Diceman_01
asked on
Sybari e-mail address doesn't seem to work (Exchange message trace attached)
Howdy;
I use Sybari Antigen with Advanced Spam Manager here at my office, and I am having issues with too much spam getting through. I read the ASM white paper which indicates there is an e-mail to send false negatives to, so that Sybari can create new signatures for their SpamCure engine. Unfortunately, everything I have sent to them has generated an NDR (from our own exchange box) a couple of days later.
The e-mail as advertised is: Spam.mail-filters@research
Is this correct? I did a message trace on our Exchange 2003 server, and I've copied the trace results here (Time Stamps removed for simplicity, can be added on request):
SMTP Store Driver: Message submitted from Store
SMTP: Message Submitted to Advanced Queuing
SMTP: Started Message Submission to Advanced Queue
SMTP: Message Submitted to Categorizer
SMTP: Message Categorized and Queued for Routing
SMTP: Message Routed and Queued for Remote Delivery
SMTP: Started Outbound Transfer of Message
Message Transferred to through SMTP
SMTP: Started Outbound Transfer of Message
Message Transferred to through SMTP
SMTP: Non-Delivered Report (NDR) Generated
Any ideas on what's going wrong here?
Thanks for the help.
Dice.
I use Sybari Antigen with Advanced Spam Manager here at my office, and I am having issues with too much spam getting through. I read the ASM white paper which indicates there is an e-mail to send false negatives to, so that Sybari can create new signatures for their SpamCure engine. Unfortunately, everything I have sent to them has generated an NDR (from our own exchange box) a couple of days later.
The e-mail as advertised is: Spam.mail-filters@research
Is this correct? I did a message trace on our Exchange 2003 server, and I've copied the trace results here (Time Stamps removed for simplicity, can be added on request):
SMTP Store Driver: Message submitted from Store
SMTP: Message Submitted to Advanced Queuing
SMTP: Started Message Submission to Advanced Queue
SMTP: Message Submitted to Categorizer
SMTP: Message Categorized and Queued for Routing
SMTP: Message Routed and Queued for Remote Delivery
SMTP: Started Outbound Transfer of Message
Message Transferred to through SMTP
SMTP: Started Outbound Transfer of Message
Message Transferred to through SMTP
SMTP: Non-Delivered Report (NDR) Generated
Any ideas on what's going wrong here?
Thanks for the help.
Dice.
ASKER
Thanks for the reply.
Here is the text from one of the NDRs:
=====BEGIN NDR=====
Your message did not reach some or all of the intended recipients.
Subject: FW: The Ultimate Online Pharmaceutical
Sent: 3/17/2006 3:44 PM
The following recipient(s) could not be reached:
'Spam' on 3/19/2006 3:46 PM
Could not deliver the message in the time limit specified. Please retry or contact your administrator.
<yk-exch-2.corp.wcb.nt.ca #4.4.7>
=====END NDR=====
Perhaps obviously, the recipient 'Spam' is my outlook contact for spam.mail-filters@research
I did a search on SMTP 4.4.7 and it mentioned the badmail directory, so I checked the "Mailroot\vsi 1\BadMail" directory, but it was empty.
In the meantime, I've turned on SMTP tracking, (as per these directions: http://www.msexchange.org/tutorials/Logging_the_SMTP_Service.html) and have re-sent the message. Looking at the SMTP logs, I see that the time stamps start at 15:53 and continue from there. From this, I can only assume that the timestamps are all in GMT - is this correct? For the time being, I will assume this is correct and proceed accordingly.
By checking Exchange 2003 message tracking, I was able to see that my message was submitted to the SMTP service at 9:25am (GMT-0700). In the SMTP logs, I isolated the events that occured from 16:24:00 GMT to 16:26:59 GMT and read the lines from the log, but none of the messages seemed to be my outbound message. Moreover, _every_ message appeared to be an inbound message. This appears to be true for the entire log. As I scroll through the log, everything appears to be documenting connections established by external servers. Am I missing something here - maybe I've turned on the wrong tracking?
At any rate, as requested, here are the logs. To minimize extraneous information, I've only included events that occured from 16:24:00 GMT to 16:26:59 GMT, but can expand this on request.
