Answer
If you are questioning why an email was blocked or allowed by the URI DNS Blocklist spam filter and would like more information, you can find further details in the log file for that filter. Use the following procedure to find the log and information regarding your message within it, and then use the examples below to interpret why the message was either blocked or allowed:- Find the message ID of the email in question by either gathering it from the headers of the message itself, or by looking for it in the MailEssentials Dashboard > Logs > Details tab
-
Open the ase_surbl.gfi_log file in notepad from ..\GFI\MailEssentials\AntiSpam\DebugLogs
- This log is for the URI DNS Blocklist Filter Module and corresponds to the Configuration > Anti-Spam > Anti Spam Filters > URI DNS Blocklist in the interface
-
Do a search for the Message ID from the dashboard or the email headers
- Note: The Message IDs have been removed from the example log files below
- Note: The bolded lines are the important ones in the log files for determine what has happened and why
Email was allowed by the module:
>> Message Processing Block
Working on message body (TEXT) ...
>>
MimeEntity Info => CTYPE: [text/plain], CSET: [us-ascii], LEN: [1553]
Internationalized stream length: 3106
Bytes read [3106]
Extracting URLs from text ...
Match found...[http://click.papajohns-specials.com/?qs=bea4eaa33e1a8e68d0c652f6be5b48111e2e14b122d65a909836e00ab595600a793a21ff138328be]
Processing URL list ...
Domains extracted [1]
Actual domains [1]
Checking URL [click.pa][Now:1118142986] against cache ...
Checking URL [click.papajohns-specials.com][Now:1118142986] against cache ...
Checking URL [papajohns-specials.com][Now:1118142986] against cache ...
Checking URL [papajohns.com][Now:1118142986] against cache ...
Checking URL [specials.com][Now:1118142986] against cache ...
Querying remote SURBL providers [146]...
Processing results ...
Processing results ... ok
<<
Working on message body (HTML) ...
>>
MimeEntity Info => CTYPE: [text/html], CSET: [us-ascii], LEN: [22514]
Internationalized stream length: 45028
Bytes read [45028]
Extracting URLs from text ...
Match found...[http://click.papajohns-specials.com/open.aspx?ffcb10-fec21073706c0474-fe271c757765007a721575-fef41375766c00-ff3715717065-fe241773776c0c7b731271-ff2f10717260&d=10037]
Processing URL list ...
Domains extracted [5]
Actual domains [6]
Checking URL [ad.doubleclick.net][Now:1118143126] against cache ...
Querying remote SURBL providers [147]...
[1:147][ad.doubleclick.net] Queuing lookup ... ok
Processing results ...
Processing results ... ok
<<
<< Message Processing Block
Note: If a sender is on a blocklist you are not checking, you can add it in the configuration.
Email was blocked by the module:
Context Refreshed: No
Licensing check: Licensed
<< Message Initialization
>> Message Processing Block
Working on message body (HTML) ...
>>
MimeEntity Info => CTYPE: [text/html], CSET: [utf-8], LEN: [3672]
Internationalized stream length: 7344
Bytes read [7344]
Extracting URLs from text ...
Processing URL list ...
Domains extracted [5]
Actual domains [8]
Checking URL [kayscelebritydeathpool.com][Now:1015987] against cache ...
Checking URL [kayscelebritydeathpool.com][Now:1015987] against cache ...
Cache hit for URL [kayscelebritydeathpool.com][LS:933135] ... ok
Url [kayscelebritydeathpool.com] is listed on blacklist [multi.surbl.org]
<<
Setting actions data ...
Informing ASE of spam [2]...
Setting block report to: 'Email contains a url listed on multi.surbl.org"'"
<< Message Processing Block
Notes:
- The email can also be blocked due to the cache
- If a valid sender is on a blocklist, they will need to get removed from it by contacting the organization that operates it. GFI has no control over these blocklists.
Module is disabled:
DNS Server Override: [disabled]
SURBL status: Disabled