"Run Rules Now" works, but automatic doesn't

[Tom]

I have a rule that fails to catch all the targeted mail in my InBox.

But if I then run the rule manually (with"Run Rules Now") the remainder of
the targeted mail in my InBox gets handled properly by the rule.

This inconsistancy between when the rule is run automatically and manually
is weird.

Anyone have any suggestions?

PS Outlook 2007 on Vista.

 

[VanguardLH]

I have a rule that fails to catch all the targeted mail in my InBox.

But if I then run the rule manually (with"Run Rules Now") the
remainder of the targeted mail in my InBox gets handled properly by
the rule.

This inconsistancy between when the rule is run automatically and
manually is weird.

You are running ONLY the one rule when you exercise it manually. That
means you are not also running all the other rules. Rules are
exercised in the order they are listed. You have prior rules that get
triggered and prevent or interfere with your later problematic rule.
You can change the order of your rules, or better analyze them to
determine what should be their proper order and if you are using the
correct conditions within your rules.

If you select ALL rules when you run manually, does the problematic
rule work or not?

 

[Tom]

If you select ALL rules when you run manually, does the problematic rule

work or not?

Yes, when I enable all rules and running them manually, the problematic rule
works.

Thanks.

 

[Tom]

Your message got me to thinking and I suspect that Outlook's built-in spam
detecting rules are superceding my rule.

Since a spammer starting spoofing my return address, I'm getting buried by
"bounced" messages: about 50/hour.

Outlook's internal spam detector is moving these messages to a "Junk"
folder.

However there are so many of them, that when reviewing the "Junk" folder, I
can't spot the handful of other email that sometimes is flagged as spam but
isn't.

I'm trying to create a custom rule that would automatically move these
messages to a "Bounced" folder rather than the automatic "Junk" folder.

So, I think your analysis is correct: another rule (Outlooks internal spam
detector) is getting to these emails first. I'm going to try turning off
Outlook's "Automatic" filtering (as much as I hate to) to see if my rule
then is applied. At least then I'll understand what's going on.

 

[Brian Tillman]

Yes, when I enable all rules and running them manually, the
problematic rule works.

It would help if you posted the exact rule text and an example of a message
you think should trigger it.

 

[Brian Tillman]

Your message got me to thinking and I suspect that Outlook's built-in
spam detecting rules are superceding my rule.

The Junk E-mail filter runs before the Rules engine. You can't change that.
You can, however, as you say, reduce the sensitivity of the Junk E-mail
filter or, if you find those messages, add the sender to your Safe Sender's
list (or in the case of a mailing list, add the list address to the Safe
Recipients list).

 

[Tom]

The only rule I have is:

Apply this rule after the message arrives
with 'undelivered' or
'Mail delivery failed' or
'Mail delivery failure' or
"FAILURE NOTICE' or
'Returned mail' or
'Undelivered:' or
'(Failure)' or
'Returned to Sender' or
'Undeliverable:' or
'undeliverable' or
'warning:' or
'Your message did not reach some or all of the intended recipients' or
'Undeliverable'
move it to the Spoofed folder

An example of email that is not having the rule applied:

From: System Administrator
Sent: Wednesday, October 24, 2007 2:15 PM
To: <REDACTED>
Subject: Undeliverable: French rock star Bertrand Cantat released from
prison


Your message did not reach some or all of the intended recipients.

Subject: French rock star Bertrand Cantat released from prison
Sent: 10/24/2007 2:25 PM

The following recipient(s) cannot be reached:

<REDACTED> on 10/24/2007 2:15 PM
The e-mail account does not exist at the organization this
message was sent to. Check the e-mail address, or contact the recipient
directly to find out the correct address.
<back2server.back2.local #5.1.1>

The above mail is ending up in my Junk folder, not the Spoofed filter. I
have set my Junk Mail to "No automatic filtering" I understand that even
with that settting, mail from blocked senders is still sent to the Junk
folder. But "System Administrator" does not appear in my blocked senders
folder. (In fact, appropriately, Outlook prohibits adding "System
Administrator" to the blocked senders folder.)

