Is something wrong? Or am I just the victim of some spammer using my domain?

 

I have included a sample message with headers and the contents of Spamfilter.ini. I can include logs if needed.

 

Thanks for the help tracking this down.

 

=================================

Returned message:

=================================

 

 

 

=================================

Spamfilter config

===================================

; a true after an ordb entry means their DNS is expecting the IP to be reversed
; i.e. to test a connection from 1.2.3.4 they expect 4.3.2.1.bl.spamcop.net
;site6=dnsbl.sorbs.net, true
;site7=dun.dnsrbl.net, true

[server settings]
; dns - your DNS server
dns=127.0.0.1,64.137.0.6,67.128.36.11,205.171.3.65,205.171.2.65

; SpamFilter can be limited to listen on one or more specific IPs. Leave empty for all IPs, or separate multiple IPs with a comma ","
;ListenIP=209.26.140.2
;or....
;ListenIP=209.26.140.2,209.26.140.3
ListenFQDN=mailin.pcu.net
ListenPort=25

;The email address to use in Error Replies to senders
ErrorHandlerEmailAddress="System Administrator" <server@pcu.net>

; DestinationServer is where you want all mail received by SpamFilter to be forwarded to
DestinationServer=mail.pcu.net
DestinationPort=25

; AllowPercent is used to accept (AllowPercent=1) or reject (AllowPercent=0) emails containing the % character.
; Many SMTP servers are susceptible to being tricked into relaying with this.
; Ex. if you are netwide.net, then a spammer can use
; mail to: joe%yahoo.com@netwide.net
; to relay mail to joe@yahoo.com if your server is vulnerable
; Setting AllowPercent to 0 rejects ALL recipients email addresses conatining the % sign

;log daily activity to logfiles
Logging=1
MultiThreaded=1
MaxInboundConnections=450

;Set this to 1 if you want to disable EHLO extensions
DisableEHLO=0

;Any emails whose text portion exceeds this number of KB will not be scanned for keywords and Bayes
;Higher values *may* catch more spam but will cause higher load on processor
MaxMsgSizeForKeywordScan=64

;Set FilterBase64html to 1 if you want to block any emails with Content-Transfer-Encoding=base64 and Content-Type=text/html or text/plain
FilterBase64html=0

;Set RequireHELOBeforeMAILFROM to 0 if you do not want to require remote servers to issue a HELO or EHLO command before sending the email
RequireHELOBeforeMAILFROM=1

;Controls the minimum number of good and spam emails that must be received before the Bayesian filter kicks in
MinEmailsForBayesKickIn=5000

;by default SpamFilter will not allow any IP to relay thru it. Change DoNotTrustSelfByDefault to 1 if you want localhost to be able to relay
DoNotTrustSelfByDefault=0

;Remove any stale token in the corpus db.dat file that did not appear in incoming emails for the past n days
CleanUpCorpusIntervalDays=3

;Force disconnect of sessions after they have remained connected for this long
IdleDisconnectMinutesTimeout=15

;Force disconnect of sessions if a command has not been received within the last nn seconds
ReadTimeout=120

;Timeout when delivering emails to the destination SMTP server (in seconds)
ReadTimeoutOutgoing=120

;if turned on, this will cause tokens in incoming emails being logged to screen with relevant probabilities
ShowBayesianTokens=0

;Set TagSPAMAndQuarantine=1 if you want to prefix every quarantine subject line with the prefix specified in SPAMTagPrefix ini parameter

;This SPAMTagPrefix will be prefixed to all subject lines marked for "mark as SPAM and deliver" along with the ation specified by TagSPAMAndQuarantine
SPAMTagPrefix=SPAM:

;Setting DoNotSendNDROnQuarantine to 1 will prevent generation of NDR when email are quarantined by causing SpamFilter *not* to send an error code when quarantining emails
DoNotSendNDROnQuarantine=0

;If turned on, the threads that save to disk and load into memory the bayes corpus tokens will have increased priority
BoostBayesPriority=1

