Print Page | Close Window

how can I tell if maps servers are being checked

Printed From: LogSat Software
Category: Spam Filter ISP
Forum Name: Spam Filter ISP Support
Forum Description: General support for Spam Filter ISP
URL: http://www.logsat.com/spamfilter/forums/forum_posts.asp?TID=7093
Printed Date: 24 November 2017 at 2:34am


Topic: how can I tell if maps servers are being checked
Posted By: Terry
Subject: how can I tell if maps servers are being checked
Date Posted: 30 July 2014 at 11:15am
I am running v4.5.1.98...we continue to get more and more spam getting to our staff....nearly every time I research the ip's of the sender I am finding them blocked by one of our maps providers....this morning I got a spam message that made it through at about 6:30am...when I looked up the address at 7am I find that spamhaus-zen blacklisted the address.....
This seems to be a regular occurrence...is there a logging option to see if it really is testing the maps servers?  I am getting more and more complaints from the staff about spam getting through that wasn't before. 
Also seeing some errors from the sfdc process at times in the log that are new but I don't believe that has anything to do with it.
 
07/30/14 06:27:41:840 -- (145381504) Detected TCP Connection: 173.232.22.70
07/30/14 06:27:41:840 -- (145381504) Connection from: 173.232.22.70  -  Originating country : United States
07/30/14 06:27:41:965 -- (145381504) Received MAIL FROM: mailto:LaserTreatmentforToenails@fungus-toenails.info" rel="nofollow - LaserTreatmentforToenails@fungus-toenails.info
07/30/14 06:27:42:012 -- (145389312) Received RCPT TO: xxxxxxxxxxx mailto:xxxxxxxxxxx@portptld.com" rel="nofollow - @portptld.com
07/30/14 06:27:42:027 -- (145381504) Received RCPT TO: mailto:sxxxxxxx@portofportland.com" rel="nofollow - sxxxxxxx@portofportland.com
07/30/14 06:27:42:043 -- (145381504) Resolving 173.232.22.70 - 173-232-22.static.rdns.serverhub.com
07/30/14 06:27:42:043 -- (145381504) found SPF record for fungus-toenails.info: v=spf1 a mx ip4:173.232.22.0/24 -all
07/30/14 06:27:42:043 -- (145381504) SPF query result: pass
07/30/14 06:27:42:043 -- (145381504) - SPF analysis for fungus-toenails.info done: - pass
07/30/14 06:27:42:043 -- (145381504) Mail from: mailto:LaserTreatmentforToenails@fungus-toenails.info" rel="nofollow - LaserTreatmentforToenails@fungus-toenails.info
07/30/14 06:27:42:043 -- (145389312) Resolving 212.117.36.229 - client-36-229.speedy-net.bg
07/30/14 06:27:42:043 -- (145381504) - MAPS search done...
07/30/14 06:27:42:043 -- (145381504) RCPT TO: xxxxxxxx mailto:xxxxxxxxrs@portofportland.com" rel="nofollow - rs@portofportland.com accepted
07/30/14 06:27:42:183 -- (145381504) Checking SFDC
07/30/14 06:27:42:183 -- (145381504) Checking SFDE
07/30/14 06:27:42:215 -- (145381504) EMail from mailto:LaserTreatmentforToenails@fungus-toenails.info" rel="nofollow - LaserTreatmentforToenails@fungus-toenails.info to mailto:stan.watters@portofportland.com" rel="nofollow - stan.watters@portofportland.com passes Bayesian filter - 0% spam  (32ms)
07/30/14 06:27:42:215 -- (145381504) Checking SURBL
07/30/14 06:27:42:230 -- (145381504) Start virus scan
07/30/14 06:27:42:246 -- (145381504) Starting queueing procedures
07/30/14 06:27:42:246 -- (145381504) EMail from mailto:LaserTreatmentforToenails@fungus-toenails.info" rel="nofollow - LaserTreatmentforToenails@fungus-toenails.info to mailto:stan.watters@portofportland.com" rel="nofollow - stan.watters@portofportland.com was queued (IndyF093449A-0C76-4080-B3DC-209CE21B2CB4.~tmp). Size: 4 KB, 4575 bytes
07/30/14 06:27:42:246 -- (145381504) Created thread (127311888) to handle delivery
07/30/14 06:27:42:246 -- (127311888) Sending email from mailto:LaserTreatmentforToenails@fungus-toenails.info" rel="nofollow - LaserTreatmentforToenails@fungus-toenails.info to xxxxxxx mailto:xxxxxxxs@portofportland.com" rel="nofollow - s@portofportland.com --
07/30/14 06:27:42:293 -- (145389312) - Invalid MX record -
07/30/14 06:27:42:293 -- (145389312) 212.117.36.229 - Mail from: mailto:lberryf4@client-36-229.speedy-net.bg" rel="nofollow - lberryf4@client-36-229.speedy-net.bg To: xxxxx mailto:xxxxxy@portptld.com" rel="nofollow - y@portptld.com will be rejected
07/30/14 06:27:43:057 -- (145389312) Start virus scan
07/30/14 06:27:43:088 -- (145389312) Warning - SFDC_WebErrorsUpload has reached its limit, SFDC checks are paused temporarily
07/30/14 06:27:43:088 -- (145389312) Warning - SFDC_WebErrorsUpload has reached its limit, SFDC checks are paused temporarily
07/30/14 06:27:43:104 -- (145389312) Starting quarantine procedures
07/30/14 06:27:43:104 -- (145389312) Created thread (145364608) to add email to quarantine
07/30/14 06:27:43:104 -- (145389312) Starting bayesian procedures



Replies:
Posted By: LogSat
Date Posted: 30 July 2014 at 9:32pm
Terry,

If you go to the "Activity Log" tab in SpamFilter, you will see an input box where you can enter an IP and check to see if it listed in one of the MAPS RBL servers in SpamFilter by clicking on the "Check if IP in ORBS" button.

If the IP is blacklisted, you will see this message replace the IP address being searched:

521 The IP 173.232.22.70 is Blacklisted by zen.spamhaus.org. ttp://www.spamhaus.org/sbl/query/SBLCSS --  -- 

You can also see if IPs are being blocked by looking at SpamFilter's activity logfiles for messages similar to this:

07/29/14 00:11:21:704 -- (20930032) - MAPS search done... 521 The IP 107.184.134.107 is Blacklisted by cbl.abuseat.org. locked - see http://cbl.abuseat.org/lookup.cgi?ip=107.184.134.107 --  -- 

I highlighted in bold the text that will always be present when a match is found - the rest depends on the specific IP and the response by the MAPS RBL server.

If you do not see any emails being blocked by your MAPS servers, if you'd like to zip us the following so we can take a look:

• SpamFilter's latest activity logfile

• The \SpamFilter\Domains directory structure (if the files containing any of your blacklists/whitelists are outside that directory tree, please include those as well.


If the zipped file is over 8MB in size, I'll send you via PM a URL you can use to upload us the zip.






-------------
Roberto Franceschetti

http://www.logsat.com" rel="nofollow - LogSat Software

http://www.logsat.com/sfi-spam-filter.asp" rel="nofollow - Spam Filter ISP



Print Page | Close Window