pilot error? or idiots at microsoft?

Michael Scheidell michael.scheidell at secnap.com
Wed Aug 10 16:26:08 CEST 2011 

so, what brain decided it would be ok to use 169.* addresses for their 
internal ip's?

was it microsoft? (var says that ms uses these for their internal 
clustering ip's for clustered exchange servers)

so, either ms is really being stupid, or the var has something set up wrong.

and.. guess what,  SA doesn't know that 169* addresses are 'internal'

here is a outbound email (note: yes, this is amavisd, so, if you reply, 
trim your cc to the group you subscribe to, thanks).

but our 'outbound' policy maps required a 9+ before its marked spam, so, 
amavisd doesn't know this is outbound email. based on these silly 
169.254.* ip's..

so, anyone ever heard of something so stupid?

x-spam-status:Yes, score=4.603 tag=-999 tag2=4 kill=4 
tests=[APOSTROPHE_FROM=0.545, BAYES_40=-0.001, DCC_REPUT_00_12=-0.4, 
HTML_MESSAGE=0.001, LOCAL_1UB_FORGED=2, RDNS_NONE=0.793, 
SARE_GIF_ATTACH=1.42, SPF_SOFTFAIL=0.665, ST_CREDIT_FOR_TWO=-1.42, 
ST_INLINE_IMAGE=1] autolearn=no

received:from spamtrap2.client.local ([127.0.0.1]) by 
spamtrap2.client.local (spamtrap2.client.local [127.0.0.1]) 
(SpammerTrap(r) SME-500, port 10024) with LMTP id QxTwPcYqMh-9 for 
<user at example.com>; Wed, 10 Aug 2011 09:57:53 -0400 (EDT)

received:from MBX2.client.local (unknown [172.20.128.25]) (using TLSv1 
with cipher AES128-SHA (128/128 bits)) (No client certificate requested) 
by spamtrap2.client.local (Postfix) with ESMTPS id 6773561C0F5 for 
<user at example.com>; Wed, 10 Aug 2011 09:57:53 -0400 (EDT)

received:from MBX1.client.local ([169.254.1.69]) by MBX2.client.local 
([169.254.2.63]) with mapi id 14.01.0289.001; Wed, 10 Aug 2011 09:57:51 
-0400
-- 
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
 >*| *SECNAP Network Security Corporation

    * Best Mobile Solutions Product of 2011
    * Best Intrusion Prevention Product
    * Hot Company Finalist 2011
    * Best Email Security Product
    * Certified SNORT Integrator


______________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r). 
For Information please see http://www.secnap.com/products/spammertrap/
______________________________________________________________________  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.amavis.org/pipermail/amavis-users/attachments/20110810/85ed1487/attachment.html>

More information about the amavis-users mailing list