Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 2433 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Outgoing mail quarantined id 1001

makrovic
Hello everybody!

Sometimes I've got problems with outgoing mails being quarantined. Everytime the log shows id="1001". Can somebody tell me which scan test generates id=1001? I would like to create an exception for id=1001 and not uncheck Scan relayed (outgoing) messages in the relaying tab. 


2013:10:18-12:02:21 mail-1 smtpd[4744]: QMGR[4744]: 1VX6st-0008Hm-0S moved to work queue

2013:10:18-12:02:21 mail-1 smtpd[31820]: SCANNER[31820]: 1VX6sv-0008HE-L1 <> R=1VX6st-0008Hm-0S U=MailerDaemon P=local-bsmtp S=971

2013:10:18-12:02:21 mail-1 smtpd[31820]: SCANNER[31820]: 1VX6st-0008Hm-0S => work R=SCANNER T=SCANNER

2013:10:18-12:02:21 mail-1 smtpd[31820]: SCANNER[31820]: 1VX6st-0008Hm-0S Completed


This thread was automatically locked due to age.
  • 0
    I'm used to seeing more information in the SMTP log file.  Were any lines eliminated?  In Mail Manager, what reason is given for the quarantining?  What version - 9.106-17?

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    Oh, sorry. Here is the full log of this mail. The mail manager tags it as spam.

    2013:10:18-12:06:26 mail-1 exim-in[4783]: 2013-10-18 12:06:26 SMTP connection from [aaa.bbb.ccc.ddd]:15132 (TCP/IP connection count = 1)
    2013:10:18-12:06:26 mail-1 exim-in[32219]: 2013-10-18 12:06:26 [aaa.bbb.ccc.ddd] F= R= Accepted: from relay
    2013:10:18-12:06:27 mail-1 exim-in[32219]: 2013-10-18 12:06:27 1VX6ws-0008Nf-0y ctasd reports 'Bulk' RefID:str=0001.0A0C0209.52610822.0176,ss=3,re=0.000,recu=0.000,reip=0.000,vtr=str,vl=0,cl=3,cld=1,fgs=0
    2013:10:18-12:06:27 mail-1 exim-in[32219]: 2013-10-18 12:06:27 1VX6ws-0008Nf-0y <> R=1VX6ws-0008Nf-0y U=MailerDaemon P=local-bsmtp S=964
    2013:10:18-12:06:28 mail-1 smtpd[32032]: SCANNER[32032]: 1VX6ws-0008Nf-0y => work R=SCANNER T=SCANNER
    2013:10:18-12:06:28 mail-1 smtpd[32032]: SCANNER[32032]: 1VX6ws-0008Nf-0y Completed
  • 0
    Hi, makrovic,

    Thanks, it was the line with the ctasd in it that I was looking for.  This means that these emails are too similar to known spam, that is, the signature that ctasd calculated is too close to one that CommTouch considers confirmed spam.

    Your best bet is to use the User Portal or the Mail Manager to "Release and report as false positive" when this occurs. 

    Cheers - Bob

    Sorry for any short responses.  Posted from my iPhone.
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML