Filter is not working correctly

Discussion forum for Enterprise Edition.
Post Reply
kpnet
Posts: 16
Joined: Sat Mar 08, 2014 5:29 pm

Filter is not working correctly

Post by kpnet »

Hi there,

we have a global filter marking messages as Spam by subject, header and other information. The message is picked-up by the PLESK COM Object which scans the message utilizing Spamassassin and should then be processed by the MTA Filter. Although I do not fully understand why some messages are not blocked although the rule is fulfilled on the server level, we have read some other posts stating that some messages are not processible via global filter but via mailbox/postoffice level filter. So we created postoffice level filters with similar settings. This "mostly" works quite good.

What is not working:
we have mail-addresses set up via PLESK which aim is just to deliver/forward mails to other mailboxes. These mailboxes are set up in Mailenable without password and "prevent authentication" by plesk. So far so good. When a message is received, the logs show that the filters are processed, but the forwared messages appear in the users inbox nontheless. They are not moved to the junk boxes although the setting is active.

Could someone imagine why this is happening ?

Any hint would be appreciated.

Best Regards
Benjamin

MailEnable-Ian
Site Admin
Posts: 9738
Joined: Mon Mar 22, 2004 4:44 am
Location: Melbourne, Victoria, Australia

Re: Filter is not working correctly

Post by MailEnable-Ian »

Hi,

For the messages that have been forwarded, do you see the following message header "X-ME-Content: Deliver-To= Junk"?
Regards,

Ian Margarone
MailEnable Support

kpnet
Posts: 16
Joined: Sat Mar 08, 2014 5:29 pm

Re: Filter is not working correctly

Post by kpnet »

Hey Ian,

this flag has beend added to the mail header yes, but the mail was delivered nontheless. I checked the logs on detail again. The forwarding for this mailbox was set up strangely. I used plesk to set up the mailbox and entered forwarding mail addresses. This works well with many domains I serve. On mailenable mmc I can see these boxes with the smtp forward addresses.

On this specific mailbox the behavious was odd. In Plesk, I could see the forwarded smtp-addresses, but instead of "forwarding to SMTP-addresses", mailenable POC log showed something like "forward to group service-123456789abcdefgh@domain.xyz.

Problem: i have not set up any group on my domains. Could this be a misconfiguration and lead to the problem ? The mail forwarding in general works though.

Would you please so kind as to clarify in short which messages can only be filtered via a postoffice filter and not the global filters ?

Best Regards
Ben

kpnet
Posts: 16
Joined: Sat Mar 08, 2014 5:29 pm

Re: Filter is not working correctly

Post by kpnet »

Hey Ian,

I have another message which is marked correctly, but delivered to one mailbox nonetheless. The message was received by the SMTP-Connector:

Code: Select all

07/13/14 06:03:51	SMTP-IN	1D214296DA1A418893F73257D8CC8C40.MAI	1652	80.90.198.141	EHLO	EHLO mail.soupcreative.co.uk	250-xxxxxxxxx.eu [80.90.198.141], this server offers 6 extensions	170	30		
07/13/14 06:03:52	SMTP-IN	1D214296DA1A418893F73257D8CC8C40.MAI	1652	80.90.198.141	STARTTLS			24	10		
07/13/14 06:03:52	SMTP-IN	1D214296DA1A418893F73257D8CC8C40.MAI	1652	80.90.198.141	STARTTLS	STARTTLS		24	10		
07/13/14 06:03:52	SMTP-IN	1D214296DA1A418893F73257D8CC8C40.MAI	1652	80.90.198.141	EHLO	EHLO mail.soupcreative.co.uk	250-xxxxxxxxx.eu [80.90.198.141], this server offers 5 extensions	156	30		
07/13/14 06:03:52	SMTP-IN	1D214296DA1A418893F73257D8CC8C40.MAI	1652	80.90.198.141	MAIL	MAIL FROM:<mcorporation4@aol.com>	250 Requested mail action okay, completed	43	35		
07/13/14 06:03:52	SMTP-IN	1D214296DA1A418893F73257D8CC8C40.MAI	1652	80.90.198.141	RCPT	RCPT TO:<mymailadress@mydomain>	250 Requested mail action okay, completed	43	32
The message was routed through the MTA-Filter, the Add_Header is the Mark as Spam option of the filter:

Code: Select all

07/13/14 06:03:53	Executed	1D214296DA1A418893F73257D8CC8C40.MAI	SMTP	[System Spam Filter]	ADD_HEADER [SMTP:mcorporation4@aol.com] 80.90.198.141 No (-30),AS:-0,PT:-5,RB:-5,BY:-20,SP:10,VI:-0,SA:0,BM:-0,SU:-0,IS:-5,FE:-5	WINNING NOTIFICATION
07/13/14 06:03:53	Executed	1D214296DA1A418893F73257D8CC8C40.MAI	SMTP	KP-net SPAM (Allgemein)	ADD_HEADER,STOP_PROCESSING		[SMTP:mcorporation4@aol.com]	80.90.198.141	CRITERIA=BODY, DATA=<MF-W>*lottery*</MF-W>	WINNING NOTIFICATION
07/13/14 06:03:57	Executed	694A84DD897C4053975FD4D7C1A9939A.MAI	SF	[System Spam Filter]	ADD_HEADER		[SMTP:mcorporation4@aol.com]	80.90.198.141	No (-30),AS:-0,PT:-5,RB:-5,BY:-20,SP:10,VI:-0,SA:0,BM:-0,SU:-0,IS:-5,FE:-5	
07/13/14 06:03:57	Executed	694A84DD897C4053975FD4D7C1A9939A.MAI	SF	KP-net SPAM (Allgemein)	ADD_HEADER,STOP_PROCESSING		[SMTP:mcorporation4@aol.com]	80.90.198.141	CRITERIA=HEADERS_CONTAIN, DATA=<MF-W>*SPAM?*</MF-W>	
The POC-debug log shows that the filter on the postoffice is applied and the plesk delivery event was executed:

Code: Select all

07/13/14 06:04:01	Executed	EBFB6EBFDCAD484E96ACC6391827BAA2.MAI	SF	Spam (postoffice)	ADD_HEADER,NOTIFY_ADDRESS	xxxxxx.de	[SMTP:mcorporation4@aol.com]	80.90.198.141	CRITERIA=SUBJECT, DATA=<MF-W>*SPAM?*</MF-W>	
07/13/14 06:04:02	[EBFB6EBFDCAD484E96ACC6391827BAA2.MAI] Mailbox (name.name) on postoffice (xxxxx.de) executed a delivery event (C:\Program Files (x86)\Parallels\Plesk\admin\bin\memailfilter_usr.exe xxxxxx.de name.name EBFB6EBFDCAD484E96ACC6391827BAA2.MAI).
07/13/14 06:04:02	[EBFB6EBFDCAD484E96ACC6391827BAA2.MAI] Delivered message from [SMTP:mcorporation4@aol.com] to PO=xxxxxx.de MBX=name.name FLD=\Inbox

The message has the "X-ME-Content: Deliver-To= Junk" flag, but is not delivered to the Junk-Folder. This in general happens when a general mailbox (like info@, service@ or else) is used which forwards messages to individual mailboxes on the same postoffice, but not when the messages is directly delivered to one of these mailboxes.

Is there any hint why the message is not processed like many other messages ?

Any help would be appreciated.
Best Regards
Ben

kpnet
Posts: 16
Joined: Sat Mar 08, 2014 5:29 pm

Re: Filter is not working correctly

Post by kpnet »

Hey Ian,

this is another message, this time the message was delivered to one single mailaddress. It contains the header move to junk, but is delivered to my mailbox inbox. There are filters on the server level searching for keyword *SPAM?* and on the postoffice level searching the same keyword. This mostly works. I simply don t get why a message marked as SPAM and containing the right keyword to the filters is processed to the INBOX while other messages which seem to be marked the same way are delivered to the JUNK Folder of this mailbox.

SMTP:

Code: Select all

07/15/14 19:14:18	SMTP-IN	75441C6DCE7C4EA08C35096C9B8D804C.MAI	1736	IP	MAIL	MAIL FROM:<finanancegroups@yahoo.it>	250 Requested mail action okay, completed	43	38		
07/15/14 19:14:18	SMTP-IN	75441C6DCE7C4EA08C35096C9B8D804C.MAI	1736	IP	RCPT	RCPT TO:<name.name@domain>	250 Requested mail action okay, completed	43	42		
07/15/14 19:14:18	SMTP-IN	75441C6DCE7C4EA08C35096C9B8D804C.MAI	1736	IP	DATA	DATA	354 Start mail input; end with <CRLF>.<CRLF>	46	6		
MTA:

Code: Select all

07/15/14 19:14:19	ME-MTA-INFO : Routing message (75441C6DCE7C4EA08C35096C9B8D804C.MAI) from (SMTP) to 1 recipient(s).
07/15/14 19:14:19	MTADeliverMessage::Executing external COM event pleskmemta.PleskMEMTA with message 75441C6DCE7C4EA08C35096C9B8D804C.MAI from SMTP queue
07/15/14 19:14:22	ME-MTA-ROUTE [75441C6DCE7C4EA08C35096C9B8D804C.MAI] from [SMTP] Connector queued to [SF] Connector as [553F39A5D8234AFA9D6605678FECA573.MAI]
POC:

