cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Please post evidence of postini false positives here

terminal
Grafter
Posts: 75
Registered: ‎30-07-2007

Re: Please post evidence of postini false positives here

‎19-01-2008 11:34 AM

this is getting tedious ..
Quote
Envelope-to: me@domain.plus.com
Delivery-date: Sat, 19 Jan 2008 11:03:52 +0000
Received: from exprod5mx247.postini.com ([64.18.0.167] helo=psmtp.com)
    by pih-sunmxcore14.plus.net with smtp (PlusNet MXCore v2.00) id 1JGBUM-0007Xb-Np
    for me@domain.plus.com; Sat, 19 Jan 2008 11:03:51 +0000
Received: from source ([198.31.62.177]) by exprod5mx247.postini.com ([64.18.4.11]) with SMTP;
    Sat, 19 Jan 2008 03:03:47 PST
Date: Sat, 19 Jan 2008 06:03:47 -0500 (EST)
Message-Id: <Kilauea102747-12877-214554198-1-1011@flonetwork.com>
From: "Tesco.com" <Online@mailingdotd.tesco.com>
Reply-To: "Tesco.com " <Online-ctg0aeb7gaabsfnqzsowkzdzdwitaala@mailingdotd.tesco.com>
To: me@domain.plus.com
Subject: [-SPAM-] Saturday's Deal - 4 weeks free when you join Tesco Diets today!
MIME-Version: 1.0
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-pstn-levels: (S: 0.00000/96.61697 R:95.9108 P:95.9108 M:95.5423 C:51.8443 )
X-pstn-settings: 1 (0.1500:0.1500) gt3 gt2 gt1 r p m C
X-pstn-addresses: from <Online@mailingdotd.tesco.com> [18/1]
X-pn-pstn: Spam 1
X-PN-Spam-Filtered: by PlusNet MXCore (v3.00)
Message 106 of 332
(948 Views)
0 Thanks
terminal
Grafter
Posts: 75
Registered: ‎30-07-2007

Re: Please post evidence of postini false positives here

‎19-01-2008 11:51 AM

zzzzzzzzzzzzzzzzzzzzzz.  they are arriving faster than I can post them.
I thought postini was supposed to be trialled?  why has it been rolled out to everyone before it has been made fit for purpose and all the niggles ironed out?
Quote
Envelope-to: me@domain.plus.com
Delivery-date: Sat, 19 Jan 2008 11:43:53 +0000
Received: from exprod5mx241.postini.com ([64.18.0.161] helo=psmtp.com)
    by pih-sunmxcore09.plus.net with smtp (PlusNet MXCore v2.00) id 1JGC76-0000Nn-75
    for me@domain.plus.com; Sat, 19 Jan 2008 11:43:53 +0000
Received: from source ([213.221.172.234]) (using TLSv1) by exprod5mx241.postini.com ([64.18.4.11]) with SMTP;
    Sat, 19 Jan 2008 06:43:48 EST
Received: from [213.221.181.110] (helo=update.game.co.uk)
    by gm-th-lin-03.game.net with esmtp (Exim 4.66)
    (envelope-from <update@team.game.co.uk>)
    id 1JG50A-0007jB-Tc
    for me@domain.plus.com; Sat, 19 Jan 2008 04:08:15 +0000
Received: from mail pickup service by update.game.co.uk with Microsoft SMTPSVC;
    Sat, 19 Jan 2008 04:08:07 +0000
To: me@domain.plus.com
Content-Transfer-Encoding: Quoted-Printable
Subject: [-SPAM-] GAME: And the Game of the Year for 2007 is...
X-Priority: 3
X-Mailer: JMail.NET 1.0.0 Professional Version by Dimac
MIME-Version: 1.0
From: update@team.game.co.uk
Content-Type: text/html; charset=us-ascii
Date: Fri, 18 Jan 2008 17:27:44 +0000
Message-ID: <GM-TH-STR-01g5s5hDo008d855c@update.game.co.uk>
X-OriginalArrivalTime: 19 Jan 2008 04:08:07.0354 (UTC) FILETIME=[E57431A0:01C85A50]
X-Virus-Scan: gm-th-lin-03.game.net virus scan clean.
X-pstn-neptune: 1/1/1.00/89
X-pstn-levels: (S: 0.04167/98.81679 R:95.9108 P:95.9108 M:97.0282 C:98.6951 )
X-pstn-settings: 1 (0.1500:0.1500) gt3 gt2 gt1 r p m c
X-pstn-addresses: from <update@team.game.co.uk> [18/1]
X-pn-pstn: Spam 1
X-PN-Spam-Filtered: by PlusNet MXCore (v3.00)
       
Message 107 of 332
(948 Views)
0 Thanks
avisoft
Grafter
Posts: 45
Registered: ‎23-08-2007

Re: Please post evidence of postini false positives here

‎19-01-2008 1:03 PM

My daily log from my Netgear router which it sends to me has been marked as SPAM since the beginning of December. Initially by DSPAM (even after each one was sent to try to train it!). I had hoped that Postini would fix it, but no ...
Envelope-to: router@**********.f9.co.uk
Delivery-date: Fri, 18 Jan 2008 01:00:05 +0000
Received: from exprod5mx232.postini.com ([64.18.0.118] helo=psmtp.com)
  by pih-sunmxcore18.plus.net with smtp (PlusNet MXCore v2.00) id 1JFfaW-00035i-II
  for router@**********.f9.co.uk; Fri, 18 Jan 2008 01:00:05 +0000
Received: from source ([212.159.14.212]) (using TLSv1) by exprod5mx232.postini.com ([64.18.4.13]) with SMTP;
Thu, 17 Jan 2008 20:00:01 EST
Received: from [84.92.10.153] (helo=unknown)
by ptb-relay01.plus.net with smtp (Exim) id 1JFfaS-0002pt-91
for router@**********.f9.co.uk; Fri, 18 Jan 2008 01:00:00 +0000
Date: Fri,18 Jan 2008 01:00:00 -0000
From: router@**********.f9.co.uk
Subject: [-SPAM-] NETGEAR Security Log [49:1c:47]
To: router@**********.f9.co.uk
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
X-pstn-neptune: 2/2/1.00/89
X-pstn-levels:    (S: 0.05993/98.98137 R:95.9108 P:95.9108 M:97.0282 C:98.6951 )
X-pstn-settings: 1 (0.1500:0.1500) gt3 gt2 gt1 r p m c
X-pstn-addresses: from <router@**********.f9.co.uk> forward (user good) [17/1]
Message-ID: <E1JFfaW-00035i-II@pih-sunmxcore18.plus.net>
X-pn-pstn: Spam 1
X-PN-VirusFiltered: by PlusNet MXCore (v4.00)
(sorry, cannot see how to insert quotes!)
The Spam Protection Guide page still says false Spam should be sent to notspam@despamchecker.plus.com Is this still correct?
Message 108 of 332
(948 Views)
0 Thanks
ChrisL
Rising Star
Posts: 760
Thanks: 4
Fixes: 1
Registered: ‎13-12-2007

Re: Please post evidence of postini false positives here

‎19-01-2008 1:13 PM

hi terminal
All the falsies you've posted are bulk mailings. (Same with the latest from Oldjim). YOU know they're not spam, but a machine is going to need to be told.
The way postini usually deals with this is to compare the sender with a user-whitelist. Whitelisted mail should go past the spam filter untagged. We don't have user-whitelisting implemented yet (we're told it's on it's way).
Plusnet is aware of a problem and is working on it. If I were you (and I'm glad I'm not having your problem!), I would stop bothering to post bulk-mailing-type false positives but send in any personal-type ones (if you get any).
Quote from: avisoft
The Spam Protection Guide page still says false Spam should be sent to notspam@despamchecker.plus.com Is this still correct?

No, it's not. Eventually, we're told, we will have a similar procedure on the new system.
Message 109 of 332
(948 Views)
0 Thanks
avisoft
Grafter
Posts: 45
Registered: ‎23-08-2007

Re: Please post evidence of postini false positives here

‎19-01-2008 1:26 PM

Thanks ChrisL
Perhaps PN should update the Spam Protection page then?!
Message 110 of 332
(948 Views)
0 Thanks
pierre_pierre
Grafter
Posts: 19,757
Thanks: 3
Registered: ‎30-07-2007

Re: Please post evidence of postini false positives here

‎19-01-2008 1:59 PM

I wouldn't mind but the supposed sender is not even one of my user names
Envelope-to: johnsmithsvt@aaaaaaaae.idps.co.uk
Delivery-date: Sat, 19 Jan 2008 12:25:13 +0000
Received: from exprod5mx230.postini.com ([64.18.0.116] helo=psmtp.com)
    by pih-sunmxcore11.plus.net with smtp (PlusNet MXCore v2.00) id 1JGCl6-0002MA-HL
    for johnsmithsvt@aaaaaaaaa.idps.co.uk; Sat, 19 Jan 2008 12:25:12 +0000
Received: from source ([69.84.160.134]) by exprod5mx230.postini.com ([64.18.4.13]) with SMTP;
    Sat, 19 Jan 2008 07:25:11 EST
Received: by ponyexpress.clickcom.com (Postfix)
    id 56785BF5AB1; Sat, 19 Jan 2008 07:20:20 -0500 (EST)
Date: Sat, 19 Jan 2008 07:20:20 -0500 (EST)
From: MAILER-DAEMON@ponyexpress.clickcom.com (Mail Delivery System)
Subject: Undelivered Mail Returned to Sender
To: johnsmithsvt@aaaaaaaaaa.idps.co.uk
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
    boundary="CD759BD3795.1200745220/ponyexpress.clickcom.com"
Message-Id: <20080119122020.56785BF5AB1@ponyexpress.clickcom.com>
X-pstn-neptune: 0/0/0.00/0
X-pstn-levels: (S:31.94419/99.90000 R:95.9108 P:95.9108 M:97.0282 C:98.6951 )
X-pstn-settings: 1 (0.1500:0.1500) gt3 gt2 gt1 r p m c
X-pstn-addresses: from <MAILER-DAEMON@ponyexpress.clickcom.com> [22/1]
X-PN-Spam-Filtered: by PlusNet MXCore (v4.00)
Message 111 of 332
(948 Views)
0 Thanks
pierre_pierre
Grafter
Posts: 19,757
Thanks: 3
Registered: ‎30-07-2007

Re: Please post evidence of postini false positives here

‎19-01-2008 2:12 PM

Don't know who Admin is but someone should poke his spam up is A
Very clever e-mails thou, if you look inside the mail without opening it it appears to be a 100% Microsoft general message
Message 112 of 332
(948 Views)
0 Thanks
ChrisL
Rising Star
Posts: 760
Thanks: 4
Fixes: 1
Registered: ‎13-12-2007

Re: Please post evidence of postini false positives here

‎19-01-2008 2:40 PM

pierre_p, have you got your catch-all turned off?  I bet all these "admin@" mails are being sent TO you FROM you, and one of them got bounced by postini BSB right back at you. I'm afraid you're in trouble :(, especially if you need catch-all on for some reason.
Message 113 of 332
(948 Views)
0 Thanks
pierre_pierre
Grafter
Posts: 19,757
Thanks: 3
Registered: ‎30-07-2007

Re: Please post evidence of postini false positives here

‎19-01-2008 2:47 PM

No I havn't I stiil have "friends" who send mail to me who are not convinced
The mail that got bounced came from a faked addersss, I get a lot to Johnsmith, Mra, Mrd, Mrdd, if I mark these as black hole will that help
Message 114 of 332
(948 Views)
0 Thanks
ChrisL
Rising Star
Posts: 760
Thanks: 4
Fixes: 1
Registered: ‎13-12-2007

Re: Please post evidence of postini false positives here

‎19-01-2008 3:25 PM

I'm sure Plusnet's advice would be to switch off catch-all (I haven't because I like it and use it). My guess is that you should certainly blackhole any addresses you don't use that are being spammed.
This is from Bob Pullen on the "Postini trial" thread:
Quote
Quote from: ChrisL on 18/01/2008, 14:51
**Postini needs to do something about this self-spamming spoof**
Quote
We've got plans to mitigate this.


Hopefully, this will stop us spamming ourselves and getting bounces....
Message 115 of 332
(948 Views)
0 Thanks
pierre_pierre
Grafter
Posts: 19,757
Thanks: 3
Registered: ‎30-07-2007

Re: Please post evidence of postini false positives here

‎19-01-2008 4:24 PM

Thats a few done

johnsmithsvt@aaaaaaa.free-online.co.uk
edit : delete
Re-directs to: blackhole@abuse.plus.com
mra@aaaaaaa.free-online.co.uk
edit : delete
Re-directs to: blackhole@abuse.plus.com
mrd@aaaaaaaaa.free-online.co.uk
edit : delete
Re-directs to: blackhole@abuse.plus.com
mrdd@aaaaaaaa.free-online.co.uk
edit : delete
Re-directs to: blackhole@abuse.plus.com
Message 116 of 332
(948 Views)
0 Thanks
ChrisL
Rising Star
Posts: 760
Thanks: 4
Fixes: 1
Registered: ‎13-12-2007

Re: Please post evidence of postini false positives here

‎19-01-2008 4:28 PM

Let's hope the spammer's watching with growing despair Grin
Message 117 of 332
(948 Views)
0 Thanks
pierre_pierre
Grafter
Posts: 19,757
Thanks: 3
Registered: ‎30-07-2007

Re: Please post evidence of postini false positives here

‎19-01-2008 4:42 PM

Another bad thought, OK I have switched off the incoming, but what about the spoofed that was being bounced back to me for info? Will I still get blamed Huh
Message 118 of 332
(948 Views)
0 Thanks
ChrisL
Rising Star
Posts: 760
Thanks: 4
Fixes: 1
Registered: ‎13-12-2007

Re: Please post evidence of postini false positives here

‎19-01-2008 4:45 PM

No question of blame -- spammers always spoof some poor s*d -- just a specially nasty one to copy the To: address into the From: field....
Message 119 of 332
(948 Views)
0 Thanks
pierre_pierre
Grafter
Posts: 19,757
Thanks: 3
Registered: ‎30-07-2007

Re: Please post evidence of postini false positives here

‎19-01-2008 4:48 PM

Just had this one now what good is black  hole
Subject:  [-SPAM-] ExtensiveBodypartGuadalupe
From:  "April Swenson" <gunslingersfmn@countryfarmtables.com>
Date:  Sat, January 19, 2008 4:17 pm
To:  iamjustsendingthisleter@aaaaaaaa.idps.co.uk
Priority:  Normal
Options:  View Full Header |  View Printable Version  | Download this as a file | Spam | Not Spam
Message 120 of 332
(948 Views)
0 Thanks