Welcome Serena Central users! CLICK HERE
The migration of the Serena Central community is currently underway. Be sure to read THIS MESSAGE to get your new login set up to access your account.
Highlighted
sbaiter Valued Contributor.
Valued Contributor.
154 views

spam filter group exception not working

I thought this was working months ago, but as of today, we cannot seem to make it work. This is only happening with one email sender (that I know of). We have tried adding the IP Address, the whole IP Address range, and nothing seems to work, the messages still get flagged as spam. We have tried using the whole email address and wildcards, messages still get flagged as spam. Maybe we have it configured wrong, but as lacking as the documentation is, we are really guessing at a lot of this.

Inbound Mail Filter Policy, Spam Filter Group, Service: Add Header Line, X-Spam-Flag: Yes
(This works, spam gets flagged, dumped into Junk Mail folder, everyone happy)

Inbound Mail Filter Policy, Spam Filter Group, Exception Group, IP Address, 18.205.72.90/32
(emails from this ip range getting flagged as spam)

Inbound Mail Filter Policy, Spam Filter Group, Exception Group, Email Address, noreply@mxtoolbox.com
(emails from this address getting flagged as spam)

currently on rev.810

Any pointers would be appreciated

0 Likes
10 Replies
Knowledge Partner
Knowledge Partner

Re: spam filter group exception not working

Just to make sure I understand the setup, you have a spam filter group catching spam.  And then you have three items attached to it: a service that adds the header and two exceptions.  Correct?  That should work.  For the IP address exception, I know that the full IP will work.  I am currently doing that.  I'm not sure off the top of my head if you can specify a range with the subnet.  For the email address, you can do the full address or use wildcards...for example: noreply@mxtoolbox.com or *@mxtoolbox.com or *mxtoolbox.com.

You may have to check the logs to get further details as to what is going on.

 

 

--
Ken
Knowledge Partner

Create and vote for enhancements!
Idea Exchange sites within this community are now coming online for some of the Collaboration Products!
GroupWise Idea Exchange - https://community.microfocus.com/t5/GroupWise-Idea-Exchange/idb-p/GWideas
SMG Idea Exchange - https://community.microfocus.com/t5/Secure-Messaging-Gateway-Idea/idb-p/SMG_Ideas
Old method is still available for some products here: https://www.microfocus.com/products/enhancement-request.html
0 Likes
sbaiter Valued Contributor.
Valued Contributor.

Re: spam filter group exception not working

back in the days of NNTP, I got it on good authority that CIDR was acceptable, but we also did a cut-n-paste of every address in that range today and it doesn't make a difference.

