1 Reply Latest reply: Apr 15, 2014 7:02 AM by Brad McGarr RSS

    Unsure if some messages are being filtered


      There are quite a few spam messages getting through that don't include the "X-Spam" line in the headers, so I was hoping someone could take a look and let me know if it actually went through the McAfee system or not. Our firewall is locked down to McAfee's IP addresses and you can see that it was received through their servers, but according to McAfee's KB article it must contain the X-Spam line or else something is wrong. That part has me a bit confused, so any help would be appreciated.





      Received: from p01c11m023.mxlogic.net ( by mail.mydomain.com

      (InternalIP) with Microsoft SMTP Server (TLS) id 14.2.347.0; Fri, 11 Apr

      2014 07:30:31 -0500

      Received: from unknown [SpammySendersIP]          by

      p01c11m023.mxlogic.net(mxl_mta-8.0.0-0)          with SMTP id

      660e7435.0.639317.00-2133.910158.p01c11m023.mxlogic.net (envelope-from

      <SpammySender@fakedomain.com>);          Fri, 11 Apr 2014 06:30:30 -0600 (MDT)

      From: =?utf-8?B?RNGWc2NvdW50ZWQg0KLRlnJlcw==?= <SpammySender@fakedomain.com>

      To: My User <MyUser@MyDomain.com>

      Subject: =?utf-8?B?zp1lZWQgzp1ldyDQotGWcmVzPyBHZXQg0KJoZSDQkmVzdCBEZWFscyBPbiBH?=


      Thread-Topic: =?utf-8?B?zp1lZWQgzp1ldyDQotGWcmVzPyBHZXQg0KJoZSDQkmVzdCBEZWFscyBPbiBH?=


      Thread-Index: AQHPVYHU5Oo11yF0VkiDPrfmBSd5gQ==

      Date: Fri, 11 Apr 2014 12:15:23 +0000

      Message-ID: <4.5.370.7SUEICZO7@F0090.fakedomain.com>

      Content-Language: en-US

      X-MS-Exchange-Organization-AuthSource: MyInternalServer.local

      X-MS-Has-Attach: yes


      received-spf: SoftFail (p01c11m023.mxlogic.net: transitioning domain of

      fakedomain.com does not designate SpammySendersIP as permitted sender)

      x-mail-from: <SpammySender@fakedomain.com>

      Content-Type: multipart/related;



      MIME-Version: 1.0

        • 1. Re: Unsure if some messages are being filtered
          Brad McGarr

          Hi sfcanderson,


          This received by line confirms the message went through the SaaS filter:

          p01c11m023.mxlogic.net(mxl_mta-8.0.0-0)          with SMTP id



          Some servers can be configured to remove extreneous x- lines (I had a similar misconfiguration on my postfix server, and it took a while to figure out the issue).