Anti-Spam Log Messages

Anti-Spam Log Messages

Connection Filtering

Normal Log Messages Explanation

BLACKLIST:message_source was found on list (name:server:query_domain)->returned text The connecting agent sending the message is listed in the specified black list. message_source: The information sent to the black list as the source of the message. returned_text: Text returned by the black list explaining why a message source is black listed.

BLACKLIST:failed to connect to service (name:server:query_domain) If the black list uses UDP, this means the initial UDP query sent to the black list server and all retries timed out. If the black list uses TCP, this means that the connection to the server failed.

VALIDATION: (HELO) domain FAILED to receive response from DNS server for HELO domain helo_argument The queried DNS server failed to respond to the query for an MX or A record for the domain passed in the HELO command by the connecting SMTP agent. helo_argument: The domain passed as the argument to the HELO command by the connecting SMTP agent.

VALIDATION: (HELO) no HELO sent The connecting SMTP agent failed to send the HELO or EHLO command.

VALIDATION: (HELO) helo_argument domain failed active validation No MX or A record exists for the domain passed in the HELO or EHLO command. helo_argument: The domain passed in the HELO command by the connecting SMTP agent.

VALIDATION: (MAIL FROM) domain FAILED to resolve MX/A record for mail server mail_from_argument An MX or an A record could not be found for the sender's mail server. mail_from_argument: The e-mail address passed in the MAIL FROM command.

VALIDATION: (MAIL FROM) domain FAILED to connect to remote_mail_server A connection to the SMTP server for the user in the MAIL FROM command was attempted, but failed. The server name was successfully converted to an IP address, but no server exists at the address or it is not running. remote_mail_server: The sender's mail server according to the MAIL FROM command.

VALIDATION: (MAIL FROM) domain FAILED to communicate with server remote_mail server A connection was made to the remote SMTP server to validate the user, but the connection was terminated or failed. remote_mail_server: The sender's mail server, according to the MAIL FROM command.

VALIDATION (MAIL FROM) no MAIL FROM sent No MAIL FROM command was sent by the connecting SMTP agent.

VALIDATION:(MAIL FROM) <remote_user> user does not exist on remote system The user passed in the MAIL FROM command does not exist on the remote server. remote_user: The user passed in the MAIL FROM command.

VALIDATION: (MAIL FROM) domain FAILED SMTP server error: mail_server_error The SMTP server connected to returned an error prior to validating of the user. The SMTP error is included in the log message. mail_server_error: The SMTP server error returned by the remote SMTP server.

VALIDATION: (REVDNS) connecting_agent address does not have a valid MX or A record, message rejected The connecting SMTP agent does not have a valid MX or A record. connecting_agent: The IP address of the connecting SMTP agent.

VALIDATION: (REVDNS) domain FAILED to receive reply from DNS server A query was made to the DNS server for the mail server and no response was retuned. This does not necessarily mean that no MX or A record exists for the connecting SMTP agent.

VALIDATION: (REVDNS) domain FAILED reverse DNS validation for address (connecting_agent) The mail server's DNS server returned a reply to the query for an MX or an A record for the connecting SMTP agent. However, there was no MX or A record. connecting_agent: The IP address of the connecting SMTP agent.

message failed check<check_name> which was marked as trusted, deleting A trusted black list entry failed its check. The message is immediately deleted. check_name: The name of the blacklist.

message failed failed_checks of total_checks checks, deleting Connection filtering is set to delete messages after a specific number of checks have failed. This number was reached and the message was deleted. failed_checks: The number of checks that failed for the message. total_checks: The total number of checks configured for the host.

Verbose Log Messages Explanation

BLACKLIST:connecting to service(name:server:query_domain) This is logged prior to querying a black list server.

BLACKLIST:retrying service (name:server:query_domain) This black list uses UDP, so it may not respond in a timely manner. This is logged if a query times out and must be retried.

BLACKLIST:message_source was not found on list (name:server:query_domain) The connecting agent is not listed on the specified black list. message_source: Information that is sent to the blacklist server as the source of the message.

BLACKLIST:received a reply from service (name:server:query_domain) The queried black list returned a reply. This does not mean that the message source was blacklisted, just that the query was successful.

VALIDATION: (HELO) domain performing DNS lookup for HELO domain helo_argument This message is logged prior to performing HELO validation. helo_argument:The domain passed by the connecting SMTP agent.

