ME020529 - PRB: How do messages end up in the mailbox Junk E-Mail folder


SYMPTOMS

Messages are being delivered to the mailbox Junk E-Mail folder.

CAUSE

There is no global option within MailEnable that will automatically deliver a message to a mailboxes "Junk E-Mail" folder. Below are listed some of the various reasons how messages can be delivered to the "Junk E-Mail" folder:

    • The message has been marked as spam by a global message content filter action "Mark as spam".
    • Reverse DNS blacklisting action to "Mark as spam".
    • Mailbox level message content filter action "Move message to Junk E-Mail folder" (Enterprise only).
    • Postoffice level message content filter action "Mark as spam" (Enterprise only)
    • Web mail interface mailbox spam rule "Move message to Junk E-Mail" folder.

    NOTE: The "mark as spam" action will add the header "X-ME-Content: Deliver-To= Junk" to the message headers. Any message that contains such header will be delivered to the mailboxes "Junk E-Mail" folder, providing the option "Deliver to junk email to Junk E-Mail folder" is enabled at the postoffice level or globally depending on which version of MailEnable is running on the server. More information in regards to the "Deliver to junk email to Junk E-Mail folder" can be found within the MailEnable documentation.

    RESOLUTION

    How to determine which message content filter marked a message as spam:

    In order to determine which message content filter executed on a message and added the "mark as spam" header the following procedure can be followed:

    Navigate to the following MailEnable installation path: Mail Enable\postoffices\(postoffice name)\MAILROOT\(mailbox name)\Junk E-Mail
    Determine the message (.mai) ID that contains the header line "X-ME-Content: Deliver-To=Junk" within the mailboxes "Junk E-Mail" folder along with the file's modified date/time.
    NOTE: An easy method to determine the message ID within a large list of junk messages is to log into the mailboxes web mail account and right clicking on a message within the "Junk E-Mail" and using the "download source" option. This will display the exact message ID of the message.

    Example: 119132804D1B4B87A064CC1B82F63A7A.MAI

    Navigate within the administration console to: Servers>localhost>Connectors>postoffice>logs and open up the log file in respect to the date/time of the message located within the mailboxes "Junk E-Mail" folder.
    Perform a search within the log file using the: Edit>Find option within the top toolbar and search for the message (.mai) file ID.
    Example:

    04/28/09 10:08:31 [119132804D1B4B87A064CC1B82F63A7A.MAI] Delivered message from [SMTP:test@mailenable.com.au] to PO=mailenable MBX=test FLD=\Junk E-mail

    Next navigate within the administration console to: Servers>localhost>Agents>MTA>logs and open up the respective date/time MTA debug log file and search for message (.mai) ID.
    Example:

    04/28/09 10:08:31 ME-MTA-ROUTE [3608D0A639324298ACFF52D8EA92D19C.MAI] from [SF] Connector queued to [SF] Connector as [119132804D1B4B87A064CC1B82F63A7A.MAI]

    NOTE: The message (.mai) ID changes when the MTA routes the message to the respective queue location. As seen in the above MTA log snippet example.

    Next navigate within the administration console to: Servers>localhost>Filters>logs>Filters and open up the respective date/time filtering log file and search for message ID from the MTA log file before it was routed to the destination queue.
    Example:

    04/28/09 10:08:31 Executed 3608D0A639324298ACFF52D8EA92D19C.MAI SF junk ADD_HEADER [SMTP:test@mailenable.com.au] 127.0.0.1 CRITERIA=SUBJECT, DATA=test

    The above filtering log example displays the filter that was executed. EG: filter name in above example is "junk".
    How to determine if a Reverse DNS lookup marked a message as spam:

    To determine if a message located in the mailboxes "Junk E-Mail" folder was marked as spam by the SMTP Reverse DNS blacklisting "mark as spam" action the following header line will be present within the message headers:
    Example: X-RBL-Result: Generic, Fail

    The same back tracing method that was used in above message content filter scenario can be used to determine which blacklisted executed on the message.
    You need to first locate the message ID within the mailboxes Junk-Email folder. Then search through the postoffice connector log file.
    Example: 1807B230450D457F9667FF7CDF3885E7.MAI

    Example postoffice connector log:

    04/27/09 00:07:38 [1807B230450D457F9667FF7CDF3885E7.MAI] Delivered message from [SMTP:test@example.com] to PO=MailEnable MBX=test FLD=\Junk E-mail

    Next navigate to the MTA logs and open up the respective log file and search for the same message ID:
    Example MTA log file:

    04/27/09 00:07:36 ME-MTA-ROUTE [884C408C9ED24C3DAF25DBE029A068A8.MAI] from [SMTP] Connector queued to [SF] Connector as [1807B230450D457F9667FF7CDF3885E7.MAI]

    To locate which blacklist lookup executed the action navigate to Servers>localhost>connectors>SMTP>logs>activity and open up the respective log file and search for message ID from the MTA log file before it was routed to the destination queue.
    Example SMTP activity log:

    04/27/09 00:07:23 SMTP-IN 884C408C9ED24C3DAF25DBE029A068A8.MAI 2124 192.168.2.35 RCPT RCPT TO: 250 Requested mail action okay, completed 43 31

    Example SMTP debug log:

    04/27/09 00:07:22 ME-E0113: [2124] Message marked as spam: (192.168.2.34) was found in DNS blacklisted database Barracuda.

    How to determine which mailbox level message content filter marked a message as spam:

    To determine if a mail box level message content filter executed and marked a message as spam locate the message ID within the mailboxes "Junk E-Mail" folder.
    Example: 028CDEED726949849D568C525C16D40B.MAI

    Next navigate to the postoffice connector debug log file within the administration console and open up the log file in respect to the messages modified date/time.
    Search for the message ID to determine which mailbox level executed on the message and delivered the message to the mailboxes Junk E-Mail folder.
    Example postoffice debug log file:

    04/28/09 11:37:52 Executed 028CDEED726949849D568C525C16D40B.MAI SF mailbox junk JUNK mailenable [SMTP:test@mailenable.com.au] 127.0.0.1 CRITERIA=SUBJECT, DATA=test
    04/28/09 11:37:52 [028CDEED726949849D568C525C16D40B.MAI] Message delivery processing to PO=mailenable MBX=test was interupted because a filter prevented delivery of the original message.

    How to determine which postoffice level message content filter marked a message as spam:

    To determine if a mail box level message content filter executed and marked a message as spam locate the message ID (.mai) that contains the header line "X-ME-Content: Deliver-To=Junk" within the mailboxes "Junk E-Mail" folder along with the files modified date/time.
    Example: 073CA342F513482EB349F8B8F45AE2D4.MAI

    Next navigate to the postoffice connector debug log file within the administration console and open up the log file in respect to the messages modified date/time.
    Search for the message ID to determine which mailbox level filter executed on the message and delivered the message to the mailboxes Junk E-Mail folder.
    04/28/09 11:46:52 Executed 073CA342F513482EB349F8B8F45AE2D4.MAI SF test ADD_HEADER mailenable [SMTP:test@mailenable.com.au] 127.0.0.1 CRITERIA=SUBJECT, DATA=test
    04/28/09 11:46:52 [073CA342F513482EB349F8B8F45AE2D4.MAI] Delivered message from [SMTP:test@mailenable.com.au] to PO=mailenable MBX=test FLD=\Junk E-mail

    How to determine if the mailboxes spam rule actioned and delivered the message to the mailboxes Junk E-Mail folder:

    If a message that was delivered to a mailboxes "Junk E-Mail" folder contains any of the following message header lines below, it is possible that the message was delivered to the Junk E-Mail folder by the mailbox spam rule action "move message to junk email folder" in respect to the specific spam header value:

    Example:

    X-ME-Spam: Low

    X-ME-Spam: Medium

    X-ME-Spam: High

    More information about spam protection script filter can be found within the following articles:

    http://www.mailenable.com/kb/content/article.asp?ID=ME020391

    http://www.mailenable.com/kb/content/article.asp?ID=ME020493

    In order to determine if the mailbox spam rule action delivered the message to the "Junk E-Mail" folder locate the message ID (.mai) that contains the header line "X-ME-Spam:" within the mailboxes "Junk E-Mail" folder along with the files modified date/time.
    Example: 68AA1EBAC0164DE5B440F8FCD2DF388A.MAI

    Next navigate to the postoffice connector debug log file within the administration console and open up the log file in respect to the messages modified date/time.
    Search for the message ID to determine which mailbox level executed on the message and delivered the message to the mailboxes Junk E-Mail folder.
    Example postoffice connector debug log:

    04/28/09 14:23:01 [68AA1EBAC0164DE5B440F8FCD2DF388A.MAI] Message Spam processing occured when delivering to PO=mailenable MBX=test

    The above log snippet indicates that a spam rule has actioned on the message. Next step would be to login to the mailboxes web mail account to see if the spam rule action "Move message to Junk E-Mail folder" is enabled within the "spam rules" page.



    Product:MailEnable (Pro-Any Ent-Any)
    Category:Other
    Module:General
    Keywords:junk e-mail spam message
    Class:PRB: Product Problem or Issue
    Revised:Wednesday, May 4, 2016
    Author:
    Publisher:MailEnable