=====BEGIN SMTP LOG=====
2006-03-21 16:24:09 216.126.110.222 gwichin.nt.ca SMTPSVC1 YK-EXCH-2 192.168.5.23 0 EHLO - +gwichin.nt.ca 250 0 319 18 0 SMTP - - - -
2006-03-21 16:24:09 216.126.110.222 gwichin.nt.ca SMTPSVC1 YK-EXCH-2 192.168.5.23 0 MAIL - +FROM:<TWilliams@gwichin.n
2006-03-21 16:24:09 216.126.110.222 gwichin.nt.ca SMTPSVC1 YK-EXCH-2 192.168.5.23 0 RCPT - +TO:<davegru@wcb.nt.ca> 250 0 30 27 0 SMTP - - - -
2006-03-21 16:24:09 216.126.110.222 gwichin.nt.ca SMTPSVC1 YK-EXCH-2 192.168.5.23 0 BDAT - +<E5035C2E79F4AF41BB37A88A
2006-03-21 16:24:09 216.126.110.222 gwichin.nt.ca SMTPSVC1 YK-EXCH-2 192.168.5.23 0 QUIT - gwichin.nt.ca 240 375 73 4 0 SMTP - - - -
2006-03-21 16:24:22 62.23.69.197 OutboundConnectionResponse
2006-03-21 16:24:22 62.23.69.197 OutboundConnectionCommand SMTPSVC1 YK-EXCH-2 - 25 EHLO - yk-exch-2.corp.wcb.nt.ca 0 0 4 0 1282 SMTP - - - -
2006-03-21 16:24:22 62.23.69.197 OutboundConnectionResponse
2006-03-21 16:24:22 62.23.69.197 OutboundConnectionCommand SMTPSVC1 YK-EXCH-2 - 25 MAIL - FROM:<JeanneeJ@wcb.nt.ca>+
2006-03-21 16:24:22 62.23.69.197 OutboundConnectionResponse
2006-03-21 16:24:22 62.23.69.197 OutboundConnectionCommand SMTPSVC1 YK-EXCH-2 - 25 RCPT - TO:<hu2ivoa8@cogit.fr> 0 0 4 0 1672 SMTP - - - -
2006-03-21 16:24:22 62.23.69.197 OutboundConnectionResponse
2006-03-21 16:24:22 62.23.69.197 OutboundConnectionCommand SMTPSVC1 YK-EXCH-2 - 25 RSET - - 0 0 4 0 1891 SMTP - - - -
2006-03-21 16:24:22 62.23.69.197 OutboundConnectionResponse
2006-03-21 16:24:22 62.23.69.197 OutboundConnectionCommand SMTPSVC1 YK-EXCH-2 - 25 QUIT - - 0 0 4 0 2094 SMTP - - - -
2006-03-21 16:24:23 62.23.69.197 OutboundConnectionResponse
2006-03-21 16:24:37 216.108.160.10 igloo1.gov.nt.ca SMTPSVC1 YK-EXCH-2 192.168.5.23 0 EHLO - +igloo1.gov.nt.ca 250 0 318 21 0 SMTP - - - -
2006-03-21 16:24:37 216.108.160.10 igloo1.gov.nt.ca SMTPSVC1 YK-EXCH-2 192.168.5.23 0 MAIL - +FROM:<Laurie_Moroz@gov.nt
2006-03-21 16:24:37 216.108.160.10 igloo1.gov.nt.ca SMTPSVC1 YK-EXCH-2 192.168.5.23 0 RCPT - +TO:<donnag@wcb.nt.ca> 250 0 29 26 15 SMTP - - - -
2006-03-21 16:24:37 216.108.160.10 igloo1.gov.nt.ca SMTPSVC1 YK-EXCH-2 192.168.5.23 0 DATA - +<H00001c20d59f6e9.1142958
2006-03-21 16:24:37 216.108.160.10 igloo1.gov.nt.ca SMTPSVC1 YK-EXCH-2 192.168.5.23 0 QUIT - igloo1.gov.nt.ca 240 1297 73 4 0 SMTP - - - -
2006-03-21 16:25:20 198.235.201.4 OutboundConnectionResponse
2006-03-21 16:25:20 198.235.201.4 OutboundConnectionCommand SMTPSVC1 YK-EXCH-2 - 25 EHLO - yk-exch-2.corp.wcb.nt.ca 0 0 4 0 5235 SMTP - - - -
2006-03-21 16:25:20 198.235.201.4 OutboundConnectionResponse
2006-03-21 16:25:20 198.235.201.4 OutboundConnectionCommand SMTPSVC1 YK-EXCH-2 - 25 MAIL - FROM:<Jeremyst@wcb.nt.ca>+
2006-03-21 16:25:20 198.235.201.4 OutboundConnectionResponse
2006-03-21 16:25:20 198.235.201.4 OutboundConnectionCommand SMTPSVC1 YK-EXCH-2 - 25 RCPT - TO:<adrien@polartech.ca> 0 0 4 0 5235 SMTP - - - -
2006-03-21 16:25:20 198.235.201.4 OutboundConnectionResponse
2006-03-21 16:25:20 198.235.201.4 OutboundConnectionCommand SMTPSVC1 YK-EXCH-2 - 25 DATA - - 0 0 4 0 5250 SMTP - - - -
2006-03-21 16:25:20 198.235.201.4 OutboundConnectionResponse
2006-03-21 16:25:20 198.235.201.4 OutboundConnectionResponse
2006-03-21 16:25:20 198.235.201.4 OutboundConnectionCommand SMTPSVC1 YK-EXCH-2 - 25 QUIT - - 0 0 4 0 5360 SMTP - - - -
2006-03-21 16:25:20 198.235.201.4 OutboundConnectionResponse
2006-03-21 16:25:51 221.188.212.11 - SMTPSVC1 YK-EXCH-2 192.168.5.23 0 QUIT - - 240 0 199 4 0 SMTP - - - -
2006-03-21 16:25:55 65.54.174.14 hotmail.com SMTPSVC1 YK-EXCH-2 192.168.5.23 0 EHLO - +hotmail.com 250 0 316 16 0 SMTP - - - -
2006-03-21 16:25:55 65.54.174.14 hotmail.com SMTPSVC1 YK-EXCH-2 192.168.5.23 0 MAIL - +FROM:<lindakcooper@hotmai
