Overview
The Spam Keyword Checking Filter enables the identification of Spam emails based on a set of predefined keywords in the email being received, either in the subject or email body.
In this article, you will learn how to determine why the Spam Keyword Checking Anti-Spam filter blocked or allowed a message as part of the troubleshooting process.
Introduction
The Spam Keyword Checking filter can block emails that have specific words in the subject or body. The words found in the subject and the body of an email are compared with the keywords listed in the Keyword Checking table in the configuration database. The keywords are stored in binary format and can therefore only be updated from the configuration UI.
If a match is found the message gets blocked. The option ‘Match whole words only’, when enabled, would only match the keywords to full words, as opposed to being within words. So for example, if you were intending to block the word “Cialis”, and ‘Match whole words only’ was not enabled, it would block the word “specialist” even though it is only a substring in an otherwise legitimate word.
There will be scenarios where customers open support requests wanting to understand why the Spam Keyword Checking Anti-Spam filter blocked or allowed specific messages against their expectations. The next section outlines the troubleshooting process to determine the reason behind the actions taken by this filter.
Description
- Find the Message-ID of the email in question by either obtaining it from the headers of the message itself or by looking for it in the MailEssentials Dashboard > Logs > Details tab. Refer to this linked article for more information on Reading Email Headers to extract the Message-ID.
- Navigate to ..\GFI\MailEssentials\AntiSpam\DebugLogs and locate the log file for the module. The debug log filename is ase_keyword_checking.gfi_log.txt
- This debug log file for the module corresponds to GFI MailEssentials > Anti-Spam > Anti-Spam Filters > Spam Keyword Checking on the configuration UI.
- Open the debug log file in a text editor and search for the Message-ID obtained in step 1.
- Refer to the scenarios below to determine the reasons behind the action taken by the module. Pay close attention to the lines in bold to understand what happened and why.
"ase_keyword_checking","--------------------------------------------------------------------------"
"ase_keyword_checking",">> Init Message [<97e6b77a0cb18d68a354191620043785@ec2amaz-tedqdcp>]"
"ase_keyword_checking","Context Refreshed: Yes"
"ase_keyword_checking","Licensing check: Licensed"
"ase_keyword_checking","Going to try and create instance of StreamOnFile..."
"ase_keyword_checking","Going to try and create instance of StreamOnFile...SUCCESS"
"ase_keyword_checking",""
"ase_keyword_checking","File created, retrieving stream access"
"ase_keyword_checking",">> Load Config"
"ase_keyword_checking","Retrieving Keyword Checking setting. Executing query [SELECT * FROM antispam]"
"ase_keyword_checking","Body keyword check disabled: [0]"
"ase_keyword_checking","Subject keyword check disabled: [0]"
"ase_keyword_checking","Display name check disabled: [0]"
"ase_keyword_checking","<< Load Config"
"ase_keyword_checking","<< Init Message"
"ase_keyword_checking",">> Message Uninitialization"
"ase_keyword_checking","CKeyCheck::~CKeyCheck() >>"
"ase_keyword_checking","mlang count: 0"
"ase_keyword_checking","CKeyCheck::~CKeyCheck() <<"
"ase_keyword_checking","<< Message Uninitialization"
"ase_keyword_checking","--------------------------------------------------------------------------"
"ase_keyword_checking","--------------------------------------------------------------------------"
"ase_keyword_checking",">> Init Message [<7918a8a51ac14e2b6e0b11b47584890c@ec2amaz-tedqdcp>]"
"ase_keyword_checking","Context Refreshed: Yes"
"ase_keyword_checking","Licensing check: Licensed"
"ase_keyword_checking","Going to try and create instance of StreamOnFile..."
"ase_keyword_checking","Going to try and create instance of StreamOnFile...SUCCESS"
"ase_keyword_checking",""
"ase_keyword_checking","File created, retrieving stream access"
"ase_keyword_checking",">> Load Config"
"ase_keyword_checking","Retrieving Keyword Checking setting. Executing query [SELECT * FROM antispam]"
"ase_keyword_checking","Body keyword check enabled: [1]"
"ase_keyword_checking","Subject keyword check enabled: [1]"
"ase_keyword_checking","Display name check enabled: [1]"
"ase_keyword_checking","Loading body words"
"ase_keyword_checking","Creating word list"
"ase_keyword_checking","Accessing operators"
"ase_keyword_checking","Accessing words"
"ase_keyword_checking","Processing 279 entries"
Scenario 1: Email was allowed by the module
"ase_keyword_checking","--------------------------------------------------------------------------"
"ase_keyword_checking",">> Init Message [<7918a8a51ac14e2b6e0b11b47584890c@ec2amaz-tedqdcp>]"
"ase_keyword_checking","Context Refreshed: Yes"
"ase_keyword_checking","Licensing check: Licensed"
"ase_keyword_checking","Going to try and create instance of StreamOnFile..."
