Solved

Can't tell what device/program is tagging our email as spam

Posted on 2013-07-02
6
709 Views
Last Modified: 2013-11-22
Hello,

We are using a Watchguard Firebox.  We are also using an exchange 2007 server.

Anti-spam is all disabled on the exchange server.

Our watchguard has a whitelist and if a domain is in the whitelist, the email should pass through untagged.

However, a lot of email is tagged [!!Spam] or [!!Blacklisted]

I am not sure what is adding those tags.  Looks like it is not Exchange and the firebox literature says it uses different tags.  Also, when I look at the specific email that is in the whitelist, the log says it is to pass through due to whitelist status.

We are also runnig Kapersky anti-virus.  

Can't figure out what is adding these tags...

THanks,
Bonnie
0
Comment
Question by:Bonnie_K
  • 3
  • 3
6 Comments
 
LVL 25

Expert Comment

by:Zephyr ICT
ID: 39293074
Do you have an example mail header that includes these tags?
0
 

Author Comment

by:Bonnie_K
ID: 39293082
Yes -

Received: from server1.keene-kelly.local (89.242.6.252) by
 remote.ourdomain.com (192.168.1.3) with Microsoft SMTP Server id
 8.1.240.5; Wed, 3 Apr 2013 23:58:12 -0400
Received: from User ([69.198.53.210]) by server1.keene-kelly.local with
 Microsoft SMTPSVC(6.0.3790.4675);       Thu, 28 Mar 2013 13:38:53 +0000
Reply-To: <barrister_e_f@yahoo.com.hk>
From: Jeff <barrister_edwards_jeff@yahoo.com.hk>
Subject: [!!Spam]The Charity Project
Date: Thu, 28 Mar 2013 08:23:10 -0500
MIME-Version: 1.0
Content-Type: text/plain; charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
BCC:
Message-ID: <SERVER11JXDvCeqTPca0000164f@server1.keene-kelly.local>
X-WatchGuard-IPS: message checked
X-WatchGuard-Spam-ID: str=0001.0A020203.515CFA55.0014,ss=1,fgs=0
X-WatchGuard-Spam-Score: 0, clean; 0, no virus
X-WatchGuard-Mail-Client-IP: 89.242.6.252
X-WatchGuard-Mail-From: barrister_edwards_jeff@yahoo.com.hk
X-WatchGuard-AntiVirus: part scanned. clean action=allow
Return-Path: barrister_edwards_jeff@yahoo.com.hk
X-MS-Exchange-Organization-SCL: 9
X-KSE-AntiSpam-Interceptor-Info: scan successful
X-KSE-AntiSpam-Version: 4.3.6, 4/4/2013 11:46:08 AM
X-KSE-AntiSpam-Status: Spam
X-KSE-AntiSpam-Method: content [main]
X-KSE-AntiSpam-Rate: 100
X-KSE-AntiSpam-Info: Profiles 44545 [Apr 04 2013]
X-KSE-AntiSpam-Info: Version: 4.3.6 (May 28 2010 16:29:44)
X-KSE-AntiSpam-Info: Envelope from: barrister_edwards_jeff@yahoo.com.hk
X-KSE-AntiSpam-Info: Plgs-Versions: 1.4.3.5, 2.4.3.6, 3.4.3.3, 4.4.3.3,
 8.4.3.3, 16.4.3.6
X-KSE-AntiSpam-Info: {MSGID: Forged Outlook Express}
X-KSE-AntiSpam-Info: {OE without X-MimeOLE}
X-KSE-AntiSpam-Info: {Advanced Mass Sender X-Mailer}
X-KSE-AntiSpam-Info: {Content: Spam}
X-KSE-AntiSpam-Info: Rate: 100
X-KSE-AntiSpam-Info: Status: spam
X-KSE-AntiSpam-Info: Method: content [main]
X-KSE-AntiSpam-Info: DBG v.5. 2910, 1658. R:128,1,128,5,128,128,2,128,0.
X-KSE-Antivirus-Interceptor-Info: scan successful
X-KSE-Antivirus-Info: Clean
0
 
LVL 25

Accepted Solution

by:
Zephyr ICT earned 500 total points
ID: 39293085
X-KSE-AntiSpam = Kaspersky Antispam, so that's probably your culprit ...
0
Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

 

Author Comment

by:Bonnie_K
ID: 39293121
OK - we only have Kapersky AV installed and I don't see any Kapersky plug-in in outlook.  So I am confused, but now I know where to look.
0
 

Author Comment

by:Bonnie_K
ID: 39293130
I just found that someone installed Kapersky Security for MS exchange servers on the exchange server - so yes it is Kapersky - Thanks again for showing me that the headers give this info.

-Bonnie
0
 
LVL 25

Expert Comment

by:Zephyr ICT
ID: 39293208
No problem, glad you found the answer to your problem :-)
0

Featured Post

Networking for the Cloud Era

Join Microsoft and Riverbed for a discussion and demonstration of enhancements to SteelConnect:
-One-click orchestration and cloud connectivity in Azure environments
-Tight integration of SD-WAN and WAN optimization capabilities
-Scalability and resiliency equal to a data center

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Twitching screen 11 117
ScanGuard 4 133
Spam Filter 5 65
spam coming from PW domain - why PW? 3 44
If you thought ransomware was bad, think again! Doxware has the potential to be even more damaging.
Are you irritated by repeating emails issue in Microsoft Outlook 2016 after recent update ?  Lets’ see how to resolve and prevent duplicate emails in the Outlook 2016 using some simple techniques.
Many of my clients call in with monstrous Gmail overloading issues with Outlook. A quick tip is to turn off the All Mail and Important folders from synching. Here is a quick video I made to show you how to turn off these and other folders in Gmail s…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question