Filter is not working correctly
Filter is not working correctly
Hi there,
we have a global filter marking messages as Spam by subject, header and other information. The message is picked-up by the PLESK COM Object which scans the message utilizing Spamassassin and should then be processed by the MTA Filter. Although I do not fully understand why some messages are not blocked although the rule is fulfilled on the server level, we have read some other posts stating that some messages are not processible via global filter but via mailbox/postoffice level filter. So we created postoffice level filters with similar settings. This "mostly" works quite good.
What is not working:
we have mail-addresses set up via PLESK which aim is just to deliver/forward mails to other mailboxes. These mailboxes are set up in Mailenable without password and "prevent authentication" by plesk. So far so good. When a message is received, the logs show that the filters are processed, but the forwared messages appear in the users inbox nontheless. They are not moved to the junk boxes although the setting is active.
Could someone imagine why this is happening ?
Any hint would be appreciated.
Best Regards
Benjamin
we have a global filter marking messages as Spam by subject, header and other information. The message is picked-up by the PLESK COM Object which scans the message utilizing Spamassassin and should then be processed by the MTA Filter. Although I do not fully understand why some messages are not blocked although the rule is fulfilled on the server level, we have read some other posts stating that some messages are not processible via global filter but via mailbox/postoffice level filter. So we created postoffice level filters with similar settings. This "mostly" works quite good.
What is not working:
we have mail-addresses set up via PLESK which aim is just to deliver/forward mails to other mailboxes. These mailboxes are set up in Mailenable without password and "prevent authentication" by plesk. So far so good. When a message is received, the logs show that the filters are processed, but the forwared messages appear in the users inbox nontheless. They are not moved to the junk boxes although the setting is active.
Could someone imagine why this is happening ?
Any hint would be appreciated.
Best Regards
Benjamin
-
- Site Admin
- Posts: 9738
- Joined: Mon Mar 22, 2004 4:44 am
- Location: Melbourne, Victoria, Australia
Re: Filter is not working correctly
Hi,
For the messages that have been forwarded, do you see the following message header "X-ME-Content: Deliver-To= Junk"?
For the messages that have been forwarded, do you see the following message header "X-ME-Content: Deliver-To= Junk"?
Regards,
Ian Margarone
MailEnable Support
Ian Margarone
MailEnable Support
Re: Filter is not working correctly
Hey Ian,
this flag has beend added to the mail header yes, but the mail was delivered nontheless. I checked the logs on detail again. The forwarding for this mailbox was set up strangely. I used plesk to set up the mailbox and entered forwarding mail addresses. This works well with many domains I serve. On mailenable mmc I can see these boxes with the smtp forward addresses.
On this specific mailbox the behavious was odd. In Plesk, I could see the forwarded smtp-addresses, but instead of "forwarding to SMTP-addresses", mailenable POC log showed something like "forward to group service-123456789abcdefgh@domain.xyz.
Problem: i have not set up any group on my domains. Could this be a misconfiguration and lead to the problem ? The mail forwarding in general works though.
Would you please so kind as to clarify in short which messages can only be filtered via a postoffice filter and not the global filters ?
Best Regards
Ben
this flag has beend added to the mail header yes, but the mail was delivered nontheless. I checked the logs on detail again. The forwarding for this mailbox was set up strangely. I used plesk to set up the mailbox and entered forwarding mail addresses. This works well with many domains I serve. On mailenable mmc I can see these boxes with the smtp forward addresses.
On this specific mailbox the behavious was odd. In Plesk, I could see the forwarded smtp-addresses, but instead of "forwarding to SMTP-addresses", mailenable POC log showed something like "forward to group service-123456789abcdefgh@domain.xyz.
Problem: i have not set up any group on my domains. Could this be a misconfiguration and lead to the problem ? The mail forwarding in general works though.
Would you please so kind as to clarify in short which messages can only be filtered via a postoffice filter and not the global filters ?
Best Regards
Ben
Re: Filter is not working correctly
Hey Ian,
I have another message which is marked correctly, but delivered to one mailbox nonetheless. The message was received by the SMTP-Connector:
The message was routed through the MTA-Filter, the Add_Header is the Mark as Spam option of the filter:
The POC-debug log shows that the filter on the postoffice is applied and the plesk delivery event was executed:
The message has the "X-ME-Content: Deliver-To= Junk" flag, but is not delivered to the Junk-Folder. This in general happens when a general mailbox (like info@, service@ or else) is used which forwards messages to individual mailboxes on the same postoffice, but not when the messages is directly delivered to one of these mailboxes.