2006-03-21 16:25:55 65.54.174.14 hotmail.com SMTPSVC1 YK-EXCH-2 192.168.5.23 0 RCPT - +TO:<marianad@wcb.nt.ca> 250 0 31 28 0 SMTP - - - -
2006-03-21 16:25:55 65.54.174.14 hotmail.com SMTPSVC1 YK-EXCH-2 192.168.5.23 0 BDAT - +<BAY103-F423257C473EF3508
2006-03-21 16:25:55 65.54.174.14 hotmail.com SMTPSVC1 YK-EXCH-2 192.168.5.23 0 QUIT - hotmail.com 240 703 73 4 0 SMTP - - - -
2006-03-21 16:25:58 192.168.2.3 OutboundConnectionResponse
2006-03-21 16:25:58 192.168.2.3 OutboundConnectionCommand SMTPSVC1 YK-EXCH-2 - 25 EHLO - yk-exch-2.corp.wcb.nt.ca 0 0 4 0 1203 SMTP - - - -
2006-03-21 16:25:58 192.168.2.3 OutboundConnectionResponse
2006-03-21 16:26:00 192.168.2.3 OutboundConnectionResponse
2006-03-21 16:26:01 192.168.2.3 OutboundConnectionResponse
2006-03-21 16:26:01 192.168.2.3 OutboundConnectionResponse
2006-03-21 16:26:01 192.168.2.3 OutboundConnectionCommand SMTPSVC1 YK-EXCH-2 - 25 X-LINK2STATE - LAST+CHUNK={0000006a}+MULT
2006-03-21 16:26:02 192.168.2.3 OutboundConnectionResponse
2006-03-21 16:26:02 192.168.2.3 OutboundConnectionCommand SMTPSVC1 YK-EXCH-2 - 25 MAIL - FROM:<lindakcooper@hotmail
2006-03-21 16:26:02 192.168.2.3 OutboundConnectionResponse
2006-03-21 16:26:02 192.168.2.3 OutboundConnectionCommand SMTPSVC1 YK-EXCH-2 - 25 RCPT - TO:<MarianaD@wcb.nt.ca> 0 0 4 0 5891 SMTP - - - -
2006-03-21 16:26:03 192.168.2.3 OutboundConnectionResponse
2006-03-21 16:26:03 192.168.2.3 OutboundConnectionCommand SMTPSVC1 YK-EXCH-2 - 25 XEXCH50 - 1076+2 0 0 7 0 6578 SMTP - - - -
2006-03-21 16:26:03 192.168.2.3 OutboundConnectionResponse
2006-03-21 16:26:05 192.168.2.3 OutboundConnectionResponse
2006-03-21 16:26:05 192.168.2.3 OutboundConnectionCommand SMTPSVC1 YK-EXCH-2 - 25 BDAT - 1300+LAST 0 0 4 0 8016 SMTP - - - -
2006-03-21 16:26:06 198.103.249.251 SGW5HQ1.INAC.GC.CA SMTPSVC1 YK-EXCH-2 192.168.5.23 0 EHLO - +SGW5HQ1.INAC.GC.CA 250 0 319 23 0 SMTP - - - -
2006-03-21 16:26:06 198.103.249.251 SGW5HQ1.INAC.GC.CA SMTPSVC1 YK-EXCH-2 192.168.5.23 0 MAIL - +FROM:<roeschm@inac-ainc.g
2006-03-21 16:26:06 192.168.2.3 OutboundConnectionResponse
2006-03-21 16:26:06 192.168.2.3 OutboundConnectionCommand SMTPSVC1 YK-EXCH-2 - 25 QUIT - - 0 0 4 0 9813 SMTP - - - -
2006-03-21 16:26:06 198.103.249.251 SGW5HQ1.INAC.GC.CA SMTPSVC1 YK-EXCH-2 192.168.5.23 0 RCPT - +TO:<davegru@wcb.nt.ca> 250 0 30 27 0 SMTP - - - -
2006-03-21 16:26:06 192.168.2.3 OutboundConnectionResponse
2006-03-21 16:26:08 198.103.249.251 SGW5HQ1.INAC.GC.CA SMTPSVC1 YK-EXCH-2 192.168.5.23 0 DATA - +<s41fe11a.039@SGW5HQ1.INA
2006-03-21 16:26:08 198.103.249.251 SGW5HQ1.INAC.GC.CA SMTPSVC1 YK-EXCH-2 192.168.5.23 0 QUIT - SGW5HQ1.INAC.GC.CA 240 1391 73 4 0 SMTP - - - -
2006-03-21 16:26:09 216.108.160.2 OutboundConnectionResponse
2006-03-21 16:26:09 216.108.160.2 OutboundConnectionCommand SMTPSVC1 YK-EXCH-2 - 25 EHLO - yk-exch-2.corp.wcb.nt.ca 0 0 4 0 750 SMTP - - - -
2006-03-21 16:26:09 216.108.160.2 OutboundConnectionResponse
2006-03-21 16:26:09 216.108.160.2 OutboundConnectionCommand SMTPSVC1 YK-EXCH-2 - 25 MAIL - FROM:<CaitlinC@wcb.nt.ca>+
2006-03-21 16:26:09 216.108.160.2 OutboundConnectionResponse
2006-03-21 16:26:09 216.108.160.2 OutboundConnectionCommand SMTPSVC1 YK-EXCH-2 - 25 RCPT - TO:<bearfacts@gov.nt.ca> 0 0 4 0 1546 SMTP - - - -
2006-03-21 16:26:11 216.108.160.2 OutboundConnectionResponse
2006-03-21 16:26:11 216.108.160.2 OutboundConnectionCommand SMTPSVC1 YK-EXCH-2 - 25 DATA - - 0 0 4 0 2265 SMTP - - - -
2006-03-21 16:26:11 216.108.160.2 OutboundConnectionResponse
2006-03-21 16:26:13 216.108.160.2 OutboundConnectionResponse
2006-03-21 16:26:13 216.108.160.2 OutboundConnectionCommand SMTPSVC1 YK-EXCH-2 - 25 QUIT - - 0 0 4 0 4078 SMTP - - - -
2006-03-21 16:26:13 216.108.160.2 OutboundConnectionResponse
