Lots of false positives on outbound SPAM filtering

Similar Messages

• After running Spamtrainer lots of false positives

  I ran Spamtrainer Friday and today I'm getting calls that a lot of customers are having their emails rejected. I tried to send a few test emails from my Hotmail and Yahoo email accounts and they both got failure notices:
  XX.XX.XXX.XX does not like recipient.
  Remote host said: 554 5.7.1 <[email protected]>: Relay access denied
  I have the server setup to redirect junkmails to a junkmail account I have setup. It should not be rejecting the email, even if it is considered junk.
  I didn't make any changes to the server other than running Spamtrainer on Friday, so that's why I think it might have something to do with it.
  Any help you can give me would be greatly appreciated.

  Doing some searching I found my solution by looking at http://discussions.apple.com/forum.jspa?forumID=1236&start=0
  Somehow the 'mydomain' setting changed to 'local' in the main.cf file. I just changed 'local' to our actual domain, restarted the mail services, and everything is working right now.
  I just wish I knew how/why it changed to 'local'... /shrug

• Comparing documents and false positives

  Hello,
  I often have to send a proof of a book to a printer. The proof is a PDF. When they return a soft proof--another PDF that they will use to print--I need to quickly compare the two to make sure that there have been no changes in the text.
  The Compare Documents feature certainly beats a side-by-side eyeball scan. But I often get a lot of false positives, words are flagged that actually have not changed.
  It appears that my PDF, exported from InDesign has some hidden discretionary hyphens. In ID these are used to make sure a word breaks at the end of the line at the correct syllable. They are invisible when printed. In a PDF these are not necessary because the text ain't gonna reflow, right?
  But when I compare the soft proof to the original PDF, words with discretionary hyphens are flagged. Somehow the printer has stripped the discretionary hyphens. That's fine but what must I do to get rid of them in my PDF?
  Below is an example. The PDF shown is the one from the printer. The comment box shows the difference from the original PDF, though there is in fact no difference on the page.
  Any advice would be appreciated.
  Tom

  I like Acrobat's text comparisons, which have saved me from bad goofs several times -- mostly stray key-strokes, but once I caught an InDesign footnote numbering snafu.  However, the false positives have always been annoying even without flagging every single discretionary hyphen.
  I imagine you have tried the image method for comparisons, a modern version of the old trick of putting printouts of the old and new versions of a page on a light table to find differences.
  I don't recall seeing comments of the type "undefined", but does re-sorting comments by type at least isolate these so you can step through the rest?  I'm no scripter, but can a javascript mark or eliminate comments containing hyphens?
  More drastic, would it be worth trying to eliminate the discretionary hyphens?  For instance, you could apply Harb's "Freeze Composition" in InDesign, and then search-and-replace all discretionary hyphens.  (Read the comments on the In-Tools site, as well as those in the InDesignSecrets blog it links to because you might want to modify the way it handles hyphens.)
  Good luck!
  David

• Pvc2300: false positive with motion detection

  Hello!
  I bought 3 pvc 2300 cameras. I tried motion detection with camera's software and with "Active webcam" software and I received a lot of false positive mails.
  1. with camera's software, I set event with motion detection & sent mail, but I receive a lot of mail when there isn't motion (I saw registrations and images)
  2. with Active WebCam software I use Linksys cameras and Panasonic Cameras. With Panasonic cameras all is ok. With Linksys cameras, about every hours there is a black frame, so I receive a mail from motion detection. Black frame arrive about every hours, after 60 minutes from last black frame. That is very strange!
  I changed sensitivity, check frequency, number of frame at second, but I have same problem.
  Can you help me?
  Thanks
  Mary

  I have 2 Panasonic cameras too and I need one software to manage all cameras.
  sensitivity: on active webcam software, I changed sensitivity of motion detection
  frequency check: on active webcam software, I changed from check motion every 0,1 second to every 5 seconds
  number of frame: on Linksys software I changed Max Frame Rate from 15 fps to 6 fps.

• Verizon SPAM Filtering my Outgoing email - This is unbelievab​le!

