Answer
If you are questioning why an email was blocked or allowed by the Spamrazer spam filter and would like more information, you can find further details in the log file for that filter. Use the following procedure to find the log and information regarding your message within it, and then use the examples below to interpret why the message was either blocked or allowed:- Find the message ID of the email in question by either gathering it from the headers of the message itself, or by looking for it in the MailEssentials Dashboard > Logs > Details tab
- Open the ase_spamrazer.gfi_log file in notepad from ..\GFI\MailEssentials\AntiSpam\DebugLogs
- This log is for the Spamrazer Filter Module and corresponds to the Configuration > Anti-Spam > Anti Spam Filters > Spamrazer in the interface
- Do a search for the Message ID from the dashboard or the email headers
- Note: The Message IDs have been removed from the example log files below
- Note: The bolded lines are the important ones in the log files for determine what has happened and why
Email was allowed by the module:
>> Message Processing Block
Stream Retrieved [size: 24419]
(IPRep) Executing IPcheck ...
(IPRep) [0x1330CFD0] IPcheck succeeded [Score: 50, Threshold: 90]
(IPRep) Executing DOMAINcheck ...
(IPRep) [0x1330CFD0] DOMAINcheck succeeded [Score: 50, Threshold: 90]
(IPRep) IP reputation did not determine if msg is spam
(Score) [0x1330CFD0] Smtp Envelop: [HELO mx137.gfi.com MAIL FROM: gfitest@gfitest.com RCPT TO: gfitest@gfitest.com]
(Score) [0x1330CFD0] Connecting IP: [209.162.194.137]
(Score) [0x1330CFD0] Trying to read [20000] bytes of message
(Score) [0x1330CFD0] # bytes read: 20000
(Score) [0x1330CFD0] Message scanned [score: 1]
(Score) [0x1330CFD0] SPF Status: fp
(Score) [0x1330CFD0] 1,0,0,,d41d8cd98f00b204,sender@gfi.comt,gfitest@gfitest.com:gfitest@gfitest.com,RULES_HIT:53:2539:4310,0,RBL:209.162.194.137:@gfitest@gfitest.com:gfitest@gfitest.com.lbl8.mailshell.net-62.18.0.100 64.95.201.95,CacheIP:none,Bayesian:0.5,0.5,0.5,Netcheck:none,DomainCache:0,MSF:not bulk,SPF:fp,MSBL:0,DNSBL:neutral,Custom_rules:0:0:0
(Score) [0x1330CFD0] (-100%) Sender has hammy reputation
Note: The SpamRazer engine cannot be changed with the exception of adding the optional SPF check to it in the configuration of the filter.
Email was blocked by the module:
>> Message Processing Block
Stream Retrieved [size: 28851]
(IPRep) Executing IPcheck ...
(IPRep) [0x1330CFD0] IPcheck succeeded [Score: 50, Threshold: 90]
(IPRep) Executing DOMAINcheck ...
(IPRep) [0x1330CFD0] DOMAINcheck succeeded [Score: 50, Threshold: 90]
(IPRep) IP reputation did not determine if msg is spam
(Score) [0x1330CFD0] Smtp Envelop: [HELO gfitest@gfitest.com MAIL FROM: spammer@gfi.com RCPT TO: gfitest@gfitest.com]
(Score) [0x1330CFD0] Connecting IP: [192.158.226.130]
(Score) [0x1330CFD0] Trying to read [20000] bytes of message
(Score) [0x1330CFD0] # bytes read: 20000
(Score) [0x1330CFD0] Message scanned [score: 92]
(Score) [0x1330CFD0] SPF Status: fp
(Score) [0x1330CFD0] 92,0,0,,d41d8cd98f00b204,spammer@gfi.com,gfitest@gfitest.comgfitest@gfitest.com,RULES_HIT:4310,0,RBL:192.158.226.130:@gfitest.com:gfitest@gfitest.com.lbl8.mailshell.net-62.2.0.100 64.100.201.201,CacheIP:none,Bayesian:0.5,0.5,0.5,Netcheck:none,DomainCache:0,MSF:not bulk,SPF:fp,MSBL:0,DNSBL:gfitest.com-dnsbl7.mailshell.net-127.0.0.192,Custom_rules:0:0:0
(Score) [0x1330CFD0] (100%) URL is in DNSBL
Setting actions data ...
Informing ASE [2]...
Setting block report to: 'Message was found to be spam: (100%) URL is in DNSBL,'
Notes:
- SpamRazer can block for a number of reasons that will begin with "Message was found to be spam:"
- "IP is in RBL"
- "URL is in DNSBL"
- "URL is in MSBL"
- "IP has spammy reputation"
- "Sender has spammy reputation"
- "Contains spammy domain"
- "Failed SPF check" - Turn off the SPF Check
- Aside from the SPF check, SpamRazer cannot be altered and senders must be whitelisted
Module is disabled:
SPF Status: DISABLED - This is the SPF option only
SpamRazer is disabled ...
Priyanka Bhotika
Comments