;if TrailingSQLSemiColon is set to 1 SpamFilter will add a ";" to the end of SQL statements. Disable only to help solve problems with some databases.
TrailingSQLSemiColon=1

;If turned on, any quarantined (false positives) emails that the end user force-delivers will cause the sender to be automatically whitelisted
AutoWhiteListForceDeliveryEnabled=1

;if EnableBadMailDir is set to 1, this will cause all emails that generate a "server error" when forwarded to your destination SMTP server will be saved in a "BadMailDir" for troubleshooting
EnableBadMailDir=0

;if ScanReceivedHeaders is set to 1 SpamFilter will add the "Received:" headers to the text examined for keywords and statistical Bayesian searches.
ScanReceivedHeaders=1

;if ScanAllHeaders is set to 1 SpamFilter will add all email's headers to the text examined for keywords and statistical Bayesian searches.
ScanAllHeaders=0

;Number of hours SpamFilter will retry to deliver messages in queue to your destination SMTP server if it was unreacheable. Enter 0 to try forever until back online.
ExpireRetryQueueHours=0

;Path to logfile directory
LogFilePath=C:\Program Files\SpamFilter\logfiles

;Optional destination SMTP server where to forward SPAM emails only. Good emails are still forwarded to main SMTP server
DestSMTPServerForSPAM=

;The frequency in seconds for which the quarantine table is scanned to check for emails pending delivery - includes web-access password registration emails
QuarantineToDeliverCheckInterval=5

;By default the activity logfile is saved to disk every 60 seconds. Set RealtimeDiskLogging=1 to save the log every time it is updated
RealtimeDiskLogging=0

;Add any IPs (separated by commas - no wildcards) that you do not wish to be automatically added to the Honeypot IP blacklist. This setting also prevents those IPs to be added to the IP cache blacklist
DoNotAddIPToHoneypot=

;An alternate server for sending NDR (non-delivery) notification emails can be used. Leave the "NotificationSMTPServer" value blank to use the default destination SMTP server
NotificationSMTPServer=
NotificationSMTPServerPort=25

;Set EnableDbgLogs=1 to enable separate detailed logging for troubleshooting purposes
EnableDbgLogs=0

;The timeout in milliseconds for all DNS-related queries.
DNSTimeout=5000

;If an IP sends more than this number of spams in a certain period of time then it is temporarily banned (blacklisted)
IPCacheLimboCountTrigger=3

;If an IP sends more than a certain number of spams during this number of minutes then it is temporarily banned (blacklisted)
IPCacheLimboTimeTrigger=10

;If an IP address was banned because it sent too many spams in a certain time interval, it will be un-banned after this number of minutes
IPCacheBlacklistDuration=60

;You can force the antivirus plugin to block emails if they contain password protected archives that cannot be tested for viruses by setting this to 1
BlockArchivesWithPassword=0

;By default SpamFilter will only perform DNS lookups when the reverse DNS filter is enable. Change value to 1 to always perform a reverse lookup on connecting IPs
AlwaysDoReverseDNSLookups=0

;Specifies how often the logfiles are rotated (Min=1, Max=24). The default is 24 (rotates at midnight). A value of 1 means every hour at the hour, value of 2 means at 2am, 4am, 6am etc...
RotateLogsEveryNNhours=24

;Change DoNotStartWithoutAV to 1 if you do not want SpamFilter to start/run if there is an error with the Antivirus plugin.
DoNotStartWithoutAV=0

;Determines if SpamFilter should hold in the queue emails that were rejected by the destination SMTP server with an error in the 4xy range
QueueIfDestinationError400=0

;Determines if SpamFilter should hold in the queue emails that were rejected by the destination SMTP server with an error in the 5xy range
QueueIfDestinationError500=0

;Determines if SpamFilter should remove from the queue emails that could not be delivered to the destination SMTP server due to a "Read Timeout" (an NDR is sent if the email is removed from the queue)
DoNotQueueIfReadTimeout=0

;Image filter threshold. Higher values indicate a more aggressive filter. 0 disables the filter. Min=0, Max=15

