NDRs marked as spam

Discussion:

NDRs marked as spam

Jerry Benton

2014-05-09 16:59:15 UTC

Has anyone seen NDRs getting marked as spam without even being scanned by
SA? I am seeing the behavior and am assuming it is a MailScanner thing
since the message never seems to pass through SA.

I am assuming the null sender is triggering it.

--
--
Jerry Benton
Mailborder Systems
www.mailborder.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20140509/f88f239f/attachment.html

Jeremy McSpadden

2014-05-09 18:21:53 UTC

Permalink

IP found on an RBL at MTA time ?

--
Jeremy McSpadden
Flux Labs | http://www.fluxlabs.net | Endless Solutions
Office : 850-250-5590x501<tel:850-250-5590;501> | Cell : 850-890-2543<tel:850-890-2543> | Fax : 850-254-2955<tel:850-254-2955>

On Fri, May 9, 2014 at 10:06 AM -0700, "Jerry Benton" <jerry.benton at mailborder.com<mailto:jerry.benton at mailborder.com>> wrote:

Has anyone seen NDRs getting marked as spam without even being scanned by SA? I am seeing the behavior and am assuming it is a MailScanner thing since the message never seems to pass through SA.

I am assuming the null sender is triggering it.

--

--
Jerry Benton
Mailborder Systems
www.mailborder.com<http://www.mailborder.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20140509/084841fd/attachment.html

Jerry Benton

2014-05-09 19:08:55 UTC

Permalink

No, this happens from internal servers relaying emails outbound. The
MTA is not performing any ip related checks, but I will review in case I
missed something.

Post by Jeremy McSpadden
IP found on an RBL at MTA time ?
--
Jeremy McSpadden
Flux Labs | http://www.fluxlabs.net | Endless Solutions
Office : 850-250-5590x501 <tel:850-250-5590;501> | Cell : 850-890-2543
<tel:850-890-2543> | Fax : 850-254-2955 <tel:850-254-2955>
On Fri, May 9, 2014 at 10:06 AM -0700, "Jerry Benton"
Has anyone seen NDRs getting marked as spam without even being scanned
by SA? I am seeing the behavior and am assuming it is a MailScanner
thing since the message never seems to pass through SA.
I am assuming the null sender is triggering it.
--
--
Jerry Benton
Mailborder Systems
www.mailborder.com <http://www.mailborder.com>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20140509/78105a10/attachment.html

Martin Hepworth

2014-05-09 20:08:10 UTC

Permalink

So what do the logs say about it?
Are you signing the headers outbound or not?
--
Martin Hepworth, CISSP
Oxford, UK

No, this happens from internal servers relaying emails outbound. The MTA
is not performing any ip related checks, but I will review in case I missed
something.
IP found on an RBL at MTA time ?
--
Jeremy McSpadden
Flux Labs | http://www.fluxlabs.net | Endless Solutions
Office : 850-250-5590x501 <850-250-5590;501> | Cell : 850-890-2543 | Fax
: 850-254-2955
On Fri, May 9, 2014 at 10:06 AM -0700, "Jerry Benton" <
Has anyone seen NDRs getting marked as spam without even being scanned
by SA? I am seeing the behavior and am assuming it is a MailScanner thing
since the message never seems to pass through SA.
I am assuming the null sender is triggering it.
--
--
Jerry Benton
Mailborder Systems
www.mailborder.com
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20140509/5019af6c/attachment.html

Jerry Benton

2014-05-09 20:54:13 UTC

Permalink

I am setting up some testing in the lab now. I was just curious if there
was some low hanging fruit that someone knew about.

Post by Martin Hepworth
So what do the logs say about it?
Are you signing the headers outbound or not?
--
Martin Hepworth, CISSP
Oxford, UK
On 9 May 2014 20:08, Jerry Benton <jerry.benton at mailborder.com
No, this happens from internal servers relaying emails outbound.
The MTA is not performing any ip related checks, but I will review
in case I missed something.

Post by Jeremy McSpadden
IP found on an RBL at MTA time ?
--
Jeremy McSpadden
Flux Labs | http://www.fluxlabs.net | Endless Solutions
850-890-2543 <tel:850-890-2543> | Fax : 850-254-2955
<tel:850-254-2955>
On Fri, May 9, 2014 at 10:06 AM -0700, "Jerry Benton"
<jerry.benton at mailborder.com
Has anyone seen NDRs getting marked as spam without even being
scanned by SA? I am seeing the behavior and am assuming it is a
MailScanner thing since the message never seems to pass through SA.
I am assuming the null sender is triggering it.
--
--
Jerry Benton
Mailborder Systems
www.mailborder.com <http://www.mailborder.com>

--
MailScanner mailing list
mailscanner at lists.mailscanner.info
<mailto:mailscanner at lists.mailscanner.info>
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20140509/12fbbf8a/attachment.html

Jerry Benton

2014-05-09 21:45:24 UTC

Permalink

It was the watermarking. Watermarks + null sender = spam.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20140509/4e073c5d/attachment.html

Glenn Steen

2014-05-22 08:41:38 UTC

Permalink

.... Unless the "watermark" survives in the NDR, yes, that is as expected.
I suppose you've actively set the watermarking stuff? If so, there's really
not much to do, other than perhaps reevaluate wether you really want the
watermak thingy or not.

Cheers!

Post by Jerry Benton
It was the watermarking. Watermarks + null sender = spam.
So what do the logs say about it?
Are you signing the headers outbound or not?
--
Martin Hepworth, CISSP
Oxford, UK

Post by Jerry Benton
No, this happens from internal servers relaying emails outbound. The
MTA is not performing any ip related checks, but I will review in case I
missed something.
IP found on an RBL at MTA time ?
--
Jeremy McSpadden
Flux Labs | http://www.fluxlabs.net | Endless Solutions
Office : 850-250-5590x501 <850-250-5590;501> | Cell : 850-890-2543 | Fax
: 850-254-2955
On Fri, May 9, 2014 at 10:06 AM -0700, "Jerry Benton" <
Has anyone seen NDRs getting marked as spam without even being scanned
by SA? I am seeing the behavior and am assuming it is a MailScanner thing
since the message never seems to pass through SA.
I am assuming the null sender is triggering it.
--
--
Jerry Benton
Mailborder Systems
www.mailborder.com
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!

--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!

--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20140522/013e3989/attachment.html