2006-03-21 16:26:14 205.194.19.89 OutboundConnectionResponse
2006-03-21 16:26:14 205.194.19.89 OutboundConnectionCommand SMTPSVC1 YK-EXCH-2 - 25 EHLO - yk-exch-2.corp.wcb.nt.ca 0 0 4 0 375 SMTP - - - -
2006-03-21 16:26:14 205.194.19.89 OutboundConnectionResponse
2006-03-21 16:26:14 205.194.19.89 OutboundConnectionCommand SMTPSVC1 YK-EXCH-2 - 25 MAIL - FROM:<CourtneyW@wcb.nt.ca>
2006-03-21 16:26:14 205.194.19.89 OutboundConnectionResponse
2006-03-21 16:26:14 205.194.19.89 OutboundConnectionCommand SMTPSVC1 YK-EXCH-2 - 25 RCPT - TO:<OndrackA@DFO-MPO.GC.CA
2006-03-21 16:26:14 205.194.19.89 OutboundConnectionResponse
2006-03-21 16:26:14 205.194.19.89 OutboundConnectionCommand SMTPSVC1 YK-EXCH-2 - 25 DATA - - 0 0 4 0 657 SMTP - - - -
2006-03-21 16:26:14 205.194.19.89 OutboundConnectionResponse
2006-03-21 16:26:14 205.194.19.89 OutboundConnectionResponse
2006-03-21 16:26:14 205.194.19.89 OutboundConnectionCommand SMTPSVC1 YK-EXCH-2 - 25 QUIT - - 0 0 4 0 953 SMTP - - - -
2006-03-21 16:26:14 205.194.19.89 OutboundConnectionResponse
2006-03-21 16:26:25 216.108.160.10 igloo1.gov.nt.ca SMTPSVC1 YK-EXCH-2 192.168.5.23 0 EHLO - +igloo1.gov.nt.ca 250 0 318 21 0 SMTP - - - -
2006-03-21 16:26:25 88.9.152.54 dmjskwhy7lkljbw SMTPSVC1 YK-EXCH-2 192.168.5.23 0 EHLO - +dmjskwhy7lkljbw 250 0 315 20 0 SMTP - - - -
2006-03-21 16:26:25 88.9.152.54 dmjskwhy7lkljbw SMTPSVC1 YK-EXCH-2 192.168.5.23 0 EHLO - +dmjskwhy7lkljbw 250 0 315 20 0 SMTP - - - -
2006-03-21 16:26:25 216.108.160.10 igloo1.gov.nt.ca SMTPSVC1 YK-EXCH-2 192.168.5.23 0 MAIL - +FROM:<Saundra_Arberry@gov
2006-03-21 16:26:25 216.108.160.10 igloo1.gov.nt.ca SMTPSVC1 YK-EXCH-2 192.168.5.23 0 RCPT - +TO:<CaitlinC@wcb.nt.ca> 250 0 31 28 0 SMTP - - - -
2006-03-21 16:26:25 216.108.160.10 igloo1.gov.nt.ca SMTPSVC1 YK-EXCH-2 192.168.5.23 0 DATA - +<"AUTOANS-2a636fed.114295
2006-03-21 16:26:25 216.108.160.10 igloo1.gov.nt.ca SMTPSVC1 YK-EXCH-2 192.168.5.23 0 QUIT - igloo1.gov.nt.ca 240 1250 73 4 0 SMTP - - - -
2006-03-21 16:26:28 88.9.152.54 dmjskwhy7lkljbw SMTPSVC1 YK-EXCH-2 192.168.5.23 0 MAIL - +FROM:<hostmaster@10-milli
2006-03-21 16:26:28 88.9.152.54 dmjskwhy7lkljbw SMTPSVC1 YK-EXCH-2 192.168.5.23 0 RCPT - +TO:<brendam@wcb.nt.ca> 250 0 30 27 0 SMTP - - - -
2006-03-21 16:26:28 88.9.152.54 dmjskwhy7lkljbw SMTPSVC1 YK-EXCH-2 192.168.5.23 0 MAIL - +FROM:<ayman_kassem@0500ma
2006-03-21 16:26:28 88.9.152.54 dmjskwhy7lkljbw SMTPSVC1 YK-EXCH-2 192.168.5.23 0 RCPT - +TO:<brente@wcb.nt.ca> 250 0 29 26 0 SMTP - - - -
2006-03-21 16:26:35 88.9.152.54 dmjskwhy7lkljbw SMTPSVC1 YK-EXCH-2 192.168.5.23 0 DATA - +<4088585808.2006032116261
2006-03-21 16:26:35 88.9.152.54 dmjskwhy7lkljbw SMTPSVC1 YK-EXCH-2 192.168.5.23 0 DATA - +<3707831339.2006032116261
2006-03-21 16:26:38 88.9.152.54 dmjskwhy7lkljbw SMTPSVC1 YK-EXCH-2 192.168.5.23 0 QUIT - dmjskwhy7lkljbw 240 16062 131 2586 9500 SMTP - - - -
2006-03-21 16:26:38 88.9.152.54 dmjskwhy7lkljbw SMTPSVC1 YK-EXCH-2 192.168.5.23 0 QUIT - dmjskwhy7lkljbw 240 16093 124 2597 9515 SMTP - - - -
=====END SMTP LOG=====
Thanks again for the help.
Dice.
Here is the text from one of the NDRs:
=====BEGIN NDR=====
Your message did not reach some or all of the intended recipients.
Subject: FW: The Ultimate Online Pharmaceutical
Sent: 3/17/2006 3:44 PM
The following recipient(s) could not be reached:
'Spam' on 3/19/2006 3:46 PM
Could not deliver the message in the time limit specified. Please retry or contact your administrator.
<yk-exch-2.corp.wcb.nt.ca #4.4.7>
=====END NDR=====
Perhaps obviously, the recipient 'Spam' is my outlook contact for spam.mail-filters@research
I did a search on SMTP 4.4.7 and it mentioned the badmail directory, so I checked the "Mailroot\vsi 1\BadMail" directory, but it was empty.
