cancel
Showing results for 
Search instead for 
Did you mean: 

Spam false reports - Ironport

Midnight_Caller
Rising Star
Posts: 4,167
Thanks: 15
Fixes: 1
Registered: ‎15-04-2007

Spam false reports - Ironport

@Bob,  I am geting a number of log files that are e-maild to me from: root@plesk-host06.plus.net marked as [-SPAM-] I just spotted 7 in the Spam Folder, Full Headers:
Return-path: <root@plesk-host06.plus.net>
Envelope-to: *****@dhea.org.uk
Delivery-date: Mon, 03 Oct 2011 06:43:17 +0100
Received: from [212.159.7.97] (helo=mx.pcl-ipin01.plus.net)
    by inmx10.plus.net with esmtp (PlusNet MXCore v2.00) id 1RAbJ7-0000fZ-6V
    for *****@dhea.org.uk; Mon, 03 Oct 2011 06:43:17 +0100
Received-SPF: None identity=pra; client-ip=212.56.83.200;
    receiver=mx.pcl-ipin01.plus.net;
    envelope-from="root@plesk-host06.plus.net";
    x-sender="root@plesk-host06.plus.net";
    x-conformance=sidf_compatible
Received-SPF: None identity=mailfrom; client-ip=212.56.83.200;
    receiver=mx.pcl-ipin01.plus.net;
    envelope-from="root@plesk-host06.plus.net";
    x-sender="root@plesk-host06.plus.net";
    x-conformance=sidf_compatible
Received-SPF: None identity=helo; client-ip=212.56.83.200;
    receiver=mx.pcl-ipin01.plus.net;
    envelope-from="root@plesk-host06.plus.net";
    x-sender="postmaster@plesk-host06.plus.net";
    x-conformance=sidf_compatible
X-SBRS: None
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: As7lAI9KiU7UOFPI/2dsb2JhbAAnGopBjwABgUSHXIRhTYEFgXQBMAFbGwE8JAE6CodfBCSZJJF/AYwPhBABgxAEkBiMI4E/BYcgaw
X-IPAS: Level1
X-IronPort-AV: E=McAfee;i="5400,1158,6487"; a="612643105"
X-IronPort-AV: E=Sophos;i="4.68,478,1312153200";
    d="scan'208";a="612643105"
Received: from plesk-host06.plus.net ([212.56.83.200])
    by mx.pcl-ipin01.plus.net with ESMTP; 03 Oct 2011 06:43:16 +0100
Received: (qmail 28249 invoked by uid 0); 3 Oct 2011 06:43:15 +0100
Date: 3 Oct 2011 06:43:15 +0100
Message-ID: <20111003054315.28247.qmail@plesk-host06.plus.net>
From: root@plesk-host06.plus.net
To: *****@dhea.org.uk
X-pn-pstn: Spam 1
X-PN-Spam-Filtered: by PlusNet MXCore (v5.00)
Subject: [-SPAM-] /var/www/vhosts/dhea-forum.org.uk/statistics/logs/access_log.processed
------------------------------------- Next One ---------------------------------------------
Return-path: <root@plesk-host06.plus.net>
Envelope-to: *****@dhea.org.uk
Delivery-date: Wed, 05 Oct 2011 06:51:51 +0100
Received: from [212.159.7.103] (helo=mx.pcl-ipin04.plus.net)
    by inmx12.plus.net with esmtp (PlusNet MXCore v2.00) id 1RBKOV-0007fD-OH
    for *****@dhea.org.uk; Wed, 05 Oct 2011 06:51:51 +0100
Received-SPF: None identity=pra; client-ip=212.56.83.200;
    receiver=mx.pcl-ipin04.plus.net;
    envelope-from="root@plesk-host06.plus.net";
    x-sender="root@plesk-host06.plus.net";
    x-conformance=sidf_compatible
Received-SPF: None identity=mailfrom; client-ip=212.56.83.200;
    receiver=mx.pcl-ipin04.plus.net;
    envelope-from="root@plesk-host06.plus.net";
    x-sender="root@plesk-host06.plus.net";
    x-conformance=sidf_compatible
Received-SPF: None identity=helo; client-ip=212.56.83.200;
    receiver=mx.pcl-ipin04.plus.net;
    envelope-from="root@plesk-host06.plus.net";
    x-sender="postmaster@plesk-host06.plus.net";
    x-conformance=sidf_compatible
X-SBRS: -1.1
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AsT2AHDvi07UOFPIWWdsb2JhbAAoimOOQiaBUYdchGFpASwEPIMcAVoCBAFEh2EEJLZDhBIBn1iBRIckaw
X-IPAS: Level1
X-IronPort-AV: E=McAfee;i="5400,1158,6489"; a="607735951"
X-IronPort-AV: E=Sophos;i="4.68,489,1312153200";
    d="scan'208";a="607735951"
Received: from plesk-host06.plus.net ([212.56.83.200])
    by mx.pcl-ipin04.plus.net with ESMTP; 05 Oct 2011 06:51:50 +0100
Received: (qmail 11537 invoked by uid 0); 5 Oct 2011 06:51:50 +0100
Date: 5 Oct 2011 06:51:50 +0100
Message-ID: <20111005055150.11535.qmail@plesk-host06.plus.net>
From: root@plesk-host06.plus.net
To: *****@dhea.org.uk
X-pn-pstn: Spam 1
X-PN-Spam-Filtered: by PlusNet MXCore (v5.00)
Subject: [-SPAM-] /var/www/vhosts/dhea-forum.org.uk/statistics/logs/access_log.processed
------------------------------------- Next One ---------------------------------------------
Return-path: <root@plesk-host06.plus.net>
Envelope-to: *****@dhea.org.uk
Delivery-date: Thu, 06 Oct 2011 07:07:21 +0100
Received: from [212.159.7.38] (helo=mx.ptn-ipin03.plus.net)
    by inmx03.plus.net with esmtp (PlusNet MXCore v2.00) id 1RBh73-0002as-9j
    for *****@dhea.org.uk; Thu, 06 Oct 2011 07:07:21 +0100
Received-SPF: None identity=pra; client-ip=212.56.83.200;
    receiver=mx.ptn-ipin03.plus.net;
    envelope-from="root@plesk-host06.plus.net";
    x-sender="root@plesk-host06.plus.net";
    x-conformance=sidf_compatible
Received-SPF: None identity=mailfrom; client-ip=212.56.83.200;
    receiver=mx.ptn-ipin03.plus.net;
    envelope-from="root@plesk-host06.plus.net";
    x-sender="root@plesk-host06.plus.net";
    x-conformance=sidf_compatible
Received-SPF: None identity=helo; client-ip=212.56.83.200;
    receiver=mx.ptn-ipin03.plus.net;
    envelope-from="root@plesk-host06.plus.net";
    x-sender="postmaster@plesk-host06.plus.net";
    x-conformance=sidf_compatible
X-SBRS: -1.1
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Agr/ADZEjU7UOFPIWWdsb2JhbACLEo53gVOHXIRhagEsBDyDHAFaBgGIJbYohBcBn2CIaA
X-IPAS: Level1
X-IronPort-AV: E=McAfee;i="5400,1158,6490"; a="565441511"
X-IronPort-AV: E=Sophos;i="4.68,495,1312153200";
    d="scan'208";a="565441511"
Received: from plesk-host06.plus.net ([212.56.83.200])
    by mx.ptn-ipin03.plus.net with ESMTP; 06 Oct 2011 07:07:16 +0100
Received: (qmail 22022 invoked by uid 0); 6 Oct 2011 07:07:16 +0100
Date: 6 Oct 2011 07:07:16 +0100
Message-ID: <20111006060716.22020.qmail@plesk-host06.plus.net>
From: root@plesk-host06.plus.net
To: *****@dhea.org.uk
X-pn-pstn: Spam 1
X-PN-Spam-Filtered: by PlusNet MXCore (v5.00)
Subject: [-SPAM-] /var/www/vhosts/dhea-forum.org.uk/statistics/logs/access_log.processed
------------------------------------- Next One ---------------------------------------------
Return-path: <root@plesk-host06.plus.net>
Envelope-to: *****@dhea.org.uk
Delivery-date: Fri, 07 Oct 2011 07:04:31 +0100
Received: from [212.159.7.102] (helo=mx.pcl-ipin03.plus.net)
    by inmx10.plus.net with esmtp (PlusNet MXCore v2.00) id 1RC3Xr-0004UV-8D
    for *****@dhea.org.uk; Fri, 07 Oct 2011 07:04:31 +0100
Received-SPF: None identity=pra; client-ip=212.56.83.200;
    receiver=mx.pcl-ipin03.plus.net;
    envelope-from="root@plesk-host06.plus.net";
    x-sender="root@plesk-host06.plus.net";
    x-conformance=sidf_compatible
Received-SPF: None identity=mailfrom; client-ip=212.56.83.200;
    receiver=mx.pcl-ipin03.plus.net;
    envelope-from="root@plesk-host06.plus.net";
    x-sender="root@plesk-host06.plus.net";
