Phone Lines icon GFI Support Home Sign in
Start a conversation
  1. GFI Support
  2. GFI Support - Header Checking
  3. Articles

How to determine why the Header Checking spam filter blocked or allowed a message

Answer

If you are questioning why an email was blocked or allowed by the Header Checking spam filter and would like more information, you can find further details in the log file for that filter. Use the following procedure to find the log and information regarding your message within it, and then use the examples below to interpret why the message was either blocked or allowed:
  1. Find the message ID of the email in question by either gathering it from the headers of the message itself, or by looking for it in the MailEssentials Dashboard > Logs > Details tab
  2. Open the ase_header_check.gfi_log file in notepad from  ..\GFI\MailEssentials\AntiSpam\DebugLogs
    • This log is for the Header Checking Filter Module and corresponds to the Configuration > Anti-Spam > Anti Spam Filters > Header Checking in the interface and a number of the antispam2 tables in the config.mdb
  3. Do a search for the Message ID from the dashboard or the email headers.
    • Note: The Message IDs have been removed from the example log files below
    • Note: The bolded lines are the important ones in the log files for determine what has happened and why
 

Email was allowed by the module:
 

Context Refreshed: No
Licensing check: Licensed
<< Init Message
>> Process Message
Executing processing ...
>> Rcpt Count
Checking for maximum number of recipients: 40
Recipients in this email: 1
<< Rcpt Count [Ham]
>> Empty FROM
Number of MIME Senders: 1
Valid MIME Sender found
<< Empty FROM [Ham]
>> Malformed Email
Checking for malformed email format: gfitest@gfi.com
gfitest@gfi.com is a valid email address
<< Malformed Email [Ham]
>> Digits in Email
Checking email for numeric characters: gfitest@gfi.com
Digits found in email address: 0
<< Digits in Email [Ham]
>> Rcpt in Subject
<< Rcpt in Subject [Ham]
>> Encoded IP
>> PDF Spam
>> Charset
>> File Spam
Email body length: 168
Searching through attachments for '.pdf' files
Number of children [0]
HTML charset [us-ascii]: Codepage [1252]
No '.pdf' files found in email
<< Charset [Ham]
Number of attachments in email: 0
<< PDF Spam [Ham]
Check valid only for one attachment. Skipping
<< File Spam [Ham]
Urls extracted from body: 26
<< Encoded IP [Ham]
<< Process Message
 
Note: If a spam email is allowed through, make sure all the checks were performed.
 

Email was blocked by the module:
 

Due to the number of mini checks in this module, you may get any of the following messages, starting with "Setting block report to:"

Note: Reasons listed in the same order as the checks in the configuration.
  • "From field empty"
  • "Email header contains a malformed MIME From: field"
  • "Recipient list exceeds maximum threshold"
  • "Email has different SMTP TO: and MIME TO: fields in the email addresses"
  • "Domain does not exist - invalid domain passed"  OR "Domain does not exist
  • "Number of numbers in MIME From exceeds maximum threshold"
  • "Encoded IP"
  • "Email contains remote images"
  • "Embedded GIF"
  • "Email contains attachment spam"
  • "Email found in subject"
  • "Character set not allowed" - This is set in the Language tab
  • If any of these checks are blocking valid emails, the only options on the recipient end is to whitelist the sender or disable that check. These issues must be resolved by the sender.
 

Module is disabled:
 

>> Process Message
Executing processing ...
<< Process Message
 
Note: There is no disabled message, simply no checks are done.
 

Choose files or drag and drop files
Was this article helpful?
Yes
No

  1. Priyanka Bhotika

  2. Posted

Comments