8 Replies Latest reply: Dec 3, 2013 2:15 AM by Aidan RSS

    MSME not scanning emails on occasion

    resourcegroup

      We have recently upgraded from Groupshiled 7.0.2 to MSME8, in order to be more in line with the newest updates, and because 7.6 wouldn't play ball

       

      The transition has been fine, and apart from a minor glitch when upgrading to Exhchage SP3, for which a hot fix was available, this has all gone fine.

       

      However, we are runnining into issues in certain cases with emails which are not being scanned by our Anti Spam agent. The system was letting through emails on occasion, with no idication why, so we configured MSME to add a spam report to all emails. This has led us to the conclusion that some emails are not hitting the filter.

       

      An example of two email headers, both through the same server; The first legitimate, the second an email which clearly should have been filtered, and which copies off have been

       

      Received: from by

      with Microsoft SMTP Server (TLS) id

      14.3.123.3; Tue, 9 Apr 2013 23:40:59 +0100

      Received: from  by  with Microsoft SMTP Server (TLS) id 14.3.123.3; Tue, 9 Apr 2013

      23:40:57 +0100

      DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=1and1.co.uk;

          s=global1; t=1365547135; i=billing@1and1.co.uk; bh=EZp8vLIYKJllynpN

          5t43nYcFFd/3AE/aaitxmSm/Mc0=; h=MIME-Version:From:Subject:To:

           Content-Type:Content-Transfer-Encoding:Message-Id:Date; b=GB8fMQYS

          OhNztHOjBf8st8oYd7Qfq1sSbpg4hWXnf/EyvUgmsjIvSznRVgb2XM3pmBe30X57RbY

          ITVm9tXCNfkZMNBN+NYlYYuoF2WjJCyDdnPss5OY0Bl7oRaPbpD7P3bC+ANgXn/bW8z

          XXwPLaunuWJNzClYCkPNU2pPNZ5Bc=

      Received: from omsmail (streamserve3.mt.einsundeins.de [172.19.7.103])    by

      (node=mbulk0) with ESMTP (Nemesis)    id

      0LrMKX-1UZYYd1WhA-013hyy; Wed, 10 Apr 2013 00:38:55 +0200

      MIME-Version: 1.0

      From:

      Subject: Please update your payment details

      To:

      X-Message-ID: 89492489688122046#2

      Content-Type: text/plain; charset="iso-8859-1"

      Content-Transfer-Encoding: quoted-printable

      Message-ID:

      Date: Wed, 10 Apr 2013 00:38:55 +0200

      X-Provags-ID: V02:K0:v8MXmLauG1lRzdKkMLXJ++3oeazuovkHu9FE0ygBOTT

      lp7GTRh7qt6bGKe7EqHnQWjJ7xJyrN9CmcIeQiquQbuk5o2p2g

      JMWFTsyDMivm9V1ge894gIeOjKeA/xU1xf4Kc970wyzCsjAuk/

      rWPc8/L5r8MnCpMYzo1iCKEeg1TA0+JDYWJbLiCeYnlqzlHiXU

      m3rBotApi4THtLwG3WY4Qx+H7RYmj4iyu9J4InMNmwqMzhbxXf

      qR+HQ8SYeLSBOSospB+m8Aqa1GpqlL3tAmgFZHRNMo/PVcce+C

      FDiO9u1mqnvqo8syjXVWvLN3ctTVFnv6+vVv4eNmVa3kFulgQ=

      =

      Return-Path: 89492489688122046.2.2131162278@bounce.unitedinternet.com

      X-NAI-Spam-Flag: NO

      X-NAI-Spam-Level: **

      X-NAI-Spam-Threshold: 5

      X-NAI-Spam-Score: 2.7

      X-NAI-Spam-Rules: 4 Rules triggered

          MID_AT_DLCD_DOM=1.5, MSGID_CAMEL_22=1, GEN_SPAM_FEATRE=0.2, RV4544=0

      X-NAI-Spam-Version: 2.2.0.9309 : core <4544> : streams <937945> : uri

      <1389573>

      X-MS-Exchange-Organization-SCL: 2

      X-Auto-Response-Suppress: DR, OOF, AutoReply

      X-MS-Exchange-Organization-AVStamp-Mailbox: NAI;54071558;0;novirus

      X-MS-Exchange-Organization-AuthSource:

      X-MS-Exchange-Organization-AuthAs: Anonymous

       

       

      Received: from  by

        with Microsoft SMTP Server (TLS) id

      14.3.123.3; Wed, 10 Apr 2013 10:28:21 +0100

      Received: from HSI-KBW-046-005-063-122.hsi8.kabel-badenwuerttemberg.de

      (46.5.63.122) by with Microsoft SMTP

      Server id 14.3.123.3; Wed, 10 Apr 2013 10:28:20 +0100

      Message-ID: <20130410112616.96B26A91A5DB32E05839.8A425@HSI-KBW-046-005-063-122.hsi8.kabel-bad enwuerttemberg.de>

      Date: Wed, 10 Apr 2013 11:26:16 +0200

      From: e-Dating Online <6AFA1F3DBD@aisucairo.com>

      To:

      Subject: bob, you have 5 new notifications!

      List-Unsubscribe: <mailto:921A01E2B4264D3E4@agroferloja.com.br>

      MIME-Version: 1.0

      Content-Type: text/html; charset="iso-8859-1"; format=flowed

      Content-Transfer-Encoding: 8bit

      Return-Path: 6AFA1F3DBD@aisucairo.com

      X-MS-Exchange-Organization-AVStamp-Mailbox: NAI;54071558;0;novirus

      X-MS-Exchange-Organization-AuthSource:

      X-MS-Exchange-Organization-AuthAs: Anonymous

       

       

      Even if this wasn't picked up as spam, as is sometimes the case, this email hasn't even been looked at. Has anyone else come accross this?

       

      MSME Details

      Product NameMcAfee Security for Microsoft Exchange
      Product Version8.0.7905.119
      Service PackNone
      HotfixesHF840437
      Buffer Overflow ProtectionNot Applicable