Reason Codes
The Antispam engine issues reason codes when it scores a message as spam, and when it bypasses antispam processing for a message.
There are four logical sets of codes - spam reasons, charset reasons, IceWarp Antispam LIVE reasons and bypass reasons, which are described in the tables below:
Spam Reasons
| Code Issued |
Reason |
|---|---|
|
P |
HTML and text parts do not match |
|
E |
External images in content |
|
N |
No text part |
|
I |
Embedded image in content |
|
B |
No body and no subject |
|
R |
No intermediary server |
|
S |
Message contains a script |
|
F |
Spam scored via a filter |
|
K |
Spam scored via blacklist keyword |
|
X |
Message cannot get to quarantine from any reason (e.g. Antispam database is not accessible). |
Charset Reasons
Bypass Reasons
| Code Issued |
Reason |
|---|---|
|
B |
Bypassed because of an entry in the bypass file. This could be sender, recipient, local sender, trusted session, etc. |
|
G |
Sender exists in GroupWare address books. |
|
H |
Whitelist and blacklist are skipped if the remote side tells us the sender is local, but the session is not authenticated nor comes from a trusted IP. The email is then processed as usually - other rules are applied. It can be turned off only using API console - the SpamSkipBypassLocalUntrusted variable. Note: So, if this variable is set to true, emails from local untrusted users will be checked by antispam (= bypass is skipped). If this variable is set to false, messages with a local sender not coming from a trusted connection will be bypassed by antispam. |
|
K |
Words found in whitelist keywords. |
|
L |
License is invalid. |
|
M |
Spam processing was bypassed because the access mode was set for specific accounts, and this account is not one of them. |
|
O |
Message is outgoing. |
|
Q |
Local domain senders whitelisted. Note: If you want to whitelist / not whitelist local domain senders, enable/disable this option on the Antispam - Black & White List node - Whitelist tab. |
|
R |
Sender is listed as a contact in the recipient's IM roster. |
|
S |
Message exceeds size threshold for checking. |
|
T |
Sender is trusted - the session was authenticated or the sender's IP is set in trusted IPs. |
|
U |
If the Spam folder or quarantine reports are enabled, senders of all SMTP connections from localhost or from another "friendly" servers in load balanced scenario are compared with the sender specified in the settings of spam / quarantine reports. If match is found, connection is whitelisted and bypass reason U is set. |
|
W |
Sender is on whitelist, or a rule was used to ACCEPT the message. |
|
X |
Message could not be quarantined for some reasons, e.g. quarantine is not active. (See the Antispam - General - Other tab.) |
|
J |
Recipient's access mode does not allow to quarantine. (See the <user> - Policies tab.) |
IceWarp Antispam LIVE Reasons - identified as LIVE