In the meantime, I've turned on SMTP tracking, (as per these directions: http://www.msexchange.org/tutorials/Logging_the_SMTP_Service.html) and have re-sent the message. Looking at the SMTP logs, I see that the time stamps start at 15:53 and continue from there. From this, I can only assume that the timestamps are all in GMT - is this correct? For the time being, I will assume this is correct and proceed accordingly.
By checking Exchange 2003 message tracking, I was able to see that my message was submitted to the SMTP service at 9:25am (GMT-0700). In the SMTP logs, I isolated the events that occured from 16:24:00 GMT to 16:26:59 GMT and read the lines from the log, but none of the messages seemed to be my outbound message. Moreover, _every_ message appeared to be an inbound message. This appears to be true for the entire log. As I scroll through the log, everything appears to be documenting connections established by external servers. Am I missing something here - maybe I've turned on the wrong tracking?
At any rate, as requested, here are the logs. To minimize extraneous information, I've only included events that occured from 16:24:00 GMT to 16:26:59 GMT, but can expand this on request.
=====BEGIN SMTP LOG=====
2006-03-21 16:24:09 216.126.110.222 gwichin.nt.ca SMTPSVC1 YK-EXCH-2 192.168.5.23 0 EHLO - +gwichin.nt.ca 250 0 319 18 0 SMTP - - - -
2006-03-21 16:24:09 216.126.110.222 gwichin.nt.ca SMTPSVC1 YK-EXCH-2 192.168.5.23 0 MAIL - +FROM:<TWilliams@gwichin.n
2006-03-21 16:24:09 216.126.110.222 gwichin.nt.ca SMTPSVC1 YK-EXCH-2 192.168.5.23 0 RCPT - +TO:<davegru@wcb.nt.ca> 250 0 30 27 0 SMTP - - - -
2006-03-21 16:24:09 216.126.110.222 gwichin.nt.ca SMTPSVC1 YK-EXCH-2 192.168.5.23 0 BDAT - +<E5035C2E79F4AF41BB37A88A
2006-03-21 16:24:09 216.126.110.222 gwichin.nt.ca SMTPSVC1 YK-EXCH-2 192.168.5.23 0 QUIT - gwichin.nt.ca 240 375 73 4 0 SMTP - - - -
2006-03-21 16:24:22 62.23.69.197 OutboundConnectionResponse
2006-03-21 16:24:22 62.23.69.197 OutboundConnectionCommand SMTPSVC1 YK-EXCH-2 - 25 EHLO - yk-exch-2.corp.wcb.nt.ca 0 0 4 0 1282 SMTP - - - -
2006-03-21 16:24:22 62.23.69.197 OutboundConnectionResponse
2006-03-21 16:24:22 62.23.69.197 OutboundConnectionCommand SMTPSVC1 YK-EXCH-2 - 25 MAIL - FROM:<JeanneeJ@wcb.nt.ca>+
2006-03-21 16:24:22 62.23.69.197 OutboundConnectionResponse
2006-03-21 16:24:22 62.23.69.197 OutboundConnectionCommand SMTPSVC1 YK-EXCH-2 - 25 RCPT - TO:<hu2ivoa8@cogit.fr> 0 0 4 0 1672 SMTP - - - -
2006-03-21 16:24:22 62.23.69.197 OutboundConnectionResponse
2006-03-21 16:24:22 62.23.69.197 OutboundConnectionCommand SMTPSVC1 YK-EXCH-2 - 25 RSET - - 0 0 4 0 1891 SMTP - - - -
2006-03-21 16:24:22 62.23.69.197 OutboundConnectionResponse
2006-03-21 16:24:22 62.23.69.197 OutboundConnectionCommand SMTPSVC1 YK-EXCH-2 - 25 QUIT - - 0 0 4 0 2094 SMTP - - - -
2006-03-21 16:24:23 62.23.69.197 OutboundConnectionResponse
2006-03-21 16:24:37 216.108.160.10 igloo1.gov.nt.ca SMTPSVC1 YK-EXCH-2 192.168.5.23 0 EHLO - +igloo1.gov.nt.ca 250 0 318 21 0 SMTP - - - -
2006-03-21 16:24:37 216.108.160.10 igloo1.gov.nt.ca SMTPSVC1 YK-EXCH-2 192.168.5.23 0 MAIL - +FROM:<Laurie_Moroz@gov.nt
2006-03-21 16:24:37 216.108.160.10 igloo1.gov.nt.ca SMTPSVC1 YK-EXCH-2 192.168.5.23 0 RCPT - +TO:<donnag@wcb.nt.ca> 250 0 29 26 15 SMTP - - - -
2006-03-21 16:24:37 216.108.160.10 igloo1.gov.nt.ca SMTPSVC1 YK-EXCH-2 192.168.5.23 0 DATA - +<H00001c20d59f6e9.1142958
2006-03-21 16:24:37 216.108.160.10 igloo1.gov.nt.ca SMTPSVC1 YK-EXCH-2 192.168.5.23 0 QUIT - igloo1.gov.nt.ca 240 1297 73 4 0 SMTP - - - -
2006-03-21 16:25:20 198.235.201.4 OutboundConnectionResponse
2006-03-21 16:25:20 198.235.201.4 OutboundConnectionCommand SMTPSVC1 YK-EXCH-2 - 25 EHLO - yk-exch-2.corp.wcb.nt.ca 0 0 4 0 5235 SMTP - - - -
2006-03-21 16:25:20 198.235.201.4 OutboundConnectionResponse
2006-03-21 16:25:20 198.235.201.4 OutboundConnectionCommand SMTPSVC1 YK-EXCH-2 - 25 MAIL - FROM:<Jeremyst@wcb.nt.ca>+
2006-03-21 16:25:20 198.235.201.4 OutboundConnectionResponse