VALIDATION: (HELO) domain received reply from DNS server for HELO domain helo_argument HELO validation found an MX or A record for the domain passed in the HELO command by the connecting SMTP agent. helo_argument: The domain passed in the HELO command by the connecting SMTP agent.

VALIDATION: (MAIL FROM) domain validating MAIL FROM address mail_from_argument This message is logged prior to performing MAIL FROM validization. mail_from_argument: The e-mail address passed in the MAIL FROM command.

validation: (mail from) domain SUCEEDED for user mail_from_argument. The user passed in the MAIL FROM command exists on the remote SMTP server. mail_from_argument: The e-mail address passed in the MAIL FROM command.

VALIDATION: (REVDNS) domain performing reverse dns lookup on address connecting_agent This message is logged prior to performing a reverse DNS validation. connecting_agent: The IP address of the connecting SMTP agent.

VALIDATION: (REVDNS) domain reverse DNS validation SUCEEDED for address (connecting agent) The DNS server for the mail server returned an MX or A record for the connecting SMTP agent. connecting_agent: The IP address of the connecting SMTP agent.

ADMIN: reloading connection filtering settings for domain:DOMAIN Connection filtering settings for the domain have changed and been updated. Only changes in IAdmin or web messaging cause a reload. Manual changes to files is ignored until SMTPD is restarted.

ADMIN: finished reloading connection filtering settings for domain: domain Connection filtering settings for the domain have changed and been updated. Only changes in IAdmin or web messaging cause a reload. Manual edits are ignored until SMTPD is restarted.

Content Filtering

Normal Log Messages Explanation

No good/spam email in Antispam Table for host<host>. Statistical Filtering Disabled The host's antispam-table.txt does not contain any words from good or spam e-mail. Statistical filtering is therefore disabled.

No Content Filtering Host Information for the Phrase Filter There is no content filtering host information for the phrase filter. As a result, no phrase filtering was done.

No Content Filtering Host information for the HTML Filter There is no content filtering host information for the HTML filter. As a result, no HTML filtering was done.

matched phrase[<matched phrase>] The specified phrase was found in the e-mail.

matched HTML features [<matched features>] The specified HTML features were found in the email.

matched URL domain[<matched URL domain>] The specified URL domain was found in the email.

Probability email is spam<email probability>:email is spam An e-mail has been identified as spam. Also includes its calculated probability.

Probability email is spam<email probability>: email is good An e-mail has been identified as good. Also includes its calculated probability is.

Error:unable to open body file<body file name> The body file indicated cannot be opened.

Unable to find AntiSpam Host Information for <host> The specified host's white list and/or content filtering were not found.

[<email address/domain>] in white list The sender's address or domain was found in the trusted addresses list. As a result, no content filtering was done.

Verbose Log Messages Explanation

Phrase Filtering enabled for<host> Phrase filtering is enabled for the host.

Phrase Filtering disabled for <host> Phrase filtering is disabled for the host.

Phrase Filtering initialized for <host> Phrase filtering was initialized for the host.

Statistical Filtering disabled for <host> Statistical filtering is disabled for the host.

Statistical Filtering enabled for <host> Statistical filtering is enabled for the host.

Phrase filtering is disabled or there are no phrases to match Phrase filtering is disabled or the phrase list is empty.

HTML filtering is disabled for [<host>] HTML filtering is disabled for the specified host.

searching for phrases An e-mail is being searched for phrases from the phrase list.

statistical filtering disabled Either statistical filtering is disabled, or there is no content filtering host information.

performing statistical analysis An e-mail is being statistically analyzed.

The following words were used to compute the probability email is spam The statistical analysis of an e-mail is done. The most interesting words used (if any) in the analysis follows.

word=<word>, probability=<word hash> An interesting word and its corresponding probability. It is possible for an e-mail not to have any interesting words. In which case, the calculated probability is 0.5.

[<excluded word>] in exclude list The specified word was found in the exclude list and will be excluded from statistical analysis.

Added White List, Content Filtering, and HTML Filtering for <host> The white list, content filtering, and HTML filtering for the host have been added to the anti-spam engine.

Notified <host> about updating the HTML Filter. IMail has been notified about the host's HTML Filtering changes.

Notified <host> about updated white list IMail has been notified about the host's content filtering changes.

Notified <host> about updating the Content Filter. The anti-spam engine has been notified of the specified host's Content Filtering changes.

Got updated White List, Content Filtering, and HTML Filtering for <host> The anti-spam engine successfully updated the white list, content filtering, and HTML filtering for the host.

Got updated White List for <host> The anti-spam engine successfully updated the white list for the host.

Got updated Content Filtering for <host> The anti-spam engine successfully updated the content filtering for the host.

Got White List, Content Filtering, and HTML Filtering for <host> The anti-spam engine successfully updated the white list and content filtering for the host.

Created and Initialized Content Filtering for <host> IMail created and initialized content filtering for the host.

Created and Initialized White List for <host>. IMail created and initialized the white list for the host.

Added Anti-Spam Host Information for <Hostname> IMail added anti-spam information for the host.

Matched Invalid Tag feature [<invalid tag>] The e-mail contained the following invalid tag.

Matched Nested Table feature [<table tag>] The e-mail contained a Nested Table with the specified table tag.

Matched Image Tag feature [<image tag>] The e-mail contained the following image tag.

Matched Deceptive URL feature [<deceptive URL>] The e-mail contained the following deceptive URL.

Matched Hyperlink feature [<anchor tag>] The e-mail contained a Hyperlink with the following anchor tag.

Matched Hyperlink feature [<a>] The e-mail contained a hyperlink with the following <a> tag.

Matched Script Tag feature [<script tag>] The e-mail contained the following script tag.

Matched Embedded Comment feature [<embedded comment>] The e-mail contained the following embedded comment. Only 255 characters are displayed.

Matched Deceptive Text feature [<text>} The text in the HTML encoded e-mail contained deceptive text.

Updated Phrase List for <domain> The phrase list for the specified domain has been updated.

Got updated <primary> Phrase list for <domain> The domain, which is configured to use the primary host's phrase list, has gotten the updated phrase list.

Updated HTML features doe <domain> The HTML features for the domain have been updated.

Got updated <primary> HTML features for <domain> The domain, which is configured to use the primary's HTML features, received the updated HTML feature settings from the primary domain.

