Summary

The article provides detailed information about the IP Reputation header used in MailGate.

Details

If the IP Reputation module is licensed and enabled, MailGate always performs IP reputation on incoming messages, always adding a message header like the following:

X-TMWD-IP-Reputation: SIP=10.1.175.102;
 IPRID=303030312E30413039303330322E34383644353233422E30303241; CTCLS=G3;
 CAT=Whitelisted

The parameters in this header have the following meanings:

SIP

Sender IP address being checked.

IPRID

A unique look-up query ID (used by Tumbleweed to report problems to Commtouch).

CTCLS

Commtouch classification. This is the native Commtouch classification, which is mapped to MailGate classifications.

CAT

MailGate reputation categories, as listed in MailGate's userinterface. The possible values are:

• Blacklisted - known spammers and senders of malicious code
• Suspected High - sources with a high probability of sending spam
• Suspected Medium - sources with a medium probability of sending spam
• Suspected Low - sources with a low probability of sending spam
• Unknown - sources with an unknown reputation
• Whitelisted - sources with a known good reputation
• Unclassified

If MailGate cannot communicate with the Commtouch datacenter, MailGate classifies the message as “unclassified” and finishes processing the message as if there were no IP Reputation processing.

The header is added even though an Accept connection policy is set to skip IP reputation - the reputation lookup is still performed, and header always added, if IP Reputation is enabled.