Zen Internet Support Forum

Hi

I'd really appreciate some help identifying a problem I'm having receiving emails at my cPanel account that were sent from a Zen address via mailhost.zen.co.uk.

The sending machine runs Outlook Express and sits on a public Zen IP behind a firewall. I consistently find messages from this user receive a high spam score under Zen's filtering system; typically around 30-40, but sometimes as high as 70-odd. I don't have problems with any other senders and this is the only correspondednt I have with a @zen.co.uk address.

I have tried the following on the sending machine with no luck,

• Sending email in plain text
• Using a secure connection (SSL) to send / receive via mailhost
• Authenticating with a Zen username / password for sending via mailhost, as well as receiving

Any idea what's going on? I haven't yet tried using another mail client on the sending machine or moving it onto another Zen IP. Below is an example header,

Content-Type:  multipart/alternative; boundary="----=_NextPart_000_0005_01C8E998.0A6EE640"
Date:  Sat, 19 Jul 2008 12:07:39 +0100 [12:07:39 BST]
Delivery-date:  Sat, 19 Jul 2008 12:07:47 +0100
Envelope-to:  [my cPanel-hosted address]
From:  [@zen.co.uk address]
MIME-Version:  1.0
Message-ID:  <D13B7D0C40774461A68BB3349C0ACD41@suzie>
Received:  from bastion04.mail.zen.co.uk ([212.23.8.64]) by zencphosting08.zen.co.uk with esmtp (Exim 4.69) (envelope-from [@zen.co.uk address]) id 1KKAHz-0003MU-RV for [my cPanel-hosted address]; Sat, 19 Jul 2008 12:07:47 +0100
from smarthost02.mail.mbr-roch.zen.net.uk ([212.23.3.141] helo=smarthost02.mail.zen.net.uk) by bastion04.mail.zen.co.uk with esmtp (Exim 4.63) (envelope-from [@zen.co.uk address]) id 1KKAHs-0000pN-Cz for [my cPanel-hosted address]; Sat, 19 Jul 2008 11:07:47 +0000
from [Zen IP] (helo=suzie) by smarthost02.mail.zen.net.uk with smtps (TLS-1.0:RSA_ARCFOUR_MD5:16) (Exim 4.63) (envelope-from [@zen.co.uk address]) id 1KKAHr-0007SL-Tc for [my cPanel-hosted address]; Sat, 19 Jul 2008 11:07:40 +0000
 
Return-path:  [@zen.co.uk address]
Subject:  test 6 - restart OE, plain address
To:  [My name] [my cPanel-hosted address]
X-Apparently-To:  [my cPanel-hosted address]
X-Envelope-From:  [@zen.co.uk address]
X-Envelope-To:  [my cPanel-hosted address]
X-MSMail-Priority:  Normal
X-Mailer:  Microsoft Outlook Express 6.00.2900.5512
X-MimeOLE:  Produced By Microsoft MimeOLE V6.00.2900.5512
X-Originating-Bastion04-IP:  [212.23.3.141]
X-Originating-Smarthost02-IP:  [Zen IP]
X-Priority:  3
X-Zen-Loop2:  74eb0d04f3e4cdb5ca6360af38cd58a2 
X-Zen-Test-Spam-Bar:  (++++)
X-Zen-Test-Spam-Score:  42
X-ZenAWL-Match:  false

Can you offer me any help? Do you think this is this a problem at your end or with my setup?

Thanks!

Tim

Another thought: the rDNS entry for the sending machine is a subdomain of my domain hosted on a Zen cPanel. Could this be confusing the system?

Thanks!

Hi,

I've determined what was causing this problem.

The sending machine was on a public IP with an rDNS entry of [hostname].[mydomain].co.uk

[mydomain].co.uk is hosted on a Zen cPanel server, address [user]@[mydomain].co.uk. I changed the rDNS entry of the sending machine back to its Zen default and the mail arriving from that user is no longer flagged with a high spam score. Is this a bug in your systems? The problem started sometime between 13/05 and 20/05 this year.

Thanks,

Tim

I was looking into a SpamAssassin false positive issue  last week with a score of 42. The issue there was that XP SP3 has updated Outlook Express to use the 'Vista' format for the MessageID: header. When SA ran its checks it saw a mismatch between the version of OE stated in the headers and the MessageID, and applied a 'ratware' score of 4.2 (42 in the headers). I've updated our configuration to match the current 'ratware' file as we have to deal with customers using XP SP3, so this ought to be fixed.

I'm guessing from your headers that you're using XP SP3 ?

---

--
Jerry Nicholls
Principal Systems Engineer
perl -e '$_=q(print "perl -e \x27\$_=q($_);eval\x27\n");eval'

Hi Jerry,

Thanks very much for your reply. Yes, my correspondent is using XP SP3 and I'm sure what you describe was causing the problem. My changing the rDNS entry must have been coincidence!

I'm surprised this went on for so long unnoticed - do a minority of users make use of the Zen spam score? I'm pretty sure XP SP3 and Outlook Express are a popular OS and email client.

Thanks again,

Tim