  I pay verizon to provide access to internet access and an email address. I do not want nor did I ask for any spam filtering to be performed. HOW DARE YOU!!!!! If you spam filter my incoming .. .where are MY controls ... NOT yours!
  Where do I see a listing of those emails that were filtered? You are obviously filtering my outgoing? What give you the right to do so?
  I'm a sending 100's or thousands of emails a day ... NO!!!!
  I sent 2 emails all day and you choose to filter them while I'm growing more and more **bleep** at the person I sent it to for not responding.
  This can't be legal ... it is censorship .... I have been a loyal Verizon user since FIOS became available. I have internet, home phones, cells and TV service totaling over $400/month.
  I am not going to looking into switching to AT&T and Cablevision.
  I don't care if my contract is up or not ... go ahead and sue me .... I'll see you in court.
  HOW DARE YOU!!!!!!!!!

  If Verizon's outbound spam filter catches your outgoing message, you receive an immediate notification. You get an error message if you are using webmail or a bounceback if you are using a mail client. There is no mystery as to whether it was stopped or not.
  You can find more information about how and why Verizon implements their outbound spam filtering at their Spam FAQ page, which is listed in the error you get if your message is actually blocked: http://www.verizon.net/spamfaq
  If it is inbound spam filtering you are concerned with, you have the ability to turn it off on the My Account Tools page, or you can change it to save to the Spam Detector folder instead of deleting via the Mail settings section in your mailbox.
  Also, this is a peer-to-peer forum. If you want to threaten/complain to Verizon, you need to do so directly. There are options on Verizon's Contact Us page.
  If a forum member gives an answer you like, give them the Kudos they deserve. If a member gives you the answer to your question, mark the answer as Accepted Solution so others can see the solution to the problem.
  "All knowledge is worth having."

• HT4899 False positive spam

  How do I find a false positive spammail on my iPad? Can't see a junk folder or a spam folder anywhere.

  Depends on your email provider and the type of email account (POP vs. IMAP). If it is a POP account, you likely would need to log into the providers website to see it.

• Third party spam filters

  Mail's adaptive junk filter is being overwhelmed by the flood of email I'm getting at my email address. I can't abandon the address any time soon because I advertise it, and get new customers by email reply.
  Is it possible to route my email to a commercial third party server, which will do a better job of identifying spam (with a minimum of false positives and false negatives) and then route it back to my usual mail server, or some similar arrangement?
  If so, who do you recommend? Does it work that much better than Mail's adaptive junk filter?
  Thanks in advance,
  Tim
  466 MHZ G4   Mac OS X (10.4.8)  

  Third party message handlers like MessageLabs do a very good job at filtering mail, catching viruses, etc. , but I'm not sure how many of them offer services to individuals.
  You might want to look at installing SpamSeive first. http://c-command.com/spamsieve/.
  It gets good reviews and at $30 would be less expensive than paying a monthly fee to a service company.
  - Wayne
  PowerMac G5   Mac OS X (10.4.8)  

• False positive junk email

  how do i report emails that are apparently filtered by apple as junk and not being sent to my account?

  Hello, casa4casa. 
  Below, I have attached a couple articles that will allow you to mark messages that have been identified as spam "Not Junk".  In the second article attached, see the section labeled Troubleshooting false-positives as it has a link that you requested to notify iCloud Support. 
  iCloud: Manage junk mail
  http://support.apple.com/kb/PH2649
  iCloud: Identifying and filtering spam
  http://support.apple.com/kb/HT4899
  Regards,
  Jason H. 

• Spam filtering solution for iPhone and a question.

  I've read a lot of posts about spam filtering for the iPhone and have yet another solution and a question. I use SpamSieve and I am not affiliated with them in any way. The nice thing about SpamSieve is that if it is the first rule in your Mail.app rule set any mail that follows has already been filtered. All you need to do then is create another rule that redirects email to what ever mail account you choose. Since my ISP allows multiple accounts, I will simply create an iPhone@myISP account.
  Now the question. Is it possible to write an applescript that will turn the redirect rule on or off so that I don't have to dig into the rules section of Mail to get this done?
  Thanks

  Is it possible to write an applescript that will turn the redirect rule on or off so that I don't have to dig into the rules section of Mail to get this done?
  not at present time

• How do I make a wild card for spam filters

  I get a lot of spam and I am trying to create one daily filter to catch the domains that use multiple prefixes....... @comtaff.us.
  Do I add any values in front of the @ as a catch all? Is there any other reading on setting Mail's spam filters?
  Cheers.