If I select "Run Rules Now," then the above e-mail is properly moved to the
Spoofed folder. So the rule is right. It seems like Outlook for some reason
considers this email as spam (even though I have "No automatic filtering"
selected) and pre-empting my rule...

Any suggestions?

Thanks for your help!

Tom

 

[Tom]

I omitted, when transcribing my rule in my previous e-mail, to type in the
words "in the subject"

 

[VanguardLH]

Yes, when I enable all rules and running them manually, the
problematic rule works.

Then I would suspect you are attempting to exercise a rule that checks
for a string but within HTML-formatted e-mails. The string
"superfluous" is not the same as "super<b></b>fluous". While YOU
don't see the HTML formatting, especially because it toggles on and
off the bolding but affects no characters, your rule will still see
all the HTML tags. All HTML is plain text but e-mail clients will
attempt to render the HTML formatting which can mean some effects are
invisible to you.

You'll need to look at the raw source of the e-mail to see if the
string is actually in the one that you think your rule should trigger
on. If you are trying to trigger on spam words, and if they are
HTML-formatted e-mails, there are lots of ways of hiding those spam
words, like using abutting HTML tags, using tables, or other
formatting methods.

 

[VanguardLH]

The only rule I have is:

Apply this rule after the message arrives
with 'undelivered' or
'Mail delivery failed' or
'Mail delivery failure' or
"FAILURE NOTICE' or
'Returned mail' or
'Undelivered:' or
'(Failure)' or
'Returned to Sender' or
'Undeliverable:' or
'undeliverable' or
'warning:' or
'Your message did not reach some or all of the intended recipients'
or
'Undeliverable'
move it to the Spoofed folder

Wrong rule. Use the following which detects if it is a *valid* NDR
(non-delivery report) by checking for the header.

Apply this rule after the message arrives
with "report-type=delivery-status" in the message header
and move it to the Junk folder (or wherever you want)
and stop processing more rules

You neglected to include the stop-clause. You are also attempting to
trigger on the various comments that a mail server *might* insert in
the body to denote the cause of the NDR. Trigger on the header.

 

[Tom]

Thanks, Vanguard, for your suggestions.

I added your "report-type=delivery-status" rule. It behaves the same way as
my rule that checks for "Mail delivery failed" in the subject line. The
emails that are bounce messages are ending up in my Junk folder rather than
the spoofed folder that the rule calls for. This means that the rule is not
being applied when the message is received.

Manually applying the rule to the messages in the Junk folder behaves
properly: the messages are detected and moved to my spoofed folder.

So my problem remains: Even though I have "No automatic filtering" selected
(under Junk Mail Options), and even though these emails are from "System
Administrator" (which is not part of or allowed to be part of my "Blocked
Senders List") Outlook is moving these mails to the Junk folder.

Any other thoughts?

 

[VanguardLH]

Even though I have "No automatic filtering" selected ...

Set Outlook's junk filtering to "no automatic filtering". Then exit
Outlook. Make sure that no outlook.exe remains running in the
Processes tab in Task Manager. Load a new instance of Outlook. Then
check if that junk option remained set the way you wanted. I've seen
some users claim that the setting sticks but after a couple hours has
been reset to Low.

 

[Tom]

Hi, Vanguard,

Okay, I think (with your help) I've narrowed it down. (This almost deserves
a new thread!)

Outlook, even with "No automatic filtering" selected and NO rules at all, is
moving some items to the Junk E-mail box. (This is after a re-boot and
confirmation that these settings stuck.)

It seems to me that this is a bug. AND, this behavior seems to have
priority and is apparently interfering with rules that I write.

Darn.

Any final suggestions other than to get in the car and drive across the lake
to Bill Gates' house and ask him to give me back the several hours of my
time this has wasted?!

