Seeing this problem eversince I updated to 9.702-1 this Thursday (never had issues the last ~9 months we've had our UTM). Lots of false positives, especially from internal mails by our local Exchange. It says this in the SMTP proxy log, seems to be the Cyren module:
1jD9cz-0002eZ-20 ctasd reports 'Confirmed' RefID:str=0001.0A782F20.5E6D05C1.0032,ss=4,re=0.000,recu=0.000,reip=0.000,cl=4,cld=1,fgs=8
(I also moved our UTM + Exchange to a new DSL line with a new public IP that same evening but I double checked that the IP is not blacklisted and reconfigured our public DNS settings accordingly).
This thread was automatically locked due to age.
