Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 18 replies
  • Subscribers 1 subscriber
  • Views 24210 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

why? rejected: Spam (Confirmed)

JasonIstre
Our appliance is rejecting email from 209.85.214.170.  It shows in mail manager as simply "rejected: Spam (confirmed)".

We are using the recommended blacklist checkbox, with additional servers specified as zen.spamhaus.org and b.barracudacentral.org.

I checked that IP against blacklists and cant find it listed. 

any ideas?


This thread was automatically locked due to age.
Parents
  • 0
    rejected after DATA

    So, I think that means it got past the RBL testing and such.  There could have been a brief period where CommTouch thought that those IPs had bad reputations, but it seems more likly that the "pattern" of the header, including the originating IP, and content matched that of known spam.  I think that's what the RefID refers to in the following line: 

    2012:07:06-11:30:39 ex01 exim-in[11238]: 2012-07-06 11:30:39 1SnBQU-0002vG-2A ctasd reports 'Confirmed' RefID:str=0001.0A090203.4FF712AF.0011,ss=4,re=0.00 0,vtr=str,vl=0,fgs=0


    If you know that the messages shouldn't have been rejected (a false positive), then this is a whole different kettle of fish!

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0
    rejected after DATA

    So, I think that means it got past the RBL testing and such.  There could have been a brief period where CommTouch thought that those IPs had bad reputations, but it seems more likly that the "pattern" of the header, including the originating IP, and content matched that of known spam.  I think that's what the RefID refers to in the following line: 

    2012:07:06-11:30:39 ex01 exim-in[11238]: 2012-07-06 11:30:39 1SnBQU-0002vG-2A ctasd reports 'Confirmed' RefID:str=0001.0A090203.4FF712AF.0011,ss=4,re=0.00 0,vtr=str,vl=0,fgs=0


    If you know that the messages shouldn't have been rejected (a false positive), then this is a whole different kettle of fish!

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • 0 in reply to BAlfson
    Yes, it's legitimate emails from a company that we haven't worked with before.  A couple from one of there employees came through, but all others from the other two senders at the company (coming from the same google servers) are still being blocked.  The only thing I can do is create an exemption for spam checking.  

    I'd like to be able to tell them why, or how to fix on their side.
Unfiltered HTML