Filter giving false result??

StephenDavey · Post by **StephenDavey** » Thu Jun 22, 2023 6:11 am

I have a filter with
"Where the From header line contains specific words" - Enabled
(Use short word list = ) . . How can I copy/export all the entries I have put in here??
"Where a message header contains specific words" - Enabled
(Use short word list = ) . . How can I copy/export all the entries I have put in here??
Action - Add a prefix to the subject of the message (## LIKELY SPAM ##)

But some times legitimate mail (eg see below) is getting actioned despite the fact that I have checked through both lists above and verified that none of the entries (eg *animal_care.ru*) are NOT included in either the header or the From line ??

====== sample legitimate mail being caught ======================================
Received-SPF: pass (geelongweb.au: domain of gmail.com designates 209.85.214.175 as
permitted sender) client-ip=209.85.214.175
Received: from mail-pl1-f175.google.com ([209.85.214.175]) by geelongweb.au with
MailEnable ESMTPS (version=TLS1_2 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384);
Thu, 22 Jun 2023 14:16:07 +1000
Received: by mail-pl1-f175.google.com with SMTP id
d9443c01a7336-1b51780bed0so52364635ad.3 for
<info@hfrichardson.com.au>; Wed, 21 Jun 2023 21:16:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1687407364; x=1689999364;
h=to:message-id:subject

mime-version:from
:content-transfer-encoding:from:to:cc:subject

message-id
:reply-to; bh=4ht9G50SlYlr7BPTCuy+KjNotHQlLEXbSKghIYlF3TI=; b=HFzB0h7nhx9SWxGXB7V16yJijHh1NoHvz6yAhK7KywxADC9mNFGZ5TuxuE4LCZv4Q1
7jm0McNR0SsnujQL3vn9FNeSLvwkczbtO8akyXDlovKYdovBPZSe0VqJFflLqYytWScw
BSl3Zzsqj8JkAFdxY1KNVYLyOVx9MVefNYbqmKGeQSX5otcT/RAry8ytAspy2/5snosZ
d5D+q8UpxD/98Z8+WSsbPcxLCthOQDP6WnxOzJ58i1FkN4SXT0CxjKncMLUV4fSul9Bv
gT6937fm8UxZJhU6ejCGlA2j4oWrHBxu3worFC3DsoVxYbSJ43OEQf6i/rL+6P5mBJNG
6xZQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1687407364; x=1689999364;
h=to:message-id:subject

mime-version:from
:content-transfer-encoding:x-gm-message-state:from:to:cc:subject

message-id:reply-to; bh=4ht9G50SlYlr7BPTCuy+KjNotHQlLEXbSKghIYlF3TI=;
b=WOwgHct/7dGt/oLuHNkmfXYA3HLRjHreAbW/KO+kh02PsugW42kUO5XSzmSIV4UQwd
SbrwXhyQMP0C3jQkifE3SCdO0PbP6/Zn0cmOc6tufevgRHUgfWuaZVMhhtIIaGJxlhxJ
Epwp91ebVikhfimu5m/ppFh96WeDXhqfhWZMzVaNi2EfRlEW3YNY595DsGXVVK6/kZ6W
ze4sphKq7a/Cwrer2IJaKdP1L5xYw0COxSATXePUtYIkHsMMpnpU18sSCNYOyCbWQmZd
4QGBJutJ5oNGAOn1n37oz59UNeV20Q5IfARB7P56mSCMQX+rIE02X4hP3IIoN6S4Vrsr
OnaA==
X-Gm-Message-State: AC+VfDwF8HP1gzkXRTLf3oFUzwAFILb0xR11qsZpCY+2WgwlX4HDbrg3 4gdGbhxkxlYkOoNXgQifDoiOuqRiiig=
X-Google-Smtp-Source: ACHHUZ5oQzHX3CYmZfeOoM+g081df+sRGJsI9GQ7e0CnUqZXEduRP3AjfYVyCEFJvHGqbAGTvws8MQ==
X-Received: by 2002:a17:902:d489:b0:1af:d812:d27 with SMTP id
c9-20020a170902d48900b001afd8120d27mr22603616plg.9.1687407364487; Wed,
21 Jun 2023 21:16:04 -0700 (PDT)
Return-Path: <justineleach38@gmail.com>
Received: from smtpclient.apple (ec2-3-26-163-236.ap-southeast-2.compute.amazonaws.com.
[3.26.163.236]) by smtp.gmail.com with ESMTPSA id
n13-20020a170902d2cd00b001b1866f7b5csm4233569plc.138.2023.06.21.21.16.03
for <info@hfrichardson.com.au> (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
Wed, 21 Jun 2023 21:16:03 -0700 (PDT)
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
From: justineleach38@gmail.com
Mime-Version: 1.0 (1.0)
Date: Thu, 22 Jun 2023 14:16:01 +1000
Subject: ## LIKELY SPAM ## Test
Message-Id: <07EEB9A5-75A0-420F-B83A-5F017122C5EF@gmail.com>
To: HF Richardson Main Office Number <info@hfrichardson.com.au>
X-Mailer: iPhone Mail (19H332)
X-Envelope-Sender: justineleach38@gmail.com
X-ME-Bayesian: 0.062436
X-Read: 1
==================================================================