Is there any hint why the message is not processed like many other messages ?
Any help would be appreciated.
Best Regards
Ben
I have another message which is marked correctly, but delivered to one mailbox nonetheless. The message was received by the SMTP-Connector:
Code: Select all
07/13/14 06:03:51 SMTP-IN 1D214296DA1A418893F73257D8CC8C40.MAI 1652 80.90.198.141 EHLO EHLO mail.soupcreative.co.uk 250-xxxxxxxxx.eu [80.90.198.141], this server offers 6 extensions 170 30
07/13/14 06:03:52 SMTP-IN 1D214296DA1A418893F73257D8CC8C40.MAI 1652 80.90.198.141 STARTTLS 24 10
07/13/14 06:03:52 SMTP-IN 1D214296DA1A418893F73257D8CC8C40.MAI 1652 80.90.198.141 STARTTLS STARTTLS 24 10
07/13/14 06:03:52 SMTP-IN 1D214296DA1A418893F73257D8CC8C40.MAI 1652 80.90.198.141 EHLO EHLO mail.soupcreative.co.uk 250-xxxxxxxxx.eu [80.90.198.141], this server offers 5 extensions 156 30
07/13/14 06:03:52 SMTP-IN 1D214296DA1A418893F73257D8CC8C40.MAI 1652 80.90.198.141 MAIL MAIL FROM:<mcorporation4@aol.com> 250 Requested mail action okay, completed 43 35
07/13/14 06:03:52 SMTP-IN 1D214296DA1A418893F73257D8CC8C40.MAI 1652 80.90.198.141 RCPT RCPT TO:<mymailadress@mydomain> 250 Requested mail action okay, completed 43 32
Code: Select all
07/13/14 06:03:53 Executed 1D214296DA1A418893F73257D8CC8C40.MAI SMTP [System Spam Filter] ADD_HEADER [SMTP:mcorporation4@aol.com] 80.90.198.141 No (-30),AS:-0,PT:-5,RB:-5,BY:-20,SP:10,VI:-0,SA:0,BM:-0,SU:-0,IS:-5,FE:-5 WINNING NOTIFICATION
07/13/14 06:03:53 Executed 1D214296DA1A418893F73257D8CC8C40.MAI SMTP KP-net SPAM (Allgemein) ADD_HEADER,STOP_PROCESSING [SMTP:mcorporation4@aol.com] 80.90.198.141 CRITERIA=BODY, DATA=<MF-W>*lottery*</MF-W> WINNING NOTIFICATION
07/13/14 06:03:57 Executed 694A84DD897C4053975FD4D7C1A9939A.MAI SF [System Spam Filter] ADD_HEADER [SMTP:mcorporation4@aol.com] 80.90.198.141 No (-30),AS:-0,PT:-5,RB:-5,BY:-20,SP:10,VI:-0,SA:0,BM:-0,SU:-0,IS:-5,FE:-5
07/13/14 06:03:57 Executed 694A84DD897C4053975FD4D7C1A9939A.MAI SF KP-net SPAM (Allgemein) ADD_HEADER,STOP_PROCESSING [SMTP:mcorporation4@aol.com] 80.90.198.141 CRITERIA=HEADERS_CONTAIN, DATA=<MF-W>*SPAM?*</MF-W>
Code: Select all
07/13/14 06:04:01 Executed EBFB6EBFDCAD484E96ACC6391827BAA2.MAI SF Spam (postoffice) ADD_HEADER,NOTIFY_ADDRESS xxxxxx.de [SMTP:mcorporation4@aol.com] 80.90.198.141 CRITERIA=SUBJECT, DATA=<MF-W>*SPAM?*</MF-W>
07/13/14 06:04:02 [EBFB6EBFDCAD484E96ACC6391827BAA2.MAI] Mailbox (name.name) on postoffice (xxxxx.de) executed a delivery event (C:\Program Files (x86)\Parallels\Plesk\admin\bin\memailfilter_usr.exe xxxxxx.de name.name EBFB6EBFDCAD484E96ACC6391827BAA2.MAI).
07/13/14 06:04:02 [EBFB6EBFDCAD484E96ACC6391827BAA2.MAI] Delivered message from [SMTP:mcorporation4@aol.com] to PO=xxxxxx.de MBX=name.name FLD=\Inbox
The message has the "X-ME-Content: Deliver-To= Junk" flag, but is not delivered to the Junk-Folder. This in general happens when a general mailbox (like info@, service@ or else) is used which forwards messages to individual mailboxes on the same postoffice, but not when the messages is directly delivered to one of these mailboxes.
Is there any hint why the message is not processed like many other messages ?
Any help would be appreciated.
Best Regards
Ben
Re: Filter is not working correctly
Hey Ian,
this is another message, this time the message was delivered to one single mailaddress. It contains the header move to junk, but is delivered to my mailbox inbox. There are filters on the server level searching for keyword *SPAM?* and on the postoffice level searching the same keyword. This mostly works. I simply don t get why a message marked as SPAM and containing the right keyword to the filters is processed to the INBOX while other messages which seem to be marked the same way are delivered to the JUNK Folder of this mailbox.
SMTP:
MTA:
POC:
Message Header (shortened):
this is another message, this time the message was delivered to one single mailaddress. It contains the header move to junk, but is delivered to my mailbox inbox. There are filters on the server level searching for keyword *SPAM?* and on the postoffice level searching the same keyword. This mostly works. I simply don t get why a message marked as SPAM and containing the right keyword to the filters is processed to the INBOX while other messages which seem to be marked the same way are delivered to the JUNK Folder of this mailbox.
SMTP:
Code: Select all
07/15/14 19:14:18 SMTP-IN 75441C6DCE7C4EA08C35096C9B8D804C.MAI 1736 IP MAIL MAIL FROM:<finanancegroups@yahoo.it> 250 Requested mail action okay, completed 43 38
07/15/14 19:14:18 SMTP-IN 75441C6DCE7C4EA08C35096C9B8D804C.MAI 1736 IP RCPT RCPT TO:<name.name@domain> 250 Requested mail action okay, completed 43 42
07/15/14 19:14:18 SMTP-IN 75441C6DCE7C4EA08C35096C9B8D804C.MAI 1736 IP DATA DATA 354 Start mail input; end with <CRLF>.<CRLF> 46 6
Code: Select all
07/15/14 19:14:19 ME-MTA-INFO : Routing message (75441C6DCE7C4EA08C35096C9B8D804C.MAI) from (SMTP) to 1 recipient(s).
07/15/14 19:14:19 MTADeliverMessage::Executing external COM event pleskmemta.PleskMEMTA with message 75441C6DCE7C4EA08C35096C9B8D804C.MAI from SMTP queue
07/15/14 19:14:22 ME-MTA-ROUTE [75441C6DCE7C4EA08C35096C9B8D804C.MAI] from [SMTP] Connector queued to [SF] Connector as [553F39A5D8234AFA9D6605678FECA573.MAI]
Code: Select all
07/15/14 19:14:23 Delivering 553F39A5D8234AFA9D6605678FECA573.MAI to message store (1 Recipients)
07/15/14 19:14:23 Executed 553F39A5D8234AFA9D6605678FECA573.MAI SF Spam (domain) ADD_HEADER,NOTIFY_ADDRESS DOMAIN.DE [SMTP:finanancegroups@yahoo.it] IP CRITERIA=SUBJECT, DATA=<MF-W>*SPAM?*</MF-W>
07/15/14 19:14:23 [553F39A5D8234AFA9D6605678FECA573.MAI] Checking message of size 8Kb for mailbox (name.name) on postoffice (domain.de) with quota of -1Kb (current size 0Kb).
07/15/14 19:14:23 [553F39A5D8234AFA9D6605678FECA573.MAI] Mailbox (name.name) on postoffice (domain.de) executed a delivery event (C:\Program Files (x86)\Parallels\Plesk\admin\bin\memailfilter_usr.exe domain.de name.name 553F39A5D8234AFA9D6605678FECA573.MAI).
07/15/14 19:14:23 ProcessMailboxSpamSettings:: Mailbox spam filters are enabled
07/15/14 19:14:23 ProcessMailboxSpamSettings:: Not action set for mailbox domain.de/name.name, message spam value=0
07/15/14 19:14:23 [553F39A5D8234AFA9D6605678FECA573.MAI] DeliverToMailbox:: domain.de/name.name, Sender=finanancegroups@yahoo.it Spam Rules Result=0
07/15/14 19:14:23 [553F39A5D8234AFA9D6605678FECA573.MAI] DeliverToMailbox:: Generating notification for message
07/15/14 19:14:23 [592] Starting Direct Inserting [553F39A5D8234AFA9D6605678FECA573.MAI] into index (C:\Program Files (x86)\Parallels\Plesk\Mail Servers\Mail Enable\POSTOFFICES\domain.de\MAILROOT\name.name\\Inbox\_index.xml).