<snip>

here is what I found in the log - its tagging it as bulk

(chnd) <1213> Creating gwava client handler
(cprc) <1213> Receiving scan request from REST client
(rrqs) <1213> Constructing REST handler for /api/1/localitytest.xml
(rrqs) <1213> Processing REST GET function
(rrqs) <1213> Sending response to client
(cprc) <1213> Receiving scan request from REST client
(rrqs) <1213> Constructing REST handler for /api/1/mimescan.xml
(rrqs) <1213> Processing REST POST function
(ppst) <1213> Received scan request from for application
(ppst) <1213> Preparing scan request objects
(psrq) <1213> Scan request source email address: monitor@tools.mxtoolbox.com
(psrq) <1213> Scan request source ip address: 18.205.72.90
(psrq) <1213> Scan request message direction: inbound
(psrq) <1213> Interface Id provided by directive 11010
(psrq) <1213> Scan request recipient email address: monitor@<snip>.org
(ppst) <1213> Processing scan requests
(scan) <1213> Scanning message with policy[26018]: Inbound Mail Filter Policy
(iscn) <1213> Running test: Message Received
(mrcv) <1213> Running MESSAGE RECEIVED test: Message Received
(acsv) <1213> Event 'Message Received' activating service 'Statistics Recording' for 1 recipients
(acsv) <1213> Event 'Message Received' activating service 'Message Tracker' for 1 recipients
(iscn) <1213> Test finished: Message Received
(iscn) <1213> Running test: Virus Filter Group
(iscn) <1213> Test finished: Virus Filter Group
(iscn) <1213> Running test: Anti-Virus
(avir) <1213> Processing ANTIVIRUS filter: Anti-Virus
(iscn) <1213> Running test: Zero Hour Virus
(vrod) <1213> Test type: virus on demand
(aspm) <1213> Accessing antispam security system
(aspm) <1213> Preparing message for inspection
(aspm) <1213> Adding meta-data for inspection
(aspm) <1213> Looking up spam classification
(iscn) <1213> Running test: Fingerprint Executable Files
(fngp) <1213> Processing FINGERPRINT filter: Fingerprint Executable Files
(iscn) <1213> Test finished: Fingerprint Executable Files
(iscn) <1213> Running test: Named Executable Files
(attn) <1213> Running ATTACHMENT NAME test: Named Executable Files
(iscn) <1213> Test finished: Named Executable Files
(iscn) <1213> Running test: Spam Filter Group
(iscn) <1213> Test finished: Spam Filter Group
(iscn) <1213> Running test: Anti-Spam
(aspm) <1213> Running ANTISPAM test
(iscn) <1213> Running test: RBL
(rbl ) <1213> Running RBL test
(avir) <1213> Antivirus engine scan result: clean
(iscn) <1213> Test finished: Anti-Virus
(iscn) <1213> Running test: SURBL
(srbl) <1213> Retrieving URI list from decoded body
(iscn) <1213> Running test: Message Size
(msiz) <1213> Running message size test
(msiz) <1213> Testing message size 1814 bytes to maximum allowable size 51000000 bytes
(msiz) <1213> Message is within size limit
(iscn) <1213> Test finished: Message Size
(iscn) <1213> Running test: Message Text
(iscn) <1213> Running test: Message Text
(iscn) <1213> Test finished: Message Text
(iscn) <1213> Running test: SPF
(spf ) <1213> Running SPF test
(iscn) <1213> Running test: Email Address
(iscn) <1213> Test finished: Email Address
(iscn) <1213> Test finished: Message Text
(srbl) <1213> Testing URI list against SURBL servers
(iscn) <1213> Test finished: SPF
(aspm) <1213> Spam scan refId: str=0001.0A090204.5DC3B3FF.0037,ss=3,re=0.000,recu=0.000,reip=0.000,cl=3,cld=1,fgs=0
(aspm) <1213> Spam signature engine classified message as bulk
(aspm) <1213> Virus signature engine reports message is not a virus: 0
(iscn) <1213> Test finished: Zero Hour Virus
(acsv) <1213> Event 'Spam Filter Group' activating service 'Add Header Line' for 1 recipients
(iscn) <1213> Test finished: Anti-Spam
(srbl) <1213> SURBL record clean: mxtoolbox.com.multi.surbl.org
(srbl) <1213> Surbl test complete
(iscn) <1213> Test finished: SURBL
(iscn) <1213> Test finished: RBL
(mrge) <1213> Merging service lists
(rsrv) <1213> Processing activated services
(stat) <1213> Processing STATS service
(trck) <1213> Processing Tracker service
(adhd) <1213> Processing ADD HEADER service
(scan) <1213> Message scan complete for policy ID: 26018
(rrqs) <1213> Sending response to client
(chnd) <1213> Closing gwava client handler

0 Likes
Knowledge Partner
Knowledge Partner

Re: spam filter group exception not working

Good work!   Filters, services, and exceptions can be linked to more than one item.  So just link your service and two exceptions to the bulk spam filter in addition to the current filter and you should be good to go.

By the way, I created an enhancement request for Message Tracker to provide detailed information regarding blocks so we don't have to dig through logs to find this info.  If you think it would help, please add your vote:  https://community.microfocus.com/t5/Secure-Messaging-Gateway-Idea/Secure-Messaging-Gateway-needs-to-provide-more-details-regarding/idi-p/2701612

--
Ken
Knowledge Partner

Create and vote for enhancements!
Idea Exchange sites within this community are now coming online for some of the Collaboration Products!
GroupWise Idea Exchange - https://community.microfocus.com/t5/GroupWise-Idea-Exchange/idb-p/GWideas
SMG Idea Exchange - https://community.microfocus.com/t5/Secure-Messaging-Gateway-Idea/idb-p/SMG_Ideas
Old method is still available for some products here: https://www.microfocus.com/products/enhancement-request.html
0 Likes
sbaiter Valued Contributor.
Valued Contributor.

