Back to Community Threads
4
Content Filtering somtime work and sometime it doesn't
Problem reported by Peter Verzoni - 6/24/2017 at 1:52 PM
Submitted
The content filter works sometime and sometime it doesn't.
The header 1 was tagged as spam high as per the  intended behavior (plus the message was rerouted as intended). The header 2 and header 3 were delivered to the user mail box how they made it through is a mistery.
To help with this, we modified all of our content filters so that every filter has an additional action of adding a custom header appropriate for each rule.  The format of the custom header is “X-RVA-”.  We also added an additional filtering rule to the bottom of the list so that a custom header will be added to all messages that make it through all of the other filters.  That filter should add the header “X-RVA-Passed-All-Content-Filters: True”.  As you can see, there is no “X-RVA” header of any type in Header 2 & 3 which conclude that the messages were not tested against any of our content filtering rules.
We are using SmarterMail Enterprise 15.6 version.

===========================================================================================================================
Header: 1
Received: from bouncy.agreementselltime.us (bouncy.agreementselltime.us [89.34.96.106]) by webmail-1.gothamweb.net with SMTP;
   Sat, 10 Jun 2017 16:11:12 -0400
Date: Sat, 10 Jun 2017 13:09:21 -0700
Content-Transfer-Encoding: 8bit
Subject: Sell Your Timeshare While the Real Estate Market is High
Mime-Version: 1.0
Message-ID: <217150217758192-5cf82df9ee2cea5328cb8ddbced7a321@bouncy.agreementselltime.us_i2s>
Content-Type: text/plain
To: <keren.mclendon@rvainc.com>
From: Dario Wu <Dario_Wu@bouncy.agreementselltime.us>
X-RVA-Block-Reason: Spam (high)
X-SmarterMail-Spam: SPF_Pass, Bayesian Filtering, Commtouch 30 [value: Confirmed], DK_None, DKIM_None
X-CTCH-RefId: str=0001.0A020205.593C5263.001E,ss=4,sh,re=0.000,recu=0.000,reip=0.000,cl=4,cld=1,fgs=8
X-SmarterMail-TotalSpamWeight: 30
===========================================================================================================================
===========================================================================================================================
Header: 2
Return-Path: <Your-Pre-Made-Meals@document.mfell.us>
Received: from document.mfell.us (document.mfell.us [89.34.96.107]) by webmail-1.gothamweb.net with SMTP;
   Sat, 10 Jun 2017 16:19:35 -0400
Date: Sat, 10 Jun 2017 13:19:20 -0700
Subject: 100 Delicious No-Cook Meals Makes Eating Healthy A Lot Easier.
To: <keren.mclendon@rvainc.com>
Content-Transfer-Encoding: 8bit
Content-Type: multipart/alternative; boundary="19061068_23638462_19061068"
From: Your Pre Made Meals <Your-Pre-Made-Meals@document.mfell.us>
Mime-Version: 1.0
Message-ID: <5cf82df9ee2cea5328cb8ddbced7a321.19061068.23638462@document.mfell.us_8we>
X-SmarterMail-Spam: SPF_Pass, Bayesian Filtering, Commtouch 30 [value: Confirmed], DK_None, DKIM_None
X-CTCH-RefId: str=0001.0A020202.593C549A.00A2,ss=4,re=0.000,recu=0.000,reip=0.000,pt=R_599548,cl=4,cld=1,fgs=8
X-SmarterMail-TotalSpamWeight: 30
===========================================================================================================================
===========================================================================================================================
Header: 3
Return-Path: <Better-Than-Cable@increase.trasa.us>
Received: from increase.trasa.us (UnknownHost [85.204.50.80]) by webmail-1.gothamweb.net with SMTP;
   Fri, 9 Jun 2017 01:46:42 -0400
Date: Thu, 08 Jun 2017 22:44:14 -0700
Message-ID: <5cf82df9ee2cea5328cb8ddbced7a321.Demolition.Enrapture@increase.trasa.us_nh9>
Subject: Free TV Access and ALL movies access
Damaged: 20975225-5cf82df9ee2cea5328cb8ddbced7a321_9672565
Content-Type: multipart/alternative; boundary="20975225_9672565_20975225"
From: Better_Than_Cable <Better-Than-Cable@increase.trasa.us>
Content-Transfer-Encoding: 8bit
Mime-Version: 1.0
To: <keren.mclendon@rvainc.com>
X-SmarterMail-Spam: SPF_Pass, Reverse DNS Lookup, Bayesian Filtering, Commtouch 30 [value: Confirmed], DK_None, DKIM_None
X-CTCH-RefId: str=0001.0A020204.593A3655.00DF,ss=4,sh,re=0.000,recu=0.000,reip=0.000,cl=4,cld=1,fgs=8
X-SmarterMail-TotalSpamWeight: 60
===========================================================================================================================
 
Thanks,
Aditya

3 Replies

Reply to Thread
0
Ron Raley Replied
6/24/2017 at 7:35 PM
Is there a reason you are not using "Spam Filtering" versus "Content Filtering"? Thanks, Ron
0
Jay K Replied
6/25/2017 at 5:56 PM
@Ronald, these Content Filter are based upon results of Spam Filtering.

If score goes above 30 then mails should be tagged as Spam High and should be delivered to particular email address.

But what we can see is that multiple mails got score above 30 but never got filtered.

While checking logs we have found below

[2017.06.09] 01:47:32 [95894] Spam check results: [_SPF: Pass], [FIVE-TEN: passed], [HOSTKARMA - BLACKLIST: passed], [HOSTKARMA - BROWNLIST: passed], [HOSTKARMA - WHITELIST: passed], [SORBS - DYNAMIC IP: passed], [SORBS - PROXY: passed], [SORBS - SOCKS: passed], [SPAMCOP: passed], [SPAMHAUS - PBL: passed], [SPAMHAUS - PBL2: passed], [SPAMHAUS - SBL: passed], [UCEPROTECT LEVEL 1: passed], [UCEPROTECT LEVEL 2: passed], [UCEPROTECT LEVEL 3: passed], [_REVERSEDNSLOOKUP: failed], [_BAYESIANFILTERING: failed], [_COMMTOUCH: 30,Confirmed], [_DK: None], [_DKIM: None], [BONDEDSENDER: passed], [SORBS: passed], [SPAMHAUS SBL+XBL: passed]
[2017.06.09] 01:47:34 [95894] Starting local delivery to keren.mclendon@rvainc.com
[2017.06.09] 01:47:34 [95894] Exception: rawText does not contain a valid rfc2822 header field
[2017.06.09] 01:47:37 [95894] Starting local delivery to keren.mclendon@rvainc.com
[2017.06.09] 01:47:37 [95894] Delivery for Better-Than-Cable@increase.trasa.us to keren.mclendon@rvainc.com has completed (Delivered) Filter: None

Thanks,
Jay
0
Ron Raley Replied
6/26/2017 at 12:06 AM
I would suggest moving the X-RVA content filter to the top for testing. I'm wondering if another filter is triggering and somehow ending the content filter process.
Back to Community Threads

Reply to Thread

Related Knowledge Base Articles

Recommended SPAM SettingsSmarterMail > Antispam and Antivirus
Set up SmarterMail as an IIS Site in IIS 8SmarterMail > Server Configuration and Management
Steps to Fix "UID of a message changed" Error When Using IMAPSmarterMail > Troubleshooting
Legal Holds and LitigationSmarterMail > Installation and Configuration
Microsoft Outlook PST vs OST vs OLM -- What's the Difference?SmarterMail > Desktop and Mobile Synchronization