  That's not really a Firefox issue; but here's a list of birthday car websites: http://email.about.com/od/birthdaygreetingcards/tp/birthday_e_card.htm

• Mail spam filters stopped working

  About 2 weeks ago, I started getting a lot more spam than before. Looking closer, I saw that messages very similar to the new wave of spam were previously moved to the junk folder, but the new junk stayed in my inbox instead.
  The same day I started getting more spam, my wife complained of having the exact same problem. We're using different computers, different OS versions (10.8 vs. 10.9). I could understand if some spammers managed to avoid being flagged, but not all of them on the same day! Is there a server that Apple checks against that went down?

  It's possible that Apple's spam filters need updating. I use SpamSieve. You might give it a try. Has a demo.
  http://c-command.com/spamsieve/

• False Positives?

  A personal friend owns a local heating and air company.  He had an IT friend re-do his website recently.  My wife noticed it and had me take a look.  It's simple and clean and in Firefox text doesn't overlap when one zooms text only.  I took a look at w3c.org and there are a lot of reported errors.  I saw the google map errors and thought... false positive with proprietary code.  I then went to a site I created in Dreamweaver that utilizes a google map and there are no errors on the page reported at W3c.org.  In fact, building sites with Dreamweaver, the only errors I end up needing to fix are the ones created when I paste content text from Notepat that has quotation marks and other such symbols that need to be replaced in Dreamweaver.
  Could I get an opinion on this site:
  Milton Heating and Air
  Hopefully if this W3C.org report comes through, please tell me if you think these errors are a false positive because some proprietary coding technology is used or there is a problem with the document declaration?:
  W3C report on this site
  Since the sites I build in Dreamweaver don't contain errors, I'm just not that familiar with identifying and correcting these types of problems.

  JoeyD1978
  I certainly see your point.  It was not my intent to pick apart this site.  I don't know the person who did the site and was not being critical of his work at all or mentioning his name.  I was posting for my own information related to validation variables at W3C.org.
  The truth is, hardly any of the major websites pass validation at W3C.org... for example, microsoft.com
  So, basically I was hoping to just get a better insight into the W3C.org validation process.  For instance most Drupal sites fail validation.  I know Maximum PC used to use Drupal.  These guys are very technical, so one would think someone at Maximum PC would make certain their site would pass validation.  It does not, like so many other sites. So many websites representing top level corporations failing to validate is a mystery to me.  I was just wondering if some proprietary coding method or dynamic page serving technology is responsible.
  I have to admit though, the owner of this company is a good friend, so if someone here were to tell me, yeah, this issue will negatively impact his Internet presence,  my loyalties will be to my friend rather than his site's designer.  I wasn't expecting any response like that.  I like the site's design. The reported errors were puzzling. I was simply curious about the afore mentioned.

• Silent Spam Filtering - No NDR to Sender / No Notification to Recipient / No Option to Release Blocked Emails / No Support Document to request for Whitelisting of Sender

  Silent Spam Filtering used by iCloud is currently affecting us and our Customers. Our Customer, when sending us emails from their business domain (no presence on Global Spam Blacklists), is not able to reach us on our iCloud account and there is absolutely no sign of the email within the Inbox / Junk Folder and surprisingly no NDR to the Sender
  Symantec MessageLabs used for Outbound Mail Frittering by our customer confirms the emails to be delivered to MAC Servers, but not being forwarded to us or other end users using *@icloud.com account
  Delivery Report Extract:
  2014-10-15 03:56:39 PM SMTP Status: OK
  2014-10-15 03:56:44 PM Delivery attempt #1  (final)
  2014-10-15 03:56:44 PM Recipient server: 17.158.8.68 (mx1.mail.icloud.com)
  2014-10-15 03:56:44 PM Response: 250 2.5.0 Ok, envelope id [email protected]
  There should be a convenient way to request Apple Support Team, for addition of the Sender to an approved list or there should definitely be a Notification to the recipient of a Blocked Email address, which should help them to identify and release such emails, at will into their Inbox and not land up losing critical Customer Communications
  Cloud based Spam Filtering Solution Providers(Symantec, Microsoft and others to name a few) allows such options, as an email is now  a Business Essential Document and should be securely delivered to recipients

