Outlook rewrites subject line to "SPAM: [original subject]"
in [General]
|
Prev: how to stop double booking
Next: template problem
From: noctufaber on 3 Jul 2008 02:19 I'm working with a customer of mine who I believe has some form of malware on his machine that is rewriting the subject line for all of his outbound emails. Here are the symptoms. 1. The office has quite a few users and they all use the same SMTP server. Only one user is has this problem. 2. When the problem user composes an email with a certain subject, the recipient receives the email, but the subject is always preceded with SPAM: 3. The mail headers show that Spam Assassin looked at it, but scored it as non-spam. Has anyone heard of or seen anything like this? Does any have any ideas how to fix it? I have included the mail headers below (with slight modifications to protect the innocent): From - Wed Jul 2 22:31:32 2008 X-Account-Key: account5 X-UIDL: 1215019732.12766.avenger.weirdwares.com,S=3626 X-Mozilla-Status: 0001 X-Mozilla-Status2: 00000000 X-Mozilla-Keys: Return-Path: problemuser(a)problemuser.com Delivered-To: supportuser(a)supportuser.com Received: (qmail 12764 invoked by uid 89); 2 Jul 2008 17:28:52 -0000 Received: by simscan 1.3.1 ppid: 12743, pid: 12744, t: 3.2986s scanners: attach: 1.3.1 clamav: 0.92/m:45/d:5110 spam: 3.1.7 X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on avenger.weirdwares.com X-Spam-Level: X-Spam-Status: No, score=-0.7 required=5.0 tests=AWL,BAYES_20,HTML_MESSAGE, RDNS_NONE autolearn=no version=3.2.4 Received: from unknown (HELO problemuser.com) (127.0.0.1) by avenger.weirdwares.com with (DHE-RSA-AES256-SHA encrypted) SMTP; 2 Jul 2008 17:28:48 -0000 Received-SPF: pass (avenger.weirdwares.com: SPF record at problemuser.com designates 127.0.0.1 as permitted sender) Received: from ADPFINANCE ([127.0.0.1]) by lasvegasferrari.com (8.12.11/8.12.11) with ESMTP id m62HSlM9017683 for supportuser(a)supportuser.com; Wed, 2 Jul 2008 12:28:48 -0500 Reply-To: problemuser(a)problemuser.com From: "Problem User" problemuser(a)problemuser.com To: "'Support User'" supportuser(a)supportuser.com Subject: SPAM: Website Date: Wed, 2 Jul 2008 11:24:25 -0600 Message-ID: 049d01c8dc68$7a103090$0490a8c0(a)ADPFINANCE MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_049E_01C8DC36.2F75C090" X-Mailer: Microsoft Office Outlook 11 thread-index: AcjcaHl8gIrxSrn5TmqGq4RNiT0f5g== X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198 This is a multi-part message in MIME format. ------=_NextPart_000_049E_01C8DC36.2F75C090 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit -- noctufaber
From: DL on 3 Jul 2008 03:41 The word 'Spam' is generally appended by either the recepients anti spam/AV application or their ISP's filters Its unlikely to be anything to do with the senders PC, and certainly not Outlook "noctufaber" <noctufaber.2b23048(a)outlookbanter.com> wrote in message news:noctufaber.2b23048(a)outlookbanter.com... > > I'm working with a customer of mine who I believe has some form of > malware on his machine that is rewriting the subject line for all of > his outbound emails. Here are the symptoms. > > 1. The office has quite a few users and they all use the same SMTP > server. Only one user is has this problem. > 2. When the problem user composes an email with a certain subject, the > recipient receives the email, but the subject is always preceded with > SPAM: > 3. The mail headers show that Spam Assassin looked at it, but scored > it as non-spam. > > Has anyone heard of or seen anything like this? Does any have any > ideas how to fix it? I have included the mail headers below (with > slight modifications to protect the innocent): > > From - Wed Jul 2 22:31:32 2008 > X-Account-Key: account5 > X-UIDL: 