How to determine why an email was whitelisted by GFI MailEssentials

• ase_ipwhitelist.gfi_log
• ase_kwhite.gfi_log
• ase_personalwhitelist.gfi_log
• ase_whitelist.gfi_log

1. Open the ase_ipwhitelist.gfi_log file in notepad
2. This log is for the IP Whitelist and corresponds to the Configuration > Anti-Spam > Whitelist > IP Whitelist tab in the interface and the ipwhitelist table within the config.mdb
3. Search for the Message ID of the sample
4. You will get something similar to the example below:

• The bolded lines are the important ones in this log file
• The Connecting IP is the IP address of the sending server
• This IP was not in the whitelist
• If the IP address matches, you will instead seem something similar to this:

1. Open the ase_kwhite.gfi_log file in notepad
2. This log is for the Keyword Whitelist and messages will appear in the dashboard as 'Keyword Whitelisted'. It corresponds to Configuration > Anti-Spam > Whitelist > Keyword Whitelist in the interface and the kwhitebody and kwhitesubject tables in the config.mdb.
3. Search for the Message ID of the sample
4. You will get something similar to the below:

• Here the imported lines are again bolded
• The check if the subject yielded no matches
• The check if the body yielded a single match
• The matched word was 'access'
• If a message is not whitelisted by the Keyword Whitelist, the logging ends with the following:

1. Open the ase_personalwhitelist.gfi_log  file in notepad
2. This file contains information on the personal whitelists and is quickly overwritten. It corresponds to the Configuration > Anti-Spam > Whitelist > Personal Whitelist in the interface and the PWLBL.sdf table in the database.
3. Perform a search for your message ID
4. You will get something similar to ones the below:

• The bolded line is the important one. This sender was not on the personal whitelist.

• Again, the important line is bolded.  This sender was on gfitest@gfi.com's personal whitelist.

Note: A separate line will be logged for each user checked.

1. Open the ase_whitelist.gfi_log file
2. This log contains the autowhitelist and the whitelist modules and is the most complicated to read. It corresponds to the Configuration > Anti-Spam > Whitelist > Whitelist and AutoWhiteList tabs and the antispam2_whitelist table in the config.mdb and the autowhitelist.mdb.
3. Do a search for your sample message ID
4. The following log can be broken into two major parts, first the Whitelist then the Autowhitelist:

• Each message can have up to 4 SQL checks run on them such as the one below:

• Each check will be followed by the following:

• This means the email address checked 'test@gfi.com' is not in the Whitelist
• The Wildcard check checks for domains, such as '*@gfi.com' which also did not match
• If any of the 4 SQL Checks match, the email was whitelisted

• If a match is found, instead of ...was not found in db ... you will see the following:

• This means you need to remove the address that was checked.  In this case, test@gfi.com

• If none of the SQL Queries match, an additional check will be performed on the AutoWhiteList

• This means the address 'test@gfi.com' was found in the AutoWhiteList, it will need to be removed from there
• If instead the address is not listed in the AutoWhiteList, you will see the following:

• The last few lines of any email check that found a match should end with the following if the message was whitelisted:

• If you instead do not get a match on the autowhitelist or the whitelist, you will see the following as the last few lines: