Content Filtering somtime work and sometime it doesn't

The content filter works sometime and sometime it doesn't.

The header 1 was tagged as spam high as per the intended behavior (plus the message was rerouted as intended). The header 2 and header 3 were delivered to the user mail box how they made it through is a mistery.
To help with this, we modified all of our content filters so that every filter has an additional action of adding a custom header appropriate for each rule. The format of the custom header is “X-RVA-”. We also added an additional filtering rule to the bottom of the list so that a custom header will be added to all messages that make it through all of the other filters. That filter should add the header “X-RVA-Passed-All-Content-Filters: True”. As you can see, there is no “X-RVA” header of any type in Header 2 & 3 which conclude that the messages were not tested against any of our content filtering rules.
We are using SmarterMail Enterprise 15.6 version.

===========================================================================================================================
Header: 1

Received: from bouncy.agreementselltime.us (bouncy.agreementselltime.us [89.34.96.106]) by webmail-1.gothamweb.net with SMTP;
Sat, 10 Jun 2017 16:11:12 -0400
Date: Sat, 10 Jun 2017 13:09:21 -0700
Content-Transfer-Encoding: 8bit
Subject: Sell Your Timeshare While the Real Estate Market is High
Mime-Version: 1.0
Message-ID: <217150217758192-5cf82df9ee2cea5328cb8ddbced7a321@bouncy.agreementselltime.us_i2s>
Content-Type: text/plain
To: <keren.mclendon@rvainc.com>
From: Dario Wu <Dario_Wu@bouncy.agreementselltime.us>
X-RVA-Block-Reason: Spam (high)
X-SmarterMail-Spam: SPF_Pass, Bayesian Filtering, Commtouch 30 [value: Confirmed], DK_None, DKIM_None
X-CTCH-RefId: str=0001.0A020205.593C5263.001E,ss=4,sh,re=0.000,recu=0.000,reip=0.000,cl=4,cld=1,fgs=8
X-SmarterMail-TotalSpamWeight: 30
===========================================================================================================================

===========================================================================================================================
Header: 2

Return-Path: <Your-Pre-Made-Meals@document.mfell.us>
Received: from document.mfell.us (document.mfell.us [89.34.96.107]) by webmail-1.gothamweb.net with SMTP;
Sat, 10 Jun 2017 16:19:35 -0400
Date: Sat, 10 Jun 2017 13:19:20 -0700
Subject: 100 Delicious No-Cook Meals Makes Eating Healthy A Lot Easier.
To: <keren.mclendon@rvainc.com>
Content-Transfer-Encoding: 8bit
Content-Type: multipart/alternative; boundary="19061068_23638462_19061068"
From: Your Pre Made Meals <Your-Pre-Made-Meals@document.mfell.us>
Mime-Version: 1.0
Message-ID: <5cf82df9ee2cea5328cb8ddbced7a321.19061068.23638462@document.mfell.us_8we>
X-SmarterMail-Spam: SPF_Pass, Bayesian Filtering, Commtouch 30 [value: Confirmed], DK_None, DKIM_None
X-CTCH-RefId: str=0001.0A020202.593C549A.00A2,ss=4,re=0.000,recu=0.000,reip=0.000,pt=R_599548,cl=4,cld=1,fgs=8
X-SmarterMail-TotalSpamWeight: 30
===========================================================================================================================

===========================================================================================================================
Header: 3

Return-Path: <Better-Than-Cable@increase.trasa.us>
Received: from increase.trasa.us (UnknownHost [85.204.50.80]) by webmail-1.gothamweb.net with SMTP;
Fri, 9 Jun 2017 01:46:42 -0400
Date: Thu, 08 Jun 2017 22:44:14 -0700
Message-ID: <5cf82df9ee2cea5328cb8ddbced7a321.Demolition.Enrapture@increase.trasa.us_nh9>
Subject: Free TV Access and ALL movies access
Damaged: 20975225-5cf82df9ee2cea5328cb8ddbced7a321_9672565
Content-Type: multipart/alternative; boundary="20975225_9672565_20975225"
From: Better_Than_Cable <Better-Than-Cable@increase.trasa.us>
Content-Transfer-Encoding: 8bit
Mime-Version: 1.0
To: <keren.mclendon@rvainc.com>
X-SmarterMail-Spam: SPF_Pass, Reverse DNS Lookup, Bayesian Filtering, Commtouch 30 [value: Confirmed], DK_None, DKIM_None
X-CTCH-RefId: str=0001.0A020204.593A3655.00DF,ss=4,sh,re=0.000,recu=0.000,reip=0.000,cl=4,cld=1,fgs=8
X-SmarterMail-TotalSpamWeight: 60

===========================================================================================================================

Thanks,

Aditya

Jay K Replied

6/25/2017 at 5:56 PM

@Ronald, these Content Filter are based upon results of Spam Filtering.

If score goes above 30 then mails should be tagged as Spam High and should be delivered to particular email address.

But what we can see is that multiple mails got score above 30 but never got filtered.

While checking logs we have found below

[2017.06.09] 01:47:32 [95894] Spam check results: [_SPF: Pass], [FIVE-TEN: passed], [HOSTKARMA - BLACKLIST: passed], [HOSTKARMA - BROWNLIST: passed], [HOSTKARMA - WHITELIST: passed], [SORBS - DYNAMIC IP: passed], [SORBS - PROXY: passed], [SORBS - SOCKS: passed], [SPAMCOP: passed], [SPAMHAUS - PBL: passed], [SPAMHAUS - PBL2: passed], [SPAMHAUS - SBL: passed], [UCEPROTECT LEVEL 1: passed], [UCEPROTECT LEVEL 2: passed], [UCEPROTECT LEVEL 3: passed], [_REVERSEDNSLOOKUP: failed], [_BAYESIANFILTERING: failed], [_COMMTOUCH: 30,Confirmed], [_DK: None], [_DKIM: None], [BONDEDSENDER: passed], [SORBS: passed], [SPAMHAUS SBL+XBL: passed]
[2017.06.09] 01:47:34 [95894] Starting local delivery to keren.mclendon@rvainc.com
[2017.06.09] 01:47:34 [95894] Exception: rawText does not contain a valid rfc2822 header field
[2017.06.09] 01:47:37 [95894] Starting local delivery to keren.mclendon@rvainc.com
[2017.06.09] 01:47:37 [95894] Delivery for Better-Than-Cable@increase.trasa.us to keren.mclendon@rvainc.com has completed (Delivered) Filter: None

Thanks,

Jay

1 Reply

Reply to Thread

Related Knowledge Base Articles

1 Reply

Reply to Thread

Tags

Related Knowledge Base Articles