Overview
The IP Blocklist is a custom database of IP addresses from which you never want to receive emails.
In this article, you will learn how to determine why the IP Blocklist Anti-Spam filter blocked or allowed a message as part of the troubleshooting process.
Introduction
The IP Blocklist filter can be configured to execute when the full email is received or at SMTP level, that is, emails are filtered while they are being received. SMTP level filtering terminates the email’s connection and therefore stops the download of the full email, economizing on bandwidth and processing resources.
There will be scenarios where customers open support requests wanting to understand why the IP Blocklist filter blocked or allowed specific messages against their expectations. The next section outlines the troubleshooting process to determine the reason behind the actions taken by this filter.
Description
- Find the Message-ID of the email in question by either obtaining it from the headers of the message itself or by looking for it in the MailEssentials Dashboard > Logs > Details tab. Refer to this linked article for more information on Reading Email Headers to extract the Message-ID.
- Navigate to ..\GFI\MailEssentials\AntiSpam\DebugLogs and locate the log file for the IP Blocklist module. The debug log filename is ase_ipblocklist.gfi_log.txt
- This debug log file for the module corresponds to GFI MailEssentials > Anti-Spam > Anti-Spam Filters > IP Blocklist on the configuration UI.
- Open the debug log file in a text editor and search for the Message-ID obtained in step 1.
- Refer to the scenarios below to determine the reasons behind the action taken by the module. Pay close attention to the lines in bold to understand what happened and why.
Skipping message processing (not enabled)...
"info ","ase_ipblocklist","-------------------------------------------------------"
"info ","ase_ipblocklist",">> Init Message [<b99202b5439565bbd8053e6de39d9d07@EC2AMAZ-TEDQDCP>]"
"info ","ase_ipblocklist","Context Refreshed: Yes"
"info ","ase_ipblocklist","Initializing IP blocklist module ..."
"info ","ase_ipblocklist","Received headers check: Disabled"
"info ","ase_ipblocklist","Refreshing blocked IPs from db ..."
"info ","ase_ipblocklist","SELECT ip, mask FROM ipblocklist"
"info ","ase_ipblocklist","Added IP = x.x.x.x\255.255.255.255"
"info ","ase_ipblocklist","Loaded 1 entries from db ... "
"info ","ase_ipblocklist","Licensing check: Licensed"
"info ","ase_ipblocklist","<< Message Initialization"
"info ","ase_ipblocklist",">> Message Processing Block"
Scenario 1: Email was allowed by the module
"info ","ase_ipblocklist","Connecting IP: 172.31.26.235"
"info ","ase_ipblocklist","CIPBlocklist::Execute()"
"info ","ase_ipblocklist","Checking address [172.31.26.235]"
"info ","ase_ipblocklist","Address [172.31.26.235] is not blocked"
"info ","ase_ipblocklist","Message is not blocked ... "
"info ","ase_ipblocklist","<< Message Processing Block"
"info ","ase_ipblocklist",">> Message Uninitialization"
"info ","ase_ipblocklist","<< Message Uninitialization"
"info ","ase_ipblocklist","----------------------------------------------"
Scenario 2: Email was blocked by the module
"info ","ase_ipblocklist","Connecting IP: 172.32.16.135"
"info ","ase_ipblocklist","CIPBlocklist::Execute()"
"info ","ase_ipblocklist","Checking address [172.31.26.235]"
"info ","ase_ipblocklist","Address [172.32.16.135] is blocked"
"info ","ase_ipblocklist","Message is blocked ... "
"info ","ase_ipblocklist","Setting block report to [IP is in Blocklist]"
"info ","ase_ipblocklist","----------------------------------------------"
- If a valid IP is blocked, remove it from the IP Blocklist in the configuration.
- If perimeter servers are configured, the verified IP address is the one sending to the perimeter. If no perimeter servers are configured, the verified IP address is the IP of the server sending to GFI MailEssentials.