Community Discussions and Support
Spamhalter - how to get back false positives?

my very first rule is
If expression headers matches "*received*from bouncejimmyspam*" Goto "jimmyjim"

 bunch of other filtering rules here....

my last two rules are:
Label "jimmyjim"
Always Exit ""

 

I then configured Pegasus mail to use this name in the helo

bouncejimmyspam

 

The odds of a spammer using that exact string is pretty remote

 

 

<p>my very first rule is If expression headers matches "*received*from bouncejimmyspam*" Goto "jimmyjim"</p><p> bunch of other filtering rules here.... </p><p>my last two rules are: Label "jimmyjim" Always Exit ""</p><p> </p><p>I then configured Pegasus mail to use this name in the helo</p><p>bouncejimmyspam </p><p> </p><p>The odds of a spammer using that exact string is pretty remote </p><p> </p><p> </p>

Once Spamhalter has recognized and marked a message as spam, it will redirect this spam message to spam folder. But sometimes we have a false positive in our spam folder. How could I process this e-mail so that it could be forwarded to the initial addressee?

I have already tried to forward it firstly to our no_spam folder of Spamhalter. The mail will be processed and removed by Spamhalter from the no_spam folder for updating its spam database. So far so good, but after that I'm still not able to forward the mail from the spam folder to its original destination after database update and restart of Mercury+Spamhalter. It comes again and again back to the spam folder. Of course, the mail has been marked by Spamhalter. But I cannot manually change every false positive raw file to delete the spam classification inside.

Further I have tried to add the affected sender's address from the false positive to the "exclusion from processing" list of Spamhalter. But also this doesn't take any effect. The forwarded mail comes back to the spam folder as a copy of itself.

Also within the Spamhalter manual I didn't find anything in this regard. Only the sentence: "If you have a false positive message, forward it to the nospam correction address".

Cheers

Joerg

<p>Once Spamhalter has recognized and marked a message as spam, it will redirect this spam message to spam folder. But sometimes we have a false positive in our spam folder. How could I process this e-mail so that it could be forwarded to the initial addressee?</p><p>I have already tried to forward it firstly to our no_spam folder of Spamhalter. The mail will be processed and removed by Spamhalter from the no_spam folder for updating its spam database. So far so good, but after that I'm still not able to forward the mail from the spam folder to its original destination after database update and restart of Mercury+Spamhalter. It comes again and again back to the spam folder. Of course, the mail has been marked by Spamhalter. But I cannot manually change every false positive raw file to delete the spam classification inside. </p><p>Further I have tried to add the affected sender's address from the false positive to the "exclusion from processing" list of Spamhalter. But also this doesn't take any effect. The forwarded mail comes back to the spam folder as a copy of itself. </p><p>Also within the Spamhalter manual I didn't find anything in this regard. Only the sentence: "If you have a false positive message, forward it to the nospam correction address".</p><p>Cheers</p><p>Joerg </p>

Ok, since nobody has an idea I have no choice but to manually edit the corresponding cnm file to rescue this false positive from spam. I have removed now all X-SPAMHALTER entries within the cnm file and saved it. Then I have opened the SPAM folder with Pmail and have forwarded the e-mail to the original addressee (local user). Now the mail has been forwarded with success.

In general, the training of the spamhalter database by forwarding e-mails to an "is_spam" or "no_spam" folder works fine, but takes effect only for the next incoming mails. But there is presently no chance to change the classification of e-mail which already marked as "spam" - except editing the cnm file manually.

<p>Ok, since nobody has an idea I have no choice but to manually edit the corresponding cnm file to rescue this false positive from spam. I have removed now all X-SPAMHALTER entries within the cnm file and saved it. Then I have opened the SPAM folder with Pmail and have forwarded the e-mail to the original addressee (local user). Now the mail has been forwarded with success. </p><p>In general, the training of the spamhalter database by forwarding e-mails to an "is_spam" or "no_spam" folder works fine, but takes effect only for the next incoming mails. But there is presently no chance to change the classification of e-mail which already marked as "spam" - except editing the cnm file manually. </p>

Hi Joerg,

 I use POPFile instead of Spamhalter but run into the same problem occasionally.  I don't have any filtering on the spam tag at the Pegasus Mail level so I just copy the .cnm file to the recipients mailbox directory.

<p>Hi Joerg,</p><p> I use POPFile instead of Spamhalter but run into the same problem occasionally.  I don't have any filtering on the spam tag at the Pegasus Mail level so I just copy the .cnm file to the recipients mailbox directory. </p>

Hi Joerg

I don't know of any way to avoid manually editing the file, but there is another way to put it back in the queue, once you've whitelisted it.

Open the .CNM on your text editor, delete the spamhalter headers and add three lines at the top of the file - the first showing $$ followed by the sender of the mail, the second showing the recipient and the third is blank. The blank line is important!

