As usual, I'll post this here before opening up a case as very often the community already has more insight than I do (not a terribly high bar in any case...)
- I had a user come to me this morning about email being blocked. He is sending email from an external account (gmail) with 4 PDF attachments. Gmail is reporting an error in completing the transfer.
- So, he tries sending 4 separate emails, each with one PDF attachment, and only one of those get delivered (three are rejected)
- I check the message tracker and also the quarantine to see if we can find out why 3 of 4 messages are being rejected (I have my system set up to Quarantine EVERYTHING (other than viruses) rather than some transactions being simply rejected (IE: Connection drop is turned off for SRBL, RBL, SPF and I have filters set up to Quarantine for these). This way, user can self-service email from their quarantine which might have otherwise been completely discarded). QMS shows that these messages were blocked due to the SPAM filter. (The only difference in the messages are the actual PDF attachments themselves)
- When I pull the SMTP logs, the associated transaction shows "[g->c] 500 Message denied access due to content filters in effect" and the connection is reset. (I would also rather connections NOT be reset so we are not informing SPAMMERS that they have a "live one"...)
- While I do have a "Named Executable Files" filter in effect, PDF files are not in the list!
* Anyone have any idea why 3 out of 4 of these messages are being treated as SPAM when only the attached PDF is different? Are the contents of actual attachments being scanned as part of the SPAM filter?
(I would also prefer that SPAMMERS see our system as a "black hole" rather than "performing" when they poke it... Otherwise they can keep throwing stuff at our system until they have positive confirmation that something DIDN'T get rejected.)