Print Page | Close Window

Keyword Whitelist

Printed From: LogSat Software
Category: Spam Filter ISP
Forum Name: Spam Filter ISP Support
Forum Description: General support for Spam Filter ISP
URL: http://www.logsat.com/spamfilter/forums/forum_posts.asp?TID=6895
Printed Date: 20 October 2017 at 5:07am


Topic: Keyword Whitelist
Posted By: rdemeyer
Subject: Keyword Whitelist
Date Posted: 09 November 2010 at 3:17pm

Lately we are getting SPAM mail past the filters due to Keyword Whitelist.  I have two domains in the Keyword Whitelist (added from a previous issue).  There are now messages that show they are passed to the receipient as "Keyword Whitelist".  I find NOTHING in these messages that even closely matches the two items in the Whitelist, how can I figure out why they are passing?

Thanks
Randy
 
Edited these headers to tidy up the REAL info.
 
Microsoft Mail Internet Headers Version 2.0
Received: from XXXXexch1 ([127.0.0.1]) by XXXX.iwatsu.com with Microsoft SMTPSVC(6.0.3790.4675);
  Tue, 9 Nov 2010 10:38:56 -0600
Received: from 66.207.162.202 by  (LogSat Software SMTP Server); Tue, 9 Nov 2010 10:38:56 -0600
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=default; d=adighedemove.net;
 h=To:Message-ID:Date:Mime-Version:Subject:From:Content-type; mailto:i=info@adighedemove.net - i=info@adighedemove.net ;
 bh=1koPN7z07mUtbZJ1mAeszMaENo8=;
 b=CXJbxhH4KbCtN+Z1nQyVL4wdAOu8Y2rE5j9BHXDP5S/LChR80EnDs0HU97+y9oNyyvLKeDhFNYoF
   2H0sLobFetRNozsPKyAV3WD0k5DADPGWEE00J4xaHZKUhgSW5+7CcmXQqoFvKvWa3w47h6udiJ1m
   CjHLX4xYiiw2z0UFGGU=
DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=default; d=adighedemove.net;
 b=MJRNG53kgYHZuoQRiX79asIOQFCl/LkilzkddVnTxTUfFS9hnS6LYw9dCYkxHNHkW7Klba0AKMkI
   0FHoHtAjkH1pQ7xILx+hUNmSn9/duGcDunAWwsI+eaRcbAnwUvgkoucEE+jcehxAXXSs8CAT4kue
   CZOhh6RE1Akf6/E0EfE=;
To: <XXX mailto:XXX@iwatsu.com - @iwatsu.com >
Message-ID: < mailto:12753691507079543821475@sfa202.adighedemove.net - 12753691507079543821475@sfa202.adighedemove.net >
Date: Tue, 9 Nov 2010 11:36:55 -0500
Mime-Version: 1.0
Subject: Blue Cross Blue Shield is offering Affordable Health Insurance
From: "Affordable Health-Rates" < mailto:info@adighedemove.net - info@adighedemove.net >
Content-type: multipart/alternative; boundary="_NextPart_MDIxMjY3NTY3NDcyMTQ3NWE4ZWFhMDA5YTk3YzhiNWI_"
X-Server: LogSat Software SMTP Server
X-SF-RX-Return-Path: < mailto:info@adighedemove.net - info@adighedemove.net >
X-SF-HELO-Domain: sfa202.adighedemove.net
X-SF-Originating-IP: 66.207.162.202
X-SF-WhiteListedReason: keyword whitelist match
Return-Path: mailto:info@adighedemove.net - info@adighedemove.net
X-OriginalArrivalTime: 09 Nov 2010 16:38:56.0382 (UTC) FILETIME=[9A2E19E0:01CB802C]
--_NextPart_MDIxMjY3NTY3NDcyMTQ3NWE4ZWFhMDA5YTk3YzhiNWI_
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 8bit
Content-Disposition: inline
--_NextPart_MDIxMjY3NTY3NDcyMTQ3NWE4ZWFhMDA5YTk3YzhiNWI_
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 8bit
Content-Disposition: inline
 



