Print Page | Close Window

:tagsubject not filtering properly

Printed From: LogSat Software
Category: Spam Filter ISP
Forum Name: Spam Filter ISP Support
Forum Description: General support for Spam Filter ISP
URL: http://www.logsat.com/spamfilter/forums/forum_posts.asp?TID=6303
Printed Date: 18 December 2017 at 8:01am


Topic: :tagsubject not filtering properly
Posted By: scharette
Subject: :tagsubject not filtering properly
Date Posted: 25 November 2007 at 6:05pm
Hi

I have been using spam filter for quite some time, however I am just now starting to us the :tagsubject feature so I can deliver all mail to the requested customers, but have the SPAM warning in the subject line for anything that the spam server defines/sees as spam.

What I am finding though is for example ....

I have added my email to the unfiltered whitelist file and insured that I have :tagsubject at the end of my email account with no spaces..

I am getting many emails that are tagged SPAM in the subject line but I am also getting spams that the filters should be marking as SPAM and aren't. 

Example I have ED treatment in the keyword filter...but if I send a test with this text in the body from an outside email account it delivers the email to me without the tag...when looking at the header of the email it just says
X-SF-WhiteListedReason: Whitelisted EmailTO.  Though if I remove my email address from the unfiltered list the email is properly quarantined.

I really thought that the :tagsubject feature would still go through all the blacklist filters and insure that the email is not seen as spam before delivering it, otherwise if it is seen as spam than SPAM: would be put in the subject line and then it would be delivered.

After looking at them closer, I know for certain that for whatever reason when I set an email up to tag spam and deliver by listing them in the unfiltered whitelist with the :tagspam after the email....that for whatever reason the filter no longer filters against the blacklisted keywords....

Now the one thing I have found is if I am the CC and not the TO the keywords are properly filtered and tagged spam and delivered to me but only if I am the CC.

Can you explain to me why this is?  I really need to be able to use the :tagspam feature and still utilize all the filters...

Any assistance here would be greatly appreciated.

Thanks

Sara
Sling Shot

 



Replies:
Posted By: scharette
Date Posted: 25 November 2007 at 9:37pm
Sorry, realize I didn't put the version I was currently using.

I am using 3.5.4.718.


Posted By: LogSat
Date Posted: 26 November 2007 at 4:25pm
Sara,

We were able to duplicate the behavior, and you're correct, there is indeed a problem. The keyword filter (along with the Bayesian/Image/SURBL filters) is not being checked when there is a single whitelisted recipient in an email, and the recipient has one of the :tag options set.

We'll try to have a patch ready as soon as possible, hopefully within the next 24 hours.


-------------
Roberto Franceschetti

http://www.logsat.com" rel="nofollow - LogSat Software

http://www.logsat.com/sfi-spam-filter.asp" rel="nofollow - Spam Filter ISP


Posted By: scharette
Date Posted: 26 November 2007 at 8:09pm
I appreciate the prompt response....you guys are a pleasure to work with.

Look forward to an update when you have one :)

Sara


Posted By: LogSat
Date Posted: 27 November 2007 at 9:56am
Sara,

We're testing the patch internally, and so far everything seems to work just fine. We'll make it available publicly most likely tomorrow if QA continues to go smoothly. If you'd like to receive it sooner, please let us know.


-------------
Roberto Franceschetti

http://www.logsat.com" rel="nofollow - LogSat Software

http://www.logsat.com/sfi-spam-filter.asp" rel="nofollow - Spam Filter ISP


Posted By: scharette
Date Posted: 28 November 2007 at 8:28am
Hi Roberto...

Can you confirm if everything still looks like it is working after the changes?  If so I really do need to get my hands on the patch....it took me bit to narrow down what was occurring to report it to you....so I have a few guys looking for some answers...

I appreciate your assistance and if you feel it is better to hold off installing the patch please just let me know...otherwise if possible please provide me where to download it.

Thank you again for all your quick responses here. 

Sara


Posted By: LogSat
Date Posted: 28 November 2007 at 10:36am
Sara,

We've actually just pre-released this patched build for everyone, and it's available in the registered user area of our website.


