This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

User portal missing some spam shown in mail manager

I am trying to resolve an issue with antispam.

Most spam messages sent to an account, say "xyz", are listed in the user portal when user xyz logs in; but not all of them. 

In other words, I can see some messages in the mail manager that are addressed to user xyz, but they just won't show up in xyz's user portal. These messages are classified as spam, i.e., they were not flagged as viruses. So I don't understand why they don't show up like the others.

These odd messages also cannot be released, and they are not included in the quarantine report.

I have re-entered the e-mail password and other settings in the user portal, just to be safe, but that was not the reason.

Any ideas?


This thread was automatically locked due to age.
Parents
  • And, it's not from just one POP3 server?

    I'm a bit confused that there were only two lines in the POP3 log during that 23-minute period.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • And, it's not from just one POP3 server?

    I'm a bit confused that there were only two lines in the POP3 log during that 23-minute period.

    Cheers - Bob


    Oops again. I looked at an archived version on a different server. The following is directly from the UTM.

    The pop3 server has the same DNS name but resolves to different IPs.

    Thanks for taking the time!

    2014:05:31-13:11:27 TheWiredGateway pop3proxy[11465]: Prefetch for account 3: Successfully logged in on POP3 server xx.yy.128.135
    2014:05:31-13:11:28 TheWiredGateway pop3proxy[11465]: id="1100" severity="info" sys="SecureMail" sub="pop3" name="email passed" from="ggg" to="eee" subject="hhh?" size="18878" srcip="zz.240.9.43" dstip="xx.yy.128.135" uid="47221.X1WM6g8fbIXxW2ukt2OsuyqFb3U=" ident="0/11465-1-1401567087"
    2014:05:31-13:11:28 TheWiredGateway pop3proxy[11465]: Prefetch for account 3 finished (fetched=1, deleted=0, not_on_server=1)

    2014:05:31-13:26:29 TheWiredGateway pop3proxy[12966]: Prefetch for account 3: Successfully logged in on POP3 server xx.yy.128.135
    2014:05:31-13:26:29 TheWiredGateway pop3proxy[12966]: Prefetch for account 3 finished (fetched=0, deleted=0, not_on_server=1)

    2014:05:31-13:34:47 TheWiredGateway pop3proxy[13743]: Accepted client connection from iii for xx.yy.136.144
    2014:05:31-13:34:47 TheWiredGateway pop3proxy[13746]: Accepted client connection from iii for xx.yy.136.144
    2014:05:31-13:34:47 TheWiredGateway pop3proxy[13747]: Accepted client connection from iii for xx.yy.136.144
    2014:05:31-13:34:47 TheWiredGateway pop3proxy[13745]: Accepted client connection from iii for xx.yy.136.144
    2014:05:31-13:34:47 TheWiredGateway pop3proxy[13748]: Accepted client connection from iii for xx.yy.136.144
    2014:05:31-13:34:47 TheWiredGateway pop3proxy[13743]: aaa logged in
    2014:05:31-13:34:47 TheWiredGateway pop3proxy[13746]: bbb logged in
    2014:05:31-13:34:47 TheWiredGateway pop3proxy[13745]: ddd logged in
    2014:05:31-13:34:47 TheWiredGateway pop3proxy[13748]: eee logged in
    2014:05:31-13:34:47 TheWiredGateway pop3proxy[13747]: fff logged in
    2014:05:31-13:34:47 TheWiredGateway pop3proxy[13743]: Client iii logged out (account=0, deleted=0)
    2014:05:31-13:34:47 TheWiredGateway pop3proxy[13745]: Client iii logged out (account=0, deleted=0)
    2014:05:31-13:34:47 TheWiredGateway pop3proxy[13746]: Client iii logged out (account=0, deleted=0)
    2014:05:31-13:34:47 TheWiredGateway pop3proxy[13747]: Client iii logged out (account=0, deleted=0)
    2014:05:31-13:34:48 TheWiredGateway pop3proxy[13748]: id="1101" severity="info" sys="SecureMail" sub="pop3" name="email quarantined" from="ggg" to="eee" subject="hhh?" size="18878" srcip="zz.240.9.43" dstip="xx.yy.136.144" uid="47221.X1WM6g8fbIXxW2ukt2OsuyqFb3U=" ident="0/13748-1-1401568487" reason="as"
    2014:05:31-13:34:48 TheWiredGateway pop3proxy[13748]: Client iii logged out (account=0, deleted=0)
Reply
  • And, it's not from just one POP3 server?

