Spam Filter ISP Support Forum

  New Posts New Posts RSS Feed - Receive Mail without log entry
  FAQ FAQ  Forum Search   Register Register  Login Login

Receive Mail without log entry

 Post Reply Post Reply
Author
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4065
Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Topic: Receive Mail without log entry
    Posted: 18 April 2003 at 11:39pm

Gerd,

From its headers, it looks like the email was not sent to SpamFilter, but went directly to your smtp server.

I checked your DNS MX record configs, and saw that you have your primary MX record pointing to mail2.bavarian-cons.com (SpamFilter) and your secondary to mail.bavarian-cons.com (Microsoft SMTP). At http://logsat.com/spamfilter/details.asp you'll find more info on this, in the meantime here's the section that concerns you:

======================================

Please note the comment relative to the backup MX record. While it's a good idea to add them in case with problems with SpamFilter, keep in mind that some spammers will send emails to any server they find an MX record for. This means that they can send mail directly to your unprotected MTA, which will bypass SpamFilter and thus deliver the spam to the intended recipient. A good tradeoff would be to leave the backup MX during your testing phases, then remove it when you are confident SpamFilter does it's job.

======================================

Roberto Franceschetti
LogSat Software
Back to Top
Gerd View Drop Down
Guest Group
Guest Group
Post Options Post Options   Thanks (0) Thanks(0)   Quote Gerd Quote  Post ReplyReply Direct Link To This Post Posted: 18 April 2003 at 5:55pm

Several times a day I get some e-mails in my Outlook with a "from address". Actually when displaying the options of the e-mail there is a from e-mail address but with 2 "" in front of the name. I assume that this causes Outlook to not display the from address.

The strange thing is I can't find any log entries for that e-mail in my SPAM log file. Nor is there any entry in my Quarantine file.

And 3rd, I have a keyword filter file with the words   online,pharmacy   which should have caught the above e-mail. Again, I assume after it's not in the log file that SPAMFilter did not see it, thus, did not reject it.

I am curious how somebody could send an e-mail circumventing the SPAMFilter alltogether?

Here is a part of the log http://file:

04/18/03 13:51:52:890 -- (380) Connection from: 146.82.203.151  -  Originating country : United States
04/18/03 13:51:53:327 -- (380) Resolving 146.82.203.151 - Not found
04/18/03 13:51:53:327 -- (380) - Reverse DNS not found -
04/18/03 13:51:53:327 -- (380) 146.82.203.151 - Mail from: adam@uwinit.rectifying.net To: gerd.goebel@bavarian-cons.com will be quarantined
04/18/03 13:51:53:984 -- (380) EMail from adam@UWinIt.rectifying.net to gerd.goebel@bavarian-cons.com was received and quarantined. Size: 8 KB
04/18/03 13:51:54:077 -- (380) Disconnect
04/18/03 14:05:32:796 -- (1864) Connection from: 132.190.235.109  -  Originating country : United States
04/18/03 14:05:33:062 -- (1864) Resolving 132.190.235.109 - diamond.us.varian.com
04/18/03 14:05:33:077 -- (1864) Mail from: actionli@us.varian.com
04/18/03 14:05:33:374 -- (1864) - MAPS search done... .
04/18/03 14:05:33:390 -- (1864) RCPT TO: Notify@bavarian-cons.com accepted
04/18/03 14:05:33:984 -- (1864) EMail from kim.ward@varian.com to Notify@bavarian-cons.com was queued. Size: 5 KB
04/18/03 14:05:33:999 -- (380) Sending email from kim.ward@varian.com to Notify@bavarian-cons.com
04/18/03 14:05:34:218 -- (380) EMail from kim.ward@varian.com to Notify@bavarian-cons.com  was forwarded to 209.233.124.30
04/18/03 14:05:34:280 -- (1864) Disconnect
04/18/03 14:11:35:952 -- (380) Connection from: 65.61.188.17  -  Originating country : N/A
04/18/03 14:11:36:124 -- (380) Resolving 65.61.188.17 - mail5.fulfillmentcenter123.com
04/18/03 14:11:36:140 -- (380) Mail from: bounce-106542612-3108@mail5.fulfillmentcenter123.com
04/18/03 14:11:36:249 -- (380) - MAPS search done... 521 The IP 65.61.188.17 is Blacklisted by bl.spamcop.net.6Blocked - see http://spamcop.net/bl.shtml?65.61.188.17 .
04/18/03 14:11:36:249 -- (380) 65.61.188.17 - Mail from: bounce-106542612-3108@mail5.fulfillmentcenter123.com To: gerd.goebel@bavarian-cons.com will be quarantined
04/18/03 14:11:36:702 -- (380) EMail from returns-bckirheiceugckz@fulfillmentcenter123.com to gerd.goebel@bavarian-cons.com was received and quarantined. Size: 3 KB
04/18/03 14:11:36:780 -- (380) Disconnect

This is the e-mail header from Outlook:

Microsoft Mail Internet Headers Version 2.0

Received: from 209.233.124.30 ([61.159.235.36]) by NETFINITY.bavarian-cons.com with Microsoft SMTPSVC(5.0.2195.5329);

Fri, 18 Apr 2003 14:06:24 -0700

Received: from tbyy.ccj4.org [231.27.114.199]

by 209.233.124.30 with ESMTP id 68885965;

Fri, 18 Apr 2003 19:06:00 -0300

Message-ID: <na-n60$3h6mi26$ca-i94$x2z-8-4@3ja.1vu>

From: "" <sum@milo.vcn.bc.ca>

To: <gerd.goebel@bavarian-cons.com>

Subject: Fw: Meds - Never Leave Home!

Date: Fri, 18 Apr 03 19:06:00 GMT

X-Priority: 3

X-MSMail-Priority: Normal

X-Mailer: Microsoft Outlook Express 6.00.2600.0000

MIME-Version: 1.0

Content-Type: multipart/alternative;

boundary="8_.DC.8__EF_C"

Return-Path: sum@milo.vcn.bc.ca

X-OriginalArrivalTime: 18 Apr 2003 21:06:26.0562 (UTC) FILETIME=[5FE3B620:01C305EE]

--8_.DC.8__EF_C

Content-Type: text/html

Content-Transfer-Encoding: quoted-printable

 

--8_.DC.8__EF_C-

And this is the contents of the e-mail:

24 Hour
Online Pharmacy

No Prior Prescriptions
Private & Confidential
Overnight Shipping

We have a very large selection of
FDA approved medications!

Come Take A Look





====================
Not Interested

 

 

Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down



This page was generated in 0.047 seconds.