07/15/14 19:14:23 [592] Completed Direct Inserting [553F39A5D8234AFA9D6605678FECA573.MAI] into index (C:\Program Files (x86)\Parallels\Plesk\Mail Servers\Mail Enable\POSTOFFICES\domain.de\MAILROOT\name.name\\Inbox\_index.xml).
07/15/14 19:14:23 [553F39A5D8234AFA9D6605678FECA573.MAI] Delivered message from [SMTP:finanancegroups@yahoo.it] to PO=domain.de MBX=name.name FLD=\Inbox
Code: Select all
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on h2265989
X-Spam-Flag: YES
X-Spam-Level: ****************************************
X-Spam-Status: Yes, score=40.7 required=10.0
tests=AXB_XMAILER_MIMEOLE_OL_024C2,DATE_IN_PAST_24_48,DKIM_ADSP_CUSTOM_MED,
FILL_THIS_FORM,FILL_THIS_FORM_LOAN,FILL_THIS_FORM_LONG,FORGED_MUA_OUTLOOK,
FREEMAIL_FROM,FREEMAIL_REPLYTO,FREEMAIL_REPLYTO_END_DIGIT,FROM_MISSPACED,
FROM_MISSP_FREEMAIL,FROM_MISSP_MSFT,FROM_MISSP_NO_TO,FROM_MISSP_REPLYTO,
FROM_MISSP_URI,FROM_MISSP_USER,FSL_CTYPE_WIN1251,FSL_MISSP_REPLYTO,
FSL_NEW_HELO_USER,MISSING_HEADERS,NML_ADSP_CUSTOM_MED,NSL_RCVD_FROM_USER,
RCVD_IN_SBL,RDNS_NONE,REPLYTO_WITHOUT_TO_CC,TO_NO_BRKTS_FROM_MSSP,
TO_NO_BRKTS_MSFT,T_FRT_CONTACT autolearn=spam version=3.3.2
DomainKey-Status: no signature
Received: from vaptex2.nl ([2a01:7c8:aab2:142::1]) by domain.de with MailEnable ESMTP; Tue, 15 Jul 2014 19:14:18 +0200
X-No-Relay: not in my network
Received: from User (unknown [37.77.117.89])
by vaptex2.nl (Postfix) with ESMTPA id 022B51489DA;
Mon, 14 Jul 2014 06:46:10 +0200 (CEST)
Reply-To: <prestitispa2@aol.com>
From: "Barbara Lang"<finanancegroups@yahoo.it>
Subject: **SPAM?**40.7 Punkte** Kredit-Angebot/ Loan Offer
Date: Mon, 14 Jul 2014 06:46:10 +0200
MIME-Version: 1.0
Content-Type: text/plain;
charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Message-ID: <75441C6DCE7C4EA08C35096C9B8D804C.MAI@kp-services.eu>
Received-SPF: none (kp-services.eu: yahoo.it does not designate permitted sender hosts)
X-Envelope-Sender: finanancegroups@yahoo.it
X-ME-Bayesian: 0.000000
X-ME-Spam: No (-40),AS:-0,PT:-5,RB:-5,BY:-20,VI:-0,SA:0,BM:-0,SU:-0,IS:-5,FE:-5
X-ME-Content: Deliver-To=Junk
X-Spam-Prev-Subject: Kredit-Angebot/ Loan Offer
Return-Path: <finanancegroups@yahoo.it>
-
- Site Admin
- Posts: 9738
- Joined: Mon Mar 22, 2004 4:44 am
- Location: Melbourne, Victoria, Australia
Re: Filter is not working correctly
Hi,
Just to confirm; Do you have the setting within the post office properties window under the "Feature Selection" tab "Deliver junk email to Junk Email folder" enabled?
Just to confirm; Do you have the setting within the post office properties window under the "Feature Selection" tab "Deliver junk email to Junk Email folder" enabled?
Regards,
Ian Margarone
MailEnable Support
Ian Margarone
MailEnable Support
Re: Filter is not working correctly
Hi Ian,
I confirm that the postoffice is set to deliver junk mails to junk mail folder. The message has the flag. It has been driven through the plesk spamassassin pickup and delivery event. It has been processed by the filters I set up on server and on postoffice level. But on a small amount of messages the mailenable logs do not show the log line delivering to junk although the message is flagged with X-ME-Content: Deliver-To=Junk.
