Filters not getting everything |
Post Reply 
|
| Author | |
Tim 
Guest Group 
|
 Post Options
 Thanks(0)
 Quote Reply
 Topic: Filters not getting everythingPosted: 31 January 2004 at 8:49am |
|
I am running the trial version on a Windows 2K box. The problem I am seeing that the keyword filter is not working. Not at all. The next problem has been going on for some time. I am using Authorized_TO_Emails to filter mail. Everything else should disconnect, yet I am seeing several SPAM slip through and it shows the SpamFilter tags in the headers. Example: The Authorzied To filter worked and let it in but shouldn't the keyword filter have caught the README.ZIP that I had entered? x-sender: andrew@insightbb.com In addition, I have had several messages come through that are listed in the Block Domain file. I have a lot of entries there, too many perhaps? Any help would be greatly appreciated. Thanks for such a great product. Looking forward to paying full price soon. -Tim |
|
 |
|
|
LogSat
Admin Group 
Joined: 25 January 2005 Location: United States Status: Offline Points: 4104 |
Post Options
Thanks(0)
Quote Reply
Posted: 01 February 2004 at 10:51am |
|
Tim, If you post your keyword file, along with a sample message source that made it thru, we'll take a look at why it's not working as you expect. SpamFilter will tag every email it processes, so whatever is delivered will have the X-Server tag in it. If spam slips thru (which can happen) it will of course have that tag in it. If you enter "READ ME.ZIP" in the keyword file it will not get blocked, since that word appears in the mime headers, not the message body itself. The keyword filters only look in to the subject and text body of incoming emails. The new beta version that was just released allows attachment blocking, which allows you to specify exact or wildcard filenames to block. For the "Block Domain" msgs that slip thru, can you post your black domain entries and the headers of a message that went thru? We'd also need a copy of your spamfilter activity log for that day or (preferred), if you can cut out the section of time that shows the incomign message that will be better. With this info we'll be able to hopefully see what happens. Roberto F.
|
|
|
|
|
Tim
Guest Group
|
Post Options
Thanks(0)
Quote Reply
Posted: 01 February 2004 at 12:22pm |
|
Hi Roberto,
Here is one example of blacklisted domain: I sent an email to you with the attached blocked domain list. It's stuck in the outgoing queue for some reason. I have attached the BLOCKED DOMAIN text file. The domain in question is ms21.maildealz.com and maildealz.com. That's how I have it listed in the filter. I also have dosser.co.uk listed
The Connection Activity log shows:
================================
02/01/04 10:13:40:015 -- (5608) - Domain is in local blacklist file...
02/01/04 10:13:40:015 -- (5608) 81.218.246.92 - Mail from: selamborn@dosser.co.uk To: 332e8b80.643f@caltim.com will be disconnected 02/01/04 10:13:40:015 -- (5608) Disconnect 02/01/04 10:13:44:390 -- (5608) Connection from: 216.74.151.221 - Originating country : United States 02/01/04 10:13:44:609 -- (5608) Resolving 216.74.151.221 - ms21.maildealz.com 02/01/04 10:13:44:609 -- (5608) Bypassed all rules for: HARSHAD@CAROLINABEER.COM from 147804841.WINANYLOTTOA1@bounce.MailDealz.com 02/01/04 10:13:44:828 -- (5608) EMail from 147804841.WINANYLOTTOA1@bounce.MailDealz.com to HARSHAD@CAROLINABEER.COM was queued. Size: 8 KB 02/01/04 10:13:44:859 -- (5608) Disconnect ====================================
The email is below. Can't figure this one out. This account is getting hammered with SPAM from this domain How can I kill them?:
x-sender: 1075618810628@mailserver2.MailDealz.com x-receiver: HARSHAD@CAROLINABEER.COM Received: from crusher ([10.228.215.212]) by caltim.com with Microsoft SMTPSVC(5.0.2195.6713); Sun, 1 Feb 2004 09:48:21 -0500 Received: from 216.74.151.221 by 10.228.215.212 (LogSat Software SMTP Server - Unlicensed Evaluation Copy) Sun, 1 Feb 2004 09:58:06 -0500 Received: from ms21.maildealz.com (127.0.0.1) by ms21.maildealz.com (PowerMTA(TM) v1.5); Sun, 1 Feb 2004 10:01:04 -0500 (envelope-from <147804841.WINHUNDREDE1@bounce.MailDealz.com>) Message-ID: <147804841.1075647664871.WINHUNDREDE1@ms21.maildealz.com> Date: Sun, 1 Feb 2004 10:01:04 -0500 (EST) From: "WinHundred" <1075618810628@mailserver2.MailDealz.com> Reply-To: "WinHundred" <specialoffers@MailDealz.com> To: <HARSHAD@CAROLINABEER.COM> Subject: HARSHAD: Cash Prize Entry Form MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="530912025.1075647664873" X-Server: LogSat Software SMTP Server - Unlicensed Evaluation Copy X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Return-Path: <1075618810628@mailserver2.MailDealz.com> X-OriginalArrivalTime: 01 Feb 2004 14:48:21.0750 (UTC) FILETIME=[7011D960:01C3E8D2] X-UIDL: 691This is a multi-part message in MIME format.--530912025.1075647664873 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Transefer-Encoding: 8bit Content-Disposition: inlineThe following is an email advertisement.Truncated by me |
|
|
|
|
Tim
Guest Group
|
Post Options
Thanks(0)
Quote Reply
Posted: 02 February 2004 at 9:38am |
|
Hi Roberto, I have the Keyword file working but now SF seems to be ignoring or misreading the AUTHORIZED TO files. tim@caltim.com is in the AUTHORIZED TO file rules. Yet it's blocking. 02/02/04 09:16:04:734 -- (6008) Connection from: 205.152.59.68 - Originating country : United States This is a real problem. It's happening too often. A lot of ligit mail is now getting blocked. |
|
|
|
|
LogSat
Admin Group
Joined: 25 January 2005 Location: United States Status: Offline Points: 4104 |
Post Options
Thanks(0)
Quote Reply
Posted: 02 February 2004 at 11:33pm |
|
Tim, The AUTHORIZED TO whitelist lists all emails addresses to which the outside world can email to. Any recipient outside that list will cause the email to be rejected. If a recipient is in the AUTHORIZED TO list, the email still has to go thru all other filtering rules to make sure it's not spam before being delivered. If it matches a rule, it will be rejected. The whitelist to use in case you want to skip ALL filtering rules for a recipient is the "Unfiltered Emails" whitelist. That said, if I misinterpreted your questions, please accept my apologies, and let's try again! Roberto F. |
|
|
|
|
Tim
Guest Group
|
Post Options
Thanks(0)
Quote Reply
Posted: 03 February 2004 at 8:44am |
|
Hi Roberto, That's got it. The only question I am having now is why mail that passes all the other rules still hits the Auto_To file and is blocking emails to reciepients in the list. |
|
|
|
|
LogSat
Admin Group
Joined: 25 January 2005 Location: United States Status: Offline Points: 4104 |
Post Options
Thanks(0)
Quote Reply
Posted: 03 February 2004 at 1:50pm |
|
To answer that we'll need to see SpamFilter's activity log showing the incoming email being processed, along with your SpamFIlter.ini and all white/black list files. Roberto F. |
|
|
|
Topic Options|
Post Reply
|
|
Tweet
|
| Forum Jump | Forum Permissions You cannot post new topics in this forum You cannot reply to topics in this forum You cannot delete your posts in this forum You cannot edit your posts in this forum You cannot create polls in this forum You cannot vote in polls in this forum |
This page was generated in 0.242 seconds.