Overview
The New Senders module identifies emails that have been received from senders to whom emails have never been sent before.
In this article, you will learn how to determine why the New Senders module blocked or allowed a message as part of the troubleshooting process involving this Anti-Spam module.
Introduction
The New Senders module is the last module that processes a message when the email is processed by the inbound sink. Only emails in which no spam is detected and where the sender is not present in any Whitelist are triggered by the New Senders filter.
The NewSenders module checks if the message is either whitelisted, or classified as SPAM. If it does not find any classification, it will block the message and action it accordingly. Therefore, to efficiently use this module, it is important that the client has the Autowhitelist enabled.
There will be scenarios where customers open support requests wanting to understand why the New Senders module blocked or allowed specific messages against their expectations. The next section outlines the troubleshooting process to determine the reason behind the actions taken by this filter.
Description
- Find the Message-ID of the email in question by either obtaining it from the headers of the message itself or by looking for it in the MailEssentials Dashboard > Logs > Details tab. Refer to this linked article for more information on Reading Email Headers to extract the Message-ID.
- Navigate to ..\GFI\MailEssentials\AntiSpam\DebugLogs and locate the log file for the New Senders module. The debug log filename is NewSenders.gfi_log.txt
- This debug log file for the module corresponds to GFI MailEssentials > Anti-Spam > New Senders on the configuration UI as well as the newsenders_mimeexceptionlist table in the config.mdb database.
- Open the debug log file in a text editor and search for the Message-ID obtained in step 1.
- Refer to the scenarios below to determine the reasons behind the action taken by the New Senders module. Pay close attention to the lines in bold to understand what happened and why.
"NewSenders","----------------------------------------------------------------"
"NewSenders",">> Message Initialization"
"NewSenders","Context Refreshed: Yes"
"NewSenders","AntiSpam - Status: [Enabled]"
"NewSenders","Licensing check: Licensed"
"NewSenders","Unique MessageID: [<08635c099c9a4ccb4dcb11a91486aa26@ec2edqdcp>]"
"NewSenders","<< Message Initialization"
"NewSenders",">> Message Processing Block"
"NewSenders","<< Message Processing Block"
"NewSenders",">> Message Uninitialization"
"NewSenders","<< Message Uninitialization"
"NewSenders","---------------------------------------------------------------"
"NewSenders","-------------------------------------------------------------------"
"NewSenders",">> Message Initialization"
"NewSenders","Context Refreshed: Yes"
"NewSenders","AntiSpam - Status: [Enabled]"
"NewSenders","Licensing check: Licensed"
"NewSenders","Unique MessageID: [<60629d85a41acdad09637055bd00f129@ec2edqdcp>]"
"NewSenders","<< Message Initialization"
"NewSenders",">> Message Processing Block"
"NewSenders","Both properties set to false, ie Newsender"
"NewSenders","Setting actions data ..."
"NewSenders","Informing ASE [128]..."
"NewSenders","Setting block report to: 'Message is from an unknown sender'"
"NewSenders","<< Message Processing Block"
"NewSenders",">> Message Uninitialization"
"NewSenders","<< Message Uninitialization"
"NewSenders","-------------------------------------------------------------------"
Scenario 1: Email was allowed by the module
"NewSenders","------------------------------------------------------------------"
"NewSenders",">> Message Initialization"
"NewSenders","Context Refreshed: Yes"
"NewSenders","Licensing check: Licensed"
"NewSenders","Unique MessageID: [<a3565959fac9bf063acb93623e45@ec2amaz-tedqdcp>]"
"NewSenders","<< Message Initialization"
"NewSenders",">> Message Processing Block"
"NewSenders","GFI_ASEMSGPROPS_WHITELISTED present & set to true"
"NewSenders","<< Message Processing Block"
"NewSenders",">> Message Uninitialization"
"NewSenders","<< Message Uninitialization"
"NewSenders","------------------------------------------------------------------"
"NewSenders","--------------------------------------------------------------------------"
"NewSenders",">> Message Initialization"
"NewSenders","Context Refreshed: No"
"NewSenders","Licensing check: Licensed"
"NewSenders","Unique MessageID: [<32108829e1f2c791fe5f3ee83d6891bc@EC2AMAZ-TEDQDCP>]"
"NewSenders","<< Message Initialization"
"NewSenders",">> Message Processing Block"
"NewSenders","Message recipients are remote - skipping processing; GFI_MTASMTP_MC_Recipients - [2]"
"NewSenders","<< Message Processing Block"
"NewSenders",">> Message Uninitialization"
"NewSenders","<< Message Uninitialization"
"NewSenders","--------------------------------------------------------------------------"
Scenario 2: Email was blocked by the module
"NewSenders","------------------------------------------------------------------"
"NewSenders",">> Message Initialization"
"NewSenders","Context Refreshed: Yes"
"NewSenders","AntiSpam - Status: [Enabled]"
"NewSenders","Licensing check: Licensed"
"NewSenders","Unique MessageID: [<60629d85a41aad0963705bd0f129@ec2amaz-tedqdcp>]"
"NewSenders","<< Message Initialization"
"NewSenders",">> Message Processing Block"
"NewSenders","Both properties set to false, ie Newsender"
"NewSenders","Setting actions data ..."
"NewSenders","Informing ASE [128]..."
"NewSenders","Setting block report to: 'Message is from an unknown sender'"
"NewSenders","<< Message Processing Block"
"NewSenders",">> Message Uninitialization"
"NewSenders","<< Message Uninitialization"
"NewSenders","------------------------------------------------------------------"
The NewSenders module checks the property bag that is built by the Anti-Spam Engine (ASE) for the email message to identify the following two flags:
- GFI_ASEMSGPROPS_WHITELISTED – Email has been whitelisted
- GFI_ASEMSGPROPS_SPAM – Email is SPAM
If both of these flags are not set, then the email is considered as NewSender, and the configured action from the Actions tab is taken.
New Senders & Whitelist
For the New Senders module to work, there has to be at least one whitelist enabled from the Whitelist configuration node. The following scenarios may be encountered in the logs depending on whether the sender or recipient is Whitelisted or not:
A new sender. Not detected as spam and user is not in whitelist – marked as spam
[::ProcessMessage] GFI_ASEMSGPROPS_WHITELISTED && GFI_ASEMSGPROPS_SPAM present but false; newsender
Previously detected as spam or is in whitelist – not marked as spam
[::ProcessMessage] GFI_ASEMSGPROPS_WHITELISTED && GFI_ASEMSGPROPS_SPAM present but one/both of them are true; skipping
Previously detected as spam, skipping check – not marked as spam
[::ProcessMessage] Checking for NDR Spam
[::ProcessMessage] GFI_ASEMSGPROPS_SPAM is set to true; skipping