Re: spam filter group exception not working

the exception group is currently linked to the spam filter group, which includes the bulk filter

does linking the exception group to the spam filter group no longer work?

do I have to link the exception group to each individual spam filter instead of the group?

0 Likes
Knowledge Partner
Knowledge Partner

Re: spam filter group exception not working

You should be able to link the exception to the group.  But just for grins, I suppose you could try a direct link to the individual filter and see what happens.  You might need to contact support and have them take a look at the logs...this isn't making sense.

--
Ken
Knowledge Partner

Create and vote for enhancements!
Idea Exchange sites within this community are now coming online for some of the Collaboration Products!
GroupWise Idea Exchange - https://community.microfocus.com/t5/GroupWise-Idea-Exchange/idb-p/GWideas
SMG Idea Exchange - https://community.microfocus.com/t5/Secure-Messaging-Gateway-Idea/idb-p/SMG_Ideas
Old method is still available for some products here: https://www.microfocus.com/products/enhancement-request.html
0 Likes
sbaiter Valued Contributor.
Valued Contributor.

Re: spam filter group exception not working

Linking the exception group directly to the filters doesn't work, but linking each individual exception to each individual filter does work. So, the exception group doesn't seem to work on my system.

Once I got it to actually look at the exceptions, I ran into another issue. It appears that if spam is detected by the filter, it will trigger the 'Add Header Line' before it checks the exceptions. So even though the log shows that it registered the exception, the 'Add Header Line' had already inserted the "X-Spam-Flag: Yes"

I'm sure the answer will be to use the quarantine, which we can't because of compliance rules for email archiving.

0 Likes
Knowledge Partner
Knowledge Partner

Re: spam filter group exception not working

Just a thought...trying to remember if this is possible off the top of my head...  What if you connect your IP Address Exception to your Add Header Line Service...does that achieve the desired result?

The quarantine would simplify things.  Why do your compliance rules prohibit its use? Just curious.

--
Ken
Knowledge Partner

Create and vote for enhancements!
Idea Exchange sites within this community are now coming online for some of the Collaboration Products!
GroupWise Idea Exchange - https://community.microfocus.com/t5/GroupWise-Idea-Exchange/idb-p/GWideas
SMG Idea Exchange - https://community.microfocus.com/t5/Secure-Messaging-Gateway-Idea/idb-p/SMG_Ideas
Old method is still available for some products here: https://www.microfocus.com/products/enhancement-request.html
0 Likes
sbaiter Valued Contributor.
Valued Contributor.

Re: spam filter group exception not working

exceptions can only attach to filters

A user can read a message in the quarantine without releasing it to their mailbox. If the message never reaches their mailbox it never gets archived for e-discovery. If they have read the email, it has to be archived for e-discovery.

0 Likes
sbaiter Valued Contributor.
Valued Contributor.

Re: spam filter group exception not working

I think I figured it out - at least it seems to be working again

If I link the service to the "Spam Filter Group" it will run the service anytime one of the linked Filters detects something.  So, the 'Add Header Line' has to be directly linked to each filter and not the group
and exception groups don't work (here anyways) requiring each exception to be linked directly as well
Apparently, the workbench needs to look like the laser show at a Pink Floyd concert to work correctly.

I really miss the old version, that came with reporting, an intuitive interface, and just worked 😒

0 Likes
Knowledge Partner
Knowledge Partner

Re: spam filter group exception not working

Sorry I wasn't more help, but glad you got it sorted out.
Hopefully we see some more improvements soon. Head over to the SMG ideas site and vote for some of the needed enhancements. Link is in my signature.
--
Ken
Knowledge Partner

Create and vote for enhancements!
Idea Exchange sites within this community are now coming online for some of the Collaboration Products!
GroupWise Idea Exchange - https://community.microfocus.com/t5/GroupWise-Idea-Exchange/idb-p/GWideas
SMG Idea Exchange - https://community.microfocus.com/t5/Secure-Messaging-Gateway-Idea/idb-p/SMG_Ideas
Old method is still available for some products here: https://www.microfocus.com/products/enhancement-request.html
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.