Search This Blog

05 April 2010

Spam Sample Detected on Ironport

Here is the sample of message tracking on Ironport. This sample show you message detected as spam.

23 Nov 2010 14:45:43 (GMT +07:00) Protocol SMTP interface Data 2 (IP x.x.x.x) on incoming connection (ICID 553215) from sender IP 202.72.55.143. Reverse DNS host rmail1016c.rakuten.co.jp verified yes.

23 Nov 2010 14:45:43 (GMT +07:00) (ICID 553215) ACCEPT sender group UNKNOWNLIST match sbrs[-1.0:10.0] SBRS 0.0

23 Nov 2010 14:45:43 (GMT +07:00) Start message 99994 on incoming connection (ICID 553215).

23 Nov 2010 14:45:43 (GMT +07:00) Message 99994 enqueued on incoming connection (ICID 553215) from 224379@rmailmf.rakuten.co.jp.

23 Nov 2010 14:45:44 (GMT +07:00) Message 99994 on incoming connection (ICID 553215) added recipient (user@domain.com).

23 Nov 2010 14:45:45 (GMT +07:00) Message 99994 contains message ID header 20101123074537.8b0ef2fe849@rmail110c.rakuten.co.jp.

23 Nov 2010 14:45:45 (GMT +07:00) Message 99994 original subject on injection: 【号外】|メルマガ会員限定|割 \r\n 引率UP♪●セレカジざっくりニット素 \r\n 材タートルネックワンピやリンジーロー \r\n ハンご愛用ワンピも

23 Nov 2010 14:45:45 (GMT +07:00) Message 99994 (43449 bytes) from 224379@rmailmf.rakuten.co.jp ready.

23 Nov 2010 14:45:45 (GMT +07:00) Message 99994 matched per-recipient policy DEFAULT for inbound mail policies.

23 Nov 2010 14:45:45 (GMT +07:00) Message 99994 scanned by Anti-Spam engine: CASE. Interim verdict: Positive

23 Nov 2010 14:45:45 (GMT +07:00) Message 99994 scanned by Anti-Spam engine: CASE. Final verdict: Positive

23 Nov 2010 14:45:46 (GMT +07:00) Message 99994 quarantined to Policy. Content filter my_policy.
Posted by pasirjati at 4/05/2010 0 comments
Labels:
Subscribe to: Posts (Atom)