Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 121 replies
  • Subscribers 2 subscribers
  • Views 162548 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

outgoing mail wrongly classified as spam

Mast_01
Hello,
i've started having a problem since last week of outgoing mails classified as confirmed spam(and thus getting bounced).
checking the smtp log i dont find anything very useful as the refid is completely cryptic: 


2014:05:05-08:10:06 astaro exim-in[4918]: 2014-05-05 08:10:06 SMTP connection from [192.168.0.10]:16370 (TCP/IP connection count = 2)

2014:05:05-08:10:06 astaro exim-in[13568]: 2014-05-05 08:10:06 [192.168.0.10] F= R= Accepted: from relay

2014:05:05-08:10:06 astaro exim-in[13568]: 2014-05-05 08:10:06 [192.168.0.10] F= R= Accepted: from relay

2014:05:05-08:10:07 astaro exim-in[13568]: 2014-05-05 08:10:07 1WhGmc-0003Wq-2l ctasd reports 'Confirmed' RefID:str=0001.0A090202.5367718F.00EA,ss=1,re=0.000,recu=0.000,reip=0.000,pt=R_399335,cl=4,cld=1,fgs=0

2014:05:05-08:10:07 astaro exim-in[13568]: 2014-05-05 08:10:07 1WhGmc-0003Wq-2l id="1003" severity="info" sys="SecureMail" sub="smtp" name="email rejected" srcip="192.168.0.10" from="user@mail.com" to="Paganoc@***x.com, nadiap@***x.com" subject="RV: subject" queueid="1WhGmc-0003Wq-2l" size="85468" reason="as" extra="confirmed"


how do i parse that cryptic ctasd reference line?


This thread was automatically locked due to age.
Parents
  • 0
    No, Adam, this shouldn't be happening.  The patterns are maintained by CommTouch (now Cyren).  If you look in the SMTP log file, you will see that a string is calculated for each email, the string is sent to their service by ctasd and the service responds with "Confirmed" or "Bulk" or "Unknown."  Apparently, some of your outbound emails look like "Bulk" email reported by others or received by one of their honeypots.

    Instead of just releasing the emails with the Quarantine Report, from the Mail Manager or the User Portal, select "Release and report as false positive."  After a few days at most, this problem should disappear.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0
    No, Adam, this shouldn't be happening.  The patterns are maintained by CommTouch (now Cyren).  If you look in the SMTP log file, you will see that a string is calculated for each email, the string is sent to their service by ctasd and the service responds with "Confirmed" or "Bulk" or "Unknown."  Apparently, some of your outbound emails look like "Bulk" email reported by others or received by one of their honeypots.

    Instead of just releasing the emails with the Quarantine Report, from the Mail Manager or the User Portal, select "Release and report as false positive."  After a few days at most, this problem should disappear.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Unfiltered HTML