Phone Lines icon GFI Support Home Sign in
Start a conversation
  1. GFI Support
  2. GFI Support - Directory Harvesting
  3. Articles

How to determine why the Directory Harvesting spam filter blocked or allowed a message

Answer

If you are questioning why an email was blocked or allowed by the Directory Harvesting spam filter and would like more information, you can find further details in the log file for that filter. Use the following procedure to find the log and information regarding your message within it, and then use the examples below to interpret why the message was either blocked or allowed:
  1. Find the message ID of the email in question by either gathering it from the headers of the message itself, or by looking for it in the MailEssentials Dashboard > Logs > Details tab
  2. Open the ase_dirharvest.gfi_log file in notepad from  ..\GFI\MailEssentials\AntiSpam\DebugLogs
    • This log is for the Directory Harvesting Module and corresponds to the Configuration > Anti-Spam > Anti Spam Filters > Directory Harvesting in the interface.
  3. Do a search for the Message ID from the dashboard or the email headers.
    • Note: The Message IDs have been removed from the example log files below
    • Note: The bolded lines are the important ones in the log files for determine what has happened and why
    • Note: When in SMTP mode, no message ID is recorded in the logs, you will need to search by time stamp or recipient addresses
 

Email was allowed by the module:
 

ProcessMessage (0x87B79D8) - In Full Email mode, this will be a message ID
Getting SMTP recipients
SMTP Recipients [1]
B.Processing UserExists
0. Inexistent threshold 1
1.Checking if user gfitest@gfitest.com exists
2.User exists
C.UserExists Processed
UserExists tested. [Not performing action]

Note: If a user that does not exist is found, check your connection to Active Directory using the Test button in the Active Directory Settings within the configuration.
 

Email was blocked by the module:


ProcessMessage (0x87B78B8) - In Full Email mode, this will be a message ID
Getting SMTP recipients
SMTP Recipients [1]
B.Processing UserExists
0. Inexistent threshold 1
1.Checking if user noname@gfi.com exists
2.User does not exist
No excluded users
3.User is not excluded
4. Performing action
C.UserExists Processed
UserExists tested. [Performing action]

Note: If a user exists but was blocked, restart all MailEssentials services and run the Test for Active Directory from within it's filter settings in the configuration.
 

Module is disabled:
 

ProcessMessage Exiting, plug-in is disabled from the configuration
 
Choose files or drag and drop files
Was this article helpful?
Yes
No

  1. Priyanka Bhotika

  2. Posted

Comments