    x-conformance=sidf_compatible
Received-SPF: None identity=helo; client-ip=212.56.83.200;
    receiver=mx.pcl-ipin03.plus.net;
    envelope-from="root@plesk-host06.plus.net";
    x-sender="postmaster@plesk-host06.plus.net";
    x-conformance=sidf_compatible
X-SBRS: None
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Ahr/AOyVjk7UOFPI/2dsb2JhbACKUkGPAIFTh1yEZoFYgxwBOCgBRIdiuCiEIAGfY4FDhyY
X-IPAS: Level1
X-IronPort-AV: E=McAfee;i="5400,1158,6491"; a="607971397"
X-IronPort-AV: E=Sophos;i="4.68,500,1312153200";
    d="scan'208";a="607971397"
Received: from plesk-host06.plus.net ([212.56.83.200])
    by mx.pcl-ipin03.plus.net with ESMTP; 07 Oct 2011 07:04:25 +0100
Received: (qmail 4902 invoked by uid 0); 7 Oct 2011 07:04:24 +0100
Date: 7 Oct 2011 07:04:24 +0100
Message-ID: <20111007060424.4900.qmail@plesk-host06.plus.net>
From: root@plesk-host06.plus.net
To: *****@dhea.org.uk
X-pn-pstn: Spam 1
X-PN-Spam-Filtered: by PlusNet MXCore (v5.00)
Subject: [-SPAM-] /var/www/vhosts/dhea-forum.org.uk/statistics/logs/access_log.processed
------------------------------------- Next One ---------------------------------------------
Return-path: <root@plesk-host06.plus.net>
Envelope-to: *****@dhea.org.uk
Delivery-date: Sat, 08 Oct 2011 07:01:36 +0100
Received: from [212.159.7.103] (helo=mx.pcl-ipin04.plus.net)
    by inmx20.plus.net with esmtp (PlusNet MXCore v2.00) id 1RCPyZ-0001Sh-UM
    for *****@dhea.org.uk; Sat, 08 Oct 2011 07:01:36 +0100
Received-SPF: None identity=pra; client-ip=212.56.83.200;
    receiver=mx.pcl-ipin04.plus.net;
    envelope-from="root@plesk-host06.plus.net";
    x-sender="root@plesk-host06.plus.net";
    x-conformance=sidf_compatible
Received-SPF: None identity=mailfrom; client-ip=212.56.83.200;
    receiver=mx.pcl-ipin04.plus.net;
    envelope-from="root@plesk-host06.plus.net";
    x-sender="root@plesk-host06.plus.net";
    x-conformance=sidf_compatible
Received-SPF: None identity=helo; client-ip=212.56.83.200;
    receiver=mx.pcl-ipin04.plus.net;
    envelope-from="root@plesk-host06.plus.net";
    x-sender="postmaster@plesk-host06.plus.net";
    x-conformance=sidf_compatible
X-SBRS: None
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Atz+AFTmj07UOFPI/2dsb2JhbACLFY5fgVOHXoRogVmDHAFgAYgmtgCEHgGfZohq
X-IPAS: Level1
X-IronPort-AV: E=McAfee;i="5400,1158,6492"; a="609511803"
X-IronPort-AV: E=Sophos;i="4.68,507,1312153200";
    d="scan'208";a="609511803"
Received: from plesk-host06.plus.net ([212.56.83.200])
    by mx.pcl-ipin04.plus.net with ESMTP; 08 Oct 2011 07:01:34 +0100
Received: (qmail 13104 invoked by uid 0); 8 Oct 2011 07:01:34 +0100
Date: 8 Oct 2011 07:01:34 +0100
Message-ID: <20111008060134.13102.qmail@plesk-host06.plus.net>
From: root@plesk-host06.plus.net
To: *****@dhea.org.uk
X-pn-pstn: Spam 1
X-PN-Spam-Filtered: by PlusNet MXCore (v5.00)
Subject: [-SPAM-] /var/www/vhosts/dhea-forum.org.uk/statistics/logs/access_log.processed
------------------------------------- Next One ---------------------------------------------
Return-path: <root@plesk-host06.plus.net>
Envelope-to: *****@dhea.org.uk
Delivery-date: Sun, 09 Oct 2011 07:04:49 +0100
Received: from [212.159.7.33] (helo=mx.ptn-ipin01.plus.net)
    by inmx14.plus.net with esmtp (PlusNet MXCore v2.00) id 1RCmVF-0008CJ-5p
    for *****@dhea.org.uk; Sun, 09 Oct 2011 07:04:49 +0100
Received-SPF: None identity=pra; client-ip=212.56.83.200;
    receiver=mx.ptn-ipin01.plus.net;