2006-03-21 16:25:20 198.235.201.4 OutboundConnectionCommand SMTPSVC1 YK-EXCH-2 - 25 RCPT - TO:<adrien@polartech.ca> 0 0 4 0 5235 SMTP - - - -
2006-03-21 16:25:20 198.235.201.4 OutboundConnectionResponse
2006-03-21 16:25:20 198.235.201.4 OutboundConnectionCommand SMTPSVC1 YK-EXCH-2 - 25 DATA - - 0 0 4 0 5250 SMTP - - - -
2006-03-21 16:25:20 198.235.201.4 OutboundConnectionResponse
2006-03-21 16:25:20 198.235.201.4 OutboundConnectionResponse
2006-03-21 16:25:20 198.235.201.4 OutboundConnectionCommand SMTPSVC1 YK-EXCH-2 - 25 QUIT - - 0 0 4 0 5360 SMTP - - - -
2006-03-21 16:25:20 198.235.201.4 OutboundConnectionResponse
2006-03-21 16:25:51 221.188.212.11 - SMTPSVC1 YK-EXCH-2 192.168.5.23 0 QUIT - - 240 0 199 4 0 SMTP - - - -
2006-03-21 16:25:55 65.54.174.14 hotmail.com SMTPSVC1 YK-EXCH-2 192.168.5.23 0 EHLO - +hotmail.com 250 0 316 16 0 SMTP - - - -
2006-03-21 16:25:55 65.54.174.14 hotmail.com SMTPSVC1 YK-EXCH-2 192.168.5.23 0 MAIL - +FROM:<lindakcooper@hotmai
2006-03-21 16:25:55 65.54.174.14 hotmail.com SMTPSVC1 YK-EXCH-2 192.168.5.23 0 RCPT - +TO:<marianad@wcb.nt.ca> 250 0 31 28 0 SMTP - - - -
2006-03-21 16:25:55 65.54.174.14 hotmail.com SMTPSVC1 YK-EXCH-2 192.168.5.23 0 BDAT - +<BAY103-F423257C473EF3508
2006-03-21 16:25:55 65.54.174.14 hotmail.com SMTPSVC1 YK-EXCH-2 192.168.5.23 0 QUIT - hotmail.com 240 703 73 4 0 SMTP - - - -
2006-03-21 16:25:58 192.168.2.3 OutboundConnectionResponse
2006-03-21 16:25:58 192.168.2.3 OutboundConnectionCommand SMTPSVC1 YK-EXCH-2 - 25 EHLO - yk-exch-2.corp.wcb.nt.ca 0 0 4 0 1203 SMTP - - - -
2006-03-21 16:25:58 192.168.2.3 OutboundConnectionResponse
2006-03-21 16:26:00 192.168.2.3 OutboundConnectionResponse
2006-03-21 16:26:01 192.168.2.3 OutboundConnectionResponse
2006-03-21 16:26:01 192.168.2.3 OutboundConnectionResponse
2006-03-21 16:26:01 192.168.2.3 OutboundConnectionCommand SMTPSVC1 YK-EXCH-2 - 25 X-LINK2STATE - LAST+CHUNK={0000006a}+MULT
2006-03-21 16:26:02 192.168.2.3 OutboundConnectionResponse
2006-03-21 16:26:02 192.168.2.3 OutboundConnectionCommand SMTPSVC1 YK-EXCH-2 - 25 MAIL - FROM:<lindakcooper@hotmail
2006-03-21 16:26:02 192.168.2.3 OutboundConnectionResponse
2006-03-21 16:26:02 192.168.2.3 OutboundConnectionCommand SMTPSVC1 YK-EXCH-2 - 25 RCPT - TO:<MarianaD@wcb.nt.ca> 0 0 4 0 5891 SMTP - - - -
2006-03-21 16:26:03 192.168.2.3 OutboundConnectionResponse
2006-03-21 16:26:03 192.168.2.3 OutboundConnectionCommand SMTPSVC1 YK-EXCH-2 - 25 XEXCH50 - 1076+2 0 0 7 0 6578 SMTP - - - -
2006-03-21 16:26:03 192.168.2.3 OutboundConnectionResponse
2006-03-21 16:26:05 192.168.2.3 OutboundConnectionResponse
2006-03-21 16:26:05 192.168.2.3 OutboundConnectionCommand SMTPSVC1 YK-EXCH-2 - 25 BDAT - 1300+LAST 0 0 4 0 8016 SMTP - - - -
2006-03-21 16:26:06 198.103.249.251 SGW5HQ1.INAC.GC.CA SMTPSVC1 YK-EXCH-2 192.168.5.23 0 EHLO - +SGW5HQ1.INAC.GC.CA 250 0 319 23 0 SMTP - - - -
2006-03-21 16:26:06 198.103.249.251 SGW5HQ1.INAC.GC.CA SMTPSVC1 YK-EXCH-2 192.168.5.23 0 MAIL - +FROM:<roeschm@inac-ainc.g
2006-03-21 16:26:06 192.168.2.3 OutboundConnectionResponse
2006-03-21 16:26:06 192.168.2.3 OutboundConnectionCommand SMTPSVC1 YK-EXCH-2 - 25 QUIT - - 0 0 4 0 9813 SMTP - - - -
2006-03-21 16:26:06 198.103.249.251 SGW5HQ1.INAC.GC.CA SMTPSVC1 YK-EXCH-2 192.168.5.23 0 RCPT - +TO:<davegru@wcb.nt.ca> 250 0 30 27 0 SMTP - - - -
2006-03-21 16:26:06 192.168.2.3 OutboundConnectionResponse
2006-03-21 16:26:08 198.103.249.251 SGW5HQ1.INAC.GC.CA SMTPSVC1 YK-EXCH-2 192.168.5.23 0 DATA - +<s41fe11a.039@SGW5HQ1.INA
2006-03-21 16:26:08 198.103.249.251 SGW5HQ1.INAC.GC.CA SMTPSVC1 YK-EXCH-2 192.168.5.23 0 QUIT - SGW5HQ1.INAC.GC.CA 240 1391 73 4 0 SMTP - - - -
2006-03-21 16:26:09 216.108.160.2 OutboundConnectionResponse
2006-03-21 16:26:09 216.108.160.2 OutboundConnectionCommand SMTPSVC1 YK-EXCH-2 - 25 EHLO - yk-exch-2.corp.wcb.nt.ca 0 0 4 0 750 SMTP - - - -
2006-03-21 16:26:09 216.108.160.2 OutboundConnectionResponse
2006-03-21 16:26:09 216.108.160.2 OutboundConnectionCommand SMTPSVC1 YK-EXCH-2 - 25 MAIL - FROM:<CaitlinC@wcb.nt.ca>+
2006-03-21 16:26:09 216.108.160.2 OutboundConnectionResponse
