Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 1 reply
  • Subscribers 3 subscribers
  • Views 1284 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

EMail Protection SPAM problem...

Joe78

Hello,

 

Any ideas, why Sophos classified a mail as confirmed spam, but the next day it gets passed?

I didn't changed anything in the Email protection settings...

 

2019:12:27-14:08:05 89 pop3proxy[3263]: id="1101" severity="info" sys="SecureMail" sub="pop3" name="email quarantined" from="info@capitalrtv.com" to="aaa@bbb.de" subject="Willkommen bei LiDL! Bis zul 80-99%25 rabatt!" size="12415" srcip="75.98.169.147" dstip="000.00.00.000" uid="00014f004cfe800b" ident="0/3263-1-1577452085" reason="as" extra="confirmed"
2019:12:28-15:48:06 router pop3proxy[11718]: id="1100" severity="info" sys="SecureMail" sub="pop3" name="email passed" from="info@capitalrtv.com" to="aaa@bbb.de" subject="Willkommen bei LiDL! Bis zul 80-99%25 rabatt!!" size="12387" srcip="75.98.169.147" dstip="000.00.00.000" uid="00014f094cfe800b"

 

Greetings,

Joe

 

Sophos UTM SG 125



This thread was automatically locked due to age.
  • +1

    Hi  

    The important part of the logs is  reason="as" extra="confirmed" which means the AntiSpam Engine of the Sophos UTM detected this email as confirmed spam. Sophos UTM gets frequent pattern updates and this might result into Sophos UTM spam engine identifying it differently on the next day.

    Regards

    Jaydeep

Unfiltered HTML