"ase_keyword_checking","Going to try and create instance of StreamOnFile...SUCCESS"
"ase_keyword_checking",""
"ase_keyword_checking","File created, retrieving stream access"
"ase_keyword_checking",">> Load Config"
"ase_keyword_checking","Retrieving Keyword Checking setting. Executing query [SELECT * FROM antispam]"
"ase_keyword_checking","Body keyword check enabled: [1]"
"ase_keyword_checking","Subject keyword check enabled: [1]"
"ase_keyword_checking","Display name check enabled: [1]"
"ase_keyword_checking","Loading body words"
"ase_keyword_checking","Creating word list"
"ase_keyword_checking","Accessing operators"
"ase_keyword_checking","Accessing words"
"ase_keyword_checking","Processing 279 entries"
...
"ase_keyword_checking","Word list done"
"ase_keyword_checking","ID: 8238de3b07e97d3f6025f48a32e9a454"
"ase_keyword_checking","Successfully created subject word list [0]"
"ase_keyword_checking","<< Load Config"
"ase_keyword_checking","<< Init Message"
"ase_keyword_checking",">> Process Message"
"ase_keyword_checking",">> ScanSubject"
"ase_keyword_checking","Subject scanned successfully [0]"
"ase_keyword_checking","<< ScanSubject"
"ase_keyword_checking",">> ScanDisplayName"
"ase_keyword_checking","Display name scanned successfully [0]"
"ase_keyword_checking","<< ScanDisplayName"
"ase_keyword_checking",">> ScanTextBody"
"ase_keyword_checking","IStream scanned successfully [0]"
"ase_keyword_checking","<< ScanTextBody"
"ase_keyword_checking",">> ScanHTMLBody"
"ase_keyword_checking","IStream scanned successfully [0]"
"ase_keyword_checking","<< ScanHTMLBody"
"ase_keyword_checking","<< Process Message"
"ase_keyword_checking","--------------------------------------------------------------------------"
"ase_keyword_checking","--------------------------------------------------------------------------"
"ase_keyword_checking",">> Init Message [<0fb196c2a9ed011c0a6734682ccd1646@ec2amaz-tedqdcp>]"
"ase_keyword_checking","Context Refreshed: Yes"
"ase_keyword_checking","Licensing check: Licensed"
...
"ase_keyword_checking","ID: d66f443cfa61d1c1f16e8f79c382c367"
"ase_keyword_checking","Successfully created body word list [0]"
"ase_keyword_checking","Loading subject words"
"ase_keyword_checking","Creating word list"
"ase_keyword_checking","Accessing operators"
"ase_keyword_checking","Accessing words"
"ase_keyword_checking","Processing 283 entries"
"ase_keyword_checking","Entried processed - un-accessing strings"
"ase_keyword_checking","Un-accessing operators"
"ase_keyword_checking","Word list done"
"ase_keyword_checking","ID: 8238de3b07e97d3f6025f48a32e9a454"
"ase_keyword_checking","Successfully created subject word list [0]"
"ase_keyword_checking","<< Load Config"
"ase_keyword_checking","<< Init Message"
"ase_keyword_checking",">> Process Message"
"ase_keyword_checking",">> ScanSubject"
"ase_keyword_checking","Subject scanned successfully [1]"
"ase_keyword_checking",">> CollectResults"
"ase_keyword_checking","<< CollectResults"
"ase_keyword_checking","<< ScanSubject"
"ase_keyword_checking","Found word(s) in subject"
"ase_keyword_checking","Found 4 words: [100% risk free check out risk free]"
"ase_keyword_checking","Setting actions data ..."
"ase_keyword_checking","Spam detected, Stopping ASE Chain [2]..."
"ase_keyword_checking","<< Process Message"
Related Articles
- Keyword Checker detecting bad keywords within legitimate words
- GFI MailEssentials and Anti-Spam Keywords
- Is Keyword Checking case sensitive?