Replies:
Posted By: LogSat
Date Posted: 09 November 2010 at 10:24pm
rdemeyer,

If you look in SpamFilter's activity logfile for the entries relative to this email, you should find two entries similar to the following, which will display the specific whitelist keyword that was matched to the content of the email:

11/08/10 22:03:10:750 -- (2820) Found Keywords: [spamfilter_test_keyword]
11/08/10 22:03:10:765 -- (2820) Bypassed all rules for: test1@test.logsat.com from test2@test.logsat.com - keyword whitelist match



-------------
Roberto Franceschetti

http://www.logsat.com" rel="nofollow - LogSat Software

http://www.logsat.com/sfi-spam-filter.asp" rel="nofollow - Spam Filter ISP


Posted By: rdemeyer
Date Posted: 10 November 2010 at 4:03pm
Here is a sample of one from the logs.  I still don't get it.  :/
 
 
11/09/10 10:38:55:695 -- (7140) Connection from: 66.207.162.202  -  Originating country : United States
11/09/10 10:38:55:914 -- (7140) Received MAIL FROM: < mailto:info@adighedemove.net - info@adighedemove.net >
11/09/10 10:38:55:929 -- (7140) Received RCPT TO: X1 mailto:X1@iwatsu.com - @iwatsu.com
11/09/10 10:38:55:960 -- (7140) Resolving 66.207.162.202 - Not found
11/09/10 10:38:55:960 -- (7140) - Reverse DNS not found -
11/09/10 10:38:55:960 -- (7140) 66.207.162.202 - Mail from: mailto:info@adighedemove.net - info@adighedemove.net To: X1 mailto:X1@iwatsu.com - @iwatsu.com will be rejected
11/09/10 10:38:56:023 -- (7140) Bypassed all rules for: X1 mailto:X1@iwatsu.com - @iwatsu.com from mailto:info@adighedemove.net - info@adighedemove.net - keyword whitelist match
11/09/10 10:38:56:023 -- (7140) Starting queueing procedures
11/09/10 10:38:56:023 -- (7140) EMail from mailto:info@adighedemove.net - info@adighedemove.net to X1 mailto:X1@iwatsu.com%20was - @iwatsu.com was queued. Size: 15 KB, 15360 bytes
11/09/10 10:38:56:054 -- (7140) Received MAIL FROM: < mailto:info@adighedemove.net - info@adighedemove.net >
11/09/10 10:38:56:070 -- (7140) Received RCPT TO: X2 mailto:X2@iwatsu.com - @iwatsu.com
11/09/10 10:38:56:101 -- (7140) - Reverse DNS not found -
11/09/10 10:38:56:101 -- (7140) 66.207.162.202 - Mail from: mailto:info@adighedemove.net - info@adighedemove.net To: X2 mailto:X2@iwatsu.com - @iwatsu.com will be rejected
11/09/10 10:38:56:257 -- (7140) Bypassed all rules for: X2 mailto:X2@iwatsu.com - @iwatsu.com from mailto:info@adighedemove.net - info@adighedemove.net - keyword whitelist match
11/09/10 10:38:56:257 -- (7140) Starting queueing procedures
11/09/10 10:38:56:257 -- (7140) EMail from mailto:info@adighedemove.net - info@adighedemove.net to mailto:dcarissimi@iwatsu.com - dcarissimi@iwatsu.com was queued. Size: 15 KB, 15360 bytes
11/09/10 10:38:56:273 -- (7140) Disconnect


Posted By: LogSat
Date Posted: 10 November 2010 at 10:26pm
..if that is indeed the complete log, then I'm scratching my head too....!

Could you please zip us (support at logsat dot com) the entire section of that SpamFilter's activity logfile from 10:30 to 11:00 so we can have a better look? Please also include a copy of the \SpamFilter\Domains directory tree in the zip. If the file containing the whitelist keywords is outside of that directory, please include that as well.


-------------
Roberto Franceschetti

http://www.logsat.com" rel="nofollow - LogSat Software

http://www.logsat.com/sfi-spam-filter.asp" rel="nofollow - Spam Filter ISP



Print Page | Close Window