Possible problem with whitelist process |
Post Reply 
|
| Author | |
Terry 
Senior Member 
Joined: 06 February 2005 Status: Offline Points: 155 |
 Post Options
 Thanks(0)
 Quote Reply
 Topic: Possible problem with whitelist processPosted: 29 January 2007 at 5:12pm |
|
It appears that when a spammer sends to many recipients the blocking process may have a problem. We have some email addresses that we set up as unfiltered because they are shared accounts and critical quarantined items were being missed....now it looks like an email that includes them in the recipient list may forward on to others after them in the list of recipients yet be blocked for those before. In a perfect world the spam message should only go to those recipients that are unfiltered....right? Here is a log entry showing the sequence that happened. The T6Planners@portptld.com is the unfiltered email address. 01/29/07 13:05:26:256 -- (4048) Connection from: 89.53.51.117 - Originating country : Germany ps...we are on version 3.1.3.605 Edited by Terry |
|
 |
|
|
LogSat
Admin Group 
Joined: 25 January 2005 Location: United States Status: Offline Points: 4104 |
Post Options
Thanks(0)
Quote Reply
Posted: 29 January 2007 at 5:16pm |
|
This is a known behavior. When a recipient is whitelisted the email will be delivered regardless of the results of the other filters (except the antivirus). If the email is addressed to multiple recipients, SpamFilter is not able to "split" the email and block it for some whiole delivering it for others, so all recipients will be receiving an email is one of them is whitelisted.
This behavior will change in the new SpamFilter v3.5 that will be released within a month or two (a beta is already available). |
|
|
|
|
Desperado
Senior Member
Joined: 27 January 2005 Location: United States Status: Offline Points: 1143 |
Post Options
Thanks(0)
Quote Reply
Posted: 30 January 2007 at 1:38pm |
|
As a work-around, we always use the ":tag" option when we whitelist so that the other accounts at least get a tag in their subject to filter on localy.
|
|
|
The Desperado
Dan Seligmann. Work: http://www.mags.net Personal: http://www.desperado.com |
|
|
|
|
Terry
Senior Member
Joined: 06 February 2005 Status: Offline Points: 155 |
Post Options
Thanks(0)
Quote Reply
Posted: 30 January 2007 at 2:26pm |
|
I should probably already know this...but what is the :tag option on whitelist.
|
|
|
|
|
LogSat
Admin Group
Joined: 25 January 2005 Location: United States Status: Offline Points: 4104 |
Post Options
Thanks(0)
Quote Reply
Posted: 30 January 2007 at 5:35pm |
|
Desperado,
Now that is a good idea! Had we thought about it ourselves, we may not have programmed the new splitting feature in the 3.5 version!  Terry, for your question, please see the following section of the readme.html help file: Unfiltered Emails - Any local email address listed here will cause SpamFilter to bypass all blacklist rules for it. If you have any users who do not want to have their email filtered, enter them here. Wildcards (* and ?, same rules as DOS wildcards) are allowed. You can also use Regular Expressions (RegEx). This list supports the :TAG option to bypass the default "pass all" rule for entries on this list. If an entry is in the form user@domain1.com:TAGSUBJECT it will cause all emails sent to user@domain1.com to be accepted and then delivered to that user no matter what. However emails that are classified as spam by the various filters will have the prefix "SPAM:" added to the subject line. If an entry is in the form user@domain1.com:TAG it will cause all emails sent to user@domain1.com to be accepted and then delivered to that user no matter what. However emails that are classified as spam by the various filters will have the header "X-SF-SPAM:Y" added to them. |
|
|
|
|
WebGuyz
Senior Member
Joined: 09 May 2005 Location: United States Status: Offline Points: 348 |
Post Options
Thanks(0)
Quote Reply
Posted: 31 January 2007 at 12:00am |
|
So what you saying is if a single spam is sent to 5 regular users and one whitelisted user and I had used the :TAG on the whitelisted user, All 6 of these users would have the "X-SF-SPAM:Y" added to their headers and the email would be allowed thru? How does that help? If I have a content filter check for the "X-SF-SPAM:Y" tag then all (including the whitelisted entry) would be stopped. Maybe its just late but I don't understand how that helps. Any enlightenment would be appreciated. |
|
|
http://www.webguyz.net
|
|
|
|
|
Desperado
Senior Member
Joined: 27 January 2005 Location: United States Status: Offline Points: 1143 |
Post Options
Thanks(0)
Quote Reply
Posted: 31 January 2007 at 10:55am |
|
Terry, Actually, The message is delivered ... yes an annoyance ... but with a tag (in our case "Possible Spam:" in the subject line. Our users are aware of this tag and use their mail client to filter on that wording or in some (actually most) cases, their mail servers themselves can filter them out. |
|
|
The Desperado
Dan Seligmann. Work: http://www.mags.net Personal: http://www.desperado.com |
|
|
|
Topic Options
Desperado wrote:|
Post Reply
|
|
Tweet
|
| Forum Jump | Forum Permissions You cannot post new topics in this forum You cannot reply to topics in this forum You cannot delete your posts in this forum You cannot edit your posts in this forum You cannot create polls in this forum You cannot vote in polls in this forum |
This page was generated in 0.129 seconds.