Answer
If you are questioning why an email was blocked or allowed by the Email Blocklist spam filter and would like more information, you can find further details in the log file for that filter. Use the following procedure to find the log and information regarding your message within it, and then use the examples below to interpret why the message was either blocked or allowed:- Find the message ID of the email in question by either gathering it from the headers of the message itself, or by looking for it in the MailEssentials Dashboard > Logs > Details tab
-
Open the ase_blacklist.gfi_log file in notepad from ..\GFI\MailEssentials\AntiSpam\DebugLogs
- This log is for the Email Blocklist Module and corresponds to the Configuration > Anti-Spam > Anti Spam Filters > Email Blocklist in the interface and the antispam_2 table in the config.mdb
- Do a search for the Message ID from the dashboard or the email headers.
- Note: The Message IDs have been removed from the example log files below
- Note: The bolded lines are the important ones in the log files for determine what has happened and why
There are two main parts to this log. The first loads the information for the module, the second scans the individual emails.
Loading the settings:
Context Refreshed: Yes
Loading configuration ...
Blacklisted Entries: 1 - This is the number of entries
Wildcard Blacklist Entry: *@spamdomain.com
Email was allowed by the module:
Checking MIME Recipients (1)
(MIMERcpt) 'gfitest@gfitest.com' is not blacklisted by wildcards
(MIMERcpt) Checking directly in db ...
SQL: SELECT TOP 1 id FROM antispam2_blacklist WHERE (type=0 OR type=4) AND entry IN ('gfitest@gfitest.com')
(MIMERcpt) Recipient address not found in blacklist db
Checking MIME Sender [ham@gfitest.com]
(MIMEFrom) 'ham@gfitest.com' is not blacklisted by wildcards
(MIMEFrom) Checking directly in db ...
SQL: SELECT TOP 1 id FROM antispam2_blacklist WHERE (type=1 OR type=5) AND entry IN ('ham@gfitest.com')
(MIMEFrom) Address [krista_leigh@hotmail.com] not found in blacklist db
Checking SMTP Sender [ham@gfitest.com]
(SMTPFrom) 'ham@gfitest.com' is not blacklisted by wildcards
(SMTPFrom) Checking directly in db ...
SQL: SELECT TOP 1 id FROM antispam2_blacklist WHERE (type=3 OR type=5) AND entry IN ('ham@gfitest.com')
(SMTPFrom) Address [ham@gfitest.com] not found in blacklist db
Checking SMTP Recipients (1)
(SMTPRcpt) 'gfitest@gfitest.com' is not blacklisted by wildcards
(SMTPRcpt) Checking directly in db ...
SQL: SELECT TOP 1 id FROM antispam2_blacklist WHERE (type=2 OR type=4) AND entry IN ('gfitest@gfitest.com')
(SMTPRcpt) Recipient address not found in blacklist db
<< Message Processing Block
Note: If an address or domain should have been blocked, but is not found in the database, add the address in the configuration. For more information on accepted wildcards, please see: http://www.gfi.com/support/products/gfi-mailessentials/What-wildcards-can-be-used-in-the-GFI-MailEssentials-Email-Blacklist-and-Whitelist-130452887670
Email was blocked by the module:
Checking MIME Recipients (1)
(MIMERcpt) 'gfitest@gfitest.com' is not blacklisted by wildcards
(MIMERcpt) Checking directly in db ...
SQL: SELECT TOP 1 id FROM antispam2_blacklist WHERE (type=0 OR type=4) AND entry IN ('gfitest@gfitest.com')
(MIMERcpt) Recipient address not found in blacklist db
Checking MIME Sender [spam@spamdomain.com]
(MIMEFrom) 'spam@spamdomain.com' is blacklisted by wildcard
SMTP FROM check skipped (blacklisted set)
SMTP Recipients check skipped (blacklisted set)
Setting actions data ...
Informing ASE of SPAM [2]...
Setting block report to: 'Sender blocklisted'
Note: If an email is blocked incorrectly, remove the address or domain from the email blocklist in the configuration.
Module is disabled:
Custom Blacklist is disabled ...