***Connection Filtering***
Normal Log Messages	Explanation
BLACKLIST:message_source was found on list (name:server:query_domain)->returned text	The connecting agent sending the message is listed in the specified black list. message_source: The information sent to the black list as the source of the message. returned_text: Text returned by the black list explaining why a message source is black listed.
BLACKLIST:failed to connect to service (name:server:query_domain)	If the black list uses UDP, this means the initial UDP query sent to the black list server and all retries timed out. If the black list uses TCP, this means that the connection to the server failed.
VALIDATION: (HELO) domain FAILED to receive response from DNS server for HELO domain helo_argument	The queried DNS server failed to respond to the query for an MX or A record for the domain passed in the HELO command by the connecting SMTP agent. helo_argument: The domain passed as the argument to the HELO command by the connecting SMTP agent.
VALIDATION: (HELO) no HELO sent	The connecting SMTP agent failed to send the HELO or EHLO command.
VALIDATION: (HELO) helo_argument domain failed active validation	No MX or A record exists for the domain passed in the HELO or EHLO command. helo_argument: The domain passed in the HELO command by the connecting SMTP agent.
VALIDATION: (MAIL FROM) domain FAILED to resolve MX/A record for mail server mail_from_argument	An MX or an A record could not be found for the sender's mail server. mail_from_argument: The e-mail address passed in the MAIL FROM command.
VALIDATION: (MAIL FROM) domain FAILED to connect to remote_mail_server	A connection to the SMTP server for the user in the MAIL FROM command was attempted, but failed. The server name was successfully converted to an IP address, but no server exists at the address or it is not running. remote_mail_server: The sender's mail server according to the MAIL FROM command.
VALIDATION: (MAIL FROM) domain FAILED to communicate with server remote_mail server	A connection was made to the remote SMTP server to validate the user, but the connection was terminated or failed. remote_mail_server: The sender's mail server, according to the MAIL FROM command.
VALIDATION (MAIL FROM) no MAIL FROM sent	No MAIL FROM command was sent by the connecting SMTP agent.
VALIDATION:(MAIL FROM) <remote_user> user does not exist on remote system	The user passed in the MAIL FROM command does not exist on the remote server. remote_user: The user passed in the MAIL FROM command.
VALIDATION: (MAIL FROM) domain FAILED SMTP server error: mail_server_error	The SMTP server connected to returned an error prior to validating of the user. The SMTP error is included in the log message. mail_server_error: The SMTP server error returned by the remote SMTP server.
VALIDATION: (REVDNS) connecting_agent address does not have a valid MX or A record, message rejected	The connecting SMTP agent does not have a valid MX or A record. connecting_agent: The IP address of the connecting SMTP agent.
VALIDATION: (REVDNS) domain FAILED to receive reply from DNS server	A query was made to the DNS server for the mail server and no response was retuned. This does not necessarily mean that no MX or A record exists for the connecting SMTP agent.
VALIDATION: (REVDNS) domain FAILED reverse DNS validation for address (connecting_agent)	The mail server's DNS server returned a reply to the query for an MX or an A record for the connecting SMTP agent. However, there was no MX or A record. connecting_agent: The IP address of the connecting SMTP agent.
message failed check<check_name> which was marked as trusted, deleting	A trusted black list entry failed its check. The message is immediately deleted. check_name: The name of the blacklist.
message failed failed_checks of total_checks checks, deleting	Connection filtering is set to delete messages after a specific number of checks have failed. This number was reached and the message was deleted. failed_checks: The number of checks that failed for the message. total_checks: The total number of checks configured for the host.
Verbose Log Messages	Explanation
BLACKLIST:connecting to service(name:server:query_domain)	This is logged prior to querying a black list server.
BLACKLIST:retrying service (name:server:query_domain)	This black list uses UDP, so it may not respond in a timely manner. This is logged if a query times out and must be retried.
BLACKLIST:message_source was not found on list (name:server:query_domain)	The connecting agent is not listed on the specified black list. message_source: Information that is sent to the blacklist server as the source of the message.
BLACKLIST:received a reply from service (name:server:query_domain)	The queried black list returned a reply. This does not mean that the message source was blacklisted, just that the query was successful.
VALIDATION: (HELO) domain performing DNS lookup for HELO domain helo_argument	This message is logged prior to performing HELO validation. helo_argument:The domain passed by the connecting SMTP agent.
VALIDATION: (HELO) domain received reply from DNS server for HELO domain helo_argument	HELO validation found an MX or A record for the domain passed in the HELO command by the connecting SMTP agent. helo_argument: The domain passed in the HELO command by the connecting SMTP agent.
VALIDATION: (MAIL FROM) domain validating MAIL FROM address mail_from_argument	This message is logged prior to performing MAIL FROM validization. mail_from_argument: The e-mail address passed in the MAIL FROM command.
validation: (mail from) domain SUCEEDED for user mail_from_argument.	The user passed in the MAIL FROM command exists on the remote SMTP server. mail_from_argument: The e-mail address passed in the MAIL FROM command.
VALIDATION: (REVDNS) domain performing reverse dns lookup on address connecting_agent	This message is logged prior to performing a reverse DNS validation. connecting_agent: The IP address of the connecting SMTP agent.
VALIDATION: (REVDNS) domain reverse DNS validation SUCEEDED for address (connecting agent)	The DNS server for the mail server returned an MX or A record for the connecting SMTP agent. connecting_agent: The IP address of the connecting SMTP agent.
ADMIN: reloading connection filtering settings for domain:DOMAIN	Connection filtering settings for the domain have changed and been updated. Only changes in IAdmin or web messaging cause a reload. Manual changes to files is ignored until SMTPD is restarted.
ADMIN: finished reloading connection filtering settings for domain: domain	Connection filtering settings for the domain have changed and been updated. Only changes in IAdmin or web messaging cause a reload. Manual edits are ignored until SMTPD is restarted.

***Content Filtering***
Normal Log Messages	Explanation
No good/spam email in Antispam Table for host<host>. Statistical Filtering Disabled	The host's antispam-table.txt does not contain any words from good or spam e-mail. Statistical filtering is therefore disabled.
No Content Filtering Host Information for the Phrase Filter	There is no content filtering host information for the phrase filter. As a result, no phrase filtering was done.
No Content Filtering Host information for the HTML Filter	There is no content filtering host information for the HTML filter. As a result, no HTML filtering was done.
matched phrase[<matched phrase>]	The specified phrase was found in the e-mail.
matched HTML features [<matched features>]	The specified HTML features were found in the email.
matched URL domain[<matched URL domain>]	The specified URL domain was found in the email.
Probability email is spam<email probability>:email is spam	An e-mail has been identified as spam. Also includes its calculated probability.
Probability email is spam<email probability>: email is good	An e-mail has been identified as good. Also includes its calculated probability is.
Error:unable to open body file<body file name>	The body file indicated cannot be opened.
Unable to find AntiSpam Host Information for <host>	The specified host's white list and/or content filtering were not found.
[<email address/domain>] in white list	The sender's address or domain was found in the trusted addresses list. As a result, no content filtering was done.
Verbose Log Messages	Explanation
Phrase Filtering enabled for<host>	Phrase filtering is enabled for the host.
Phrase Filtering disabled for <host>	Phrase filtering is disabled for the host.
Phrase Filtering initialized for <host>	Phrase filtering was initialized for the host.
Statistical Filtering disabled for <host>	Statistical filtering is disabled for the host.
Statistical Filtering enabled for <host>	Statistical filtering is enabled for the host.
Phrase filtering is disabled or there are no phrases to match	Phrase filtering is disabled or the phrase list is empty.
HTML filtering is disabled for [<host>]	HTML filtering is disabled for the specified host.
searching for phrases	An e-mail is being searched for phrases from the phrase list.
statistical filtering disabled	Either statistical filtering is disabled, or there is no content filtering host information.
performing statistical analysis	An e-mail is being statistically analyzed.
The following words were used to compute the probability email is spam	The statistical analysis of an e-mail is done. The most interesting words used (if any) in the analysis follows.
word=<word>, probability=<word hash>	An interesting word and its corresponding probability. It is possible for an e-mail not to have any interesting words. In which case, the calculated probability is 0.5.
[<excluded word>] in exclude list	The specified word was found in the exclude list and will be excluded from statistical analysis.
Added White List, Content Filtering, and HTML Filtering for <host>	The white list, content filtering, and HTML filtering for the host have been added to the anti-spam engine.
Notified <host> about updating the HTML Filter.	IMail has been notified about the host's HTML Filtering changes.
Notified <host> about updated white list	IMail has been notified about the host's content filtering changes.
Notified <host> about updating the Content Filter.	The anti-spam engine has been notified of the specified host's Content Filtering changes.
Got updated White List, Content Filtering, and HTML Filtering for <host>	The anti-spam engine successfully updated the white list, content filtering, and HTML filtering for the host.
Got updated White List for <host>	The anti-spam engine successfully updated the white list for the host.
Got updated Content Filtering for <host>	The anti-spam engine successfully updated the content filtering for the host.
Got White List, Content Filtering, and HTML Filtering for <host>	The anti-spam engine successfully updated the white list and content filtering for the host.
Created and Initialized Content Filtering for <host>	IMail created and initialized content filtering for the host.
Created and Initialized White List for <host>.	IMail created and initialized the white list for the host.
Added Anti-Spam Host Information for <Hostname>	IMail added anti-spam information for the host.
Matched Invalid Tag feature [<invalid tag>]	The e-mail contained the following invalid tag.
Matched Nested Table feature [<table tag>]	The e-mail contained a Nested Table with the specified table tag.
Matched Image Tag feature [<image tag>]	The e-mail contained the following image tag.
Matched Deceptive URL feature [<deceptive URL>]	The e-mail contained the following deceptive URL.
Matched Hyperlink feature [<anchor tag>]	The e-mail contained a Hyperlink with the following anchor tag.
Matched Hyperlink feature [<a>]	The e-mail contained a hyperlink with the following <a> tag.
Matched Script Tag feature [<script tag>]	The e-mail contained the following script tag.
Matched Embedded Comment feature [<embedded comment>]	The e-mail contained the following embedded comment. Only 255 characters are displayed.
Matched Deceptive Text feature [<text>}	The text in the HTML encoded e-mail contained deceptive text.
Updated Phrase List for <domain>	The phrase list for the specified domain has been updated.
Got updated <primary> Phrase list for <domain>	The domain, which is configured to use the primary host's phrase list, has gotten the updated phrase list.
Updated HTML features doe <domain>	The HTML features for the domain have been updated.
Got updated <primary> HTML features for <domain>	The domain, which is configured to use the primary's HTML features, received the updated HTML feature settings from the primary domain.

Ipswitch, Inc.
http://www.ipswitch.com


©Ipswitch 2004