size:*
>
> >
>
> >
>
> >
>
> > 486.1Kb
>
> >
>
> > *Anti-Virus/Dangerous Content Protection*
>
> >
>
> > *Virus:*
>
> >
>
> >
>
> >
>
> > * N *
>
> >
>
> > *Blocked File:*
>
> >
>
> >
>
> >
>
> > * N *
>
> >
>
> > *Other Infection:*
>
> >
>
> >
>
> >
>
> > * N *
>
> >
>
> > *SpamAssassin*
>
> >
>
> > *Spam:*
>
> >
>
> >
>
> >
>
> > * N * Action(s): deliver, header, "X-Spam-Status:, No"
>
> >
>
> > *High Scoring Spam:*
>
> >
>
> >
>
> >
>
> > * N *
>
> >
>
> > *SpamAssassin Spam:*
>
> >
>
> >
>
> >
>
> > * N *
>
> >
>
> > *Listed in RBL:*
>
> >
>
> >
>
> >
>
> > * N *
>
> >
>
> > *Spam Whitelisted:*
>
> >
>
> >
>
> >
>
> > * N *
>
> >
>
> > *Spam Blacklisted:*
>
> >
>
> >
>
> >
>
> > * N *
>
> >
>
> > *SpamAssassin Autolearn:*
>
> >
>
> >
>
> >
>
> > * N *
>
> >
>
> > *SpamAssassin Score:*
>
> >
>
> >
>
> >
>
> > 0.00
>
> >
>
> > *Spam Report:*
>
> >
>
> >
>
> >
>
> > *Score*
>
> >
>
> >
>
> >
>
> > *Matching Rule*
>
> >
>
> >
>
> >
>
> > *Description*
>
> >
>
> > large
>
> >
>
> >
>
> >
>
> > too
>
> >
>
> >
>
> >
>
> > *Message Content Protection (MCP)*
>
> >
>
> > *MCP:*
>
> >
>
> >
>
> >
>
> > * N *
>
> >
>
> > *High Scoring MCP:*
>
> >
>
> >
>
> >
>
> > * N *
>
> >
>
> > *SpamAssassin MCP:*
>
> >
>
> >
>
> >
>
> > * N *
>
> >
>
> > *MCP Whitelisted:*
>
> >
>
> >
>
> >
>
> > * N *
>
> >
>
> > *MCP Blacklisted:*
>
> >
>
> >
>
> >
>
> > * N *
>
> >
>
> > Regards
>
> >
>
> > Ejaz
>
> >
>
> >
>
> >
>
> >
>
> > --
>
> > MailScanner mailing list
>
> > mailscanner at lists.mailscanner.info
> <mailto:mailscanner at lists.mailscanner.info>
>
> > <mailto:mailscanner at lists.mailscanner.info>
>
> > http://lists.mailscanner.info/listinfo/mailscanner
>
> >
>
> >
>
> >
>
> >
>
> > --
>
> > MailScanner mailing list
>
> > mailscanner at lists.mailscanner.info
> <mailto:mailscanner at lists.mailscanner.info>
>
> > <mailto:mailscanner at lists.mailscanner.info>
>
> > http://lists.mailscanner.info/listinfo/mailscanner
>
> >
>
> >
>
> >
>
> > --
>
> > MailScanner mailing list
>
> > mailscanner at lists.mailscanner.info
> <mailto:mailscanner at lists.mailscanner.info>
>
> > <mailto:mailscanner at lists.mailscanner.info>
>
> > http://lists.mailscanner.info/listinfo/mailscanner
>
> >
>
> >
>
> >
>
> >
>
> > --
>
> > MailScanner mailing list
>
> > mailscanner at lists.mailscanner.info
> <mailto:mailscanner at lists.mailscanner.info>
>
> > <mailto:mailscanner at lists.mailscanner.info>
>
> > http://lists.mailscanner.info/listinfo/mailscanner
>
> >
>
> >
>
> >
>
> >
>
> > --
>
> > MailScanner mailing list
>
> > mailscanner at lists.mailscanner.info
> <mailto:mailscanner at lists.mailscanner.info>
>
> > <mailto:mailscanner at lists.mailscanner.info>
>
> > http://lists.mailscanner.info/listinfo/mailscanner
>
> >
>
> >
>
> >
>
> >
>
> > --
>
> > MailScanner mailing list
>
> > mailscanner at lists.mailscanner.info
> <mailto:mailscanner at lists.mailscanner.info>
>
> > <mailto:mailscanner at lists.mailscanner.info>
>
> > http://lists.mailscanner.info/listinfo/mailscanner
>
> >
>
> >
>
> >
>
> >
>
> > --
>
> > MailScanner mailing list
>
> > mailscanner at lists.mailscanner.info
> <mailto:mailscanner at lists.mailscanner.info>
>
> > <mailto:mailscanner at lists.mailscanner.info>
>
> > http://lists.mailscanner.info/listinfo/mailscanner
>
> >
>
> >
>
> >
>
> >
>
> >
>
> --
>
> MailScanner mailing list
>
> mailscanner at lists.mailscanner.info
> <mailto:mailscanner at lists.mailscanner.info>
>
> http://lists.mailscanner.info/listinfo/mailscanner
>
>
>
>
>
More information about the MailScanner
mailing list