Phone Lines icon GFI Support Home Sign in
Start a conversation
  1. GFI Support
  2. GFI Support - Sender Policy Framework
  3. Articles

How to determine why the Sender Policy Framework spam filter blocked or allowed a message

Answer

If you are questioning why an email was blocked or allowed by the Sender Policy Framework spam filter and would like more information, you can find further details in the log file for that filter. Use the following procedure to find the log and information regarding your message within it, and then use the examples below to interpret why the message was either blocked or allowed:
  1. Find the message ID of the email in question by either gathering it from the headers of the message itself, or by looking for it in the MailEssentials Dashboard > Logs > Details tab
  2. Open the ase_spf.gfi_log file in notepad from  ..\GFI\MailEssentials\AntiSpam\DebugLogs
    • This log is for the Sender Policy Framework Filter Module and corresponds to the Configuration > Anti-Spam > Anti Spam Filters > Sender Policy Framework in the interface
  3. Do a search for the Message ID from the dashboard or the email headers
    • Note: The Message IDs have been removed from the example log files below
    • Note: The bolded lines are the important ones in the log files for determine what has happened and why
 

Email was allowed by the module:
 

ProcessMessage (0x12459BA0)
Getting SMTP recipients
SMTP Recipients [1]
Successfully retrieved Email InfoRetriever from Propertybag
Getting connecting IP from InfoRetiever
Non-gateway machine: 64.191.4.247
Getting Sender email ...
Getting Sender email ... ok [<>]
Checking sender against whitelist ...
Processing SPF. IP:64.191.4.247, Helo:, MailFrom:<>
Recip Whitelist enabled
MyDNS ctor
dns server: () timeout 5 rr 16 <<>>
dns.Query( qDomain ) = 0 ]0[
Received-SPF: none (: 64.191.4.247 is neither permitted nor denied by domain of <>) client-ip=64.191.4.247; envelope-from=postmaster@<>; helo=;
SPF tested. [Not performing action]
 
Notes:
  • The Received-SPF will change depending on what is found in the SPF record
  • If an email shows as whitelisted, remove it from the Exclusions list in the SPF Filter. All other issues must be resolved by the sender updating the SPF record.
 

Email was blocked by the module:
 

ProcessMessage (0x12459BA0)
Getting SMTP recipients
SMTP Recipients [1]
Successfully retrieved Email InfoRetriever from Propertybag
Getting connecting IP from InfoRetiever
Non-gateway machine: 72.9.101.247
Getting Sender email ...
Getting Sender email ... ok [cardonationcharities@swuoinkelm.me]
Checking sender against whitelist ...
Processing SPF. IP:72.9.101.247, Helo:, MailFrom:gfitest@gfitest.com
Recip Whitelist enabled
MyDNS ctor
dns server: () timeout 5 rr 16 <gfitest.com>
dns.Query( qDomain ) = 0 ]1[
TEXT: v=spf1 mx -all [14]
found SPF record: v=spf1 mx -all
MyDNS ctor
dns server: () timeout 5 rr 15 <gfitest.come>
dns.Query( qDomain ) = 301 ]0[
query failed: err = 301  Interrupted.
found 0 MX records for swuoinkelm.me  (herrno: 183)
SPF header:  version: 1  mech 2/8  mod 0/0  len=12
SPF record:  v=spf1 mx -all
Received-SPF: fail (: domain of gfitest.com does not designate 72.9.101.247 as permitted sender) client-ip=72.9.101.247; envelope-from=gfitest@gfitest.com; helo=;
performing action
SPF tested. [Performing action]
Setting actions data ...
Informing ASE of spam [2]...
Setting block report to: 'Sender is forged (SPF Fail)'

Note: If a valid email is blocked, add an exclusion for the domain in the SPF Filter or whitelist the sender. The SPF record must be updated by the sender.
 

Module is disabled:


SPF is disabled ...
 
Choose files or drag and drop files
Was this article helpful?
Yes
No

  1. Priyanka Bhotika

  2. Posted

Comments