Code: Select all

07/15/14 19:14:23	Delivering 553F39A5D8234AFA9D6605678FECA573.MAI to message store (1 Recipients)
07/15/14 19:14:23	Executed	553F39A5D8234AFA9D6605678FECA573.MAI	SF	Spam (domain)	ADD_HEADER,NOTIFY_ADDRESS	DOMAIN.DE	[SMTP:finanancegroups@yahoo.it]	IP	CRITERIA=SUBJECT, DATA=<MF-W>*SPAM?*</MF-W>	
07/15/14 19:14:23	[553F39A5D8234AFA9D6605678FECA573.MAI] Checking message of size 8Kb for mailbox (name.name) on postoffice (domain.de) with quota of -1Kb (current size 0Kb).
07/15/14 19:14:23	[553F39A5D8234AFA9D6605678FECA573.MAI] Mailbox (name.name) on postoffice (domain.de) executed a delivery event (C:\Program Files (x86)\Parallels\Plesk\admin\bin\memailfilter_usr.exe domain.de name.name 553F39A5D8234AFA9D6605678FECA573.MAI).
07/15/14 19:14:23	ProcessMailboxSpamSettings:: Mailbox spam filters are enabled
07/15/14 19:14:23	ProcessMailboxSpamSettings:: Not action set for mailbox domain.de/name.name, message spam value=0
07/15/14 19:14:23	[553F39A5D8234AFA9D6605678FECA573.MAI] DeliverToMailbox:: domain.de/name.name, Sender=finanancegroups@yahoo.it Spam Rules Result=0
07/15/14 19:14:23	[553F39A5D8234AFA9D6605678FECA573.MAI] DeliverToMailbox:: Generating notification for message
07/15/14 19:14:23	[592] Starting Direct Inserting [553F39A5D8234AFA9D6605678FECA573.MAI] into index (C:\Program Files (x86)\Parallels\Plesk\Mail Servers\Mail Enable\POSTOFFICES\domain.de\MAILROOT\name.name\\Inbox\_index.xml).
07/15/14 19:14:23	[592] Completed Direct Inserting [553F39A5D8234AFA9D6605678FECA573.MAI] into index (C:\Program Files (x86)\Parallels\Plesk\Mail Servers\Mail Enable\POSTOFFICES\domain.de\MAILROOT\name.name\\Inbox\_index.xml).
07/15/14 19:14:23	[553F39A5D8234AFA9D6605678FECA573.MAI] Delivered message from [SMTP:finanancegroups@yahoo.it] to PO=domain.de MBX=name.name FLD=\Inbox
Message Header (shortened):

Code: Select all

X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on h2265989
X-Spam-Flag: YES
X-Spam-Level: ****************************************
X-Spam-Status: Yes, score=40.7 required=10.0
	tests=AXB_XMAILER_MIMEOLE_OL_024C2,DATE_IN_PAST_24_48,DKIM_ADSP_CUSTOM_MED,
	FILL_THIS_FORM,FILL_THIS_FORM_LOAN,FILL_THIS_FORM_LONG,FORGED_MUA_OUTLOOK,
	FREEMAIL_FROM,FREEMAIL_REPLYTO,FREEMAIL_REPLYTO_END_DIGIT,FROM_MISSPACED,
	FROM_MISSP_FREEMAIL,FROM_MISSP_MSFT,FROM_MISSP_NO_TO,FROM_MISSP_REPLYTO,
	FROM_MISSP_URI,FROM_MISSP_USER,FSL_CTYPE_WIN1251,FSL_MISSP_REPLYTO,
	FSL_NEW_HELO_USER,MISSING_HEADERS,NML_ADSP_CUSTOM_MED,NSL_RCVD_FROM_USER,
	RCVD_IN_SBL,RDNS_NONE,REPLYTO_WITHOUT_TO_CC,TO_NO_BRKTS_FROM_MSSP,
	TO_NO_BRKTS_MSFT,T_FRT_CONTACT autolearn=spam version=3.3.2
DomainKey-Status: no signature
Received: from vaptex2.nl ([2a01:7c8:aab2:142::1]) by domain.de with MailEnable ESMTP; Tue, 15 Jul 2014 19:14:18 +0200
X-No-Relay: not in my network
Received: from User (unknown [37.77.117.89])
	by vaptex2.nl (Postfix) with ESMTPA id 022B51489DA;
	Mon, 14 Jul 2014 06:46:10 +0200 (CEST)
Reply-To: <prestitispa2@aol.com>
From: "Barbara Lang"<finanancegroups@yahoo.it>
Subject: **SPAM?**40.7 Punkte** Kredit-Angebot/ Loan Offer
Date: Mon, 14 Jul 2014 06:46:10 +0200
MIME-Version: 1.0
Content-Type: text/plain;
	charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Message-ID: <75441C6DCE7C4EA08C35096C9B8D804C.MAI@kp-services.eu>
Received-SPF: none (kp-services.eu: yahoo.it does not designate permitted sender hosts)
X-Envelope-Sender: finanancegroups@yahoo.it
X-ME-Bayesian: 0.000000
X-ME-Spam: No (-40),AS:-0,PT:-5,RB:-5,BY:-20,VI:-0,SA:0,BM:-0,SU:-0,IS:-5,FE:-5
X-ME-Content: Deliver-To=Junk
X-Spam-Prev-Subject: Kredit-Angebot/ Loan Offer
Return-Path: <finanancegroups@yahoo.it>

MailEnable-Ian
Site Admin
Posts: 9738
Joined: Mon Mar 22, 2004 4:44 am
Location: Melbourne, Victoria, Australia

Re: Filter is not working correctly

Post by MailEnable-Ian »

Hi,

Just to confirm; Do you have the setting within the post office properties window under the "Feature Selection" tab "Deliver junk email to Junk Email folder" enabled?
Regards,

Ian Margarone
MailEnable Support

kpnet
Posts: 16
Joined: Sat Mar 08, 2014 5:29 pm

Re: Filter is not working correctly

Post by kpnet »

Hi Ian,

I confirm that the postoffice is set to deliver junk mails to junk mail folder. The message has the flag. It has been driven through the plesk spamassassin pickup and delivery event. It has been processed by the filters I set up on server and on postoffice level. But on a small amount of messages the mailenable logs do not show the log line delivering to junk although the message is flagged with X-ME-Content: Deliver-To=Junk.

The specified mailbox is set to SYSADMIN level instead of USER. As I said, only "some" messages appear to make it through the filtering, etc. Most postoffices have a bunch of junk delivered to the respective junk folder. This is somehow strange and annoying. As the messages all have the flag X-ME-Content: Deliver-To=Junk I would think that it is not necessary to tell you all the filter details, right ?

If you need more information let me know.

Best Regards
Ben

kpnet
Posts: 16
Joined: Sat Mar 08, 2014 5:29 pm

Re: Filter is not working correctly

Post by kpnet »

Hey Ian,

as I am analyzing the messages getting through I realize that all of these messages do not have a TO: CC: or BCC: in their headers. This is the only thing I see they have in common.
Might this have to do anything with this "problem" ?

Best Regards
Ben

MailEnable-Ian
Site Admin
Posts: 9738
Joined: Mon Mar 22, 2004 4:44 am
Location: Melbourne, Victoria, Australia

Re: Filter is not working correctly

Post by MailEnable-Ian »

Hi,

Can you PM example headers of the messages getting through? Might even be a better option lodging a support ticket since you have quite a few examples and trace logs.
Regards,

Ian Margarone
MailEnable Support

kpnet
Posts: 16
Joined: Sat Mar 08, 2014 5:29 pm

Re: Filter is not working correctly

Post by kpnet »

Hey Ian,

do you have any conclusion from the headers I sent you ?

Regards
Ben

kpnet
Posts: 16
Joined: Sat Mar 08, 2014 5:29 pm

Re: Filter is not working correctly

Post by kpnet »

Hey Ian,

well, I sent you a PM with complete headers as you requested, but got no further response.

I now have manually created a Junk E-Mail folder in the forwarding address postoffice. As of now, it seems that no further spam-mails are getting delivered to my mailboxes inbox. This would be fine.

What I dont understand is why some messages to this forwarding postoffice are getting filtered, marked or whatever and others not before. But maybe one doesn't have to understand everything.

I will have a look how this follows-up. If everything works out in the next week, this thread can be marked as solved.

Regards
Ben

kpnet
Posts: 16
Joined: Sat Mar 08, 2014 5:29 pm

Re: Filter is not working correctly

Post by kpnet »

Hello Ian,

well, the filters are definitely not working correctly. I cannot see the mechanism why most messages are marked and moved to junk and some - especially messages with a high Spamassassin value of over 60 or more - are sometimes not although the correct spam-flag and move-to-junk flag are set. Have you done anything with the message I sent you via PM ?

Am I really the only one with this problem ? Well, I think I have to switch to other anti-spam solutions as I don't know what to say to my customers.

Regards
Ben

Post Reply