AnswerIf you are questioning why an email was blocked or allowed by the Greylisting spam filter and would like more information, you can find further details in the log file for that filter. Use the following procedure to find the log and information regarding your message within it, and then use the examples below to interpret why the message was either blocked or allowed:
- Find the message ID of the email in question by either gathering it from the headers of the message itself, or by looking for it in the MailEssentials Dashboard > Logs > Details tab
Open the ase_greylisting.gfi_log file in notepad from ..\GFI\MailEssentials\AntiSpam\DebugLogs
- This log is for the Greylisting Filter Module and corresponds to the Configuration > Anti-Spam > Anti Spam Filters > Greylisting in the interface
Do a search for the Message ID from the dashboard or the email headers.
- Note: The Message IDs have been removed from the example log files below
- Note: The bolded lines are the important ones in the log files for determine what has happened and why
Email was allowed by the module (any of the following):
Message recipients are local - process; GFI_MTASMTP_MC_Recipients - .
Checking connecting IP against whitelist exclusion...
Connecting IP: [x.x.x.x].
Checking address [x.x.x.x]
Address [x.x.x.x] is not whitelisted
Checking connecting IP against whitelist exclusion...ready
Checking email addresses against whitelist exclusion...
Checking [email@example.com] against Autowhitelist ...
Checking against manual whitelists ...
[MIMEToWhitelist] Processing  items
SQL: SELECT id FROM antispam2_whitelist WHERE type=0 AND entry IN ('firstname.lastname@example.org')
[MIMEToWhitelist] Executing Wildcard check ...
[MIMEToWhitelist] Wildcards did not whitelist any entries ...
[MIMEFromWhitelist] Processing  items
SQL: SELECT id FROM antispam2_whitelist WHERE type=1 AND entry IN ('email@example.com')
[MIMEFromWhitelist] Found match in db ...
Email found in whitelist exclusion list, Bypass greylist.
Note: You may find any of the following messages depending on why the email was allowed:
- Email found in whitelist exclusion list, Bypass greylist - Remove from the autowhitelist, manual whitelist, or IP whitelist
- Email found in greylist exclusion list, Bypass greylist - Remove from the Greylist Exclusions tab
- Connecting IP is a perimeter SMTP Server forwarding emails to this server, Bypass greylist - Remove from the perimeter servers list
- Interval larger than Block period - Authorize triple - This cannot be altered
- Triplet found in Temporary table - This cannot be altered
Email was blocked by the module:
Register triplet - [x.x.x.x, firstname.lastname@example.org, email@example.com]
Insert Query - LogTime=[11 02 2013 06:40:00 518] IP=[x.x.x.x] Sender=[firstname.lastname@example.org] Recipient=[email@example.com]
Processing complete: : <25>ms
Inform ASE to send retry code after DATA command.
Setting actions data ...
Informing ASE ...
Setting block report to: 'Triplet not confirmed' - Either this is the first time the email has come in or a different server is replying to the RFC Compliance request.
Note: You may also see the following:
- Interval  smaller than Block period - Send retry code- The sending server replied too quickly. It should attempt again in a few minutes and allow the message through.
Module is disabled:
Greylisting is disabled.