Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 1 subscriber
  • Views 10011 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

ctasd reports 'Confirmed'

paule
Hi,

I had to notice a error message in the logs when a partner tried to send mails
yesterday. All his mails were rejected at the astaro, and the smtp log shows
messages like:
2009:03:23-10:11:31 (none) exim[15658]: 2009-03-23 10:11:31 1LlgBs-00044Y-2w ctasd reports 'Confirmed' RefID:str=0001.0A0B0201.49C752E4.0270,ss=4,fgs=12
2009:03:23-10:23:45 (none) exim[15799]: 2009-03-23 10:23:45 1LlgNk-00046p-1h ctasd reports 'Confirmed' RefID:str=0001.0A0B0207.49C755C3.022C,ss=4,fgs=12
2009:03:23-10:36:12 (none) exim[15985]: 2009-03-23 10:36:12 1LlgZn-00049p-38 ctasd reports 'Confirmed' RefID:str=0001.0A0B0206.49C758AE.0308,ss=4,fgs=12
2009:03:23-14:16:02 (none) exim[18728]: 2009-03-23 14:16:02 1Llk0X-0004s4-0u ctasd reports 'Confirmed' RefID:str=0001.0A0B0206.49C78C3A.022E,ss=4,fgs=12
2009:03:23-14:28:22 (none) exim[18874]: 2009-03-23 14:28:22 1LlkCT-0004uQ-27 ctasd reports 'Confirmed' RefID:str=0001.0A0B0201.49C78F1E.03BF,ss=4,fgs=12


Where can I find more information about the reason why ctasd rejects those messages?
I let him send such a mail to another mail address of mine, and I cannot see any real
reason to tread his mails as spam.

BTW, these are all different mails (some with attachment, some without), but from
the same sender.

regards

Paul


This thread was automatically locked due to age.
Parents
  • 0
    Paul, your friend's emails are 'confirmed' spam.  If they are all different and innocuous, it seems reasonable that they are being blocked either because his source IP is blacklisted, because he's sending SMTP from home and you've checked 'Block dialup/residential hosts' or his "server" isn't properly configured for the RDNS/HELO check.

    You can see the first reason the Astaro found to reject the emails on the 'SMTP Log' tab of the 'Mail Manager'.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0
    Paul, your friend's emails are 'confirmed' spam.  If they are all different and innocuous, it seems reasonable that they are being blocked either because his source IP is blacklisted, because he's sending SMTP from home and you've checked 'Block dialup/residential hosts' or his "server" isn't properly configured for the RDNS/HELO check.

    You can see the first reason the Astaro found to reject the emails on the 'SMTP Log' tab of the 'Mail Manager'.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • 0 in reply to BAlfson
    Hi,

    actually ctasd connects to commtouch and checks for their SPAM-score. You can get more information here

    Cheers,
    budy
  • 0 in reply to budy
    Cool, thanks, budy!  Is that the only function of ctasd - to get the reputation of the sending IP?

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    As far as I understood - yes, but I will request more in-depth information about that.
    Actually commtouch also maintaines a real-time outbreak monitor - really neat. [:D]

    Just visit www.commtouch.com and take a look.

    Cheers,
    budy
  • 0 in reply to budy
    yes, I had found that commtouch story meanwhile also, but not yet that
    reputation check link, thanks for that, budy.

    BAlfson: RDNS/HELO produce different messages in SMTP log, so
    that was not the reason.

    but that ctasd is asked after passing the blacklist checks.

    So I informed my partner about his problem with his commtouch reputation.

    so thanks to both of you.

    cu

    Paul.
Unfiltered HTML