Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation

Who Me Too'd this topic

Incoming Email Final verdict using engine: CASE spam suspect

anil.gupta3
Level 1
Level 1

‎01-04-2016 03:14 AM

Hi Guys,

I am facing one issue in Ironport Antispam troubleshooting. Ironport antispam CASE engine mark one of the email from (xxxx@yahoo.com) userid into suspected mail and delivered to alternate email ID as per incoming mail policy configuration.

I am not able to understand what condition or content marked that mail as suspected spam. Please help me to understand, why antispam CASE engine below mail as suspected spam mail.

below is log from Ironport antispam device for same mail logs. 

Sat Jan 2 11:59:51 2016 Info: New SMTP ICID 880125 interface Data 1 (x.x.x.x) address 72.30.239.19 reverse dns host nm38-vm3.bullet.mail.bf1.yahoo.com verified yes
Sat Jan 2 11:59:51 2016 Info: ICID 880125 ACCEPT SG UNKNOWNLIST match sbrs[-1.0:10.0] SBRS 5.5
Sat Jan 2 11:59:51 2016 Info: Start MID 775241 ICID 880125
Sat Jan 2 11:59:51 2016 Info: MID 775241 ICID 880125 From: <xxxx@yahoo.com>
Sat Jan 2 11:59:51 2016 Info: MID 775241 ICID 880125 RID 0 To: <xxxx@domain.com>
Sat Jan 2 11:59:52 2016 Info: MID 775241 SPF: helo identity postmaster@nm38-vm3.bullet.mail.bf1.yahoo.com None
Sat Jan 2 11:59:52 2016 Info: MID 775241 SPF: mailfrom identity xxxx@yahoo.com Pass (v=spf1)
Sat Jan 2 11:59:52 2016 Info: MID 775241 Message-ID '<696945026.6123655.1451721575079.JavaMail.yahoo@mail.yahoo.com>'
Sat Jan 2 11:59:52 2016 Info: MID 775241 Subject 'Payment'
Sat Jan 2 11:59:52 2016 Info: MID 775241 ready 3232 bytes from <xxxx@yahoo.com>
Sat Jan 2 11:59:52 2016 Info: MID 775241 matched all recipients for per-recipient policy 20Mb incoming mail size for MD in the inbound table
Sat Jan 2 11:59:53 2016 Info: ICID 880125 close
Sat Jan 2 11:59:54 2016 Info: MID 775241 interim verdict using engine: CASE spam suspect
Sat Jan 2 11:59:54 2016 Info: MID 775241 using engine: CASE spam suspect
Sat Jan 2 11:59:54 2016 Info: MID 775241 rewritten to MID 775242 by antispam (alt-rcpt-to)
Sat Jan 2 11:59:54 2016 Info: MID 775242 ICID 0 From: <xxxx@yahoo.com>
Sat Jan 2 11:59:54 2016 Info: MID 775242 ICID 0 RID 0 To: <eadmin@domain.com>
Sat Jan 2 11:59:54 2016 Info: Message finished MID 775241 done
Sat Jan 2 11:59:54 2016 Info: MID 775242 interim AV verdict using Sophos CLEAN
Sat Jan 2 11:59:54 2016 Info: MID 775242 antivirus negative
Sat Jan 2 11:59:54 2016 Info: MID 775242 Outbreak Filters: verdict negative
Sat Jan 2 11:59:54 2016 Info: MID 775242 queued for delivery
Sat Jan 2 11:59:54 2016 Info: New SMTP DCID 404821 interface (x.x.x.x) address (x.x.x.x)port 25
Sat Jan 2 11:59:54 2016 Info: Delivery start DCID 404821 MID 775242 to RID [0]
Sat Jan 2 11:59:54 2016 Info: Message done DCID 404821 MID 775242 to RID [0]
Sat Jan 2 11:59:54 2016 Info: MID 775242 RID [0] Response 'Message accepted for delivery'
Sat Jan 2 11:59:54 2016 Info: Message finished MID 775242 done

2 people had this problem
Labels:
0 Helpful
Who Me Too'd this topic