-------------
Roberto Franceschetti

http://www.logsat.com" rel="nofollow - LogSat Software

http://www.logsat.com/sfi-spam-filter.asp" rel="nofollow - Spam Filter ISP


Posted By: scharette
Date Posted: 29 November 2007 at 6:43pm
Hi,

This worked great ...and fixed the issue.  I see lots of spam getting passed through and marked properly as spam for keywords as well as all other filters.

I do have another issue and I am not sure if it is best posted here or not...sorry if I should of started another post please advise and I will make sure to do so in the future.

I am starting to see -- haven't noticed it before the 3.5.4.704 version...and I am not sure it is the spam filter...I just know I haven't seen it in prior versions that I have used (please keep in mind I did use an old release for awhile)...

I am starting to see emails with a | before the actual TO email but still part of the To email address -- example - |test@test.com.  Now the emails it is doing this for would be valid emails if the | was present.  All the emails that are coming in with the | are 100% no question spams.  I just want to check with you and see if the spam software would be appending this for any reason?  The reasons that they are quarantined range...so it is not just one filter that does this. Also these emails are always to multiple To addresses not just one and all addresses have this | in front of the address.

Again, at this time I am not sure it is the spam software just throwing me off a bit because I haven't seen it before and I couldn't imagine that spammers are dumb enough to put | on the To address if indeed it would be a valid email without it.  Don't get me wrong I know spammers aren't the brightest....so maybe that is the case...again just wanted to check with you and insure.

I am seeing on some accounts that they are getting a reduced amount of spam in them  .....or gaps where normally (before I upgraded to 3.5.4.704) they would get a spam every 3-5 minutes now they are not getting them for several hours -- those gaps where they are not getting anything I see multiple items in the quarantine database for them but the to address has the | before it....

I dont mind sending you an example of the header I just don't want to post the email accounts here as they would be valid if the | wasn't there....just let me know your thoughts here.

Thanks

Sara
Sling Shot



Posted By: Desperado
Date Posted: 29 November 2007 at 11:21pm
Sara,
 
In your bloched to list:
 
((?i).*[\|].*@.*):null
 
This got rid of mine.


-------------
The Desperado
Dan Seligmann.
Work: http://www.mags.net
Personal: http://www.desperado.com



Posted By: scharette
Date Posted: 30 November 2007 at 12:43am
Hi Desperado

I appreciate your response...however correct me if I am wrong that will pretty much just purge the data that contains those characters right?

Ok..to tell you truth I just some customers that I have setup to :tagsubject and deliver and they have been setup that way for a few months now (prior versions of the spam software were used when they originally set up this way).  They are use to seeing a lot of spam be delivered to them and now all of sudden they are not getting as much so they perceive that there must be a problem.  A bit ridiculous but true...and they just get a bit paranoid they are not getting all their mail.

I have no issues if the spam software is appending this I just want to understand that this is on purpose and what criteria has to be met to cause this....so I can explain to the customer why they are not getting as much spam. 

As far as I can tell I am going through the database while I was using 3.5.4.704 and I am not finding any emails with the | before them. 

So at this point I really just need help understanding why this happens...not that anything needs to be adjusted..

I am currently using the most recent 'unofficial' release 3.5.4.730.....

Thanks

Sara


Posted By: scharette
Date Posted: 30 November 2007 at 2:06pm
Ok a bit more info.....as of late last night it doesn't look like it is doing it anymore...and I haven't changed anything...and now the email is getting properly delivered to the :tagspam To address with no gaps.....is it possible it was the bayesian filter causing this?  I kinda liked whatever was causing it...just because it was only happening with emails that were no question spam....just really needing to understand why it was happening so I could insure that it was not affecting valid emails....

At this point I guess it is nothing to worry about.   Just would be nice to understand why it occurred...

Thanks

Sara


Posted By: Desperado
Date Posted: 30 November 2007 at 2:35pm
Sara,
 
I actually do not use the bayesian filter as I have a large bas of customers and one groups "spam" is another groups business so the filter was too agressive for some groups.  On the "purge" issue, if you remove the ":null" it will tag / quarantine rather than nuking it.


-------------
The Desperado
Dan Seligmann.
Work: http://www.mags.net
Personal: http://www.desperado.com




Print Page | Close Window