Spam Filter ISP Support Forum

  New Posts New Posts RSS Feed - Spam tagging Multi-Recipient emails incorrectly
  FAQ FAQ  Forum Search   Register Register  Login Login

Spam tagging Multi-Recipient emails incorrectly

 Post Reply Post Reply
Author
StevenJohns View Drop Down
Senior Member
Senior Member


Joined: 03 August 2006
Status: Offline
Points: 119
Post Options Post Options   Thanks (0) Thanks(0)   Quote StevenJohns Quote  Post ReplyReply Direct Link To This Post Topic: Spam tagging Multi-Recipient emails incorrectly
    Posted: 10 January 2008 at 3:55pm

Hi Roberto,

I have periodically been contacted by clients who say that they are "missing" emails which should have arrived, so I thought I'd do some investigations. It turns out that it appears to be an issue regarding SF's handling of multi-recipient emails when using the AuthorisedToEmail list.

I use SF 3.5.4.718 and have it configured to tag spam in the header and forward the email to an internal server for further processing.

If an email is sent to multiple recipients within the same domain, i.e. user1@here.com and user99@here.com then these arrive as a single email with multiple recipients (as it should). Now, if one of the email addresses is spelt incorrecly (as in a typo) then that email address is not in the AuthorisedToEmail list and therefore SF tags the email as spam and delivers it to our internal server. Our internal server looks at the header that SF injects which reports the whole email as spam, rather than delivering it to the recipients who are in the AuthorisedToEmail list.

Obviously, this email is a legitimate email for the recipients in the AuthorisedToEmail list and should be delievered as such.

Is there and way that SF can split the email per recipient so that legit emails get delivered but the mis-spelt email gets tagged???

Your thoughts on how to fix this would be much appreciated.

I have attached a protion of the logfile so that you can see what is happening.

 
 
01/10/08 20:32:33:077 -- (13984) Connection from: 65.54.246.228  -  Originating country : United States
01/10/08 20:32:33:780 -- (13984) Received MAIL FROM: <xxx@hotmail.com>
01/10/08 20:32:33:936 -- (13984) Received RCPT TO: steve@here.com
01/10/08 20:32:34:014 -- (13984) Resolving 65.54.246.228 - bay0-omc3-s28.bay0.hotmail.com
01/10/08 20:32:34:233 -- (13984) found SPF record for spf-a.hotmail.com: v=spf1 ip4:209.240.192.0/19 ip4:65.52.0.0/14 ip4:131.107.0.0/16 ip4:157.54.0.0/15 ip4:157.56.0.0/14 ip4:157.60.0.0/16 ip4:167.220.0.0/16 ip4:204.79.135.0/24 ip4:204.79.188.0/24 ip4:204.79.252.0/24 ip4:207.46.0.0/16 ip4:199.2.137.0/24 ~all
01/10/08 20:32:34:233 -- (13984) - SPF analysis for spf-a.hotmail.com done: - pass
01/10/08 20:32:34:233 -- (13984) - SPF analysis for hotmail.com done: - pass
01/10/08 20:32:34:233 -- (13984) Mail from: xxx@hotmail.com
01/10/08 20:32:34:233 -- (13984) SPF query result: pass
01/10/08 20:32:34:233 -- (13984) SPF query result: pass
01/10/08 20:32:34:233 -- (13984) found SPF record for hotmail.com: v=spf1 include:spf-a.hotmail.com include:spf-b.hotmail.com include:spf-c.hotmail.com include:spf-d.hotmail.com ~all
01/10/08 20:32:34:874 -- (13984) - MAPS search done...
01/10/08 20:32:34:874 -- (13984) RCPT TO: steve@here.com accepted
01/10/08 20:32:35:030 -- (13984) Received RCPT TO: paterick@here.com
01/10/08 20:32:35:030 -- (13984) 65.54.246.228 - Mail from: xxx@hotmail.com To: paterick@here.com will be spam-tagged
01/10/08 20:32:35:030 -- (13984) - EmailTO is not in AuthorizedTOEmail list...
01/10/08 20:32:35:358 -- (13984) Starting queueing procedures
01/10/08 20:32:35:358 -- (13984) EMail from tnc_stevejohns@hotmail.com to "steve@here.com, paterick@here.com" was queued. Size: 1 KB, 1024 bytes
01/10/08 20:32:35:358 -- (13984) Starting bayesian procedures
01/10/08 20:32:35:374 -- (1560) Sending email from xxx@hotmail.com to steve@here.com, paterick@here.com --
01/10/08 20:32:35:389 -- (3036) Time to add Msg to Bayes corpus:0
01/10/08 20:32:35:577 -- (13984) Blacklist cache - Added 65.54.246.228 to limbo
01/10/08 20:32:35:655 -- (1560) EMail from xxx@hotmail.com to steve@here.com, paterick@here.com --  was forwarded to 127.0.0.1:999
 
 
 


Edited by StevenJohns - 10 January 2008 at 3:57pm
Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4065
Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 10 January 2008 at 9:56pm
Steven,

If SpamFilter is configured to "tag and deliver", then it is expected that SpamFilter will forward all emails to destination. Without the "tag" option, in the case you described, SpamFilter would have delivered the email to valid recipients (discarding the invalid ones). SpamFilter would also have output an error message to the sender, instead of accepting the email, notifying them of which recipients were rejected. This causes the remote server to send an NDR to the sender, who would have then been notified of the problem with a non-deliverable error.

In your case, if an email is tagged, it's passed on "as-is" to your server with the header that identifies it as spam because of the invalid addresses. SpamFilter is not able to take that single email with multiple recipients, and then "split" it in two, sending one addressed to the invalid recipients with the spam header, and sending another to the remaining recipients without the spam headers.

I'm afraid there won't be much we can do here... The "tag and deliver" option is not simple to handle, as it wll cause SpamFilter to deliver all emails as they are received, optionally adding spam tags in them to identify them as such. In cases where there are multiple recipients and differen rules apply to them (as in the Authorized TO list), there can only be one tag for the email - either it's spam or it's not. 
Roberto Franceschetti

LogSat Software

Spam Filter ISP
Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down



This page was generated in 0.156 seconds.