;Image filter color sensitivity. Used internally to detect color shades
SpamImageColorSensitivity=20

;Images embedded in email's html having a width smaller than this will not be scanned. Useful to bypass signatures and logos
SpamImageMinWidth=300

;Images embedded in email's html having a height smaller than this will not be scanned. Useful to bypass signatures and logos
SpamImageMinHeight=300

;Determines the number of points that will be scanned in a image to process it for spam
SpamImageSamplingPoints=200

;to reduce false positives, emails with multiple inline images can bypass the image filter by setting this value to 1
SpamImagePassMultiImage=1

;Specify the max number of pages a PDF document must contain in order to be scanned for spam signatures. The scan will be skipped altogether if there are more than this number of pages
SpamPDFMaxPagesToScan=0
;Anthony changed this from 1 to 0 09/15/2007 to alleviate too many connections to mail server

;Specify the max number height in pixel of a PDF pages that will be scanned for spam signatures. To reduce false positives, pages taller than this will not be scanned
SpamPDFMaxPixelHeight=1600

;SpamFilter can block emails that contain only an empty, blank body and one of the following attachment. Clear the list if you don't want to stop such emails. Specify multiple attachments separated by commas
BlockBlankEmailsWithAttachments=*.pdf

;Set this to 0 to prevent queued emails to be spooled to memory, and force spooling to disk. While less efficient, spooling to disk helps allow existing antivirus software to detect and block some infected email files
SpoolQueueFilesToMemory=1

;If the private key of the SSL certificate is protected by a password, enter is here
SSLCertificatePassword=

;Some older email clients have a bug that requires them to see "AUTH=LOGIN" in the EHLo response rather than "AUTH LOGIN". Set this to 1 to add the incorrect syntax to the EHLO output. Changes to this setting require SpamFilter to be restarted
AddIncorrectAUTHLOGINEHLOEntry=0

;Timeout in seconds used in the some SQL commands (Ex. inserting a new record in the tblQuarantine table)
MiscSQLTimeout=5

;SpamFilter Enterprise will delete temporary entries in the tblReloadTableInfo after they have been kept for this long. This parameter is used to allow multiple installations of SpamFilter Enterprise to maintain their settings in sync. It can be reduced to 5-10 seconds for installations running only one instance of SpamFilter Enterprise
SecondsToHoldEntriesIntblReloadTableInfo=600

;If the "AuthorizedTO" whitelist is used to specify the list of valid email addresses that can be accepted, by default SpamFilter will terminate a connection when the remote server specifies an invalid address in the RCPT TO command. You can use the following option to disable this forced disconnect, and cause SpamFilter to simply reject the invalid recipient, and continue to accept additional ones
ForceDisconnectOnNonAuthorizedTO=true

;Use this option to prevent SpamFilter from performing the routine cleanup of the quarantine database by deleting old archived emails. Useful if admins want to perform their own cleanup
DoNotDeleteExpiredEmailsFromQuarantine=0

;SpamFilter is able to block blank emails that contain specific attachments. This parameter is used to specify the threshold of characters below which an email is considered blank
MaxLettersToConsiderEmailBlank=4
LocalDomainsFilterMatrixFileName=
SFEActivationCode=
DestSMTPServerForSPAMPort=25
ListenPortSSL=465
ResponseWelcomeBanner=Welcome to SpamFilterISP SMTP Server %Ver%  
XServerHeader=LogSat Software SMTP Server
ccTLDsFileName=C:\Program Files\SpamFilter\ccTLDs.txt
ResolveDNSCache=1
EnableActivityLog=0
EnableIPCacheBlacklist=1
PatchesURL=http://download.logsat.com/SpamFilter/pub/
LogKeywords=1
AutoVersionCheck=1
DisableConnectionsGrid=0
AddVirusSenderToHoneypot=0
RememberStats=1
MaxInboundConnectionsSameIP=10
MaxRCPTTO=25
MaxIncomingMsgSize=0
FlushQueueInterval=15
VirusFoundAction=0
ArchiveSpamDays=0
DeleteExpiredEmailInterval=60
DBPatchesApplied=
SFDB_URL=http://sfdb.logsat.com/SFDBUpload/
UserSelectEnterpriseVersion=0
DisconnectOnNonAuthorizedTO=1
MaxGridRecords=1000
BayesProbTrigger=138
EnableBayesianThread=1
ReceiveBodyIfNotInAuthTO=1
SPAMTagHeader=X-SF-SPAM:Y
HideXSFWhiteListedReasonHeader=0
GreyListEnabled=0
ForwardAllSPAMtoEmailAddress=
ListenIP=
MaxMsgSizeForSpamFiltering=768
GreyListInterval=300
GreyListLimboHold=12
GreyListAllowedHold=90
HashCacheBlacklistDuration=60
SFDC_URL=http://sfdb.logsat.com/SFDCUpload/

