Versions / Builds Affected
2015 and laterStatus
OpenProblem Summary
Prefetch module is not extracting the IP from the received emailTT / JIRAID
2741How to Identify
A large amount of missed spam, usually after upgrading to 2015 or 2015 SR1.
Filters that rely on the IP for filtering are not blocking the emails, such as IPDNSBL, Spamrazer, SPF, IP Blocklist.
Example of log extracts:
2015-07-09,15:31:08,592,1,"#000012a8","#00002764","info ","EmailPrefetch","Received Header: received: from pickup by bavex01.bavaria.local with microsoft smtp server id 14.3.235.1; thu, 9 jul 2015 13:31:07 +0000"
2015-07-09,15:31:08,592,1,"#000012a8","#00002764","error ","EmailPrefetch","Failed to extract received lines"
2015-07-09,15:31:08,592,1,"#000012a8","#00002764","error ","EmailPrefetch","<< GetProp [0x80004005]"
-------------------------------------
2015-07-09,15:31:08,706,1,"#000012a8","#00002764","info ","ase_dnsbl","Failed while getting connecting IP from InfoRetiever"
2015-07-09,15:31:08,706,1,"#000012a8","#00002764","info ","ase_dnsbl","No last IP could be extracted. Using connection IP address."
2015-07-09,15:31:08,706,1,"#000012a8","#00002764","info ","ase_dnsbl","GFI_MTAMSGPROPS_CONNECTION_SERVER_IP_ADDRESS is not available (0x80070057)"
2015-07-09,15:31:08,706,1,"#000012a8","#00002764","info ","ase_dnsbl","No IP Address could be extracted. Skipping message"
-------------------------------------
2015-07-09,15:31:08,592,1,"#000012a8","#00002764","error ","ase_spamrazer","[ExtractConnectingIPW:43] 'Failed to get connecting IP address from 'Received' headers' [HR: 0x80070057]"
2015-07-09,15:31:08,592,1,"#000012a8","#00002764","info ","ase_spamrazer","(IPRep) IP reputation did not execute (invalid parameters [] [])"
2015-07-09,15:31:08,592,1,"#000012a8","#00002764","warning","ase_spamrazer","(Score) [0x12EAE920] Smtp Envelop: [not set]"
2015-07-09,15:31:08,593,1,"#000012a8","#00002764","error ","ase_spamrazer","[ExtractConnectingIPW:43] 'Failed to get connecting IP address from 'Received' headers' [HR: 0x80070057]"Workaround / Fix Details
None at the momentRequired Actions
Gather full set of logs and escalate