false positives message sniffer
Question asked by Richard Frank - November 11, 2015 at 4:41 AM
Unanswered
i have message sniffer as add on
I have a lot of FPs for perfectly legit mail.
sending server not blacklisted, rdns passed etc.
 
this is just one of the many messages being weighted too much.
 
where/how can i report false positives?
 
[2015.11.11] 12:12:03 [01064] Delivery started for b at 12:12:03
[2015.11.11] 12:12:13 [01064] Spam check results: [_SPF: None], [FIVE-TEN: passed], [HOSTKARMA - BLACKLIST: passed], [HOSTKARMA - BROWNLIST: passed], [HOSTKARMA - WHITELIST: passed], [SORBS - ABUSE: passed], [SORBS - DYNAMIC IP: passed], [SORBS - PROXY: passed], [SORBS - SMTP: passed], [SORBS - SOCKS: passed], [SPAMCOP: passed], [SPAMHAUS- ZEN: passed], [SPAMRATS: passed], [SPAMRATS DYNA: passed], [UCEPROTECT LEVEL 1: passed], [UCEPROTECT LEVEL 2: passed], [UCEPROTECT LEVEL 3: passed], [_REVERSEDNSLOOKUP: passed], [_BAYESIANFILTERING: passed], [_MESSAGESNIFFER: 20,code:20], [_DK: None], [_DKIM: None], [BARRACUDA: passed], [PSBL: passed], [WPBL: passed]
[2015.11.11] 12:12:18 [01064] Sending remote mail for bssec -at-ecn.nl
[2015.11.11] 12:12:18 [01064] This message is not being delivered to destination-adres due to an incoming gateway's spam settings. Weight: 20
[2015.11.11] 12:12:18 [01064] This message is being rerouted from destination-address to destination--alternative-address due to incoming gateway spam settings. Weight: 20

3 Replies

Reply to Thread
0
i have opened a ticket for this
 
0
I did a check with snfclient on an IP number that received spam weight from Message Sniffer
C:\Program Files (x86)\SmarterTools\SmarterMail\Service\SNF>SNFClient.exe -test 145.255.128.10
GBUdb Record for 145.255.128.10
  Type Flag: ugly
  Bad Count: 25
 Good Count: 11
Probability: 0.388889
 Confidence: 0.369283
      Range: normal
       Code: 0
 
 
 
0
message sniffer flagging outlook.com servers though it seems fine at the moment of testing.
C:\Program Files (x86)\SmarterTools\SmarterMail\Service\SNF>SNFClient.exe -test
157.56.112.104
GBUdb Record for 157.56.112.104
  Type Flag: ugly
  Bad Count: 11
 Good Count: 11
Probability: 0
 Confidence: 0.318533
      Range: normal
       Code: 0
 
but the delivery log had it flagged, so probably at that time it was flagged. Isn't that strange?

[2015.11.30] 09:04:31 [35142] Delivery started for breg@industrielinqs.nl at 9:04:31
[2015.11.30] 09:04:37 [35142] Spam check results: [_SPF: PermError], [FIVE-TEN: passed], [HOSTKARMA - BLACKLIST: passed], [HOSTKARMA - BROWNLIST: passed], [HOSTKARMA - WHITELIST: passed], [SORBS - ABUSE: passed], [SORBS - DYNAMIC IP: passed], [SORBS - PROXY: passed], [SORBS - SMTP: passed], [SORBS - SOCKS: passed], [SPAMCOP: passed], [SPAMHAUS- ZEN: passed], [SPAMRATS: passed], [SPAMRATS DYNA: passed], [UCEPROTECT LEVEL 1: passed], [UCEPROTECT LEVEL 2: passed], [UCEPROTECT LEVEL 3: passed], [_REVERSEDNSLOOKUP: passed], [_BAYESIANFILTERING: passed], [_MESSAGESNIFFER: 19,code:57], [_DK: None], [_DKIM: None], [BARRACUDA: passed], [PSBL: passed], [WPBL: passed]
[2015.11.30] 09:04:41 [35142] Sending remote mail for breg@industrielinqs.nl
[2015.11.30] 09:04:41 [35142] This message is not being delivered to wouter@bondis.nl due to an incoming gateway's spam settings. Weight: 20
[2015.11.30] 09:04:41 [35142] This message is being rerouted from wouter@bondis.nl to spambox@bondis.nl due to incoming gateway spam settings. Weight: 20
 

Reply to Thread