cancel
Showing results for 
Search instead for 
Did you mean: 

False Positive?

cpcnw
Grafter
Posts: 63
Thanks: 5
Registered: 10-08-2007

False Positive?

Had clients complaing that mail was getting bounced. Will post for inspection and edit remove later following any pointers?
---
Delivery has failed to these recipients or groups:
link:csa removed
A problem occurred during the delivery of this message to this e-mail address. Try sending this message again. If the problem continues, please contact your helpdesk.
The following organization rejected your message: mx.avasin.plus.net.
Diagnostic information for administrators:
Generating server: server-10.bemta-14.messagelabs.com
link:csa removed
mx.avasin.plus.net #<mx.avasin.plus.net #5.0.0 smtp; 552 Spam Message Rejected> #SMTP#
Original message headers:
Return-Path: <link:csa removed>
Received: from [193.109.254.147:51827] by server-10.bemta-14.messagelabs.com id ED/ED-01463-FEA6A245; Tue, 30 Sep 2014 08:33:51 +0000
X-Env-Sender: link:csa removed
X-Msg-Ref: server-13.tower-27.messagelabs.com!1412066029!12399458!2
X-Originating-IP: [217.32.220.139]
X-StarScan-Received:
X-StarScan-Version: 6.12.2; banners=lovell.co.uk,-,-
X-VirusChecked: Checked
Received: (qmail 2176 invoked from network); 30 Sep 2014 08:33:49 -0000
Received: from unknown (HELO GSSUAEXCA01.groupservices.co.uk) (217.32.220.139)
 by server-13.tower-27.messagelabs.com with AES128-SHA encrypted SMTP; 30 Sep 2014 08:33:49 -0000
Received: from GSGS2EXCA02.groupservices.co.uk (10.100.10.163) by
GSSUAEXCA01.groupservices.co.uk (10.100.112.162) with Microsoft SMTP Server
(TLS) id 14.3.158.1; Tue, 30 Sep 2014 09:33:48 +0100
Received: from GSGS2EXMX02.groupservices.co.uk ([fe80::216b:8bbb:bbe1:91ff])
by GSGS2EXCA02.groupservices.co.uk ([10.100.10.163]) with mapi id
14.03.0158.001; Tue, 30 Sep 2014 09:33:47 +0100
From: <link:csa removed>
To: <link:csa removed>, <link:csa removed>
CC: <link:csa removed>, <link:csa removed>,
<link:csa removed>, <link:csa removed>,
<link:csa removed>, <flink:csa removed>,
<link:csa removed>
Subject: RE: 6145 - QUEENS PARK, BLACKPOOL
Thread-Topic: 6145 - QUEENS PARK, BLACKPOOL
Thread-Index: Ac88Pykfgzs3r2RyQyKq+vJCAZJnHh5xWeFgCWyMwZAANJtQwA==
Date: Tue, 30 Sep 2014 08:33:47 +0000
Message-ID: <6552D94D74FDCF4BB95C3EB754A66576A499613D@GSGS2EXMX02.groupservices.co.uk>
References: <F031524B23BA214C971F1D709EEA9F576CE2428B@achex01.acheson-glover.com>
In-Reply-To: <F031524B23BA214C971F1D709EEA9F576CE2428B@achex01.acheson-glover.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [10.23.73.106]
Content-Type: text/plain
MIME-Version: 1.0
adie:red removed email addresses
4 REPLIES
pwatson
Rising Star
Posts: 2,468
Thanks: 8
Fixes: 1
Registered: 26-11-2012

Re: False Positive?

Message reported to the mods so it can be looked at in private by PN.  I suspect the recipients of your email will thank you for exposing them to Google for three hours!
Did the email get to ajackson by the way as his address in on the same domain?
Error 552 is 'Exceeds storage allocation' so I guess the recipients inbox is full.  No idea why mv.avasin.plus.net refers to Spam
cpcnw
Grafter
Posts: 63
Thanks: 5
Registered: 10-08-2007

Re: False Positive?

> I suspect the recipients of your email will thank you for exposing them to Google for three hours!
A little spam better than no real email on an important project...
> Did the email get to ajackson by the way as his address in on the same domain?
That's been the main prob - that email to ajacksons domain havent been making it through and getting bounced...
Slightly off topic: how many mailboxes do you get ona  business account?
Community Gaffer
Community Gaffer
Posts: 13,294
Thanks: 1,070
Fixes: 86
Registered: 04-04-2007

Re: False Positive?

I can't see anything obvious that would be causing the rejection. Our anti-spam platform has no problems with the sending IP, in fact it recognises it as a good one:
193.109.254.147 	CSI is currently categorizing this IP address as Known Mail Forwarder

Likewise the email addresses the message is being sent to.
Quote from: pwatson
Error 552 is 'Exceeds storage allocation' so I guess the recipients inbox is full.  No idea why mv.avasin.plus.net refers to Spam

Because that's the SMTP response code Cloudmark use for certain spam messages. It's typically where the content of a message has matched a known fingerprint. From experience this tends to be a web or email address in the body, subject line or headers of a message that Cloudmark think is nasty.
If it's still happening, then we'd probably need to see the content of the message before we can advise further. That's assuming the 552 message isn't followed by a fingerprint string like  xoub1o00G0P7bZg01oudR0?

Bob Pullen
Plusnet Product Team
If I've been helpful then please give thanks ⤵

Anteaus
Grafter
Posts: 64
Thanks: 1
Registered: 02-08-2007

Re: False Positive?

Quote from: cpcnw
A little spam better than no real email on an important project...

Something like 85-95% of all spam results from people posting email addresses on webpages. Worse, the main culprits are people who should know better, the professionals who design websites for business clients. One firm whose email system we were asked to look-at was receiving 10,000 messages a day, of which over 99.9% were spam. It turned out that this firm had multiple regional offices, and each office had its own website. Every website was exposing the email addresses of staff to spammers.  The spam volume eventually got to the point where it brought the onsite mailserver down.
Another site with 20 or so users, all users except one were being hammered with spam like there was no tomorrow . Turned out all the user's email addresses were (you guessed) posted as mailtos on the website. Except that this one user's address had a typo in it. Proof, if any is needed, of where the spam problem originates from.
If something could be done to stop this antisocial and lazy habit of webdesigners, then the ISPs would benefit from a huge reduction in wasted bandwidth, savings which they could pass on to the consumer. After all, how hard is it to put a captcha on a contact page? Problem is, the website builders can't be f'd and just use a vulnerable mailto: instead, because they aren't the ones who suffer from the consequences.