E-Mail gets deleted by what seems to be Local Bad Sender IPs policy but sender's IP address visible in Message Audit Log (MAL) field "Accepted From:" cannot be found on the Local Bad Sender IPs list.
MAL entry displays following information:
- Verdict: System denied IP
- Filter Policy: static delete
- Action taken: Delete message
Screenshot of MAL verdict:
This works as designed.
Message Audit Log is designed to primarily display IP Address discovered at connection time. Local Bad Sender IPs policy applies to IP Address discovered at connection time as well as any IP addresses discovered in "Received:" headers which are present in "Message Body" part of e-mail message.
For further information with regards to differences between "Message Envelope" and "Message Body" please refer to following documents:
http://tools.ietf.org/html/rfc5321
http://tools.ietf.org/html/rfc5322
http://en.wikipedia.org/wiki/Simple_Mail_Transfer_Protocol
http://en.wikipedia.org/wiki/Email
Please consider following example to illustrate the situation:
1. Local Bad Sender IPs policy configured as follows:
2. E-Mail with following contents in message body part:
3. Message is sent from MTA with IP 10.2.46.241, correct verdict delivered by SMG, based on contents of "Received:" headers found in message body: