Forums & Blog

We are defense contractor, and we are having major issues related to filtering spam AND letting in legitimate emails from government and military officials.  I have tried adding the following general domains in our domain trusted sender's list, and yet from time to time, senders are getting a bounced email saying their correspondence was rejected by our spam filter:

Being our email administrator, I can't begin to describe how much pressure is on me to ensure ALL government and military emails get through automatically.  Is there any known issue with .mil email domains, the trusted sender's list and/or the content and spam filters?

 Also, when I am aware of a situation, I'm able to get specific email addresses to add to our trusted sender's list, however when I add the specific address to the list, their emails seem to bounce for at least awhile after I've added them.  Any reason for that?

 Let me know if you need more info.

 Thanks,

Derrick

Are you using any SMTP Incoming Blocking (Security, AntiSpam Administration)?  I believe that this is a only case where SmarterMail acually sends a message back otherwise, it deals with it internally.

Hope this helps. 

As suggested, the block is probably occuring during the SMTP session due to incoming SMTP spam blocking. Spam blocking occurs immediately after the sender identifies themselves, which occurs before they identify the recipient, so it is impossible to use trusted senders.  I would suggest relaxing the weight threshold for blocking in your situation. Let filtering deal with it instead.

I just checked, and I am NOT using the SMTP incoming blocking.  Spam blocking is unchecked under the Incoming Options section of the SMTP blocking tab, and on the first tab (Spam Checks), the option for Enable for Incoming Blocking is either unavailable or greyed out for all spam check categories (Enable for Filtering is checked for most, though). 

I even tried setting up a filtering rule that says to insert text into the header of any email coming from the trusted sender's list, thinking it would allow those emails through, bypassing all other filters, and that didn't work.  Someone from the U.S. Army informed me that he was still getting a spam bounce message. 

 Can anybody definitively say based on the information that this is a Spam blocking issue or a filter issue?  I have many filters set up aimed at reducing spam, but the vast majority of them simply look for typical spam words (drug names, alternate spelling of drug names, etc.), things that most certainly would NOT be in business-related emails from the military or government.  The fact that we are getting this complaint from many of our govt./mil customers leads me to believe that something (SPF maybe?) related to their emails is triggering an anti-spam function of SmarterMail.  As an admin, I love SM, but I may have to find an alternative just to save my *** if I don't figure this out soon.

 Thanks for any help.

 Derrick

 I would turn off all spam checks and only use Greylisting, then make sure you have a Trusted Sender content filter as the first filter to do nothing, bypassing all remaining filters. 

In this case I would open a support ticket, it will save you time and money.  

 Thanks, glowthian, however delaying delivery of legitimate emails (greylisting) is not an option for me.  I'm taking more than enough heat for government/military emails not getting through.  Delaying legitimate emails would only complicate things for me here.  If I could figure out a way to add my current trusted sender's list (including domains) to the greylist, then that MAY work.  Does anyone recommend that or know how its done?

 Derrick

glowthian:

 I would turn off all spam checks and only use Greylisting, then make sure you have a Trusted Sender content filter as the first filter to do nothing, bypassing all remaining filters. 

In this case I would open a support ticket, it will save you time and money.  

When you say senders are getting a bounced email, what does the bounced email say?  What is the error message/number?  Is their mail really being blocked, or is this just a delay caused by greylisting?  Greylisting will generate an error message to certain servers even when the mail is delivered.  But users may assume that their mail is being blocked because they received an error message.

 The domain Trusted Senders list will bypass all spam checks and Greylisting but not Content Filtering unless you have a Content Filter to do that.

We are talking about version 4.XX here? 

glowthian:

 The domain Trusted Senders list will bypass all spam checks and Greylisting but not Content Filtering unless you have a Content Filter to do that.

We are talking about version 4.XX here? 

 Yes, I'm using 4.3.2760 to be exact. 

 I do NOT have Greylisting enabled. 

For content filtering Spam Checks, I have Bayesian, SPF, Reverse DNS and 3 blacklists enabled, the rest of option disabled under "Enable for Filtering".   In my domain content filters, my TOP filter adds "FROM TRUSTED SENDER" in the email header if the sender is on my Trusted Sender's List.  As I mentioned previously, I do NOT have SMTP blocking enabled. 

 All of my weights for spam filtering are default EXCEPT I assign a value of -30 for SPF Pass, trying to allow valid SPF records to outweigh all other spam checks. 

 As someone else said, posting the exact error code/message/ndr will be the most helpful. 

ST-JLance:

 As someone else said, posting the exact error code/message/ndr will be the most helpful. 

Well, this was a bit difficult to track down, but this is one a government customer of our sent someone on their private emails so I could see the message.  The names/IP's may have been changed to protect the innocent (with ?s):

----------------------------------------------------------------------------------------------

Could not deliver message to the following recipient(s):

Failed Recipient: bowman@xxxxxxx.com
Reason: Recipient spam or content filter rejected the message

-- The header and top 20 lines of the message follows --

Received: from ????.usace.army.mil [???.???.???.??] by mail.????-????.com
with SMTP;
Mon, 17 Sep 2007 10:07:29 -0500
Received: from ???-????.??.??.usace.army.mil ([???.???.???.??]) by
????.usace.army.mil with Microsoft SMTPSVC(6.0.3790.3959);
Mon, 17 Sep 2007 10:07:08 -0500
Received: from ???-?????.??.??.usace.army.mil ([???.??.??.???]) by
???-????.??.??.usace.army.mil with Microsoft SMTPSVC(6.0.3790.3959);
Mon, 17 Sep 2007 10:07:08 -0500
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
X-MimeOLE: Produced By Microsoft Exchange V6.5
Subject: FW: Delivery Failure
Date: Mon, 17 Sep 2007 10:07:04 -0500
Message-ID:
<7919614DEAD82248A0E8C9320B207D541AF5AD8D@???-????.??.??.usace.army.mil>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: Delivery Failure
Thread-Index: Acf5Ox9OkuL3OQg0S02cdShO3Av9VQAAT8Wg
From: "Lawrence, ??????????"
To: "Bowman, ???????????"
Return-Path: ???????Lawrence@usace.army.mil
X-OriginalArrivalTime: 17 Sep 2007 15:07:08.0911 (UTC)
FILETIME=[6AD5F7F0:01C7F93C]

-----Original Message-----
From: "System Administrator" [mailto:"System Administrator"]=20
Sent: Monday, September 17, 2007 9:58 AM
To: Lawrence, ???????????
Subject: Delivery Failure

Could not deliver message to the following recipient(s):

Failed Recipient: bowman@????????.com
Reason: Recipient spam or content filter rejected the message

-- The header and top 20 lines of the message follows --

Received: from ????.usace.army.mil [???.???.??.??] by =
mail.??????.com
with SMTP;
Mon, 17 Sep 2007 09:56:54 -0500 

Ok, that is being bounced by a content filter. If you are looking for certain words and bouncing messages that contain them, make sure those words are never going to appear in legitimate emails.

For example, if you bounce a message that contains the word "cialis" you are also going to block any message that contains the word "specialist".  

ST-JLance:

Ok, that is being bounced by a content filter. If you are looking for certain words and bouncing messages that contain them, make sure those words are never going to appear in legitimate emails.

For example, if you bounce a message that contains the word "cialis" you are also going to block any message that contains the word "specialist".  

 Thanks James.  I THINK that's what the problem was.  A lot of the people we deal with have "specialist" in their title.  I never stopped to think that "cialis" had the possiblity of being in legitimate emails.

 I have one more question, related on how to find a happy medium between filtering and allowing legit emails in:

If in the filter, I put spaces before and after the word "cialis", will this solve my problem, or does the code TRIM the extra spaces off words that it searches for in the content filter? 

 Thank you for your help, everyone who's replied.  It's sincerely appreciated.

 I have used spaces with success and also * cialist for example, but have been able to delete all content filters looking for words, IP's, phone numbers and all other specifics once I populated the Trusted Senders list, turned on Greylisting and added RBL's, I send all Spam LOW- MED to a spam box and check it daily (5 to 10 a day, down from 1500) and now delete all SPAM-HIGH after checking it for a month with no false positives.

Thanks, glowthian.  I can't use greylisting though, because we constantly get new business via the web, and I can't risk delaying legitimate emails, or worse, risk new customers not replying to the Greylisting response. 

 Currently, I put blind trust in SM, having it delete all HIGH-SPAMs.  I have MED-SPAMs go to a junk mail folder on the server, and I deliver all LOW-SPAMs. 

Maybe if email administrator was the only thing I did, I could figure out the perfect balance of content and spam filters, but seeing as its about 5% of my job, it ain't gonna happen!

Thanks for the tips, advice and help, everyone.