[nSLUG] smtp relay through eastlink and ESET Nod32 tagline = disappearing email

George N. White III gnwiii at gmail.com
Wed Nov 4 14:22:52 AST 2009

On Tue, Nov 3, 2009 at 10:33 AM, D G Teed <donald.teed at gmail.com> wrote:

> On Fri, Oct 30, 2009 at 7:51 AM, D G Teed <donald.teed at gmail.com> wrote:
>> What I found when testing emails from Thunderbird
>> on two different windows PCs, sending to work and to Gmail,
>> is that if the integration set up has the default of adding a tag
>> line:
>> __________ Information from ESET NOD32 Antivirus, version of virus
>> signature database
>> 4556 (20091029) __________
>> The message was checked by ESET NOD32 Antivirus.
>> and we are relaying through the local Linux as SMTP, then mail
>> is disappearing.  Linux server shows it is handed off to
>> Eastlink's SMTP OK.
>> If I either turn off the ESET message tagging, or use smtp.eastlink.ca
>> directly from Thunderbird, then the message will be delivered.
>> I would guess that something on Eastlink's side thinks this is indication
>> of a virus.  Otherwise I would expect a bounce.
>> They use Ironport Senderbase and Sophos by the looks of the headers.
>> With local mail delivery I don't see any headers added by ESET.
>> I'm hoping to talk to Eastlink about this when I have a chance.
> I phoned Eastlink support about this.  They report Cisco's
> Ironport had quarantined the email.  The tech first said this is
> a standard practice they have with spam filtering, as they couldn't
> return all outbound emails flagged as spam.  I asked if the logs showed
> any link that would further breakdown what rule had been triggered by
> my email.  He said there was nothing like it.  I then asked if there
> is any mechanism whereby they can pass on to Cisco, their
> product catches a false positive.  He inquired about this and
> reported I could report the nature of the false positive to:
> notspam-submit =at-symbol= corp.eastlink.ca
> He also sent the parts of the Ironport log so we could have a reference
> point
> (that was nice).
> Part of my concern is the false positive depended on being relayed
> out via my Debian server.  There is possibly something in the
> amavisd or postfix lines appearing in the header which Ironport doesn't
> like.
> It is hard to know whether the Linux relay weighs on their scoring to
> such a degree that possibly many sorts of text appearing in the email
> body could result in lost (not bounced) email.

There was a report on CBC radio this AM of email problems between
Eastlink and Symaptico that implied the problems were of short duration
and affected only a few users.  This led to a bunch of people sending email
to report problems going back a few weeks with Eastlink and Sympatico
each blaming the other.  Turns out there is a Commissioner for Complaints
for Telecommunications Services:


Contact the Commissioner for Complaints for Telecommunications Services
If you’re not satisfied with your Internet service provider’s
response, check the Commissioner for Complaints for Telecommunications
Services (CCTS) website to see if your service provider is a member.
If so, contact the CCTS with your complaint.
The CCTS is an independent agency that helps resolve consumer
complaints about your telecommunications service. Contact them at:
email: info at ccts-cprst.ca
mail: P.O. Box 81088, Ottawa, Ontario K1P 1B1
toll-free telephone: 1-888-221-1687
toll-free TTY: 1-877-782-2384
fax: 1-877-782-2924

CBC interviewed the CCTS, who admitted few people know he exists.

George N. White III <aa056 at chebucto.ns.ca>
Head of St. Margarets Bay, Nova Scotia

More information about the nSLUG mailing list