2006-03-21 16:26:09 216.108.160.2 OutboundConnectionCommand SMTPSVC1 YK-EXCH-2 - 25 RCPT - TO:<bearfacts@gov.nt.ca> 0 0 4 0 1546 SMTP - - - -
2006-03-21 16:26:11 216.108.160.2 OutboundConnectionResponse
2006-03-21 16:26:11 216.108.160.2 OutboundConnectionCommand SMTPSVC1 YK-EXCH-2 - 25 DATA - - 0 0 4 0 2265 SMTP - - - -
2006-03-21 16:26:11 216.108.160.2 OutboundConnectionResponse
2006-03-21 16:26:13 216.108.160.2 OutboundConnectionResponse
2006-03-21 16:26:13 216.108.160.2 OutboundConnectionCommand SMTPSVC1 YK-EXCH-2 - 25 QUIT - - 0 0 4 0 4078 SMTP - - - -
2006-03-21 16:26:13 216.108.160.2 OutboundConnectionResponse
2006-03-21 16:26:14 205.194.19.89 OutboundConnectionResponse
2006-03-21 16:26:14 205.194.19.89 OutboundConnectionCommand SMTPSVC1 YK-EXCH-2 - 25 EHLO - yk-exch-2.corp.wcb.nt.ca 0 0 4 0 375 SMTP - - - -
2006-03-21 16:26:14 205.194.19.89 OutboundConnectionResponse
2006-03-21 16:26:14 205.194.19.89 OutboundConnectionCommand SMTPSVC1 YK-EXCH-2 - 25 MAIL - FROM:<CourtneyW@wcb.nt.ca>
2006-03-21 16:26:14 205.194.19.89 OutboundConnectionResponse
2006-03-21 16:26:14 205.194.19.89 OutboundConnectionCommand SMTPSVC1 YK-EXCH-2 - 25 RCPT - TO:<OndrackA@DFO-MPO.GC.CA
2006-03-21 16:26:14 205.194.19.89 OutboundConnectionResponse
2006-03-21 16:26:14 205.194.19.89 OutboundConnectionCommand SMTPSVC1 YK-EXCH-2 - 25 DATA - - 0 0 4 0 657 SMTP - - - -
2006-03-21 16:26:14 205.194.19.89 OutboundConnectionResponse
2006-03-21 16:26:14 205.194.19.89 OutboundConnectionResponse
2006-03-21 16:26:14 205.194.19.89 OutboundConnectionCommand SMTPSVC1 YK-EXCH-2 - 25 QUIT - - 0 0 4 0 953 SMTP - - - -
2006-03-21 16:26:14 205.194.19.89 OutboundConnectionResponse
2006-03-21 16:26:25 216.108.160.10 igloo1.gov.nt.ca SMTPSVC1 YK-EXCH-2 192.168.5.23 0 EHLO - +igloo1.gov.nt.ca 250 0 318 21 0 SMTP - - - -
2006-03-21 16:26:25 88.9.152.54 dmjskwhy7lkljbw SMTPSVC1 YK-EXCH-2 192.168.5.23 0 EHLO - +dmjskwhy7lkljbw 250 0 315 20 0 SMTP - - - -
2006-03-21 16:26:25 88.9.152.54 dmjskwhy7lkljbw SMTPSVC1 YK-EXCH-2 192.168.5.23 0 EHLO - +dmjskwhy7lkljbw 250 0 315 20 0 SMTP - - - -
2006-03-21 16:26:25 216.108.160.10 igloo1.gov.nt.ca SMTPSVC1 YK-EXCH-2 192.168.5.23 0 MAIL - +FROM:<Saundra_Arberry@gov
2006-03-21 16:26:25 216.108.160.10 igloo1.gov.nt.ca SMTPSVC1 YK-EXCH-2 192.168.5.23 0 RCPT - +TO:<CaitlinC@wcb.nt.ca> 250 0 31 28 0 SMTP - - - -
2006-03-21 16:26:25 216.108.160.10 igloo1.gov.nt.ca SMTPSVC1 YK-EXCH-2 192.168.5.23 0 DATA - +<"AUTOANS-2a636fed.114295
2006-03-21 16:26:25 216.108.160.10 igloo1.gov.nt.ca SMTPSVC1 YK-EXCH-2 192.168.5.23 0 QUIT - igloo1.gov.nt.ca 240 1250 73 4 0 SMTP - - - -
2006-03-21 16:26:28 88.9.152.54 dmjskwhy7lkljbw SMTPSVC1 YK-EXCH-2 192.168.5.23 0 MAIL - +FROM:<hostmaster@10-milli
2006-03-21 16:26:28 88.9.152.54 dmjskwhy7lkljbw SMTPSVC1 YK-EXCH-2 192.168.5.23 0 RCPT - +TO:<brendam@wcb.nt.ca> 250 0 30 27 0 SMTP - - - -
2006-03-21 16:26:28 88.9.152.54 dmjskwhy7lkljbw SMTPSVC1 YK-EXCH-2 192.168.5.23 0 MAIL - +FROM:<ayman_kassem@0500ma
2006-03-21 16:26:28 88.9.152.54 dmjskwhy7lkljbw SMTPSVC1 YK-EXCH-2 192.168.5.23 0 RCPT - +TO:<brente@wcb.nt.ca> 250 0 29 26 0 SMTP - - - -
2006-03-21 16:26:35 88.9.152.54 dmjskwhy7lkljbw SMTPSVC1 YK-EXCH-2 192.168.5.23 0 DATA - +<4088585808.2006032116261
2006-03-21 16:26:35 88.9.152.54 dmjskwhy7lkljbw SMTPSVC1 YK-EXCH-2 192.168.5.23 0 DATA - +<3707831339.2006032116261
2006-03-21 16:26:38 88.9.152.54 dmjskwhy7lkljbw SMTPSVC1 YK-EXCH-2 192.168.5.23 0 QUIT - dmjskwhy7lkljbw 240 16062 131 2586 9500 SMTP - - - -
2006-03-21 16:26:38 88.9.152.54 dmjskwhy7lkljbw SMTPSVC1 YK-EXCH-2 192.168.5.23 0 QUIT - dmjskwhy7lkljbw 240 16093 124 2597 9515 SMTP - - - -
=====END SMTP LOG=====
Thanks again for the help.
Dice.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for the tip about contacting an eeadmin. I have done just that (https://www.experts-exchange.com/questions/21783235/Working-Please-remove-real-information-from-this-question.html). Also, thanks for helping me establish that it was a defunct email address. I think that's the solution to the problem, so points to you.