For example:

$$ sender@sendersdomain.com
user@yourdomain.com

[add contents of CNM file here (with spamhalter headers removed)]

Then save the file in MERCURY/QUEUE/, changing the .cnm extension to .101  - Mercury will pick it up and deliver it with no sign of where it's been.

If you have a lot to process, maybe a macro or something would be possible?

Chris

 


 

<p>Hi Joerg</p><p>I don't know of any way to avoid manually editing the file, but there is another way to put it back in the queue, once you've whitelisted it.</p><p>Open the .CNM on your text editor, delete the spamhalter headers and add three lines at the top of the file - the first showing $$ followed by the sender of the mail, the second showing the recipient and the third is blank. The blank line is important! </p><p>For example: </p><blockquote><p>$$ sender@sendersdomain.com user@yourdomain.com [add contents of CNM file here (with spamhalter headers removed)]</p></blockquote><p>Then save the file in MERCURY/QUEUE/, changing the .cnm extension to .101  - Mercury will pick it up and deliver it with no sign of where it's been. </p><p>If you have a lot to process, maybe a macro or something would be possible? </p><p>Chris </p><p> </p><p> </p><p> </p>

Hi Chris,

Thanks for your reply. But your procedure is similar to mine without saving effort. In any case I have to manually edit the cnm file to bring the mail back into the game.

Greetings

Joerg

<p>Hi Chris,</p><p>Thanks for your reply. But your procedure is similar to mine without saving effort. In any case I have to manually edit the cnm file to bring the mail back into the game.</p><p>Greetings</p><p>Joerg </p>

All i do is forward it back to the notspam account and to the original addressee using Pegasus mail's bounce option.  I'm pretty sure Spamhalter only marks message as spam but doesn't move anything.  Content control is what actually moves it to the spamfolder for me.

 

The very first rule in my content control file recognizes emails from me and skips all the other rules including the one that copies messages marked as spam to the spam folder.

<p>All i do is forward it back to the notspam account and to the original addressee using Pegasus mail's bounce option.  I'm pretty sure Spamhalter only marks message as spam but doesn't move anything.  Content control is what actually moves it to the spamfolder for me.</p><p> </p><p>The very first rule in my content control file recognizes emails from me and skips all the other rules including the one that copies messages marked as spam to the spam folder. </p>

Hi jbanks,

Indeed, you are right. Sometimes the simplest things are being overlooked.

Spamhalter is only marking an e-mail. The moving to the SPAM folder will be carried out by content control. We've got a global rule in place which is filtereing the mails marked as SPAM and moving them to the SPAM folder. And as soon as I manually bounce it to another user (by Pmail) the content control triggers again, irrespective whether I have forwarded it to the NOSPAM folder or not.

I will create another top filter rule which allows the bounce from the SPAM folder to a local user and which is terminating the follow-up rules when triggered.

Cheers

Joerg

 

edit: Now I have added another general filter rule in front of the SPAM filtering rule. But this rule doesn't trigger when trying to bounce a false positive from SPAM folder. During bouncing the original sender's address is further in use and the new rule doesn't tigger. But when using the Pmail option "forwarding with editing", the original sender's address is being replaced by the own address (in our case: spam@domain.com) and the rule is working and the mail is being forwarded to the local user.

Further advance is, that I'm able to write a short comment to the recipient like: "attention, could be spam! ", or something like this.

<p>Hi jbanks,</p><p>Indeed, you are right. [I] Sometimes the simplest things are being overlooked.</p><p>Spamhalter is only marking an e-mail. The moving to the SPAM folder will be carried out by content control. We've got a global rule in place which is filtereing the mails marked as SPAM and moving them to the SPAM folder. And as soon as I manually bounce it to another user (by Pmail) the content control triggers again, irrespective whether I have forwarded it to the NOSPAM folder or not.</p><p>I will create another top filter rule which allows the bounce from the SPAM folder to a local user and which is terminating the follow-up rules when triggered.</p><p>Cheers</p><p>Joerg </p><p> </p><p>edit: Now I have added another general filter rule in front of the SPAM filtering rule. But this rule doesn't trigger when trying to bounce a false positive from SPAM folder. During bouncing the original sender's address is further in use and the new rule doesn't tigger. But when using the Pmail option "forwarding with editing", the original sender's address is being replaced by the own address (in our case: spam@domain.com) and the rule is working and the mail is being forwarded to the local user.</p><p>Further advance is, that I'm able to write a short comment to the recipient like: "attention, could be spam! ", or something like this. </p>
live preview
enter atleast 10 characters
WARNING: You mentioned %MENTIONS%, but they cannot see this message and will not be notified
Saving...
Saved
With selected deselect posts show selected posts
All posts under this topic will be deleted ?
Cancel
Delete
Pending draft ... Click to resume editing
Discard draft