Logs analyze based on tracing tool
Added 3 months ago
We are getting way to many false positives. How can I adjust the spam filter agreesive level.
Some of our mails were stopped. How do i know the reason behind it and prevent it from re happening ?
In such, we first need to know what is causing this false positives. Please invest some of your cases with a statistical approach. Go to the tracing tol of MailCleaner
give the details of the mails you are looking for and expand the trace of MaiLCleaner by clicking on the Magnifying glass upoon a letter on the left of a given message.
- If the trace is pretty short (about 2 lines) the mail was stopped in SMTP stage, you ll find the reason in these lines
- From there you can search for 'is spam' to know which module did 'hit'.
- If the mail wasnt stopped for being a spam it was most likely stopped for being a newsletter search for 'is newsl' to make sure of that.
- Maybe the attachment was dropped because it was potentially harmfull for your company
Once you found the reason behind those issue, you first need to make sure that changing your setting to prevent those false positives wont low your filtering quality.
False positives are very annoying and we, at MailCleaner, are trying to avoid those as much as possible. But it is preferable to avoid a very few false positives than slowly unconfiguring the different options we propose one by one. I insist on this point since this is something we sadly have met too often : some clients of ours did low their settings with time and ended finding our detection rate wasnt high enough...
You now can consider all options you have to prevent this false positive to re occur and select the best option.
For this all, we are there to assist and point options you may not have consider if you need us to do so.
Here are several classical cases :
Mail was stopped by a RBL (or because of a RBL) : RBL can be used in several places in MailCleaner so you may uncheck a RBL from a specific place to have it used in a less offensive way as described here :
your message was stopped because of UriRBL : this is the most efficient tool versus phishing we have, please ask us to investigate if it is legitimate that the URI that was stopped is listed. If the URL is not harmful anymore, we unlist it.
the attachment were removed and you think it is not legitimate : please open up a ticket and attach the file in question to the ticket. We will treat the file with the maximum confidentiality you can expect from us ans will delete it when the case is solved.
the message was stopped by SpamC. Here is a list of the most commonly asked rules significations :
you are always welcome to open up a ticket for any problem you ve met : we are here to help you. Please give us the maximum details about your case. We sometimes dont get enough details : this makes both of us loose time : give us the maximum information you have,.
You can also report your issues here but this wont get you a dedicated answer. It may also not solve your issues, Reporting the issue as described below is more of a cooperative tool to help us rising the global quality of MailCleaner for everyone.