Forums & Blog

We are using SmarterMail Enterprise Edition 3.3.2439 with the most recent version of Declude for SmarterMail. When SmarterMail receives e-mail scanned and weighed by Declude it doesn't filter the messages according to the Anti-Spam Filtering in SmarterMail. Although SmarterMail does take the proper action for Spam Checks that are built internally into Smartermail.

In the Anti-Spam Administration of Smartermail I have the following settings configured for Filtering:

Low Probability of Spam         Weight Threshold: 10      Default Action: Take no action
Medium Probability of Spam   Weight Threshold: 20      Default Action: Prefix Subject with Text
High Probability of Spam         Weight Threshold: 30      Default Action: Move to Junk E-Mail Folder

When a message has been weighted as 20 or greater by Declude, SmarterMail does not take the proper action. 

An odd note: These settings in Smartermail used to work just fine with Declude when we were using the it with Declude for IMail. However, when we installed Declude for SmarterMail the problem began. Since Declude for SmarterMail seems to be flagging the e-mail properly, it seems to be a SmarterMail issue instead.

Here are the headers of a sample e-mail that Declude tested and weighted > 30 but no action was taken by Smartermail:

Return-Path: <igawa_minamin@yahoo.co.jp> Thu Mar 29 02:03:17 2007
Received: from ofsfa-08p2-210.ppp11.odn.ad.jp [211.3.113.210] by mail.scarabmedia.com with SMTP;
   Thu, 29 Mar 2007 02:03:17 -0700
Delivered-To: <notify@scarabmedia.com>
Message-ID: 20070329180432.47752mail@mail.cgsgsh.com
From: igawa_minamin@yahoo.co.jp
To: notify@scarabmedia.com
Subject: =?iso-2022-jp?B?gUCBQIGdiPqXkJBsjciRvZCUk2+YXoLMiNeBQZGmg0GDfJGmg26DgYNJg5ODcIOMgVuDaIH0gfQ=?=
MIME-Version: 1.0
Content-Type: text/plain;
    charset="iso-2022-jp"
Content-Transfer-Encoding: 7bit
X-RBL-Warning: CBL: "Blocked - see http://cbl.abuseat.org/lookup.cgi?ip=211.3.113.210"
X-RBL-Warning: SPAMCOP: "Blocked - see http://www.spamcop.net/bl.shtml?211.3.113.210"
X-RBL-Warning: NJABL-DYNA: "Dynamic/Residential IP range listed by NJABL dynablock - http://njabl.org/dynablock.html"
X-RBL-Warning: SORBS-DUL: "Dynamic IP Addresses See: http://www.sorbs.net/lookup.shtml?211.3.113.210"
X-RBL-Warning: WPBL: "Spam source - http://wpbl.info/record?ip=211.3.113.210"
X-RBL-Warning: IMP-SPAM: "1175153316: IP 211.3.113.210 with name OFSfa-08p2-210.ppp11.odn.ad.jp. listed. (56.025) See http://antispam.imp.ch/04-spamlist.html. Listed by thebe.shinternet.ch"
X-RBL-Warning: TQMCUBE-TRAP: "211.3.113.210 Dynamic IP or generic rDNS. Please create a unique pointer or use your ISP's mail service. Removal Requests: http://tqmcube.com/dnsbl/dnsbl_remove.php"
X-RBL-Warning: MAILPOLICE-DYNAMIC: This E-mail is listed in MAILPOLICE-DYNAMIC.
X-RBL-Warning: BADHEADERS: This E-mail was sent from a broken mail client [8020800d].
X-RBL-Warning: SUBCHARS-50: Subject with at least 50 characters found.
X-RBL-Warning: SUBCHARS-55: Subject with at least 55 characters found.
X-RBL-Warning: SUBCHARS-60: Subject with at least 60 characters found.
X-RBL-Warning: Non-English: Non-English text found in E-mail.
X-RBL-Warning: FILTER-COUNTRY: Message failed FILTER-COUNTRY test (line 1, weight 30)
X-RBL-Warning: WEIGHT30: Weight of 78 reaches or exceeds the limit of 30.
X-RBL-Warning: WEIGHT20: Weight of 78 reaches or exceeds the limit of 20.
X-Declude-Sender: igawa_minamin@yahoo.co.jp [211.3.113.210]
X-Declude-Spoolname: 70797799.eml
X-Declude-RefID: str=0001.0A090204.460B80AA.0013,ss=3,fgs=0
X-Declude-Note: Scanned by Declude 4.3.30 "http://www.declude.com/x-note.htm"
X-Declude-Scan: Incoming Score [78] at 02:03:28 on 29 Mar 2007
X-Declude-Fail: CBL , SPAMCOP [7], NJABL-DYNA [2], SORBS-DUL [2], WPBL [2], IMP-SPAM [5], TQMCUBE-TRAP [5], MAILPOLICE-DYNAMIC [3], BADHEADERS , SUBCHARS-50 [1], SUBCHARS-55 [1], SUBCHARS-60 [1], Non-English [3], FILTER-COUNTRY [30], WEIGHT30 [30], WEIGHT20 [20], ZEROHOUR [0]
X-Country-Chain: JAPAN->destination
X-Declude-Code: 8020800d
X-Declude-Recipcount: 1
X-SmarterMail-Spam: SPF_SoftFail, SpamHaus SBL+XBL
X-Antivirus: avast! (VPS 000728-2, 03/28/2007), Inbound message
X-Antivirus-Status: Clean

Any ideas of what could be causing this? Or should I just ignore the Anti-Spam Filtering in SmarterMail altogether and have Declude handle the filtering itself? Again, this configuration worked before when we were using the wrong version of Declude that was made for IMail.

 Any help would be greatly appreciated.

Mark O. Garrison
System Administrator, Spliethof Inc.
An Internet Corporation, dba Scarab Media
 

Declude passes their weight to us via the .hdr file in the spool. They add a line such as "DecludeWt: 78" and we read that in. The only thing I can think of is that for some reason Declude isn't writing that line, or we aren't reading it properly.

SmarterMail will put all its mail in Spool\Proc folder for Declude to scan. Once it does, it should move it back into the main spool. Can you open up one of the .hdr files in the main spool and ensure that it has the "DecludeWt: x" line? 

Here is a sample of the contents of our .hdr files after Declude has scanned it and returned it from the \Spool\proc folder to the \Spool folder:

Written
nielandhomes.com@pearlsindia.com
<fwd>dustydew@charter.net
retry: 4;03/29/2007 17:41:00
spamcheck: _REVERSEDNSLOOKUP=passed
spamcheck: _BAYESIANFILTERING=passed
spamcheck: _SPF=None
spamcheck: ORDB=passed
spamcheck: SpamHaus SBL+XBL=failed
decludeWt: 94

So it does appear to be including the decludeWt entry.
 

I don't know if this might help, but SmarterMail isn't filtering even when e-mail fails it's own Anti-Spam Checks. In the above e-mail headers for a message that should have been filtered because the Declude Weight > 30 I noticed the following line:

X-SmarterMail-Spam: SPF_SoftFail, SpamHaus SBL+XBL

For those SmaterMail Anti-Spam Checks alone, even if SmarterMail wasn't reading the Declude weights properly, total a Weight of 50.

So, that would mean that SmarterMail doesn't appear to be filtering mail regardless of who determined the weight (Declude or SmarterMail).

Any ideas?

Mark O. Garrison
System Administrator, Spliethof Inc.