    envelope-from="root@plesk-host06.plus.net";
    x-sender="root@plesk-host06.plus.net";
    x-conformance=sidf_compatible
Received-SPF: None identity=mailfrom; client-ip=212.56.83.200;
    receiver=mx.ptn-ipin01.plus.net;
    envelope-from="root@plesk-host06.plus.net";
    x-sender="root@plesk-host06.plus.net";
    x-conformance=sidf_compatible
Received-SPF: None identity=helo; client-ip=212.56.83.200;
    receiver=mx.ptn-ipin01.plus.net;
    envelope-from="root@plesk-host06.plus.net";
    x-sender="postmaster@plesk-host06.plus.net";
    x-conformance=sidf_compatible
X-SBRS: 5.1
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AtT5AAs5kU7UOFPIl2dsb2JhbACLFI5bAYFSh2WFXgEBAQEBHgc5gxwBYAGIJrZAhC8Bn3CIcA
X-IPAS: Level1
X-IronPort-AV: E=McAfee;i="5400,1158,6493"; a="570337364"
X-IronPort-AV: E=Sophos;i="4.68,511,1312153200";
    d="scan'208";a="570337364"
Received: from plesk-host06.plus.net ([212.56.83.200])
    by mx.ptn-ipin01.plus.net with ESMTP; 09 Oct 2011 07:04:47 +0100
Received: (qmail 18768 invoked by uid 0); 9 Oct 2011 07:04:47 +0100
Date: 9 Oct 2011 07:04:47 +0100
Message-ID: <20111009060447.18766.qmail@plesk-host06.plus.net>
From: root@plesk-host06.plus.net
To: *****@dhea.org.uk
X-pn-pstn: Spam 1
X-PN-Spam-Filtered: by PlusNet MXCore (v5.00)
Subject: [-SPAM-] /var/www/vhosts/dhea-forum.org.uk/statistics/logs/access_log.processed
------------------------------------- Next One ---------------------------------------------
Return-path: <root@plesk-host06.plus.net>
Envelope-to: *****@dhea.org.uk
Delivery-date: Mon, 10 Oct 2011 06:59:35 +0100
Received: from [212.159.7.103] (helo=mx.pcl-ipin04.plus.net)
    by inmx13.plus.net with esmtp (PlusNet MXCore v2.00) id 1RD8tj-0001Bw-Is
    for *****@dhea.org.uk; Mon, 10 Oct 2011 06:59:35 +0100
Received-SPF: None identity=pra; client-ip=212.56.83.200;
    receiver=mx.pcl-ipin04.plus.net;
    envelope-from="root@plesk-host06.plus.net";
    x-sender="root@plesk-host06.plus.net";
    x-conformance=sidf_compatible
Received-SPF: None identity=mailfrom; client-ip=212.56.83.200;
    receiver=mx.pcl-ipin04.plus.net;
    envelope-from="root@plesk-host06.plus.net";
    x-sender="root@plesk-host06.plus.net";
    x-conformance=sidf_compatible
Received-SPF: None identity=helo; client-ip=212.56.83.200;
    receiver=mx.pcl-ipin04.plus.net;
    envelope-from="root@plesk-host06.plus.net";
    x-sender="postmaster@plesk-host06.plus.net";
    x-conformance=sidf_compatible
X-SBRS: None
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Aoz/AFGJkk7UOFPI/2dsb2JhbAApimuOUwGBUodmhGiBW4McAWABRIdiKbVWgx6BEQGfcYhwaw
X-IPAS: Level1
X-IronPort-AV: E=McAfee;i="5400,1158,6494"; a="610070611"
X-IronPort-AV: E=Sophos;i="4.68,515,1312153200";
    d="scan'208";a="610070611"
Received: from plesk-host06.plus.net ([212.56.83.200])
    by mx.pcl-ipin04.plus.net with ESMTP; 10 Oct 2011 06:59:34 +0100
Received: (qmail 14613 invoked by uid 0); 10 Oct 2011 06:59:34 +0100
Date: 10 Oct 2011 06:59:34 +0100
Message-ID: <20111010055934.14611.qmail@plesk-host06.plus.net>
From: root@plesk-host06.plus.net
To: *****@dhea.org.uk
X-pn-pstn: Spam 1
X-PN-Spam-Filtered: by PlusNet MXCore (v5.00)
Subject: [-SPAM-] /var/www/vhosts/dhea-forum.org.uk/statistics/logs/access_log.processed
jim:green title changed mod:end
5 REPLIES 5
Oldjim
Resting Legend
Posts: 38,460
Thanks: 787
Fixes: 63
Registered: ‎15-06-2007

