Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

what do the codes in message headers for SPAM hits mean?

Posted on 2011-03-10
3
Medium Priority
?
1,452 Views
Last Modified: 2012-06-22
We are runnign Exchange SErver 2003, SP2 and F-Secure for Exchange Server with SPAM protection in use.  Most things work OK, but I would like to know how to determine what causes a piece of email to be flagged as spam from the information in the message header.  I don't know what all the codes mean.  Some messages, that look harmless, end up in the SPAM mailbox, where i have to hunt for them and forward them manually.  I could white list the sender, but why is it flagged in the first place? Maybe I could tweak f-secure or Exchange if i understood the codes.

Here is a sample:
Message-Id: <8CDAB2638D0DC26-1E60-1F238@webmail-m034.sysops.aol.com>
X-AOL-VSS-CODE: clean
X-AOL-VSS-INFO: 5400.1158/0
X-Spam-Flag: YES
X-AOL-SENDER: xxxxx@aol.com
Return-Path: xxxxxx@aol.com
X-OriginalArrivalTime: 07 Mar 2011 21:32:37.0779 (UTC) FILETIME=[2E186630:01CBDD0F]
X-MS-Exchange-Organization-SCL: 7
X-Spam-Status: YES, hits=7 required=5, ct-refid=[str=0001.0A3D0202.4D754EF6.0077,ss=1,vtr=str,vl=0,fgs=0], tests=CTENGINE_UNKNOWN,DNS_AVAILABLE,FIRST_UNTRUSTED_MANY_NO_RDNS,FIRST_UNTRUSTED_NO_RDNS,FROM_LOCAL_NOVOWEL,FS_INVALID_HELO,FS_UNTRUSTED_5,HTML_MESSAGE,RDNS_NONE,FS_CLASS_SPAM_7
0
Comment
Question by:quaybj
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 14

Accepted Solution

by:
Ehab Salem earned 1500 total points
ID: 35120819
I am assuming that 'tests' are the test performed by the antispam filter, and some values there are related to spam detection techniques:
tests=CTENGINE_UNKNOWN,DNS_AVAILABLE,FIRST_UNTRUSTED_MANY_NO_RDNS,FIRST_UNTRUSTED_NO_RDNS,FROM_LOCAL_NOVOWEL,FS_INVALID_HELO,FS_UNTRUSTED_5,HTML_MESSAGE,RDNS_NONE,FS_CLASS_SPAM_7
- CTENGINE is a bulk mail detector technique
- NO_RDNS means reverse DNS not found, which is an indication of spam (not always)
- Invalid HELO is a spam indication as well
- Sender IP has an untrsuted level of 5.

I repeat: these are assumptions from reading the header you provided.
0
 

Author Comment

by:quaybj
ID: 35137415
Thanks for your answers, i am looking into these to see if i can make an adjustment on our end (don't think so).
0
 

Author Closing Comment

by:quaybj
ID: 35160853
the solution being partial was my fault, i should have asked what to do with the answers!
0

Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
One-stop solution for Exchange Administrators to address all MS Exchange Server issues, which is known by the name of Stellar Exchange Toolkit.
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
Suggested Courses

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question