Phone Lines icon GFI Support Home

Articles in this section

See more

Prefetch does not retrieve the sending IP from emails

Author: Luis Fernandes

Versions / Builds Affected

2015 and later

Status

Open

Problem Summary

Prefetch module is not extracting the IP from the received email

TT / JIRAID

2741

How to Identify

A large amount of missed spam, usually after upgrading to 2015 or 2015 SR1. Filters that rely on the IP for filtering are not blocking the emails, such as IPDNSBL, Spamrazer, SPF, IP Blocklist. Example of log extracts: 2015-07-09,15:31:08,592,1,"#000012a8","#00002764","info ","EmailPrefetch","Received Header: received: from pickup by bavex01.bavaria.local with microsoft smtp server id 14.3.235.1; thu, 9 jul 2015 13:31:07 +0000" 2015-07-09,15:31:08,592,1,"#000012a8","#00002764","error ","EmailPrefetch","Failed to extract received lines" 2015-07-09,15:31:08,592,1,"#000012a8","#00002764","error ","EmailPrefetch","<< GetProp [0x80004005]" ------------------------------------- 2015-07-09,15:31:08,706,1,"#000012a8","#00002764","info ","ase_dnsbl","Failed while getting connecting IP from InfoRetiever" 2015-07-09,15:31:08,706,1,"#000012a8","#00002764","info ","ase_dnsbl","No last IP could be extracted. Using connection IP address." 2015-07-09,15:31:08,706,1,"#000012a8","#00002764","info ","ase_dnsbl","GFI_MTAMSGPROPS_CONNECTION_SERVER_IP_ADDRESS is not available (0x80070057)" 2015-07-09,15:31:08,706,1,"#000012a8","#00002764","info ","ase_dnsbl","No IP Address could be extracted. Skipping message" ------------------------------------- 2015-07-09,15:31:08,592,1,"#000012a8","#00002764","error ","ase_spamrazer","[ExtractConnectingIPW:43] 'Failed to get connecting IP address from 'Received' headers' [HR: 0x80070057]" 2015-07-09,15:31:08,592,1,"#000012a8","#00002764","info ","ase_spamrazer","(IPRep) IP reputation did not execute (invalid parameters [] [])" 2015-07-09,15:31:08,592,1,"#000012a8","#00002764","warning","ase_spamrazer","(Score) [0x12EAE920] Smtp Envelop: [not set]" 2015-07-09,15:31:08,593,1,"#000012a8","#00002764","error ","ase_spamrazer","[ExtractConnectingIPW:43] 'Failed to get connecting IP address from 'Received' headers' [HR: 0x80070057]"

Workaround / Fix Details

None at the moment

Required Actions

Gather full set of logs and escalate

Related articles