Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 2 subscribers
  • Views 5586 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Is there some sort of Log for the Spam Filter in UTM 9.408-4

VolkerSpies

Hi Forum,

I would like to see on which criteria mails are tagged as spam. 

Is there some sort of log, or is there a switch to add some informations to the mail header?

From time to time we have outgoing mails tagged as spam and I would like to kown why the UTM thinks these mails are spam.

Best regards

Volker

 



This thread was automatically locked due to age.
  • 0

    Hi, Volker, and welcome to the UTM Community!

    Is the SMTP Proxy configured as in Basic Exchange setup with SMTP Proxy?

    Look in 'Logging & Reporting' for the "SMTP Proxy" logs.  In there, you will find five to ten lines related to one of the emails judged as spam.  Don't bother deleting lines related to other emails, but show us the 10-to-50 lines that  contain the lines we're interested in.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hi Bob,

    sorry for the late answer, but better late than never. :)

    Yes, our configuration is similar to that you mentioned, we SMTP Profiles and no the simple mode, but the rest is the same.

    Since this is an outgoing mail, there are only 3-5 lines regarding this mail in the smtp log.

    But I figured out that this line is regarded to the Spamfilter:

    2017:02:28-17:00:26 fw-ha-sga-2 exim-in[29898]: 2017-02-28 17:00:26 1cikCQ-0007mE-0I ctasd reports 'Bulk' RefID:str=0001.0A0B0203.58B59CC1.021F,ss=3,sh,re=0.000,recu=0.000,reip=0.000,cl=3,cld=1,fgs=0

    Does Sophos have a documentation how to parse this line?

    The Spam Filter seems to believe that this is a bulk mail!? The Mail has ONE (1) recipient! Nothing special in the body as well, its a list of 10-15 invoice numbers to be checked by an supplier. No fancy html or anything else.

     

    Volker

     

     

     

  • 0 in reply to VolkerSpies

    Good work finding the exact line we needed, Volker.  In that line, you see ctasd reports.  That is the CommTouch Anti Spam Daemon that calculates a "signature" (RefID) for the email and sends it to a server in the cloud that compares the signature to know spams and sends a "grade" back to ctasd which then reports the result to the SMTP Proxy.  All that to say that the content of the email was too similar to known spams.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML