Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 18 replies
  • Subscribers 1 subscriber
  • Views 24208 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

why? rejected: Spam (Confirmed)

JasonIstre
Our appliance is rejecting email from 209.85.214.170.  It shows in mail manager as simply "rejected: Spam (confirmed)".

We are using the recommended blacklist checkbox, with additional servers specified as zen.spamhaus.org and b.barracudacentral.org.

I checked that IP against blacklists and cant find it listed. 

any ideas?


This thread was automatically locked due to age.
  • 0
    Hi Bob,

    reason="as" means that CommTouch saw that email as spam.  I bet there was a line prior to that including ctasd reports 'Confirmed'.  That line also will include something like RefID:str=0001.0A090203.4F0DA5C1.007E,ss=4,fgs=8

    Submit a case to Sophos Support with that RefID and they can report the false positive to CommTouch.  I don't think we're supposed to send reports directly to CommTouch ourselves.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0
    In Email Protection, under Antispam tab
    configure Spam Filter Spam action: Quarantine Confirmed Spam action: Quarantine

    Now you will be able to download the email, release it and see is it spam or not.
  • 0
    If you want to help the other company IT and do exception, do it when somebody calls you for one non-sended email [:)]
  • 0
    Olsi, I don't think that will help because that's after the setting at the top of the AntiSpam tab.  'Reject at SMTP Time' would have to be off, I think, for the 'Spam filter' settings to apply, and that's not something I like to do.  90% of spam that's not already blocked by RDNS/HELO or RBL is stopped at SMTP time before the content of the message is received by the Proxy.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0
    You are right Bob, but he recieves spam from  the same good domain witch mean the email it's ok with RDNS/HELO I think. The spam is sended from Outlook fure sure. That is what i think
  • 0 in reply to BAlfson
    Hi Bob,

    reason="as" means that CommTouch saw that email as spam.  I bet there was a line prior to that including ctasd reports 'Confirmed'.  That line also will include something like RefID:str=0001.0A090203.4F0DA5C1.007E,ss=4,fgs=8

    Submit a case to Sophos Support with that RefID and they can report the false positive to CommTouch.  I don't think we're supposed to send reports directly to CommTouch ourselves.

    Cheers - Bob



    Hi Bob

    It seems that I get email set as spam with the reason="as"

    Is there a way for home uses to report this to sophos for fixing the false positive issue

     2012:12:19-11:53:05 *****  pop3proxy[20862]: id="1101" severity="info" sys="SecureMail" sub="pop3" name="email quarantined" from="auto-communication@amazon.co.uk" to="**********" subject="Your e-mail to Black Dog Bikes" size="5913" srcip="212.123.28.40" dstip="******" uid="UID8666-1288277597" ident="0/20862-1-1355917985" reason="as"

    Thanks
  • 0
    That's interesting, Wingman - I wonder if the POP3 Proxy uses CommTouch - do you see any mention of ctasd in your logfile?

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    That's interesting, Wingman - I wonder if the POP3 Proxy uses CommTouch - do you see any mention of ctasd in your logfile?

    Cheers - Bob


    nothing on the pop3 log apart from that line
Unfiltered HTML