1215019732.12766.avenger.weirdwares.com,S=3626 > X-Mozilla-Status: 0001 > X-Mozilla-Status2: 00000000 > X-Mozilla-Keys: > > Return-Path: problemuser(a)problemuser.com > Delivered-To: supportuser(a)supportuser.com > Received: (qmail 12764 invoked by uid 89); 2 Jul 2008 17:28:52 -0000 > Received: by simscan 1.3.1 ppid: 12743, pid: 12744, t: 3.2986s > scanners: attach: 1.3.1 clamav: 0.92/m:45/d:5110 spam: 3.1.7 > X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on > avenger.weirdwares.com > X-Spam-Level: > X-Spam-Status: No, score=-0.7 required=5.0 > tests=AWL,BAYES_20,HTML_MESSAGE, > RDNS_NONE autolearn=no version=3.2.4 > Received: from unknown (HELO problemuser.com) (127.0.0.1) > by avenger.weirdwares.com with (DHE-RSA-AES256-SHA encrypted) SMTP; 2 > Jul 2008 17:28:48 -0000 > Received-SPF: pass (avenger.weirdwares.com: SPF record at > problemuser.com designates 127.0.0.1 as permitted sender) > Received: from ADPFINANCE ([127.0.0.1]) > by lasvegasferrari.com (8.12.11/8.12.11) with ESMTP id m62HSlM9017683 > for supportuser(a)supportuser.com; Wed, 2 Jul 2008 12:28:48 -0500 > Reply-To: problemuser(a)problemuser.com > From: "Problem User" problemuser(a)problemuser.com > To: "'Support User'" supportuser(a)supportuser.com > Subject: SPAM: Website > Date: Wed, 2 Jul 2008 11:24:25 -0600 > Message-ID: 049d01c8dc68$7a103090$0490a8c0(a)ADPFINANCE > MIME-Version: 1.0 > Content-Type: multipart/alternative; > boundary="----=_NextPart_000_049E_01C8DC36.2F75C090" > X-Mailer: Microsoft Office Outlook 11 > thread-index: AcjcaHl8gIrxSrn5TmqGq4RNiT0f5g== > X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198 > > This is a multi-part message in MIME format. > > ------=_NextPart_000_049E_01C8DC36.2F75C090 > Content-Type: text/plain; > charset="us-ascii" > Content-Transfer-Encoding: 7bit > > > > > -- > noctufaber
From: Diane Poremsky {MVP} on 3 Jul 2008 08:34 While its very common for it to happen by mail server filtering, a 3rd party antispam filter installed on the workstation could also be doing it. -- Diane Poremsky [MVP - Outlook] Author, Teach Yourself Outlook 2003 in 24 Hours Need Help with Common Tasks? http://www.outlook-tips.net/beginner/ Outlook 2007: http://www.slipstick.com/outlook/ol2007/ Outlook Tips by email: dailytips-subscribe-request(a)lists.outlooktips.net Outlook Tips: http://www.outlook-tips.net/ Outlook & Exchange Solutions Center: http://www.slipstick.com Subscribe to Exchange Messaging Outlook newsletter: EMO-NEWSLETTER-SUBSCRIBE-REQUEST(a)PEACH.EASE.LSOFT.COM ** Please include your Outlook version, Account type, and Windows Version when requesting assistance ** "DL" <address(a)invalid> wrote in message news:OQYDQBO3IHA.4272(a)TK2MSFTNGP03.phx.gbl... > The word 'Spam' is generally appended by either the recepients anti > spam/AV application or their ISP's filters > Its unlikely to be anything to do with the senders PC, and certainly not > Outlook > > > "noctufaber" <noctufaber.2b23048(a)outlookbanter.com> wrote in message > news:noctufaber.2b23048(a)outlookbanter.com... >> >> I'm working with a customer of mine who I believe has some form of >> malware on his machine that is rewriting the subject line for all of >> his outbound emails. Here are the symptoms. >> >> 1. The office has quite a few users and they all use the same SMTP >> server. Only one user is has this problem. >> 2. When the problem user composes an email with a certain subject, the >> recipient receives the email, but the subject is always preceded with >> SPAM: >> 3. The mail headers show that Spam Assassin looked at it, but scored >> it as non-spam. >> >> Has anyone heard of or seen anything like this? Does any have any >> ideas how to fix it? I have included the mail headers below (with >> slight modifications to protect the innocent): >> >> From - Wed Jul 2 22:31:32 2008 >> X-Account-Key: account5 >> X-UIDL: 1215019732.12766.avenger.weirdwares.com,S=3626 >> X-Mozilla-Status: 0001 >> X-Mozilla-Status2: 00000000 >> X-Mozilla-Keys: >> >> Return-Path: problemuser(a)problemuser.com >> Delivered-To: supportuser(a)supportuser.com >> Received: (qmail 12764 invoked by uid 89); 2 Jul 2008 17:28:52 -0000 >> Received: by simscan 1.3.1 ppid: 12743, pid: 12744, t: 3.2986s >> scanners: attach: 1.3.1 clamav: 0.92/m:45/d:5110 spam: 3.1.7 >> X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on >> avenger.weirdwares.com >> X-Spam-Level: >> X-Spam-Status: No, score=-0.7 required=5.0 >> tests=AWL,BAYES_20,HTML_MESSAGE, >> RDNS_NONE autolearn=no version=3.2.4 >> Received: from unknown (HELO problemuser.com) (127.0.0.1) >> by avenger.weirdwares.com with (DHE-RSA-AES256-SHA encrypted) SMTP; 2 >> Jul 2008 17:28:48 -0000 >> Received-SPF: pass (avenger.weirdwares.com: SPF record at >> problemuser.com designates 127.0.0.1 as permitted sender) >> Received: from ADPFINANCE ([127.0.0.1]) >> by lasvegasferrari.com (8.12.11/8.12.11) with ESMTP id m62HSlM9017683 >> for supportuser(a)supportuser.com; Wed, 2 Jul 2008 12:28:48 -0500 >> Reply-To: problemuser(a)problemuser.com >> From: "Problem User" problemuser(a)problemuser.com >> To: "'Support User'" supportuser(a)supportuser.com >> Subject: SPAM: Website >> Date: Wed, 2 Jul 2008 11:24:25 -0600 >> Message-ID: 049d01c8dc68$7a103090$0490a8c0(a)ADPFINANCE >> MIME-Version: 1.0 >> Content-Type: multipart/alternative; >> boundary="----=_NextPart_000_049E_01C8DC36.2F75C090" >> X-Mailer: Microsoft Office Outlook 11 >> thread-index: AcjcaHl8gIrxSrn5TmqGq4RNiT0f5g== >> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198 >> >> This is a multi-part message in MIME format. >> >> ------=_NextPart_000_049E_01C8DC36.2F75C090 >> Content-Type: text/plain; >> charset="us-ascii" >> Content-Transfer-Encoding: 7bit >> >> >> >> >> -- >> noctufaber > >
From: noctufaber on 3 Jul 2008 13:50 Thanks for checking into this. I believe it is likely a 3rd party tool on the workstation too. Does anyone know why a third part tool would mark your outbound emails with SPAM: in the subject? Does anyone know what tools do this? Thanks, Diane Poremsky {MVP};249821 Wrote: > While its very common for it to happen by mail server filtering, a 3rd > party > antispam filter installed on the workstation could also be doing it. > > -- > Diane Poremsky [MVP - Outlook] > Author, Teach Yourself Outlook 2003 in 24 Hours > Need Help with Common Tasks? http://www.outlook-tips.net/beginner/ > Outlook 2007: http://www.slipstick.com/outlook/ol2007/ > > Outlook Tips by email: > dailytips-subscribe-request(a)lists.outlooktips.net > > Outlook Tips: http://www.outlook-tips.net/ > Outlook & Exchange Solutions Center: http://www.slipstick.com > Subscribe to Exchange Messaging Outlook newsletter: > EMO-NEWSLETTER-SUBSCRIBE-REQUEST(a)PEACH.EASE.LSOFT.COM > > ** Please include your Outlook version, Account type, and Windows > Version > when requesting assistance ** > > > > > "DL" address(a)invalid wrote in message > news:OQYDQBO3IHA.4272(a)TK2MSFTNGP03.phx.gbl...- > The word 'Spam' is generally appended by either the recepients anti > spam/AV application or their ISP's filters > Its unlikely to be anything to do with the senders PC, and certainly > not > Outlook > > > "noctufaber" noctufaber.2b23048(a)outlookbanter.com wrote in message > news:noctufaber.2b23048(a)outlookbanter.com...- > > I'm working with a customer of mine who I believe has some form of > malware on his machine that is rewriting the subject line for all of > his outbound emails. Here are the symptoms. > > 1. The office has quite a few users and they all use the same SMTP > server. Only one user is has this problem. > 2. When the problem user composes an email with a certain subject, > the > recipient receives the email, but the subject is always preceded with > SPAM: > 3. The mail headers show that Spam Assassin looked at it, but scored > it as non-spam. > > Has anyone heard of or seen anything like this? Does any have any > ideas how to fix it? I have included the mail headers below (with > slight modifications to protect the innocent): > > From - Wed Jul 2 22:31:32 2008 > X-Account-Key: account5 > X-UIDL: 1215019732.12766.avenger.weirdwares.com,S=3626 > X-Mozilla-Status: 0001 > X-Mozilla-Status2: 00000000 > X-Mozilla-Keys: > > Return-Path: problemuser(a)problemuser.com > Delivered-To: supportuser(a)supportuser.com > Received: (qmail 12764 invoked by uid 89); 2 Jul 2008 17:28:52 -0000 > Received: by simscan 1.3.1 ppid: 12743, pid: 12744, t: 3.2986s > scanners: attach: 1.3.1 clamav: 0.92/m:45/d:5110 spam: 3.1.7 > X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on > avenger.weirdwares.com > X-Spam-Level: > X-Spam-Status: No, score=-0.7 required=5.0 > tests=AWL,BAYES_20,HTML_MESSAGE, > RDNS_NONE autolearn=no version=3.2.4 > Received: from unknown (HELO problemuser.com) (127.0.0.1) > by avenger.weirdwares.com with (DHE-RSA-AES256-SHA encrypted) SMTP; 2 > Jul 2008 17:28:48 -0000 > Received-SPF: pass (avenger.weirdwares.com: SPF record at > problemuser.com designates 127.0.0.1 as permitted sender) > Received: from ADPFINANCE ([127.0.0.1]) > by lasvegasferrari.com (8.12.11/8.12.11) with ESMTP id m62HSlM9017683 > for supportuser(a)supportuser.com; Wed, 2 Jul 2008 12:28:48 -0500 > Reply-To: problemuser(a)problemuser.com > From: "Problem User" problemuser(a)problemuser.com > To: "'Support User'" supportuser(a)supportuser.com > Subject: SPAM: Website > Date: Wed, 2 Jul 2008 11:24:25 -0600 > Message-ID: 049d01c8dc68$7a103090$0490a8c0(a)ADPFINANCE > MIME-Version: 1.0 > Content-Type: multipart/alternative; > boundary="----=_NextPart_000_049E_01C8DC36.2F75C090" > X-Mailer: Microsoft Office Outlook 11 > thread-index: AcjcaHl8gIrxSrn5TmqGq4RNiT0f5g== > X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198 > > This is a multi-part message in MIME format. > > ------=_NextPart_000_049E_01C8DC36.2F75C090 > Content-Type: text/plain; > charset="us-ascii" > Content-Transfer-Encoding: 7bit > > > > > -- > noctufaber- > > - -- noctufaber
From: Diane Poremsky {MVP} on 4 Jul 2008 16:57 Check the workstation for antispam applications. -- Diane Poremsky [MVP - Outlook] Author, Teach Yourself Outlook 2003 in 24 Hours Need Help with Common Tasks? http://www.outlook-tips.net/beginner/ Outlook 2007: http://www.slipstick.com/outlook/ol2007/ Outlook Tips by email: dailytips-subscribe-request(a)lists.outlooktips.net Outlook Tips: http://www.outlook-tips.net/ Outlook & Exchange Solutions Center: http://www.slipstick.com Subscribe to Exchange Messaging Outlook newsletter: EMO-NEWSLETTER-SUBSCRIBE-REQUEST(a)PEACH.EASE.LSOFT.COM ** Please include your Outlook version, Account type, and Windows Version when requesting assistance ** "noctufaber" <noctufaber.2b2d907(a)outlookbanter.com> wrote in message news:noctufaber.2b2d907(a)outlookbanter.com... > > Thanks for checking into this. I believe it is likely a 3rd party tool > on the workstation too. Does anyone know why a third part tool would > mark your outbound emails with SPAM: in the subject? Does anyone know > what tools do this? > > Thanks, > > > Diane Poremsky {MVP};249821 Wrote: >> While its very common for it to happen by mail server filtering, a 3rd >> party >> antispam filter installed on the workstation could also be doing it. >> >> -- >> Diane Poremsky [MVP - Outlook] >> Author, Teach Yourself Outlook 2003 in 24 Hours >> Need Help with Common