Solved

what do the codes in message headers for SPAM hits mean?

Posted on 2011-03-10
3
1,401 Views
Last Modified: 2012-06-22
We are runnign Exchange SErver 2003, SP2 and F-Secure for Exchange Server with SPAM protection in use.  Most things work OK, but I would like to know how to determine what causes a piece of email to be flagged as spam from the information in the message header.  I don't know what all the codes mean.  Some messages, that look harmless, end up in the SPAM mailbox, where i have to hunt for them and forward them manually.  I could white list the sender, but why is it flagged in the first place? Maybe I could tweak f-secure or Exchange if i understood the codes.

Here is a sample:
Message-Id: <8CDAB2638D0DC26-1E60-1F238@webmail-m034.sysops.aol.com>
X-AOL-VSS-CODE: clean
X-AOL-VSS-INFO: 5400.1158/0
X-Spam-Flag: YES
X-AOL-SENDER: xxxxx@aol.com
Return-Path: xxxxxx@aol.com
X-OriginalArrivalTime: 07 Mar 2011 21:32:37.0779 (UTC) FILETIME=[2E186630:01CBDD0F]
X-MS-Exchange-Organization-SCL: 7
X-Spam-Status: YES, hits=7 required=5, ct-refid=[str=0001.0A3D0202.4D754EF6.0077,ss=1,vtr=str,vl=0,fgs=0], tests=CTENGINE_UNKNOWN,DNS_AVAILABLE,FIRST_UNTRUSTED_MANY_NO_RDNS,FIRST_UNTRUSTED_NO_RDNS,FROM_LOCAL_NOVOWEL,FS_INVALID_HELO,FS_UNTRUSTED_5,HTML_MESSAGE,RDNS_NONE,FS_CLASS_SPAM_7
0
Comment
Question by:quaybj
  • 2
3 Comments
 
LVL 14

Accepted Solution

by:
Ehab Salem earned 500 total points
ID: 35120819
I am assuming that 'tests' are the test performed by the antispam filter, and some values there are related to spam detection techniques:
tests=CTENGINE_UNKNOWN,DNS_AVAILABLE,FIRST_UNTRUSTED_MANY_NO_RDNS,FIRST_UNTRUSTED_NO_RDNS,FROM_LOCAL_NOVOWEL,FS_INVALID_HELO,FS_UNTRUSTED_5,HTML_MESSAGE,RDNS_NONE,FS_CLASS_SPAM_7
- CTENGINE is a bulk mail detector technique
- NO_RDNS means reverse DNS not found, which is an indication of spam (not always)
- Invalid HELO is a spam indication as well
- Sender IP has an untrsuted level of 5.

I repeat: these are assumptions from reading the header you provided.
0
 

Author Comment

by:quaybj
ID: 35137415
Thanks for your answers, i am looking into these to see if i can make an adjustment on our end (don't think so).
0
 

Author Closing Comment

by:quaybj
ID: 35160853
the solution being partial was my fault, i should have asked what to do with the answers!
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Blacked by spamhaus? 26 74
User a replaces user b. Best way to deal with that in sbs 2011? 3 29
EXCH2013 IIS 4 14
exchange, active directory 3 30
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
In-place Upgrading Dirsync to Azure AD Connect
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
This video discusses moving either the default database or any database to a new volume.

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question