Solved

Can't tell what device/program is tagging our email as spam

Posted on 2013-07-02
6
706 Views
Last Modified: 2013-11-22
Hello,

We are using a Watchguard Firebox.  We are also using an exchange 2007 server.

Anti-spam is all disabled on the exchange server.

Our watchguard has a whitelist and if a domain is in the whitelist, the email should pass through untagged.

However, a lot of email is tagged [!!Spam] or [!!Blacklisted]

I am not sure what is adding those tags.  Looks like it is not Exchange and the firebox literature says it uses different tags.  Also, when I look at the specific email that is in the whitelist, the log says it is to pass through due to whitelist status.

We are also runnig Kapersky anti-virus.  

Can't figure out what is adding these tags...

THanks,
Bonnie
0
Comment
Question by:Bonnie_K
  • 3
  • 3
6 Comments
 
LVL 25

Expert Comment

by:Zephyr ICT
ID: 39293074
Do you have an example mail header that includes these tags?
0
 

Author Comment

by:Bonnie_K
ID: 39293082
Yes -

Received: from server1.keene-kelly.local (89.242.6.252) by
 remote.ourdomain.com (192.168.1.3) with Microsoft SMTP Server id
 8.1.240.5; Wed, 3 Apr 2013 23:58:12 -0400
Received: from User ([69.198.53.210]) by server1.keene-kelly.local with
 Microsoft SMTPSVC(6.0.3790.4675);       Thu, 28 Mar 2013 13:38:53 +0000
Reply-To: <barrister_e_f@yahoo.com.hk>
From: Jeff <barrister_edwards_jeff@yahoo.com.hk>
Subject: [!!Spam]The Charity Project
Date: Thu, 28 Mar 2013 08:23:10 -0500
MIME-Version: 1.0
Content-Type: text/plain; charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
BCC:
Message-ID: <SERVER11JXDvCeqTPca0000164f@server1.keene-kelly.local>
X-WatchGuard-IPS: message checked
X-WatchGuard-Spam-ID: str=0001.0A020203.515CFA55.0014,ss=1,fgs=0
X-WatchGuard-Spam-Score: 0, clean; 0, no virus
X-WatchGuard-Mail-Client-IP: 89.242.6.252
X-WatchGuard-Mail-From: barrister_edwards_jeff@yahoo.com.hk
X-WatchGuard-AntiVirus: part scanned. clean action=allow
Return-Path: barrister_edwards_jeff@yahoo.com.hk
X-MS-Exchange-Organization-SCL: 9
X-KSE-AntiSpam-Interceptor-Info: scan successful
X-KSE-AntiSpam-Version: 4.3.6, 4/4/2013 11:46:08 AM
X-KSE-AntiSpam-Status: Spam
X-KSE-AntiSpam-Method: content [main]
X-KSE-AntiSpam-Rate: 100
X-KSE-AntiSpam-Info: Profiles 44545 [Apr 04 2013]
X-KSE-AntiSpam-Info: Version: 4.3.6 (May 28 2010 16:29:44)
X-KSE-AntiSpam-Info: Envelope from: barrister_edwards_jeff@yahoo.com.hk
X-KSE-AntiSpam-Info: Plgs-Versions: 1.4.3.5, 2.4.3.6, 3.4.3.3, 4.4.3.3,
 8.4.3.3, 16.4.3.6
X-KSE-AntiSpam-Info: {MSGID: Forged Outlook Express}
X-KSE-AntiSpam-Info: {OE without X-MimeOLE}
X-KSE-AntiSpam-Info: {Advanced Mass Sender X-Mailer}
X-KSE-AntiSpam-Info: {Content: Spam}
X-KSE-AntiSpam-Info: Rate: 100
X-KSE-AntiSpam-Info: Status: spam
X-KSE-AntiSpam-Info: Method: content [main]
X-KSE-AntiSpam-Info: DBG v.5. 2910, 1658. R:128,1,128,5,128,128,2,128,0.
X-KSE-Antivirus-Interceptor-Info: scan successful
X-KSE-Antivirus-Info: Clean
0
 
LVL 25

Accepted Solution

by:
Zephyr ICT earned 500 total points
ID: 39293085
X-KSE-AntiSpam = Kaspersky Antispam, so that's probably your culprit ...
0
Live: Real-Time Solutions, Start Here

Receive instant 1:1 support from technology experts, using our real-time conversation and whiteboard interface. Your first 5 minutes are always free.

 

Author Comment

by:Bonnie_K
ID: 39293121
OK - we only have Kapersky AV installed and I don't see any Kapersky plug-in in outlook.  So I am confused, but now I know where to look.
0
 

Author Comment

by:Bonnie_K
ID: 39293130
I just found that someone installed Kapersky Security for MS exchange servers on the exchange server - so yes it is Kapersky - Thanks again for showing me that the headers give this info.

-Bonnie
0
 
LVL 25

Expert Comment

by:Zephyr ICT
ID: 39293208
No problem, glad you found the answer to your problem :-)
0

Featured Post

Courses: Start Training Online With Pros, Today

Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Are you having trouble connecting or getting your iPhone / Samsung device(s) to sync with Microsoft Exchange Server?   What have you tried?   What haven't you tried?
Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

786 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question