Jump to content

Archived

This topic is now archived and is closed to further replies.

marmu

Mail Security giving mail score of 86 although sender on whitelist

Recommended Posts

We got "newsline-noreply@horizont.net" in our whitelist:

esets_smtp_spec.cfg:

[white-list]
action_av = "accept"
action_as = "accept"

...

[|newsline-noreply@horizont.net]
parent_id="white-list"
 

But a mail was delivered to our spam inbox and not to the user's inbox. How can that be? Could someone please shed some light on this case? Any hints?

We configured "bayes" yesterday, but this souldn't result in ignoring the whitelist.

 

Extract of the header of this mail:

X-ESET-AntiSpam: OK;86;calc;2014-12-01 17:18:11;1412011718110005;FD8E
X-EsetResult: is OK

 

mail.log:

Dec  1 17:18:11 zarafa esets_daemon[22752]: summ[58e00107]: vdb=21342, agent=smtp, name="from: HORIZONT Newsline <newsline-noreply@horizont.net> to: XXX <xxx@domain.com> with subject "Spiegel" / Wolfgang Büchner / Adblocker-Klage /  Andreas Fuhlisch / Golf-Kampagne / Eurobest / Penelope Winterhager /  Swarovski / Edeka-Spot / HUK Coburg / VW Passat / Burger King Etat / Bild  Buzz / heute-Show dated Mon, 01 Dec 2014 17:05:02 +0100 ", virus="is OK", action="", info="", avstatus="clean", hop="accepted"

 

(Recipient replaced by "XXX")

 

We checked the functionality of the whitelist with another mail address and the sample spam string:

"XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X"

Everything worked as expected.

 

Thanks in advance!

 

Cheers,
Marcus

 

Share this post


Link to post
Share on other sites

Hi Marcus,
It looks like the ESET Spam catcher is working correctly as it says OK. I would need to see your Conf files to tell you more. Based on the information you have given me I would say you need to look at the client end and the message rules that are set for the inbox. Also some third party items can affect how the email is handled.
You can PM me the configs (esets.cfg and also eset_smtp_spec.cfg) you have on this server and I can take a look.
William

 

Share this post


Link to post
Share on other sites

Hi William,

I am a colleague of Marcus.

Now we find out, that the whitelist works definetely fine. The problem is, that the sender marks its outgoing mails with "X-ESET-AntiSpam: SPAM;... "

Our filter (after eset) can not recognize which ESET-instance set this header entry. Is it possible to change "X-ESET-AntiSpam: " into an individual entry. We found no config entry for this.

 

Ciodo

Share this post


Link to post
Share on other sites

Hello Ciodo,
There is not a way to change the way ESET marks the header.

 

Our filter (after eset)

What filter are you using after ESET?

 

Can you PM me a copy of the header of one of these emails?

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...