The specified mailbox is set to SYSADMIN level instead of USER. As I said, only "some" messages appear to make it through the filtering, etc. Most postoffices have a bunch of junk delivered to the respective junk folder. This is somehow strange and annoying. As the messages all have the flag X-ME-Content: Deliver-To=Junk I would think that it is not necessary to tell you all the filter details, right ?
If you need more information let me know.
Best Regards
Ben
I confirm that the postoffice is set to deliver junk mails to junk mail folder. The message has the flag. It has been driven through the plesk spamassassin pickup and delivery event. It has been processed by the filters I set up on server and on postoffice level. But on a small amount of messages the mailenable logs do not show the log line delivering to junk although the message is flagged with X-ME-Content: Deliver-To=Junk.
The specified mailbox is set to SYSADMIN level instead of USER. As I said, only "some" messages appear to make it through the filtering, etc. Most postoffices have a bunch of junk delivered to the respective junk folder. This is somehow strange and annoying. As the messages all have the flag X-ME-Content: Deliver-To=Junk I would think that it is not necessary to tell you all the filter details, right ?
If you need more information let me know.
Best Regards
Ben
Re: Filter is not working correctly
Hey Ian,
as I am analyzing the messages getting through I realize that all of these messages do not have a TO: CC: or BCC: in their headers. This is the only thing I see they have in common.
Might this have to do anything with this "problem" ?
Best Regards
Ben
as I am analyzing the messages getting through I realize that all of these messages do not have a TO: CC: or BCC: in their headers. This is the only thing I see they have in common.
Might this have to do anything with this "problem" ?
Best Regards
Ben
-
- Site Admin
- Posts: 9738
- Joined: Mon Mar 22, 2004 4:44 am
- Location: Melbourne, Victoria, Australia
Re: Filter is not working correctly
Hi,
Can you PM example headers of the messages getting through? Might even be a better option lodging a support ticket since you have quite a few examples and trace logs.
Can you PM example headers of the messages getting through? Might even be a better option lodging a support ticket since you have quite a few examples and trace logs.
Regards,
Ian Margarone
MailEnable Support
Ian Margarone
MailEnable Support
Re: Filter is not working correctly
Hey Ian,
do you have any conclusion from the headers I sent you ?
Regards
Ben
do you have any conclusion from the headers I sent you ?
Regards
Ben
Re: Filter is not working correctly
Hey Ian,
well, I sent you a PM with complete headers as you requested, but got no further response.
I now have manually created a Junk E-Mail folder in the forwarding address postoffice. As of now, it seems that no further spam-mails are getting delivered to my mailboxes inbox. This would be fine.
What I dont understand is why some messages to this forwarding postoffice are getting filtered, marked or whatever and others not before. But maybe one doesn't have to understand everything.
I will have a look how this follows-up. If everything works out in the next week, this thread can be marked as solved.
Regards
Ben
well, I sent you a PM with complete headers as you requested, but got no further response.
I now have manually created a Junk E-Mail folder in the forwarding address postoffice. As of now, it seems that no further spam-mails are getting delivered to my mailboxes inbox. This would be fine.
What I dont understand is why some messages to this forwarding postoffice are getting filtered, marked or whatever and others not before. But maybe one doesn't have to understand everything.
I will have a look how this follows-up. If everything works out in the next week, this thread can be marked as solved.
Regards
Ben
Re: Filter is not working correctly
Hello Ian,
well, the filters are definitely not working correctly. I cannot see the mechanism why most messages are marked and moved to junk and some - especially messages with a high Spamassassin value of over 60 or more - are sometimes not although the correct spam-flag and move-to-junk flag are set. Have you done anything with the message I sent you via PM ?
Am I really the only one with this problem ? Well, I think I have to switch to other anti-spam solutions as I don't know what to say to my customers.
Regards
Ben
well, the filters are definitely not working correctly. I cannot see the mechanism why most messages are marked and moved to junk and some - especially messages with a high Spamassassin value of over 60 or more - are sometimes not although the correct spam-flag and move-to-junk flag are set. Have you done anything with the message I sent you via PM ?
Am I really the only one with this problem ? Well, I think I have to switch to other anti-spam solutions as I don't know what to say to my customers.
Regards
Ben