Sep 18, 2020 
Support Center » Knowledgebase » VisNetic MailServer » AntiSpam Logs, what does [Bypass=X] mean?
 AntiSpam Logs, what does [Bypass=X] mean?
Solution

VisNetic MailServer 8.x (for version 9 see below)

When by-passing is applied to AntiSpam the log will reference a by-pass number in brackets. This number will need to be converted from hexidecimal to binary. The matching binary bits are associated with specific by-pass options for antispam, for example, the log may have an entry such as [Bypass=14]. You have to convert the hexadecimal number to binary (14=00010100) and then check each bit set to 1 with the following by-pass reason.

We will use the [Bypass=14] as an example

The [Bypass=14] code can be translated using the following chart... first translate the code from HEX to Binary using the windows calculator in Scientific view.

1. Open the calculator.

2. Select the "View", "Scientific" menu option.

3. Select the "Hex" radio button.

4. Enter the code to be translated.

5. Select the "Binary" radio button.

6. Use the codes below to determine why the message bypassed the AntiSpam system.

As an example, a bypass code of Hex 14 translates to Binary 00010100... If I apply this Binary code to the chart below I find that the "Connecting IP is trusted or session is authenticated" and "Message size exceeded AntiSpam setting".

00000001 - The IAS license has expired

00000010 - Sender is on a whitelist

00000100 - Connecting IP is trusted or session is authenticated

00001000 - Outgoing messages are set to bypass AntiSpam

00010000 - Message size exceeded AntiSpam setting, this limit can be set in spam.dat file 96kb is the default (IgnoreMessagesLarger=96)

00100000 - Sender, IP or domain is in AntiSpam bypass file: spam/spambypass.dat

01000000 - A non-user account is the recipient of a message and processing of these accounts is not enabled

10000000 - Processing mode or account service access is set so that AntiSpam is not applied to this account

VisNetic MailServer 9.x

The AntiSpam engine issues reason codes when it scores a message as spam, and when it bypasses AntiSpam
processing for a message.

There are three logical sets of codes - Spam Reasons, Charset Reasons and Bypass Reasons, which are
described below:

Spam Reasons
P - HTML and Text parts don't match
E - External images in content
N - No Text part
I - Embedded image in content
B - No Body and No Subject
R - No intermediary Server
S - Message contains a script
F - Spam scored via a Filter
K - Spam scored via Blacklist Keyword

Charset Reasons
F - Charset not allowed
M - Missing Charset information

Bypass Reasons
L - License is invalid
W - Sender is on Whitelist
T - Sender is Trusted
O - Message is Outgoing
S - Message exceeds size threshold for checking
B - Sender information is in Bypass file
A - Message is from a Non-User account (e.g. mailing list)
M - Spam processing was bypassed because the Access Mode was set for specific accounts, and this account is not one of them.
G - Sender exists in GroupWare address books.
K - Words found in Whitelist keywords
Q - Quarantine bypass for local domains/users

Intrusion Prevention Reasons
C - Tarpitting invoked via Content Filters
I - IP blocked for exceeding connections in one minute
M - IP blocked for delivering oversized message
R - IP blocked for exceeding RSET command count
D - IP blocked for being listed on DNSBL
A - The account that this message was sent to was a "tarpit" account so the sending IP is tarpitted
P - IP block for exceeding unknown User delivery count
Y - IP blocked for Relaying
S - IP blocked for exceeding Spam score in a message
U - IP blocked Manually via Console



Article Details
Article ID: 566
Created On: Dec 08, 2006 02:05 PM

 This answer was helpful  This answer was not helpful

 Back
 Login [Lost Password] 
Email:
Password:
Remember Me:
 
 Search
 Article Options
Home | Register | Submit a Ticket | Knowledgebase | News | Downloads
Language: