Thread Info
  • State Not Answered
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 3 replies
  • Subscribers 28 subscribers
  • Views 4740 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Log shows action as 'Change Subject', but I don't see that in message.

Hyder Khalil

Hi all,

I'm experimenting with email scanning on my Cyberoam CR15iNG running the 16.05.6 MR-6 firmware.

I was hoping that I could scan incoming IMAP/S emails for viruses and spam and change the subject headers (I realise that without an internal mail server, changing the subject line is all you can do). The default policies are unchanged, except for the values for the 'Prefix Subject' action (I've added [XG] to the start of the string, so that it's obvious when the change has come from the XG). I've also setup a business rule in the firewall to scan emails (any, any for both source and destination networks - MASQ was checked by default, so I left it like that). I should add that these are emails which I'm reading on my Android phone using the Aquamail client over port 993.

Maybe I've misunderstood how it's meant to work, but from the logs, the XG obviously thinks it's doing something to messages it thinks are possible spam, I'm just not seeing it happen. The emails arrive with the prefix [SPAM] (probably added by the spam filter on my email provider's side), would that stop the XG changing it again to what is specified in the policy? [XG] Possible Spam: 

Any thoughts would be appreciated.



This thread was automatically locked due to age.
Parents
  • 0

    Hi all,

    I've recently upgraded to 17.0.1 MR-1 and am still seeing the behavior whereby IMAP emails show up in the log as spam/probable spam and action 'change subject', but when the email is received, the subject isn't actually changed. Can anyone confirm if they have this working for IMAP emails?

    Also, hovering over the blue envelope brings up the following info, don't know if that gives any clues...

    2017-11-29 22:25:46Emailmessageid="15002" log_type="Anti-Spam" log_component="IMAPS" log_subtype="Probable Spam" status="" fw_rule_id="0" user="" policy_name="Probable Spam" sender="NA" recipient="NA" subject="" message_id="" email_size="0" action="Change Subject" reason="" host="" domain="" src_ip="removed by me" src_country="" dst_ip="removed by me" dst_country="" protocol="TCP" src_port="49624" dst_port="993" bytes_sent="0" bytes_received="0" quarantine_reason="Other"

  • 0 in reply to Hyder Khalil

    Hi,

    the message you display is one little bug I have reported many times that the XG scans the same message many times and reports it as spam even after it has delivered the message. If you review your message you notice there is no sender or recipient in the message.

    Also do you have scan imap/s enabled in your firewall rule and installed the certificate on the PC/laptop to stop scanning errors? I would suspect not from that log entry.

    Ian

Reply
  • 0 in reply to Hyder Khalil

    Hi,

    the message you display is one little bug I have reported many times that the XG scans the same message many times and reports it as spam even after it has delivered the message. If you review your message you notice there is no sender or recipient in the message.

    Also do you have scan imap/s enabled in your firewall rule and installed the certificate on the PC/laptop to stop scanning errors? I would suspect not from that log entry.

    Ian

Children
  • 0 in reply to rfcat_vk

    Hello Ian,

    Thanks for your reply. I have a business rule set to scan emails, see below:

    As far as certificates go, I do have them installed on my laptop... but not on the mobile phone. I will see if I can add those and if it makes any difference.

    Many thanks,

    HK