    I'm a bit confused that there were only two lines in the POP3 log during that 23-minute period.

    Cheers - Bob


    Oops again. I looked at an archived version on a different server. The following is directly from the UTM.

    The pop3 server has the same DNS name but resolves to different IPs.

    Thanks for taking the time!

    2014:05:31-13:11:27 TheWiredGateway pop3proxy[11465]: Prefetch for account 3: Successfully logged in on POP3 server xx.yy.128.135
    2014:05:31-13:11:28 TheWiredGateway pop3proxy[11465]: id="1100" severity="info" sys="SecureMail" sub="pop3" name="email passed" from="ggg" to="eee" subject="hhh?" size="18878" srcip="zz.240.9.43" dstip="xx.yy.128.135" uid="47221.X1WM6g8fbIXxW2ukt2OsuyqFb3U=" ident="0/11465-1-1401567087"
    2014:05:31-13:11:28 TheWiredGateway pop3proxy[11465]: Prefetch for account 3 finished (fetched=1, deleted=0, not_on_server=1)

    2014:05:31-13:26:29 TheWiredGateway pop3proxy[12966]: Prefetch for account 3: Successfully logged in on POP3 server xx.yy.128.135
    2014:05:31-13:26:29 TheWiredGateway pop3proxy[12966]: Prefetch for account 3 finished (fetched=0, deleted=0, not_on_server=1)

    2014:05:31-13:34:47 TheWiredGateway pop3proxy[13743]: Accepted client connection from iii for xx.yy.136.144
    2014:05:31-13:34:47 TheWiredGateway pop3proxy[13746]: Accepted client connection from iii for xx.yy.136.144
    2014:05:31-13:34:47 TheWiredGateway pop3proxy[13747]: Accepted client connection from iii for xx.yy.136.144
    2014:05:31-13:34:47 TheWiredGateway pop3proxy[13745]: Accepted client connection from iii for xx.yy.136.144
    2014:05:31-13:34:47 TheWiredGateway pop3proxy[13748]: Accepted client connection from iii for xx.yy.136.144
    2014:05:31-13:34:47 TheWiredGateway pop3proxy[13743]: aaa logged in
    2014:05:31-13:34:47 TheWiredGateway pop3proxy[13746]: bbb logged in
    2014:05:31-13:34:47 TheWiredGateway pop3proxy[13745]: ddd logged in
    2014:05:31-13:34:47 TheWiredGateway pop3proxy[13748]: eee logged in
    2014:05:31-13:34:47 TheWiredGateway pop3proxy[13747]: fff logged in
    2014:05:31-13:34:47 TheWiredGateway pop3proxy[13743]: Client iii logged out (account=0, deleted=0)
    2014:05:31-13:34:47 TheWiredGateway pop3proxy[13745]: Client iii logged out (account=0, deleted=0)
    2014:05:31-13:34:47 TheWiredGateway pop3proxy[13746]: Client iii logged out (account=0, deleted=0)
    2014:05:31-13:34:47 TheWiredGateway pop3proxy[13747]: Client iii logged out (account=0, deleted=0)
    2014:05:31-13:34:48 TheWiredGateway pop3proxy[13748]: id="1101" severity="info" sys="SecureMail" sub="pop3" name="email quarantined" from="ggg" to="eee" subject="hhh?" size="18878" srcip="zz.240.9.43" dstip="xx.yy.136.144" uid="47221.X1WM6g8fbIXxW2ukt2OsuyqFb3U=" ident="0/13748-1-1401568487" reason="as"
    2014:05:31-13:34:48 TheWiredGateway pop3proxy[13748]: Client iii logged out (account=0, deleted=0)
Children
No Data