[Mimedefang] MSGID_FROM_MTA_SHORT, NO_REAL_NAME

Bill Friedman lfnetworking at sbcglobal.net
Mon Jul 26 13:34:52 EDT 2004 

I've set up MD (2.42)/SA (2.63) (SM 8.12.11) on a new system we just put into production
and I'm getting a lot of quarantined messages including the following rule match.

I've replaced the real local domain w/mydomain.com

++++++++++++++++++++++++++++++++++++++++++++++++++++++

MSGID_FROM_MTA_SHORT   Message-Id was added by a relay

I don't recall this rule popping up regularly in past MD/SA systems.  

Here our some sample headers from several such quarantined message

Here are the message headers:
From: "Mail Delivery Subsystem" <noreply at mydomain.com>
To: media at mydomain.com
Subject: Returned mail: Data format error
Date: Mon, 26 Jul 2004 09:42:16 -0700
MIME-Version: 1.0
Content-Type: multipart/mixed;	boundary="----=_NextPart_000_0000_527A4796.921FD844"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000

----------
Here are the headers for quarantined part 1:
Content-Type: application/octet-stream;
	name="mydomain.com"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
	filename="mydomain.com"

+++++++++++++++++++++++++++++++++++++++++

MIME-Version: 1.0
Content-Type: multipart/mixed;  boundary="=200407221954="
To: hossein at p-gene.com
From: 123Greetings.com <specials at 123greetings.info>
X-Mailer: 695B0DF8.1344C3FE.2d0cbc0154fc684d85195ead9a0d1b5c
Subject: Enter to WIN a Portable DVD Player!
Organization: 123Greetings.com

++++++++++++++++++++++++++++++++++++++++++++

Here's another rule match that has me perplexed - 
NO_REAL_NAME           From: does not include a real name


Content analysis details:   (7.1 points, 5.0 required)

 pts rule name              description
---- ---------------------- --------------------------------------------------
 0.3 NO_REAL_NAME           From: does not include a real name
 0.1 MICROSOFT_EXECUTABLE   RAW: Message includes Microsoft executable program
 3.7 MSGID_FROM_MTA_SHORT   Message-Id was added by a relay
 3.0 FORGED_MUA_OUTLOOK     Forged mail pretending to be from MS Outlook

Here are the message headers:
From: nadav at wired.com
To: media at mydomain.com
Subject: Returned mail: see transcript for details
Date: Mon, 26 Jul 2004 10:11:37 -0700
MIME-Version: 1.0
Content-Type: multipart/mixed;	boundary="----=_NextPart_000_0000_DCAE6AD4.11583A44"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000

----------
Here are the headers for quarantined part 1:
Content-Type: application/octet-stream;
	name="aij.scr"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
	filename="aij.scr"



-- 
Thank You

Bill Friedman
lingua franca networking
lfnetworking.com
510-508-5539

More information about the MIMEDefang mailing list