|
|
Posted by Andy Hassall on 12/16/06 17:15
On Sat, 16 Dec 2006 07:47:19 -0800, "Vic Spainhower" <vic@showsec.com> wrote:
>OK - If the reason is in the headers, I'm not seeing it. Can you interpret?
>
>
>Received: from source ([69.89.20.36]) by exprod5mx127.postini.com
>([64.18.4.10]) with SMTP;
> Sat, 16 Dec 2006 10:46:57 EST
>Received: (qmail 29613 invoked by uid 0); 16 Dec 2006 15:46:57 -0000
>Received: from unknown (HELO box89.bluehost.com) (70.103.189.89)
> by mailproxy3.bluehost.com with SMTP; 16 Dec 2006 15:46:57 -0000
>Received: from localhost ([127.0.0.1] helo=box89.bluehost.com)
> by box89.bluehost.com with esmtp (Exim 4.52)
> id 1GvbkW-0003Qf-QZ; Sat, 16 Dec 2006 08:46:56 -0700
>X-Originating-IP: [24.20.73.160]
Originating IP is a dynamic Comcast ISP address and listed in (at least) the
SORBS and SPEWS spam blackhole lists, which is not likely to help.
>Date: Sat, 16 Dec 2006 08:46:55 -0700
>To: v.. at showsec.com, v.. at showsec.com, kspainho... at hotmail.com
Presumably these aren't quite the real headers, then? They've been edited.
>Subject: Entry Created: This is another test
>From: secre.. at showmyhorse.com
>X-Mailer: PHP/4.4.4
>MIME-Version: 1.0
>Content-Type: text; charset=utf-8
>Content-Transfer-Encoding: 8bit
>X-Identified-User: {640:box89.bluehost.com:pointkee:pointkeeper.net}
>{sentby:program running on server}
>X-pstn-levels: (S: 1.61242/99.87241 R:95.9108 P:95.9108 M:97.0282
>C:98.6951 )
That's the "Postini" spam filter, which I hadn't heard of before.
http://spam.acm.org/public/filters/faq/postini_transf1.html
http://www.postini.com/
For each of the categories, a score of 100 is "clean", so it's scoring very
low on all of them. According to the first page above it takes a score of 85 or
below to trigger these categories as spam.
>X-pstn-settings: 5 (2.0000:2.0000) s gt3 gt2 gt1 r p m c
Apparently the "5" indicates the user has set "most aggressive" spam filtering
levels, and that it didn't match any of the rules (as they're all in
lowercase).
But you'll have to find someone who knows about Postini to do any more
interpretation of the headers.
What headers and content did you actually send?
--
Andy Hassall :: andy@andyh.co.uk :: http://www.andyh.co.uk
http://www.andyhsoftware.co.uk/space :: disk and FTP usage analysis tool
Navigation:
[Reply to this message]
|