So I decided to whitelist the message using:
WHITELIST FROM root
in the Global.cfg file.
FYI, I would not recommend that -- it will whitelist all E-mails that have "root" in their return address (such as "[EMAIL PROTECTED]").
X-Declude-Sender: root [204.189.38.3] X-Queue-File: D523f367500567d1d.SMD - outgoing X-Note: Total spam test weight: 0
These headers do correspond with:
--- Log file entry: M:\IMail\Declude\Unix-Tools>grep "Q523f367500567d1d" m:\imail\spool\spam\log\dec0921.log NO LOG ENTRY FOUND =====
this. If Declude JunkMail is not run for some reason, you will still see those partial headers. In this case, it uses different code to get the IP address, which only checks the first line. This normally will happen if Declude Virus quarantines an E-mail.
Do you have any C:\Declude.gp1 or C:\Declude.gp2 files with a date similar to the time that E-mail was processed (or more recent)?
Note that Declude was now able to determine the IP address of the sending server (strange). But when the whitelist is enabled, there is an even stranger side effect in that nothing for the message shows up in the JunkMail log file. Remove the whitelist entry, and Declude again cannot determine the sending servers IP address, but the message once again shows up in the logs.
It just occurred to me that this may be happening if you use the "PREWHITELIST ON" option, which essentially disables Declude JunkMail if a whitelist occurs. This could have the side-effects that you are mentioning. It will not use the expected (by me) IP, because different code is used to determine the IP when the Declude JunkMail code is not run, and certain headers may not be added.
I'll need to investigate this further to see what changes need to be made when the PREWHITELIST ON setting is used.
As for the IPs, the Declude JunkMail code is behaving correctly without the PREWHITELIST ON setting. Specifically, you have an IPBYPASS (or HOP) line that is telling it to skip over the first hop, but the second hop (the one where the IP should be) is missing the IP address. If it had "127.0.0.1" in there, then Declude JunkMail would see that as the IP address. But since there is no IP, Declude JunkMail treats this the same as if there was no IP listed at all.
-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection.
Find out what you've been missing: Ask about our free 30-day evaluation.
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
