Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 8 replies
  • Subscribers 1 subscriber
  • Views 2961 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

User portal missing some spam shown in mail manager

MHV
I am trying to resolve an issue with antispam.

Most spam messages sent to an account, say "xyz", are listed in the user portal when user xyz logs in; but not all of them. 

In other words, I can see some messages in the mail manager that are addressed to user xyz, but they just won't show up in xyz's user portal. These messages are classified as spam, i.e., they were not flagged as viruses. So I don't understand why they don't show up like the others.

These odd messages also cannot be released, and they are not included in the quarantine report.

I have re-entered the e-mail password and other settings in the user portal, just to be safe, but that was not the reason.

Any ideas?


This thread was automatically locked due to age.
Parents
  • 0
    Sorry, I just now got back to this.

    How about the lines from the POP3 logfile for when a spam was downloaded from the server by the UTM?

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    Sorry, I just now got back to this.

    How about the lines from the POP3 logfile for when a spam was downloaded from the server by the UTM?

    Cheers - Bob


    Thanks for asking.

    This is interesting.  All the affected e-mails are both passed and quarantined (sample below). 

    They are not included in the quarantine report, but rather are sent separately under the "E-mail blocked" cover.

    [from, to, subject, size, srcip are the same; dstip differ]

    May 31 13:11:27 pop3proxy[11465]: id="1100" severity="info" sys="SecureMail" sub="pop3" name="email passed" from="[redacted]" to="[redacted]" subject="[redacted]" size="18878" srcip="zz.240.9.43" dstip="xx.yy.128.135" uid="47221.X1WM6g8fbIXxW2ukt2OsuyqFb3U=" ident="0/11465-1-1401567087"
    May 31 13:34:48 pop3proxy[13748]: id="1101" severity="info" sys="SecureMail" sub="pop3" name="email quarantined" from="[redacted]" to="[redacted]" subject="[redacted]" size="18878" srcip="zz.240.9.43" dstip="xx.yy.136.144" uid="47221.X1WM6g8fbIXxW2ukt2OsuyqFb3U=" ident="0/13748-1-1401568487" reason="as"
Reply
  • 0 in reply to BAlfson
    Sorry, I just now got back to this.

    How about the lines from the POP3 logfile for when a spam was downloaded from the server by the UTM?

    Cheers - Bob


    Thanks for asking.

    This is interesting.  All the affected e-mails are both passed and quarantined (sample below). 

    They are not included in the quarantine report, but rather are sent separately under the "E-mail blocked" cover.

    [from, to, subject, size, srcip are the same; dstip differ]

    May 31 13:11:27 pop3proxy[11465]: id="1100" severity="info" sys="SecureMail" sub="pop3" name="email passed" from="[redacted]" to="[redacted]" subject="[redacted]" size="18878" srcip="zz.240.9.43" dstip="xx.yy.128.135" uid="47221.X1WM6g8fbIXxW2ukt2OsuyqFb3U=" ident="0/11465-1-1401567087"
    May 31 13:34:48 pop3proxy[13748]: id="1101" severity="info" sys="SecureMail" sub="pop3" name="email quarantined" from="[redacted]" to="[redacted]" subject="[redacted]" size="18878" srcip="zz.240.9.43" dstip="xx.yy.136.144" uid="47221.X1WM6g8fbIXxW2ukt2OsuyqFb3U=" ident="0/13748-1-1401568487" reason="as"
Children
No Data
Unfiltered HTML