Cheers, Stephen D

Post by **Admin** » Tue Jun 27, 2023 6:54 am

Check the filter log. When it does an action it may indicate what triggered it. You can access the filter log in the admin program, expand the Servers->localhost->Extensions->Message Filter->Logs->Filters branch.

StephenDavey · Post by **StephenDavey** » Tue Jun 27, 2023 11:15 pm

Admin,
Thanks for that. The logs are most helpful.

I'm curious about some multiple entries for the soem message . . eg

06/27/23 00:29:08 Executed 0370E8F30ED74DF182115FB639801BD6.MAI SMTP Delete_Spam_2 DELETE [SMTP:UltraK9Pro@netflixsurveys.shop] 198.211.26.13 CRITERIA=FROM, DATA=<MF-R>*surveys.shop*</MF-R> The Real Reason Why Dog Food Is Brown (Can Cut Your Dog's Lifespan By Up To 7 Years)
06/27/23 00:29:08 Executed 0370E8F30ED74DF182115FB639801BD6.MAI SMTP Delete_Spam_5 ADD_SUBJECT_PREFIX [SMTP:UltraK9Pro@netflixsurveys.shop] 198.211.26.13 CRITERIA=FROM, DATA=<MF-R>*surveys.shop*</MF-R>|CRITERIA=FROM, DATA=<MF-R>*.shop></MF-R> The Real Reason Why Dog Food Is Brown (Can Cut Your Dog's Lifespan By Up To 7 Years)
06/27/23 00:29:08 Executed 0370E8F30ED74DF182115FB639801BD6.MAI SMTP Delete_Spam_6 ADD_SUBJECT_PREFIX [SMTP:UltraK9Pro@netflixsurveys.shop] 198.211.26.13 CRITERIA=FROM, DATA=<MF-R>*surveys.shop*</MF-R>|CRITERIA=FROM, DATA=<MF-R>*.shop></MF-R>|CRITERIA=FROM, DATA=<MF-R>*.shop>*</MF-R> The Real Reason Why Dog Food Is Brown (Can Cut Your Dog's Lifespan By Up To 7 Years)
06/27/23 00:29:08 Executed 0370E8F30ED74DF182115FB639801BD6.MAI SMTP SPF_none ADD_SUBJECT_PREFIX [SMTP:UltraK9Pro@netflixsurveys.shop] 198.211.26.13 CRITERIA=FROM, DATA=<MF-R>*surveys.shop*</MF-R>|CRITERIA=FROM, DATA=<MF-R>*.shop></MF-R>|CRITERIA=FROM, DATA=<MF-R>*.shop>*</MF-R>|CRITERIA=SPF, DATA=<MF-W>none</MF-W> The Real Reason Why Dog Food Is Brown (Can Cut Your Dog's Lifespan By Up To 7 Years)

Filter "Delete_Spam_2" deletes mail meeting the criteria. Should I also add a "Stop processing filters" so that the deleted message does not bother to go through any of the filters that follow?

Cheers,
Stephen D

Filter giving false result??

Filter giving false result??

Re: Filter giving false result??

Re: Filter giving false result??