Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Message Rejection by 3rd Party ISP

Unanswered Question
Oct 7th, 2010
User Badges:

The e-mail system was unable to deliver the message, but did not report a specific reason. Check the address and try again. If it still fails, contact your system administrator. #5.0.0 smtp; 5.3.0 - Other mail system problem 554-'5.7.1 Virus Heuristics.Phishing.Email.SpoofedDomain detected by the ClamAV AntiVirus' (delivery attempts: 0)...

Has anyone come across this type of error before? Mail can be sent only with text in the subject field. No new mails can be sent when data is added to the e-mail.

Thank you


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Andreas Mueller Fri, 10/08/2010 - 01:49
User Badges:
  • Silver, 250 points or more

Hello David,

the remote end obviously uses ClamAV message scanning in their mailserver. Here's the explanation from the ClamAV FAQ:

  • Why is my legitimate HTML newsletter/email detected by ClamAV as Phishing.Heuristics.Email.SpoofedDomain?
    If it contains links in the form of href=”http://yourdomain.example.tld”> otherdomain.tld, where ProtectedDomain doesn’t belong to you and is listed in ClamAV database (like amazon.com, ebay.com, ...) then ClamAV detects it as a phishing attempt.

  • My legitimate emails from yourdomain.tld are detected as Phishing.Heuristics.Email.SpoofedDomain
    Please submit a sample, marking it as a false positive, phishing. If it’s really a false positive, we will add a whitelist entry for it.

Source: http://www.clamav.net/index.php?s=Phishing.Heuristics.Email.SpoofedDomain

Hope that helps,

regards, Andreas


This Discussion