SFDC blocking legitimate blackberry email |
Post Reply 
|
| Author | |
hookjd 
Newbie 
Joined: 22 June 2006 Status: Offline Points: 38 |
 Post Options
 Thanks(0)
 Quote Reply
 Topic: SFDC blocking legitimate blackberry emailPosted: 15 January 2009 at 12:02am |
|
I've never seen a problem with SFDC before but this one is consistently happening to a specific sender trying to get email to one of my clients. They are sending legitimate emails from their blackberry and the SFDC filter is blocking them every time. It seems that the sophistication of the SFDC filter really ought to keep this from happening... but in reading it through it sounds like if this user has keywords or something in their signature that are getting blocked and then the hash is matching because he's sending through different blackberry servers... maybe that could be triggering it?
I'm not sure what I'm asking exactly, but just wondering if you've encountered issues with legit email coming from blackberry before. In addition, the "sender" of the email is always a really long string like this: SRS0=imIkUf=5T=domain.com=username@srs.bis.na.blackberry.com And its always different, so my client is unable to auto-whitelist this user. I have had to turn off SFDC until I can understand better how to whitelist this user. |
|
 |
|
|
LogSat
Admin Group 
Joined: 25 January 2005 Location: United States Status: Offline Points: 4104 |
Post Options
Thanks(0)
Quote Reply
Posted: 16 January 2009 at 2:47pm |
|
hookjd, if you can please email us a sample email (we'll need the full, original source) that was blocked we can try to see what is happening. Please email it to us at support at logsat.com
|
|
|
|
|
hookjd
Newbie
Joined: 22 June 2006 Status: Offline Points: 38 |
Post Options
Thanks(0)
Quote Reply
Posted: 16 January 2009 at 2:49pm |
|
I won't be able to do that. I had to just switch of SFDC for this domain. The user sending email was more than upset and I can't really go back to them at this time. Oh well. If something else comes up that I can send you, I will try and do it. Was mainly hoping you had seen this issue before.
|
|
|
|
|
hookjd
Newbie
Joined: 22 June 2006 Status: Offline Points: 38 |
Post Options
Thanks(0)
Quote Reply
Posted: 09 March 2009 at 12:59pm |
|
This issue has come back up for me, so I am going to email you some content that I would love for you to evaluate. It seems that when SFDC is on on any domain on my machine it is blocking most all blackberry email.
|
|
|
|
|
LogSat
Admin Group
Joined: 25 January 2005 Location: United States Status: Offline Points: 4104 |
Post Options
Thanks(0)
Quote Reply
Posted: 09 March 2009 at 8:14pm |
|
hookjd,
All the 5 email samples you forwarded us are "delivery receipts" sent to indicate that a message has been delivered. All their content is very similar, and since the SFDC filter is based on a common "hash" of similar messages, all these messages are being stopped at the same time. They all look like: Your message was delivered to the recipient.Original-Message-ID:1654183298 Final-Recipient:user@some_domain.com Action:Delivered Unfortunately this hash is very similar to one for a specific spam that is currently being sent, so it is being incorrectly blocked. The message however also appears to be barely surpassing a threshold we use to *not* block small emails, as the smaller the email the more likely it is to make mistakes in comparing similar contents. Please allow us a couple of days to better analyze this specific type of emails to see if there's anything we can do to prevent them from being stopped in the future. |
|
|
|
|
hookjd
Newbie
Joined: 22 June 2006 Status: Offline Points: 38 |
Post Options
Thanks(0)
Quote Reply
Posted: 10 March 2009 at 2:54pm |
|
Thanks very much. I am wondering if they are using an odd setting because I don't think its just delivery receipts that are being blocked. are the contents of the emails I sent you just that? Or is that header information? I understand from my clients that we are seeing this issue across all blackberry email.
|
|
|
|
|
LogSat
Admin Group
Joined: 25 January 2005 Location: United States Status: Offline Points: 4104 |
Post Options
Thanks(0)
Quote Reply
Posted: 10 March 2009 at 4:51pm |
|
If you'd like to send us more samples I'll be glad to double-check for you. All the ones you sent are indeed all 5 delivery receipts. I'm forwarding them to you via email in an .eml format, so you may use Outlook Express or Thunderbird to view them in a more user-friendly format for you to verify.
What triggers the SFDC filter in this case is the content of the email ("Your message was delivered to the recipient."). We're trying to determine if the MIME boundary and the content type "delivery-status": --part145653-boundary-1504910472-1556113981 Content-Type: message/delivery-status Original-Message-ID:1654183298 are playing a part in this as well. We should find out more within a few hours. |
|
|
|
|
hookjd
Newbie
Joined: 22 June 2006 Status: Offline Points: 38 |
Post Options
Thanks(0)
Quote Reply
Posted: 27 August 2009 at 1:25pm |
|
This thread was from a while ago, but I continue to have issues with all delivery receipts that come from blackberrys getting blocked. Have you discovered a way to work around this issue?
|
|
|
|
|
LogSat
Admin Group
Joined: 25 January 2005 Location: United States Status: Offline Points: 4104 |
Post Options
Thanks(0)
Quote Reply
Posted: 30 August 2009 at 11:12pm |
|
We've made some slight changes to the SFDC database to remove entries that are older than 3 days even in cases where emails with similar signatures are still being received, in the hope that this will remove some false positives.
Can you please let us know if these blackberry delivery receipts are still being blocked? If they still are, can you please zip and email us 3-4 of them (including the original, unmodified source) so we can see if they can be manually excluded from the SFDC filter?
|
|
|
|
|
mike
Newbie
Joined: 25 September 2009 Status: Offline Points: 1 |
Post Options
Thanks(0)
Quote Reply
Posted: 25 September 2009 at 3:31am |
|
Hi
I ma also have problems with this... one of my users has a blackberry and he keeps getting these:
Reporting-MTA: dns; smtp05.bis.eu.blackberry.com
Final-Recipient: rfc822;name@email.com
Action: failed Status: 5.0.0 (permanent failure) Remote-MTA: dns; [ipaddress] Diagnostic-Code: smtp; 5.1.0 - Unknown address error 557-'The email content matches known spam signatures.' (delivery attempts: 0) -----Original Message----- From: Mail Delivery System [mailto:blackberry_internet_services@bis.eu.blackberry.com] Sent: 24 September 2009 12:56 To: Subject: Delivery Status Notification (Failure) The following message to <emailaddress> was undeliverable. The reason for the problem: 5.1.0 - Unknown address error 557-'The email content matches known spam signatures.' |
|
|
|
|
LogSat
Admin Group
Joined: 25 January 2005 Location: United States Status: Offline Points: 4104 |
Post Options
Thanks(0)
Quote Reply
Posted: 25 September 2009 at 10:02pm |
|
mike,
These rejections are very hard to track down, as the SFDC database is updated in realtime with the fingerprints of spam content being detected around the world at that time. Those signatures are kept in the SFDC database for a few days only, as when the spam that caused them slows down, they are automatically removed from the centralized SFDC database. This said, do you have any of these rejected email samples stored in the quarantine database? If we have the *original* emails as they were received by SpamFilter, we will be able to reproduce their signature and see if we can prevent them from being stored in the SFDC. If you do, can you please zip and email us 2-3 such samples to support at logsat.com?
|
|
|
|
Topic Options|
Post Reply
|
|
Tweet
|
| Forum Jump | Forum Permissions You cannot post new topics in this forum You cannot reply to topics in this forum You cannot delete your posts in this forum You cannot edit your posts in this forum You cannot create polls in this forum You cannot vote in polls in this forum |
This page was generated in 0.176 seconds.