  This issue has become increasing prevalent over the last year and a half and has been covered by a number of reputable websites doing their own testing:
  http://www.macworld.com/article/2029570/silent-email-filtering-makes-icloud-an-u nreliable-option.html
  http://www.macworld.co.uk/news/mac/apple-censoring-icloud-emails-attachments-343 2561/
  http://www.mcelhearn.com/apples-silent-email-filtering-is-just-plain-wrong/
  No bounces are sent - messages are being accepted by Apple's mail servers and then filtered before they reach users inboxes. This is a pretty big deal.
  dgb

• Excessive SPAM even with SPAM Filtering configured

  SPAM Filtering is configured and is checking email, however, its not catching SPAM email messages. The header on a sample message came in with SCL:0 and PCL:2. The AntispamReport says SenderIDStatus None. But its SPAM. Wondering if recently others are
  experiencing a lot of SPAM and how can the filters in Exchange be configured tighter but not block good email.

  Well, you can consider moving to some dedicated SPAM filtering solutions like Exchange Online Protection.
  http://technet.microsoft.com/en-us/library/jj723137(v=exchg.150).aspx
  OM (MCITP) | Blog

• TCP Hijack/TCP Segment Overwrite false positives?

  Hello all,
  I was just curious if anyone else has had many false positives with 3 signatures in particular: TCP Hijack (3250.0 - High), TCP Hijack Simplex Mode (3251.0 - High), and TCP Segment Overwrite (1300.0 - High). The reason I think they are false positives is because they occur everyday, and I've also seem them caused by internal network traffic that crosses an IPS sensor (that is, making the potentially dangerous assumption that the internal devices can be trusted). We usually see between a dozen and 3 dozen a day depending on the signature, and we have 8 IPS total deployed internally and on the perimeters.
  Has anyone else had similar experiences? If so, do you have any suggestions on how to decrease the number of false positives for these alerts?
  Thanks,
  Ryan

  I get TCP Hijack and TCP Segment Overwrite all the time. I opened a TAC case about it because it was getting out of hand, and the engineer said that TCP Hijack would be very very hard to execute and if it is getting fired a lot odds are it is a false positive.
  This was his response:
  5769 - Malformed HTTP Request
  This signature basically just looks for traffic destined to one of your web ports (defined by the WEBPORTS variable) and containing a valid HTTP request (i.e., GET, POST, HEAD, PUT, DELETE, TRACE, CONNECT) but followed by malformed (i.e., not proper http protocol syntax) URI information. This type of malformed HTTP request can be used for a variety of exploits. Microsoft has malformed HTTP request vulnerabilities, another attack known as "http request smuggling" can be launched using malformed HTTP requests at a Squid web proxy, which may cause the web proxy and an upstream HTTP agent to disagree on the boundary between HTTP requests on a persistent connection. These are a couple of examples.
  If you open this signature in IDM and go to "Edit", you can see the regex it looks for within the http payload. Basically, it looks for a valid HTTP request followed by the hex code regex [\x20][\x21-\x7e]+[\x20]?[\x0d\x0a]. A properly formed HTTP request should not contain this hex code.
  It's possible that normal traffic could cause this, but unlikely. If you have further concerns about this signature firing, please capture the trigger packet context either by changing the signature action to 'produce verbose alert' or 'log attacker packet' for analysis. If you need assistance in analyzing these alerts, please contact TAC and open a case on this issue.
  3250 or 3251 - TCP Hijack and TCP Hijack Simplex Mode
  This signature detects attempts to insert packets into a TCP stream by an attacker in an effort to take over this session. However, if you're using inline ips mode, TCP Hijack attacks are impossible. Also, this type of attack is very rare and not easy to do, and is often a false positive. Types of things that can be used by network sniffers to detect that a TCP hijack may be happening is looking for repeated ARP updates, frames sent between client and server with different MAC addresses, or tcp ack storms.
  For these two hijack signatures, per MySDN information:
  "This signature fires upon detecting out of order ack packets. The most common network event that may trigger this signature is an idle telnet session. The TCP Hijack attack is a low-probability, high level-of-effort event."
  Thus, very likely to be false positives and unlikely to be a legitimate attack given the difficulties involved in doing this. However, it's worth checking out the source / destination of the attacks. Again though, if you are running inline mode, these attacks are impossible and you can ignore these signatures.
  About the TCP Segment Overwrite, mine is always fired for port 20 traffic from some sort of web cache server. Is that the same for you?