Re: Cloudmark anti-spam migrations October 2011...

Split off as these false detections are on Ironport not Cloudmark
spraxyt
Resting Legend
Posts: 10,063
Thanks: 674
Fixes: 75
Registered: ‎06-04-2007

Re: Spam false reports - Ironport

Gary,
nslookup shows your dhea domain MX records have been switched to Cloudmark now so it will be interesting to see what the new anti-spam system makes of your Plesk logs when the next one is received.
David
David
bobpullen
Community Gaffer
Community Gaffer
Posts: 16,869
Thanks: 4,950
Fixes: 315
Registered: ‎04-04-2007

Re: Spam false reports - Ironport

Are these coming through as clean now Gary?

Bob Pullen
Plusnet Product Team
If I've been helpful then please give thanks ⤵

Midnight_Caller
Rising Star
Posts: 4,167
Thanks: 15
Fixes: 1
Registered: ‎15-04-2007

Re: Spam false reports - Ironport

@Bob, At the time of writing thay are coming through as clean.
bobpullen
Community Gaffer
Community Gaffer
Posts: 16,869
Thanks: 4,950
Fixes: 315
Registered: ‎04-04-2007

Re: Spam false reports - Ironport

Excellent, thanks for the clarification.

Bob Pullen
Plusnet Product Team
If I've been helpful then please give thanks ⤵