 

;SpamFilter uses the http and https protocols to query the SFDB database and to download antivirus updates. You can specify a proxy to use for these operations the the option in the [proxy settings] section
[proxy settings]
ProxyServer=
ProxyUsername=
ProxyPassword=
ProxyPort=0
ProxyBasicAuthentication=0
[Error Response]
ResponseBlacklistedMAPS=521 The IP %IP% is Blacklisted by %MAPSResponse%.
ResponseBlacklistedSURBL=521 A URL in the email is Blacklisted by SURBL: %MAPSResponse%.
ResponseBlacklistLocalIP=521 The IP %IP% is Blacklisted.
ResponseBlacklistLocalDomain=521 The domain %Domain% is Blacklisted.
ResponseEmptyMAILFROM=521 Emails with an empty MAIL FROM are not allowed
ResponseBlacklistLocalEMail=521 The EMail %EMailFrom% is Blacklisted.
ResponseBlacklistLocalEMailTo=521 The EMail %EMailTo% is Blacklisted.
ResponseNoReverseDNS=557 Your IP %IP% does not have a reverse DNS entry. Disconnecting...
ResponseNoMX=557 Your domain %Domain% does not have a valid MX DNS record. Disconnecting...
ResponseMaxRCPTTO=557 You exceeded then maximum number of RCPT TO. Disconnecting...
ResponseCountryBlacklist=557 Your IP address is from a blacklisted country. Disconnecting..
ResponseRelayRestricted=557 You are not allowed to send mail to %EMailTo%
ResponseNotInAuthorizedTO=557 You are not allowed to send mail to %EMailTo%
ResponseHoneypotMatch=521 The IP %IP% is Blacklisted.
ResponseKeywordMatch=557 This email is rejected. It contains keywords rejected by the antispam content filter.
ResponseVirusFound=557 This email is rejected because it contains a virus
ResponseSPF=550 The sender did not meet Sender Policy Framework rules. Please see http://spf.pobox.com
ResponseMaxIncomingMsgSize=552 This email is rejected. It exceeds the maximum allowed message size.
ResponseIPCacheBlacklist=421 Your IP is temporarily blocked, please try again later.
ResponseSpamImage=557 This email is rejected. It contains content rejected by the antispam filter.
ResponseSFDB=557 Your IP %IP% is currently listed in SpamFilter ISP's Distributed Blacklist. Please see http://www.logsat.com/SFDB/why.asp for details.
ResponseSFDC=557 The email content matches known spam signatures.
ResponseGreyList=421 This server implements greylisting, please try again in %Time% seconds
[NVC]
AVActivationCode=
AVUpdateURL=https://nvc.logsat.com/SpamFilter/
AVEnableUpdates=1
[Authentication settings]
AuthenticationMethod=0
ActiveDirectoryDomain=
PasswdFileFileName=
LDAPServerPrimary=
LDAPPortPrimary=389
LDAPServerSecondary=
LDAPPortSecondary=389
LDAPSearchDN=
LDAPSearchPassword=
LDAPSearchBaseDN=
LDAPSearchMask=(|(sAMAccountName=%0:s)(uid=%0:s)(UserPrincipalName=%0:s))
