Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 8 replies
  • Subscribers 1 subscriber
  • Views 4044 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Spammails not detected as spam after a few days

GL@MO
Good morning all together,

I am having extreme trouble getting the same spam messages into my inbox every day with 

  • the same mail text
  • different sender names and 
  • different email adresses via yahoo.
  • every half an hour

From: Sarah Richter 
Reply-To: 


the curious thing is: the same mails are also in the spam filter but they were sent to a different email address.

Why my UTM filtering half of the emails and the other half is delivered into the inbox?


PS: all those emails were already forwarded to is-spam@labs.sophos.com


This thread was automatically locked due to age.
Parents
  • 0
    Please post the block of lines from the SMTP log file related to one of the emails that should have been blocked.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0
    Please post the block of lines from the SMTP log file related to one of the emails that should have been blocked.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • 0 in reply to BAlfson
    Good morning,

    here is the Log from yesterday. Did not have the idea to have a look in the logs before.

    1st part, my email inbox. Not blocked because of an exception. 

    2015:07:09-07:45:55 MYASTARO exim-in[5220]: 2015-07-09 07:45:55 SMTP connection from [46.22.210.171]:52203 (TCP/IP connection count = 1)

    2015:07:09-07:46:00 MYASTARO exim-out[7709]: 2015-07-09 07:46:00 Start queue run: pid=7709

    2015:07:09-07:46:00 MYASTARO exim-out[7709]: 2015-07-09 07:46:00 End queue run: pid=7709

    2015:07:09-07:46:01 MYASTARO exim-in[7705]: 2015-07-09 07:46:01 H=summer.kenghuo.net [46.22.210.171]:52203 Warning: Exception matched: Skipping greylisting for this message

    2015:07:09-07:46:01 MYASTARO exim-in[7705]: 2015-07-09 07:46:01 H=summer.kenghuo.net [46.22.210.171]:52203 Warning: Exception matched: Skipping antispam for this message

    2015:07:09-07:46:01 MYASTARO exim-in[7705]: 2015-07-09 07:46:01 H=summer.kenghuo.net [46.22.210.171]:52203 Warning: MYDOMAIN.de profile excludes greylisting: Skipping greylisting for this message

    2015:07:09-07:46:01 MYASTARO exim-in[7705]: 2015-07-09 07:46:01 1ZD4en-00020H-0Y  work R=SCANNER T=SCANNER

    2015:07:09-07:46:10 MYASTARO smtpd[7733]: SCANNER[7733]: 1ZD4en-00020H-0Y Completed

    2015:07:09-07:46:10 MYASTARO exim-out[7735]: 2015-07-09 07:46:10 1ZD4ew-00020j-99 => MYEMAIL@MYDOMAIN.DE P= R=static_route_hostlist T=static_smtp H=192.168.1.12 [192.168.1.12]:25 C="250 2.6.0  [InternalId=780576] Queued mail for "

    2015:07:09-07:46:10 MYASTARO exim-out[7735]: 2015-07-09 07:46:10 1ZD4ew-00020j-99 Completed

    2015:07:09-07:46:39 MYASTARO smtpd[7733]: SCANNER[7733]: Nothing to do, exiting.


    and this is the same mail, quarantined but sent to a colleague: 

    2015:07:09-07:47:00 MYASTARO exim-out[7811]: 2015-07-09 07:47:00 Start queue run: pid=7811

    2015:07:09-07:47:00 MYASTARO exim-out[7811]: 2015-07-09 07:47:00 End queue run: pid=7811

    2015:07:09-07:47:36 MYASTARO exim-in[5220]: 2015-07-09 07:47:36 SMTP connection from [46.22.210.171]:52184 (TCP/IP connection count = 1)

    2015:07:09-07:47:37 MYASTARO exim-in[7939]: 2015-07-09 07:47:37 H=summer.kenghuo.net [46.22.210.171]:52184 Warning: MYDOMAIN.de profile excludes greylisting: Skipping greylisting for this message

    2015:07:09-07:47:38 MYASTARO exim-in[7939]: 2015-07-09 07:47:38 1ZD4gL-000243-2B ctasd reports 'Bulk' RefID:str=0001.0A0C0203.559E06D9.00A2,ss=3,sh,re=0.000,recu=0.000,reip=0.000,cl=3,cld=1,fgs=512

    2015:07:09-07:47:38 MYASTARO exim-in[7939]: 2015-07-09 07:47:38 1ZD4gL-000243-2B welergeld@yahoo.de H=summer.kenghuo.net [46.22.210.171]:52184 P=esmtp S=1152 id=a6a55788e59f46bf6b53ccfa22968da1@brilliantearth.com

    2015:07:09-07:47:38 MYASTARO exim-in[7939]: 2015-07-09 07:47:38 SMTP connection from summer.kenghuo.net [46.22.210.171]:52184 closed by QUIT

    2015:07:09-07:47:39 MYASTARO smtpd[5119]: QMGR[5119]: 1ZD4gL-000243-2B moved to work queue

    2015:07:09-07:47:40 MYASTARO smtpd[7944]: SCANNER[7944]: 1ZD4gO-000248-BQ welergeld@yahoo.de R=1ZD4gL-000243-2B P=INPUT S=371

    2015:07:09-07:47:40 MYASTARO smtpd[7944]: SCANNER[7944]: id="1001" severity="info" sys="SecureMail" sub="smtp" name="email quarantined" srcip="46.22.210.171" from="welergeld@yahoo.de" to="COLLEAGUESEMAIL@MYDOMAIN.DE" subject="Ihr neuer Beitrag ab August" queueid="1ZD4gO-000248-BQ" size="371" reason="as" extra=""

    2015:07:09-07:47:40 MYASTARO smtpd[7944]: SCANNER[7944]: 1ZD4gL-000243-2B => work R=SCANNER T=SCANNER

    2015:07:09-07:47:40 MYASTARO smtpd[7944]: SCANNER[7944]: 1ZD4gL-000243-2B Completed

    2015:07:09-07:48:00 MYASTARO exim-out[7965]: 2015-07-09 07:48:00 Start queue run: pid=7965

    2015:07:09-07:48:00 MYASTARO exim-out[7965]: 2015-07-09 07:48:00 End queue run: pid=7965

    2015:07:09-07:48:10 MYASTARO smtpd[7944]: SCANNER[7944]: Nothing to do, exiting.



    But I think I found the reason. There is AntiSpam Exceptions and SMTP "Exceptions"
    I had a rule with my email address, but the rule conditions are connected with OR, not AND.
    Really wondering why this has not happened before because the rule already exists for some years.

    Will try if this worked for me.

    ---

Unfiltered HTML