Commtouch Blocking
Problem reported by Alexander Weinandt - 5/21/2015 at 8:52 AM
Hi All
So I had a client contact me regarding a company that was sending out class registrations to the class admins.
These emails were landing in the Smartermail junk email folder. The client went online and was able to retrieve these messages 3 days too late but was able to get them. Client then added the registration email domain to safe senders list on the server, not on their personal Outlook settings.
Still the messages end up in their junk folder. I went and looked at the message and noticed that commtouch had appended a score of 30 to any emails coming from this site. I looked at the 10 previous messages from this company, and all had the same appendage from commtouch. This company has more than one ip address associated with their email servers. So I went to Cyren's website to check on the reputation of all the ip addresses I found in the emails. All of the IP's check out okay.  So now I am baffled. I would contact them, but I purchased the spam addon from smartertools. 
Any suggestions?

3 Replies

Reply to Thread
Bruce Barnes Replied
What do the SMARTERMAIL SMTP and DELIVERY log say about the individual messages?
Bruce Barnes
ChicagoNetTech Inc

Phonr: (773) 491-9019
Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting
Alexander Weinandt Replied
Hi Bruce
Here is an example that came through this morning.  This is yet another ip address that is associated with this training company ipc
Return-Path: <jira@ipcinc.atlassian.net>
Received: from emx-108-1.sc1.uc-inf.net (emx-108-1.sc1.uc-inf.net []) by helm.supportunlimited.net with SMTP;
   Fri, 22 May 2015 07:21:08 -0500
Received: from ipcinc.atlassian.net (ipcinc.atlassian.net.internal [])
	by emx-108-1.sc1.uc-inf.net (Postfix) with ESMTP id D1F71F340EDB
	for <kpitman@industrialinsite.com>; Fri, 22 May 2015 12:21:01 +0000 (UTC)
Date: Fri, 22 May 2015 07:21:01 -0500 (CDT)
From: Angela Sennett <jira@ipcinc.atlassian.net>
Reply-To: support@ipccertification.org
To: kpitman@industrialinsite.com
Message-ID: <JIRA.11627.1431963152000.3018.1432297261732@Atlassian.JIRA>
In-Reply-To: <JIRA.11627.1431963152000@Atlassian.JIRA>
References: <JIRA.11627.1431963152000@Atlassian.JIRA> <JIRA.11627.1431963152286@ipcinc.atlassian.net>
Subject: [JIRA] [Certification Service Desk] Two more certificates were not
 received [CQIDESK-905]
MIME-Version: 1.0
Content-Type: multipart/alternative; 
X-JIRA-FingerPrint: 02fa70b48a9f7e8bdd0d12ff74b160b9
Auto-Submitted: auto-generated
Precedence: bulk
X-SmarterMail-Spam: SPF_None, Commtouch 30 [value: Confirmed], ISpamAssassin 1 [raw: 1], DK_None, DKIM_None
X-CTCH-RefId: str=0001.0A010204.555E1311.01AC,ss=4,sh,re=0.000,recu=0.000,reip=0.000,cl=4,cld=1,fgs=8
X-SmarterMail-TotalSpamWeight: 31
Here is the delivery log entry for the above
[2015.05.22] 07:21:09 [20198] Delivery started for jira@ipcinc.atlassian.net at 7:21:09 AM
[2015.05.22] 07:21:13 [20198] Spam check results: [_SPF: None], [FIVE-TEN: passed], [HOSTKARMA - BLACKLIST: passed], [HOSTKARMA - BROWNLIST: passed], [HOSTKARMA - WHITELIST: passed], [SORBS - ABUSE: passed], [SORBS - DYNAMIC IP: passed], [SORBS - PROXY: passed], [SORBS - SOCKS: passed], [SPAMCOP: passed], [SPAMHAUS - PBL: passed], [SPAMHAUS - PBL2: passed], [SPAMHAUS - SBL: passed], [SPAMHAUS - XBL: passed], [SPAMHAUS - XBL2: passed], [UCEPROTECT LEVEL 1: passed], [UCEPROTECT LEVEL 2: passed], [UCEPROTECT LEVEL 3: passed], [_REVERSEDNSLOOKUP: passed], [_COMMTOUCH: 30,Confirmed], [_INTERNALSPAMASSASSIN: 1:1], [_DK: None], [_DKIM: None]
[2015.05.22] 07:21:15 [20198] Starting local delivery to kpitman@industrialinsite.com
[2015.05.22] 07:21:15 [20198] Delivery for jira@ipcinc.atlassian.net to kpitman@industrialinsite.com has completed (Delivered) Filter: Spam (Weight: 31)
[2015.05.22] 07:21:15 [20198] End delivery to kpitman@industrialinsite.com
[2015.05.22] 07:21:15 [20198] Delivery finished for jira@ipcinc.atlassian.net at 7:21:15 AM	[id:99120198]
and here is the SMTP log
[2015.05.22] 07:21:06 [][63696334] rsp: 220 helm.supportunlimited.net
[2015.05.22] 07:21:06 [][63696334] connected at 5/22/2015 7:21:06 AM
[2015.05.22] 07:21:06 [][63696334] cmd: EHLO emx-108-1.sc1.uc-inf.net
[2015.05.22] 07:21:06 [][63696334] rsp: 250-helm.supportunlimited.net Hello []250-SIZE 31457280250-AUTH LOGIN CRAM-MD5250-8BITMIME250 OK
[2015.05.22] 07:21:06 [][63696334] cmd: MAIL FROM:<jira@ipcinc.atlassian.net> SIZE=26011
[2015.05.22] 07:21:08 [][63696334] rsp: 250 OK <jira@ipcinc.atlassian.net> Sender ok
[2015.05.22] 07:21:08 [][63696334] cmd: RCPT TO:<kpitman@industrialinsite.com>
[2015.05.22] 07:21:08 [][63696334] rsp: 250 OK <kpitman@industrialinsite.com> Recipient ok
[2015.05.22] 07:21:08 [][63696334] cmd: DATA
[2015.05.22] 07:21:08 [][63696334] rsp: 354 Start mail input; end with <CRLF>.<CRLF>
[2015.05.22] 07:21:08 [][63696334] rsp: 250 OK
[2015.05.22] 07:21:08 [][63696334] Data transfer succeeded, writing mail to 99120198.eml
[2015.05.22] 07:21:08 [][63696334] cmd: QUIT
[2015.05.22] 07:21:08 [][63696334] rsp: 221 Service closing transmission channel
[2015.05.22] 07:21:08 [][63696334] disconnected at 5/22/2015 7:21:08 AM
Let me know what you think,  I did another check on this IP address at the Cyren website and this IP came back as no risk
Bradley Higgs Replied
Ancient thread, found via Googling for the problem cited, and this issue persists with exactly the same symptoms. Cyren just doesn't seem to provide any value for the price, and that may not be squarely on Commtouch's shoulders but a problem with commercial security services in general, wasting time chasing down false positives that provide zero insight into their blocking decisions is not what I'm paid to do, providing transparent integrated mail security is what we pay Cyren to do. Fired.

Reply to Thread