ActiveDirectoryAuthPrefixDefaultDomain=0
ActiveDirectoryAuthAppendDefaultDomain=0
[stats]
RequestCount=80064330
EMailsBlocked=45187050
EMailsForwarded:=2025261
EmailsReceived=31975437
[statscountry]
C0=213549
C1=270
C2=15321
C3=8211
C4=254310
C5=2739
C6=35885
C7=2353
C8=13261
C9=8042
C10=14755
C11=2881
C12=0
C13=1993859
C14=344
C15=389995
C16=863820
C17=9651
C18=29320
C19=34755
C20=17678
C21=21387
C22=230793
C23=8457
C24=404201
C25=47549
C26=107
C27=2900
C28=4871
C29=6774
C30=63343
C31=4312362
C32=11365
C33=287
C34=0
C35=6454
C36=52571
C37=5235
C38=1100072
C39=0
C40=1383
C41=111
C42=64
C43=448329
C44=22872
C45=18
C46=849782
C47=4161
C48=2838344
C49=1335709
C50=36939
C51=12839
C52=2325
C53=0
C54=12740
C55=754264
C56=3486500
C57=1792
C58=340246
C59=1183
C60=257933
C61=120093
C62=56677
C63=53935
C64=147535
C65=0
C66=759
C67=3432784
C68=3695
C69=195834
C70=6729
C71=4
C72=42
C73=7617
C74=3969138
C75=0
C76=1861
C77=3767680
C78=5247
C79=31243
C80=0
C81=2669
C82=2925
C83=3052
C84=1207
C85=270
C86=808
C87=761
C88=316505
C89=0
C90=108965
C91=827
C92=15
C93=639
C94=273156
C95=104
C96=26943
C97=150233
C98=3758
C99=707646
C100=137142
C101=202382
C102=959350
C103=1087123
C104=0
C105=2058
C106=86470
C107=40942
C108=4843319
C109=26192
C110=29023
C111=2768194
C112=18358
C113=7323
C114=7242
C115=27
C116=17
C117=2552
C118=0
C119=1255168
C120=63445
C121=1314
C122=144322
C123=6985
C124=17424
C125=5773
C126=20411
C127=28489
C128=95
C129=386
C130=239282
C131=42968
C132=147086
C133=8285
C134=331252
C135=4150
C136=24279
C137=2251
C138=113
C139=45251
C140=2546
C141=74
C142=13366
C143=22520
C144=2499
C145=433
C146=1908
C147=182
C148=32486
C149=19897
C150=6734
C151=904
C152=672772
C153=506274
C154=2061
C155=3251
C156=4723
C157=375
C158=0
C159=22026
C160=11148
C161=1393486
C162=173538
C163=3272
C164=0
C165=0
C166=97583
C167=11466
C168=65754
C169=964369
C170=5019
C171=282
C172=269733
C173=87755
C174=2652071
C175=358
C176=0
C177=117160
C178=32968
C179=717943
C180=239
C181=9967
C182=51251
C183=814
C184=1033148
C185=3187211
C186=194
C187=123432
C188=380
C189=1333
C190=6679
C191=395910
C192=175788
C193=0
C194=68910
C195=0
C196=255138
C197=2556
C198=2465
C199=28033
C200=364
C201=4476
C202=490
C203=55982
C204=7156
C205=168
C206=860
C207=19
C208=0
C209=2579
C210=831945
C211=2566
C212=0
C213=533
C214=2689
C215=124
C216=0
C217=3392564
C218=30074
C219=1
C220=308722
C221=3549
C222=680582
C223=1335
C224=0
C225=13762880
C226=89872
C227=14634
C228=33
C229=4013
C230=310248
C231=1476
C232=2593
C233=279827
C234=557
C235=12
C236=18
C237=2565
C238=3
C239=208118
C240=144802
C241=1531
C242=7357
C243=1592
C244=53
C245=36569

 

 

Thanks for the help.