PS He lives in an somewhat more upscale neighborhood than I do!

 

[VanguardLH]

Hi, Vanguard,

Okay, I think (with your help) I've narrowed it down. (This almost
deserves a new thread!)

Outlook, even with "No automatic filtering" selected and NO rules at
all, is moving some items to the Junk E-mail box. (This is after a
re-boot and confirmation that these settings stuck.)

It seems to me that this is a bug. AND, this behavior seems to have
priority and is apparently interfering with rules that I write.

Have you yet tried to load Outlook in its safe mode ("outlook.exe
/safe") which will NOT load any plug-ins installed for Outlook? Maybe
your antivirus program's plug-in is being too intrusive. If that
fails to get rid of the problematic behavior then I'd try using
msconfig (or SysInternals AutoRuns) to disable all startup items,
reboot, and test again, or even try rebooting into Windows' Safe Mode
(with networking).

 

[Tom]

Great suggestion, Vanguard! I ran Outlook with /SAFE and unfortunately, it
appears that Outlook is ignoring the "no automatic filtering" selection in
the Junk email options window.

When the first spam arrived, I got this pop-up:

"Outlook has downloaded a message that appears to be junk email. This
message was automatically moved to the junk folder."

So, now I'm at my wit's end. It seems that there is no way to tell Outlook
not to apply its own spam filtering rules. And, in fact, I DO want it to
apply its rules... but only after my rules are applied.

Have you sny further thoughts?

 

[VanguardLH]

Great suggestion, Vanguard! I ran Outlook with /SAFE and
unfortunately, it appears that Outlook is ignoring the "no automatic
filtering" selection in the Junk email options window.

When the first spam arrived, I got this pop-up:

"Outlook has downloaded a message that appears to be junk email.
This message was automatically moved to the junk folder."

So, now I'm at my wit's end. It seems that there is no way to tell
Outlook not to apply its own spam filtering rules. And, in fact, I
DO want it to apply its rules... but only after my rules are
applied.

Have you sny further thoughts?

I'm out. Unless maybe you are in a domain and a GPO is getting pushed
to your host. However, although the policy gets foisted onto your
host, I thought that was only during login. Sounded like you had
logged in and then changed the junk filter which means that setting
should stick during the rest of your current Windows session. If the
IT folks don't know about some trick they used to enforce junk
filtering (I recall something to do with Office policies but never got
into them or got afflicted with them to then figure out how to
circumvent them), I'd try doing a repair (under the Help menu in
OL2002 - you'll probably need the install CD, a network install path,
or the subdir left behind called, I think, c:\msoffice or something
like that, where the cab files were stored to perform later
customizations of the install) or do an uninstall and reinstall.

In fact, a trick I use to get around some policies (those that effect
registry changes), is to simply put a "regedit /s <regfile>" event in
Task Scheduler to run on login (or I could use a shortcut in the
Startup group under the Start menu). For example, some companies
enforce a scree saver timer of 15 minutes but on a shared host this
resulted in having to divulge the login password to too many users in
case the password-protected (another GPO setting) screen saver got
activated, or someone with the password had to be found and go visit
the shared host. So the GPO got pushed during login, we weren't
logging off (to login again), GPOs are effected only during login, so
they pushed their policy when we started the host but then we (with
admin privs) would change the registry to what we wanted. Wouldn't
work unless we had admin rights (on the domain to that host), in
Development of Software QA we always had to have those privileges. We
couldn't get them to have different policies for our hosts (i.e., it
was a company-wide policy to which they allowed no exceptions). We
told them what we planned to do and they okayed it so it was a way for
us to modify the policies for our hosts and with permission.

 

[Tom]

Final outcome:

I spoke with our IT department. Our Exchange server's rules were be applied
before my local rules. That explains the behavior I was seeing.

Sorry to have taken your time so needlessly.

I appreciate, Vanguard, your efforts to help.

Tom