Emails with Outlook 2003\2007 stationery getting rejected

Discussion in 'ESET Server & Remote Administrator' started by captainfish, Dec 20, 2012.

Thread Status:
Not open for further replies.
  1. captainfish

    captainfish Registered Member

    Joined:
    Aug 17, 2012
    Posts:
    35
    Location:
    USA
    Hello,
    Since the end of November at least, a number of our users are reporting that when some people try to reply to their email, they are getting rejection messages stating:

    "This is the Spam & Virus Firewall at barracuda.(domain).
    I'm sorry to inform you that the message below could not be delivered. When delivery was attempted, the following error was returned.

    <senders email address>: host 172.21.0.57[172.21.0.57] said: 554 5.6.0 Invalid content (in reply to end of DATA command)"

    The emails are being allowed through the Barracuda firewall device. The message is then rejected on our EDGE Exchange email server that uses ESET Mail Security for Exchange 4.3.

    The messages are seen in the Antispam log of ESET with a score of 90.

    We have determined that the reason is because of the Stationery Themes in our user's original email message that was used in a reply. Most likely culprit is the LEAVES stationery theme. ESET is seeing the add-on graphics as indicators of spam.

    Please note, these are users who have been upgraded from Office 2003\2007 to now using Office 2010. So, this stationery is a carry over form the previous version. I have fresh install of Office 2010 and I am unable to find the LEAVES stationery theme.
     
  2. dwomack

    dwomack Eset Staff Account

    Joined:
    Mar 2, 2011
    Posts:
    588
    Have you tried setting Outlook to only read all email in plain text for all users? This should remove any previous stationary from replies and resolve the email rejection issue.
     
  3. captainfish

    captainfish Registered Member

    Joined:
    Aug 17, 2012
    Posts:
    35
    Location:
    USA
    Hello Dwomack,
    that would work for our in-house Outlook users. However we are not able to tell outside users to do that. And how many outside users use Outlook anyway?
     
  4. captainfish

    captainfish Registered Member

    Joined:
    Aug 17, 2012
    Posts:
    35
    Location:
    USA
    Now, Eset Email for Exchange is now blocking random emails from the same sender. Some emails will come through, while others will be rejected. See attachment.

    And to further clarify that this is an ESET rejection, the user sending the emails is on our Firewall's Whitelist.

    On the ESET Antispam Log Files on our Edge server for the user, I'm seeing:

    Non-specific spam indicator (100%) retained
    Spammy keyword Free stuff (59%) retained
    Sender has spammy reputation (54%) rejected
    Non-specific spam indicator (100%) retained
    Custom spam phrases (100%) retained
    Spammy keyword Advance Fee Fraud (57%) retained
    Sender has spammy reputation (100%) retained
    Generic spam indicator (54%) rejected
    Sender has spammy reputation (50%) rejected
    Sender has spammy reputation (100%) retained
    Sender has spammy reputation (67%) rejected

    This guy is basically forwarding internet stories, jokes, friendly daily sayings, news items, etc.

    In this case, there is no Theme or Stationary causing conflict.

    Is the only way to fix this to add the user's email server to the antispam approved IP list under Antispam Engine Setup?
     
Thread Status:
Not open for further replies.