Bonnie_K
asked on
Can't tell what device/program is tagging our email as spam
Hello,
We are using a Watchguard Firebox. We are also using an exchange 2007 server.
Anti-spam is all disabled on the exchange server.
Our watchguard has a whitelist and if a domain is in the whitelist, the email should pass through untagged.
However, a lot of email is tagged [!!Spam] or [!!Blacklisted]
I am not sure what is adding those tags. Looks like it is not Exchange and the firebox literature says it uses different tags. Also, when I look at the specific email that is in the whitelist, the log says it is to pass through due to whitelist status.
We are also runnig Kapersky anti-virus.
Can't figure out what is adding these tags...
THanks,
Bonnie
We are using a Watchguard Firebox. We are also using an exchange 2007 server.
Anti-spam is all disabled on the exchange server.
Our watchguard has a whitelist and if a domain is in the whitelist, the email should pass through untagged.
However, a lot of email is tagged [!!Spam] or [!!Blacklisted]
I am not sure what is adding those tags. Looks like it is not Exchange and the firebox literature says it uses different tags. Also, when I look at the specific email that is in the whitelist, the log says it is to pass through due to whitelist status.
We are also runnig Kapersky anti-virus.
Can't figure out what is adding these tags...
THanks,
Bonnie
Do you have an example mail header that includes these tags?
ASKER
Yes -
Received: from server1.keene-kelly.local (89.242.6.252) by
remote.ourdomain.com (192.168.1.3) with Microsoft SMTP Server id
8.1.240.5; Wed, 3 Apr 2013 23:58:12 -0400
Received: from User ([69.198.53.210]) by server1.keene-kelly.local with
Microsoft SMTPSVC(6.0.3790.4675); Thu, 28 Mar 2013 13:38:53 +0000
Reply-To: <barrister_e_f@yahoo.com.h k>
From: Jeff <barrister_edwards_jeff@ya hoo.com.hk >
Subject: [!!Spam]The Charity Project
Date: Thu, 28 Mar 2013 08:23:10 -0500
MIME-Version: 1.0
Content-Type: text/plain; charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
BCC:
Message-ID: <SERVER11JXDvCeqTPca000016 4f@server1 .keene-kel ly.local>
X-WatchGuard-IPS: message checked
X-WatchGuard-Spam-ID: str=0001.0A020203.515CFA55 .0014,ss=1 ,fgs=0
X-WatchGuard-Spam-Score: 0, clean; 0, no virus
X-WatchGuard-Mail-Client-I P: 89.242.6.252
X-WatchGuard-Mail-From: barrister_edwards_jeff@yah oo.com.hk
X-WatchGuard-AntiVirus: part scanned. clean action=allow
Return-Path: barrister_edwards_jeff@yah oo.com.hk
X-MS-Exchange-Organization -SCL: 9
X-KSE-AntiSpam-Interceptor -Info: scan successful
X-KSE-AntiSpam-Version: 4.3.6, 4/4/2013 11:46:08 AM
X-KSE-AntiSpam-Status: Spam
X-KSE-AntiSpam-Method: content [main]
X-KSE-AntiSpam-Rate: 100
X-KSE-AntiSpam-Info: Profiles 44545 [Apr 04 2013]
X-KSE-AntiSpam-Info: Version: 4.3.6 (May 28 2010 16:29:44)
X-KSE-AntiSpam-Info: Envelope from: barrister_edwards_jeff@yah oo.com.hk
X-KSE-AntiSpam-Info: Plgs-Versions: 1.4.3.5, 2.4.3.6, 3.4.3.3, 4.4.3.3,
8.4.3.3, 16.4.3.6
X-KSE-AntiSpam-Info: {MSGID: Forged Outlook Express}
X-KSE-AntiSpam-Info: {OE without X-MimeOLE}
X-KSE-AntiSpam-Info: {Advanced Mass Sender X-Mailer}
X-KSE-AntiSpam-Info: {Content: Spam}
X-KSE-AntiSpam-Info: Rate: 100
X-KSE-AntiSpam-Info: Status: spam
X-KSE-AntiSpam-Info: Method: content [main]
X-KSE-AntiSpam-Info: DBG v.5. 2910, 1658. R:128,1,128,5,128,128,2,12 8,0.
X-KSE-Antivirus-Intercepto r-Info: scan successful
X-KSE-Antivirus-Info: Clean
Received: from server1.keene-kelly.local (89.242.6.252) by
remote.ourdomain.com (192.168.1.3) with Microsoft SMTP Server id
8.1.240.5; Wed, 3 Apr 2013 23:58:12 -0400
Received: from User ([69.198.53.210]) by server1.keene-kelly.local with
Microsoft SMTPSVC(6.0.3790.4675); Thu, 28 Mar 2013 13:38:53 +0000
Reply-To: <barrister_e_f@yahoo.com.h
From: Jeff <barrister_edwards_jeff@ya
Subject: [!!Spam]The Charity Project
Date: Thu, 28 Mar 2013 08:23:10 -0500
MIME-Version: 1.0
Content-Type: text/plain; charset="Windows-1251"
Content-Transfer-Encoding:
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
BCC:
Message-ID: <SERVER11JXDvCeqTPca000016
X-WatchGuard-IPS: message checked
X-WatchGuard-Spam-ID: str=0001.0A020203.515CFA55
X-WatchGuard-Spam-Score: 0, clean; 0, no virus
X-WatchGuard-Mail-Client-I
X-WatchGuard-Mail-From: barrister_edwards_jeff@yah
X-WatchGuard-AntiVirus: part scanned. clean action=allow
Return-Path: barrister_edwards_jeff@yah
X-MS-Exchange-Organization
X-KSE-AntiSpam-Interceptor
X-KSE-AntiSpam-Version: 4.3.6, 4/4/2013 11:46:08 AM
X-KSE-AntiSpam-Status: Spam
X-KSE-AntiSpam-Method: content [main]
X-KSE-AntiSpam-Rate: 100
X-KSE-AntiSpam-Info: Profiles 44545 [Apr 04 2013]
X-KSE-AntiSpam-Info: Version: 4.3.6 (May 28 2010 16:29:44)
X-KSE-AntiSpam-Info: Envelope from: barrister_edwards_jeff@yah
X-KSE-AntiSpam-Info: Plgs-Versions: 1.4.3.5, 2.4.3.6, 3.4.3.3, 4.4.3.3,
8.4.3.3, 16.4.3.6
X-KSE-AntiSpam-Info: {MSGID: Forged Outlook Express}
X-KSE-AntiSpam-Info: {OE without X-MimeOLE}
X-KSE-AntiSpam-Info: {Advanced Mass Sender X-Mailer}
X-KSE-AntiSpam-Info: {Content: Spam}
X-KSE-AntiSpam-Info: Rate: 100
X-KSE-AntiSpam-Info: Status: spam
X-KSE-AntiSpam-Info: Method: content [main]
X-KSE-AntiSpam-Info: DBG v.5. 2910, 1658. R:128,1,128,5,128,128,2,12
X-KSE-Antivirus-Intercepto
X-KSE-Antivirus-Info: Clean
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
OK - we only have Kapersky AV installed and I don't see any Kapersky plug-in in outlook. So I am confused, but now I know where to look.
ASKER
I just found that someone installed Kapersky Security for MS exchange servers on the exchange server - so yes it is Kapersky - Thanks again for showing me that the headers give this info.
-Bonnie
-Bonnie
No problem, glad you found the answer to your problem :-)