spamassassin-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kevin A. McGrail" <KMcGr...@PCCC.com>
Subject Re: Big problems with senders who use Microsoft Bigfish (a.k.a. FrontBridge)
Date Wed, 14 Aug 2013 14:11:20 GMT
On 8/14/2013 9:49 AM, Nigel Smith wrote:
> Hi,
>
> SpamAssassin version 3.3.2
>   running on Perl version 5.14.2
> 3.2.0-49-generic #75-Ubuntu SMP Tue Jun 18 17:39:32 UTC 2013 x86_64 
> x86_64 x86_64 GNU/Linux
> (ubuntu 12.04LTS)
>
>
> I'm having some major problems at the moment with people who send mail 
> via their corporate email platforms hosted on Microsoft's Bigfish 
> (a.ka. FrontBridge, or whatever they're choosing to call it today !).
>
> The problem seems to be a conflict something in one of the headers 
> Microsoft add :
>
> X-Forefront-Antispam-Report-Untrusted: 
> SFV:NSPM;SFS:(24454002)(377454003)(51704005)(199002)(189002)(16406001)(54356001)(69226001)(74876001)(79102001)(4396001)(81542001)(49866001)(47736001)(47446002)(31966008)(74662001)(74502001)(81342001)(76482001)(80976001)(56776001)(54316002)(53806001)(74706001)(77096001)(56816003)(66066001)(80022001)(65816001)(77982001)(59766001)(74366001)(51856001)(46102001)(36756003)(63696002)(50986001)(47976001)(19580395003)(19580405001)(83072001)(76796001)(83322001)(33656001)(76786001)(81686001)(81816001);DIR:OUT;SFP:;SCL:1;SRVR:BLUPR03MB003;H:BLUPR03MB001.namprd03.prod.outlook.com;CLIP:10.10.114.156;RD:InfoNoRecords;A:1;MX:1;LANG:en;
> x-originating-ip: [10.10.114.156]
> X-MS-Exchange-CrossPremises-originalclientipaddress: 10.10.114.156
>
> And one of my SA rules :
> # Locally hosted Spamhaus
> score __RCVD_IN_ZEN   0
> header ITS_RCVD_IN_ZEN            eval:check_rbl('zen', 'zen.dnsbl.')
> describe ITS_RCVD_IN_ZEN          Received via a relay in Spamhaus Zen
> tflags ITS_RCVD_IN_ZEN            net
> reuse  ITS_RCVD_IN_ZEN
> score ITS_RCVD_IN_ZEN         30.0
>
>
> This triggers :
>  *   30 ITS_RCVD_IN_ZEN RBL: Received via a relay in Spamhaus Zen
>  *  [10.10.114.156 listed in zen.dnsbl]
>
>
> The only place that IP can be found (i.e. cat spam-97InS+5ooirt | grep 
> "10.10.114.156") is in the three headers above.  The rcvd lines do not 
> match.
10.X is a private network.  Why is Zen listing it?

Have you checked that IP on the real Zen listing and not on your cached 
server?

regards,
KAM

Mime
View raw message