Tasks? http://www.outlook-tips.net/beginner/ >> Outlook 2007: http://www.slipstick.com/outlook/ol2007/ >> >> Outlook Tips by email: >> dailytips-subscribe-request(a)lists.outlooktips.net >> >> Outlook Tips: http://www.outlook-tips.net/ >> Outlook & Exchange Solutions Center: http://www.slipstick.com >> Subscribe to Exchange Messaging Outlook newsletter: >> EMO-NEWSLETTER-SUBSCRIBE-REQUEST(a)PEACH.EASE.LSOFT.COM >> >> ** Please include your Outlook version, Account type, and Windows >> Version >> when requesting assistance ** >> >> >> >> >> "DL" address(a)invalid wrote in message >> news:OQYDQBO3IHA.4272(a)TK2MSFTNGP03.phx.gbl...- >> The word 'Spam' is generally appended by either the recepients anti >> spam/AV application or their ISP's filters >> Its unlikely to be anything to do with the senders PC, and certainly >> not >> Outlook >> >> >> "noctufaber" noctufaber.2b23048(a)outlookbanter.com wrote in message >> news:noctufaber.2b23048(a)outlookbanter.com...- >> >> I'm working with a customer of mine who I believe has some form of >> malware on his machine that is rewriting the subject line for all of >> his outbound emails. Here are the symptoms. >> >> 1. The office has quite a few users and they all use the same SMTP >> server. Only one user is has this problem. >> 2. When the problem user composes an email with a certain subject, >> the >> recipient receives the email, but the subject is always preceded with >> SPAM: >> 3. The mail headers show that Spam Assassin looked at it, but scored >> it as non-spam. >> >> Has anyone heard of or seen anything like this? Does any have any >> ideas how to fix it? I have included the mail headers below (with >> slight modifications to protect the innocent): >> >> From - Wed Jul 2 22:31:32 2008 >> X-Account-Key: account5 >> X-UIDL: 1215019732.12766.avenger.weirdwares.com,S=3626 >> X-Mozilla-Status: 0001 >> X-Mozilla-Status2: 00000000 >> X-Mozilla-Keys: >> >> Return-Path: problemuser(a)problemuser.com >> Delivered-To: supportuser(a)supportuser.com >> Received: (qmail 12764 invoked by uid 89); 2 Jul 2008 17:28:52 -0000 >> Received: by simscan 1.3.1 ppid: 12743, pid: 12744, t: 3.2986s >> scanners: attach: 1.3.1 clamav: 0.92/m:45/d:5110 spam: 3.1.7 >> X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on >> avenger.weirdwares.com >> X-Spam-Level: >> X-Spam-Status: No, score=-0.7 required=5.0 >> tests=AWL,BAYES_20,HTML_MESSAGE, >> RDNS_NONE autolearn=no version=3.2.4 >> Received: from unknown (HELO problemuser.com) (127.0.0.1) >> by avenger.weirdwares.com with (DHE-RSA-AES256-SHA encrypted) SMTP; 2 >> Jul 2008 17:28:48 -0000 >> Received-SPF: pass (avenger.weirdwares.com: SPF record at >> problemuser.com designates 127.0.0.1 as permitted sender) >> Received: from ADPFINANCE ([127.0.0.1]) >> by lasvegasferrari.com (8.12.11/8.12.11) with ESMTP id m62HSlM9017683 >> for supportuser(a)supportuser.com; Wed, 2 Jul 2008 12:28:48 -0500 >> Reply-To: problemuser(a)problemuser.com >> From: "Problem User" problemuser(a)problemuser.com >> To: "'Support User'" supportuser(a)supportuser.com >> Subject: SPAM: Website >> Date: Wed, 2 Jul 2008 11:24:25 -0600 >> Message-ID: 049d01c8dc68$7a103090$0490a8c0(a)ADPFINANCE >> MIME-Version: 1.0 >> Content-Type: multipart/alternative; >> boundary="----=_NextPart_000_049E_01C8DC36.2F75C090" >> X-Mailer: Microsoft Office Outlook 11 >> thread-index: AcjcaHl8gIrxSrn5TmqGq4RNiT0f5g== >> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198 >> >> This is a multi-part message in MIME format. >> >> ------=_NextPart_000_049E_01C8DC36.2F75C090 >> Content-Type: text/plain; >> charset="us-ascii" >> Content-Transfer-Encoding: 7bit >> >> >> >> >> -- >> noctufaber- >> >> - > > > > > -- > noctufaber
|
Pages: 1 Prev: how to stop double booking Next: template problem |