Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

what do the codes in message headers for SPAM hits mean?

Posted on 2011-03-10
3
Medium Priority
?
1,470 Views
Last Modified: 2012-06-22
We are runnign Exchange SErver 2003, SP2 and F-Secure for Exchange Server with SPAM protection in use.  Most things work OK, but I would like to know how to determine what causes a piece of email to be flagged as spam from the information in the message header.  I don't know what all the codes mean.  Some messages, that look harmless, end up in the SPAM mailbox, where i have to hunt for them and forward them manually.  I could white list the sender, but why is it flagged in the first place? Maybe I could tweak f-secure or Exchange if i understood the codes.

Here is a sample:
Message-Id: <8CDAB2638D0DC26-1E60-1F238@webmail-m034.sysops.aol.com>
X-AOL-VSS-CODE: clean
X-AOL-VSS-INFO: 5400.1158/0
X-Spam-Flag: YES
X-AOL-SENDER: xxxxx@aol.com
Return-Path: xxxxxx@aol.com
X-OriginalArrivalTime: 07 Mar 2011 21:32:37.0779 (UTC) FILETIME=[2E186630:01CBDD0F]
X-MS-Exchange-Organization-SCL: 7
X-Spam-Status: YES, hits=7 required=5, ct-refid=[str=0001.0A3D0202.4D754EF6.0077,ss=1,vtr=str,vl=0,fgs=0], tests=CTENGINE_UNKNOWN,DNS_AVAILABLE,FIRST_UNTRUSTED_MANY_NO_RDNS,FIRST_UNTRUSTED_NO_RDNS,FROM_LOCAL_NOVOWEL,FS_INVALID_HELO,FS_UNTRUSTED_5,HTML_MESSAGE,RDNS_NONE,FS_CLASS_SPAM_7
0
Comment
Question by:quaybj
  • 2
3 Comments
 
LVL 14

Accepted Solution

by:
Ehab Salem earned 1500 total points
ID: 35120819
I am assuming that 'tests' are the test performed by the antispam filter, and some values there are related to spam detection techniques:
tests=CTENGINE_UNKNOWN,DNS_AVAILABLE,FIRST_UNTRUSTED_MANY_NO_RDNS,FIRST_UNTRUSTED_NO_RDNS,FROM_LOCAL_NOVOWEL,FS_INVALID_HELO,FS_UNTRUSTED_5,HTML_MESSAGE,RDNS_NONE,FS_CLASS_SPAM_7
- CTENGINE is a bulk mail detector technique
- NO_RDNS means reverse DNS not found, which is an indication of spam (not always)
- Invalid HELO is a spam indication as well
- Sender IP has an untrsuted level of 5.

I repeat: these are assumptions from reading the header you provided.
0
 

Author Comment

by:quaybj
ID: 35137415
Thanks for your answers, i am looking into these to see if i can make an adjustment on our end (don't think so).
0
 

Author Closing Comment

by:quaybj
ID: 35160853
the solution being partial was my fault, i should have asked what to do with the answers!
0

Featured Post

[Webinar] Cloud Security

In this webinar you will learn:

-Why existing firewall and DMZ architectures are not suited for securing cloud applications
-How to make your enterprise “Cloud Ready”, and fix your aging DMZ architecture
-How to transform your enterprise and become a Cloud Enabler

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Are you looking for the options available for exporting EDB files to PST? You may be confused as they are different in different Exchange versions. Here, I will discuss some options available.
If you have come across a situation where you need to find some EDB mailbox recovery techniques, then here you will find the same. In this article, we will take you through three techniques using which you will be able to perform EDB recovery. You …
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
Suggested Courses

972 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question