Solved

what do the codes in message headers for SPAM hits mean?

Posted on 2011-03-10
3
1,381 Views
Last Modified: 2012-06-22
We are runnign Exchange SErver 2003, SP2 and F-Secure for Exchange Server with SPAM protection in use.  Most things work OK, but I would like to know how to determine what causes a piece of email to be flagged as spam from the information in the message header.  I don't know what all the codes mean.  Some messages, that look harmless, end up in the SPAM mailbox, where i have to hunt for them and forward them manually.  I could white list the sender, but why is it flagged in the first place? Maybe I could tweak f-secure or Exchange if i understood the codes.

Here is a sample:
Message-Id: <8CDAB2638D0DC26-1E60-1F238@webmail-m034.sysops.aol.com>
X-AOL-VSS-CODE: clean
X-AOL-VSS-INFO: 5400.1158/0
X-Spam-Flag: YES
X-AOL-SENDER: xxxxx@aol.com
Return-Path: xxxxxx@aol.com
X-OriginalArrivalTime: 07 Mar 2011 21:32:37.0779 (UTC) FILETIME=[2E186630:01CBDD0F]
X-MS-Exchange-Organization-SCL: 7
X-Spam-Status: YES, hits=7 required=5, ct-refid=[str=0001.0A3D0202.4D754EF6.0077,ss=1,vtr=str,vl=0,fgs=0], tests=CTENGINE_UNKNOWN,DNS_AVAILABLE,FIRST_UNTRUSTED_MANY_NO_RDNS,FIRST_UNTRUSTED_NO_RDNS,FROM_LOCAL_NOVOWEL,FS_INVALID_HELO,FS_UNTRUSTED_5,HTML_MESSAGE,RDNS_NONE,FS_CLASS_SPAM_7
0
Comment
Question by:quaybj
  • 2
3 Comments
 
LVL 14

Accepted Solution

by:
Ehab Salem earned 500 total points
ID: 35120819
I am assuming that 'tests' are the test performed by the antispam filter, and some values there are related to spam detection techniques:
tests=CTENGINE_UNKNOWN,DNS_AVAILABLE,FIRST_UNTRUSTED_MANY_NO_RDNS,FIRST_UNTRUSTED_NO_RDNS,FROM_LOCAL_NOVOWEL,FS_INVALID_HELO,FS_UNTRUSTED_5,HTML_MESSAGE,RDNS_NONE,FS_CLASS_SPAM_7
- CTENGINE is a bulk mail detector technique
- NO_RDNS means reverse DNS not found, which is an indication of spam (not always)
- Invalid HELO is a spam indication as well
- Sender IP has an untrsuted level of 5.

I repeat: these are assumptions from reading the header you provided.
0
 

Author Comment

by:quaybj
ID: 35137415
Thanks for your answers, i am looking into these to see if i can make an adjustment on our end (don't think so).
0
 

Author Closing Comment

by:quaybj
ID: 35160853
the solution being partial was my fault, i should have asked what to do with the answers!
0

Featured Post

The curse of the end user strikes again      

You’ve updated all your end user’s email signatures. Hooray! But guess what? They’re playing around with the HTML, adding stupid taglines and ruining the imagery. Find out how you can save your signatures from end users today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now