PDA

View Full Version : {Spam?}



zqwerty
03-03-2010, 04:07 PM
Trying to deal with a problem at a place where I work.

eMails from a particular computer are having this piece of wording "{Spam?}"

added at the beginning of every Subject Line. For example:

{Spam?} test

where only test was in the subject line.

Anybody have any input on this before I head in today or tomorrow and try to find the problem.

fred_fish
03-03-2010, 04:39 PM
Somebody has turned on a mis/un-configured spam filter on that machine.

wainuitech
03-03-2010, 04:48 PM
I get the same thing on some mails - BUT its NOT from Outlook, I use Mailwasher, and thats showing up as spam in the preview box, I have disabled the auto spam detection, so it may be from Telstra thats causing it.

fred_fish
03-03-2010, 04:52 PM
eMails from a particular computer are having this piece of wording "{Spam?}"


Do you really mean emails FROM that machine or ON that machine?
The PC's name is not VIAGRA by any chance?

zqwerty
03-03-2010, 04:56 PM
Hope it's going to be something like that and not some malware type infection, not able to find out for sure at the moment but program used is either Outlook Express or Outlook, any pointers as to where I should look within the permissions/options for the misconfiguring, fred fish.

zqwerty
03-03-2010, 05:03 PM
eMails from that machine to other machines on the network, or back to itself, since it has multiple client profiles within the Outlook/express setup has the for-mentioned text added.

It started off on only occasional eMails, so I am told, but has increased over the last two to three weeks and is now present on almost all eMails sent internally from only this machine, this is what I am told, and I have been forwarded copies of the exact text and offending eMails.

fred_fish
03-03-2010, 05:22 PM
Check the headers to see where the mail has been.

It may be that a server in the chain has flagged something from this machine as spam, and if it is a 'learning' filter each successive trigger increases the likelihood that subsequent mail from that machine will be flagged as spam.

zqwerty
03-03-2010, 05:43 PM
There are only 4 computers on a Linux Red Hat based server, I believe. Only one computer, Win2K used for graphics and emailing is exhibiting the adding {Spam?} to the Subject Line on internal eMails to the other machines or to another profile on itself.

But I take your idea to heart, fred fish, however the email has come from the offending machine to another computer on the network where the text has appeared, and has then been forwarded to me on gmail, where nothing untoward has been flagged by gmail except that as we have seen the extra text has been added.

Test eMails have been originated and sent from the offending machine and the aforesaid text has been added presumably somewhere in transit by malware or over strict filters, which is the problem.

Erayd
03-03-2010, 06:59 PM
Any chance you could PM me a copy of the headers on the offending message?

zqwerty
03-03-2010, 08:54 PM
Erayd, will do.

fred_fish
04-03-2010, 12:49 AM
So, I would say it's either an AV mail proxy on the W2K box, or the MTA on the RHEL box.
A tcp dump of the SMTP transaction will tell you which.

zqwerty
04-03-2010, 12:31 PM
Thanks for the help, guys, really appreciated, any more thoughts?

I am going to drive into town now and take a 1st hand look at the problem,

Erayd, I have sent header information to you in a pm.

fred_fish
04-03-2010, 12:41 PM
PM them here too if you want.

zqwerty
04-03-2010, 01:48 PM
I have sent headers to you as well fred fish, I am at the place of work now, the offending computer is Win2K using Outlook Express, not all messages from the computer get this {Spam?} inserted, a preliminary wild guess is that it is messages with pictures or a link in them. Still trying to confirm this.

They have just sent 4 unique messages from the two identities to my laptop which is now connected to the network, two messages gained the {Spam?} and two did not???????

fred_fish
04-03-2010, 02:27 PM
No Tag:
X-NetSpeed-MailScanner: Found to be clean
X-NetSpeed-MailScanner-SpamScore: ss

With Tag:
X-NetSpeed-MailScanner: Found to be clean
X-NetSpeed-MailScanner-SpamScore: sss

The tagged mails have an extra 's' in the score.
That might be enough to tag as 'potential spam' (presumably that's what the Subject prefix is saying)

It's still possible it is being added by something on the client system.
OE doesn't have any transaction logging AFAIK so you could use Wireshark of SmartSniff to rule it out (as long as it's 'plain' SMTP not over SSL).

Call Netspeed would be my next suggested step, as it is really looking like they are adding it.

zqwerty
04-03-2010, 02:30 PM
Just contacted guy at X-NetSpeed-MailScanner, hopeful that it is some problem at their end.

Offending computer has been scanned with SpyBot - clean.

fred_fish
04-03-2010, 02:38 PM
Just PM'd you something to try

zqwerty
12-03-2010, 04:32 PM
So I'm back at the Friday place of work and according to staff the {Spam?} problem is no longer evident on internal eMails.

Presume this is because I sent an eMail to the X-NetSpeed supplier and they tweaked something at their end. I didn't hear anything from them but problem seems to be fixed.

Thanks to all for help given esp. fred_fish.