For the discrepancy between the NDR and the logs, it is because it takes two days for an NDR to be generated, while I only turned on logging this morning. As a consequence, I had to use the NDR from one e-mail and the log info from a second e-mail. I can post the NDRs for the mails sent today on Thursday, if that would be of any further help in this.
Incindentally, the e-mail addresses came from the Sybari Advanced Spam Manager whitepaper (http://www.sybari.com/_Rainbow/Documents/ASM_WP_0504.pdf), page 8, the first and second questions. The whitepaper itself is dated March 2004, but it is still actively linked to from the Sybari Product homepage (http://www.sybari.com/portal/alias__Rainbow/lang__en-US/tabID__3433/DesktopDefault.aspx). I imagine that Sybari was purchased by Microsoft in that time, and no one thought to update the information.
Lastly, thanks for the tip about forwarding the junk mail to the company. I'll employ that from now on.
So, thanks very much for all the help. I'll start hunting around for a new place to be sending this stuff to in the future. If it occurs to me, I will try to follow up on this question when I have the answer, so that future users can use this question as a resource.
Dice.
For the discrepancy between the NDR and the logs, it is because it takes two days for an NDR to be generated, while I only turned on logging this morning. As a consequence, I had to use the NDR from one e-mail and the log info from a second e-mail. I can post the NDRs for the mails sent today on Thursday, if that would be of any further help in this.
Incindentally, the e-mail addresses came from the Sybari Advanced Spam Manager whitepaper (http://www.sybari.com/_Rainbow/Documents/ASM_WP_0504.pdf), page 8, the first and second questions. The whitepaper itself is dated March 2004, but it is still actively linked to from the Sybari Product homepage (http://www.sybari.com/portal/alias__Rainbow/lang__en-US/tabID__3433/DesktopDefault.aspx). I imagine that Sybari was purchased by Microsoft in that time, and no one thought to update the information.
Lastly, thanks for the tip about forwarding the junk mail to the company. I'll employ that from now on.
So, thanks very much for all the help. I'll start hunting around for a new place to be sending this stuff to in the future. If it occurs to me, I will try to follow up on this question when I have the answer, so that future users can use this question as a resource.
Dice.
The use that subdomain for an email address on http://www.sybari.com/portal/alias__Rainbow/lang__en-US/tabID__70003589/DesktopDefault.aspx, something directly on their webpage in the support section and not some PDF from 2004.
(on any page, select Submit Virus on the Support drop down menu)
the email you are trying should probably work.
(on any page, select Submit Virus on the Support drop down menu)
the email you are trying should probably work.
ASKER
Thanks for the follow-up. I just spent an hour on the line with MS, but they were able to advise that the correct e-mail addresses are as follows:
for false negatives: spam.mail-filters@antigen.
and
for false positives: notspam.mail-filters@antig
I see what you're talking about on the Sybari webpage though, regarding the research.sybari.com subdomain. All I can suggest is that the whole Sybari website should probably some offline, and redirect useres to an appropriate page in the microsoft site.
Thanks again for all your help. It is much appreciated.
Dice.
for false negatives: spam.mail-filters@antigen.
and
for false positives: notspam.mail-filters@antig
I see what you're talking about on the Sybari webpage though, regarding the research.sybari.com subdomain. All I can suggest is that the whole Sybari website should probably some offline, and redirect useres to an appropriate page in the microsoft site.
Thanks again for all your help. It is much appreciated.
Dice.
Or the error message in the message your get back... it should say what when wrong since it did go as far as SMTP.
Look for lines like .... <<< 550 5.7.1 blah blah blah reason.