On Thu, 2 Sep 2010, Emin Akbulut wrote:
Good. My test mail headers rejected here: : P
It's best to post sample messages to a site like pastebin, and then just
post the URL for that here. A sample sent to the mailing list will, as
you've seen, be subject to scanning and rejection, as well as subject to
modification by any host it passes through, making it more difficult to
trust as the basis for analysis.
*I try again:*
There is no second MTA/SMTP server. Imagine 3 machines
in my environment: 1. Mail client, 2: Mail server 3: SA server.
Test message is OUTGOING message, I'm authenticated user.
That's the second possible scenario I was wondering about, but I did not
want to complicate my original question too much.
You are scanning outbound email. That detail may not have been clear in
the original posts.
Someone else with experience scanning outbound mail may have more
suggestions to offer, as I do not scan outbound mail and don't have
experience with all of the gotchas.
The only HELO command sender is my mail client and it's not
a relay server, huh?
No, but from the point of view of the SMTP exchange there isn't any
explicit distinction between an originator of a message and an
intermediate relay.
A quick note before all my commentary: setting your mail client(s) to use
a fully-qualified domain name as the HELO string would fix the problem.
Doing this in Outlook might require changing the network name of your
computer. I don't use Outlook so I can't offer exact instructions.
On to the commentary...
Is the IP address below modified by you in any way to protect privacy? If
not, then that's a public Internet IP address. Not seeing a reserved
network there makes me assume your mail client is not on a private subnet
on the private side of your MTA. Some of my comments will be based on that
assumption, I apologize if I am in error.
From the headers that it appears you are not using authenticated SMTP. You
should be. That would greatly help SA figure things out when the mail
clients you're serving are on the public Internet.
Since you are not using authenticated SMTP, you are not an "authenticated
user" as you claimed to be above. What exactly makes you an "authenticated
user"?
To check my assumption: is your mail client actually on a private subnet
under your control, or is it directly connected to the Internet somewhere
else and getting an IP address you cannot control or predict?
If the clients are on a private subnet under your control, you can tell SA
that their subnet is "internal", you can tell your MTA to not pass
outbound messages to SA (based on the IP address), or you write an
offsetting rule that matches locally-originated email (based on the IP
address in a Received: header) and adds some negative points to the score.
(Side question: if your mail clients _are_ on a privately-controlled
subnetwork, why didn't you use one of the network address spaces reserved
for that purpose?)
Original test message headers:
Received: from ea2 ([78.186.240.194]) by izsmmmo.com with MailEnable ESMTP;
Wed, 1 Sep 2010 15:30:15 +0300
Message-ID: <e9bfbdbd61f044c288b222e857ff6...@ea2>
From: <emin.akbu...@izsmmmo.com>
To: <eminakbu...@gmail.com>
Subject: HELO_NO_DOMAIN test
Date: Wed, 1 Sep 2010 15:23:20 +0300
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0003_01CB49E9.9C0B6070"
X-Priority: 3
X-MSMail-Priority: Normal
Importance: Normal
X-Mailer: Microsoft Windows Live Mail 14.0.8117.416
X-MimeOLE: Produced By Microsoft MimeOLE V14.0.8117.416
Bu, MIME bi??iminde ??ok tarafl?? bir iletidir.
------=_NextPart_000_0003_01CB49E9.9C0B6070
Content-Type: text/plain;
charset="iso-8859-9"
Content-Transfer-Encoding: quoted-printable
XJS*C4JDBQADN1.NSBN3*2IDNEN*@@@@@@@GTUBE@
@@-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X
------=_NextPart_000_0003_01CB49E9.9C0B6070
Content-Type: text/html;
charset="iso-8859-9"
Content-Transfer-Encoding: quoted-printable
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Therapeutic Phrenologist - send email for affordable rate schedule.
-----------------------------------------------------------------------
15 days until the 223rd anniversary of the signing of the U.S. Constitution
