Phone Lines icon GFI Support Home Start a conversation Sign in
Start a conversation
  1. GFI MailEssentials
  2. GFI MailEssentials - Blocklist
  3. Articles

Determining why the IP Blocklist Filter blocked or allowed a message

Overview

The IP Blocklist is a custom database of IP addresses from which you never want to receive emails.

In this article, you will learn how to determine why the IP Blocklist Anti-Spam filter blocked or allowed a message as part of the troubleshooting process.

 

Introduction

The IP Blocklist filter can be configured to execute when the full email is received or at SMTP level, that is, emails are filtered while they are being received. SMTP level filtering terminates the email’s connection and therefore stops the download of the full email, economizing on bandwidth and processing resources. 

There will be scenarios where customers open support requests wanting to understand why the IP Blocklist filter blocked or allowed specific messages against their expectations. The next section outlines the troubleshooting process to determine the reason behind the actions taken by this filter.

  

Description

If you are questioning why an email was blocked or allowed by the IP Blocklist filter and would like more information, the best place to start the troubleshooting process is to examine the debug logs.
Follow the below procedure to find the log file and information regarding the email message under review, and thereafter use the examples provided to interpret and determine why the message was either blocked or allowed:
  1. Find the Message-ID of the email in question by either obtaining it from the headers of the message itself or by looking for it in the MailEssentials Dashboard > Logs > Details tab. Refer to this linked article for more information on Reading Email Headers to extract the Message-ID.
  2. Navigate to ..\GFI\MailEssentials\AntiSpam\DebugLogs and locate the log file for the IP Blocklist module. The debug log filename is ase_ipblocklist.gfi_log.txt
    • This debug log file for the module corresponds to GFI MailEssentials > Anti-Spam > Anti-Spam Filters > IP Blocklist on the configuration UI.
  3. Open the debug log file in a text editor and search for the Message-ID obtained in step 1.
  4. Refer to the scenarios below to determine the reasons behind the action taken by the module. Pay close attention to the lines in bold to understand what happened and why.
The debug log file will indicate whether the IP Blocklist filter is enabled and any actions taken by the filter while scanning emails. If the module is disabled the log file will simply show: 
Skipping message processing (not enabled)...
The following lines after the Message-ID confirm the filter is enabled and has successfully loaded the configuration: 
"info ","ase_ipblocklist","-------------------------------------------------------"
"info ","ase_ipblocklist",">> Init Message [<b99202b5439565bbd8053e6de39d9d07@EC2AMAZ-TEDQDCP>]"
"info ","ase_ipblocklist","Context Refreshed: Yes"
"info ","ase_ipblocklist","Initializing IP blocklist module ..."
"info ","ase_ipblocklist","Received headers check: Disabled"
"info ","ase_ipblocklist","Refreshing blocked IPs from db ..."
"info ","ase_ipblocklist","SELECT ip, mask FROM ipblocklist"
"info ","ase_ipblocklist","Added IP = x.x.x.x\255.255.255.255"
"info ","ase_ipblocklist","Loaded 1 entries from db ... "
"info ","ase_ipblocklist","Licensing check: Licensed"
"info ","ase_ipblocklist","<< Message Initialization"
"info ","ase_ipblocklist",">> Message Processing Block"

 

Scenario 1: Email was allowed by the module 

"info ","ase_ipblocklist","Connecting IP: 172.31.26.235"
"info ","ase_ipblocklist","CIPBlocklist::Execute()"
"info ","ase_ipblocklist","Checking address [172.31.26.235]"
"info ","ase_ipblocklist","Address [172.31.26.235] is not blocked"
"info ","ase_ipblocklist","Message is not blocked ... "
"info ","ase_ipblocklist","<< Message Processing Block"
"info ","ase_ipblocklist",">> Message Uninitialization"
"info ","ase_ipblocklist","<< Message Uninitialization"
"info ","ase_ipblocklist","----------------------------------------------"
Note: If a spam IP address is not blocked, add it to the IP Blocklist in the configuration.
 

Scenario 2: Email was blocked by the module

"info ","ase_ipblocklist","Connecting IP: 172.32.16.135"
"info ","ase_ipblocklist","CIPBlocklist::Execute()"
"info ","ase_ipblocklist","Checking address [172.31.26.235]"
"info ","ase_ipblocklist","Address [172.32.16.135] is blocked"
"info ","ase_ipblocklist","Message is blocked ... "
"info ","ase_ipblocklist","Setting block report to [IP is in Blocklist]"
"info ","ase_ipblocklist","----------------------------------------------"
Note:
  • If a valid IP is blocked, remove it from the IP Blocklist in the configuration.
  • If perimeter servers are configured, the verified IP address is the one sending to the perimeter. If no perimeter servers are configured, the verified IP address is the IP of the server sending to GFI MailEssentials.

Back to top

Choose files or drag and drop files
Was this article helpful?
Yes
No

  1. Priyanka Bhotika

  2. Posted
  3. Updated

Comments