Spam Filter ISP Support Forum

  New Posts New Posts RSS Feed - New release / aggressive blocking
  FAQ FAQ  Forum Search   Register Register  Login Login

New release / aggressive blocking

 Post Reply Post Reply
Author
Russ Kelly View Drop Down
Guest Group
Guest Group
Post Options Post Options   Thanks (0) Thanks(0)   Quote Russ Kelly Quote  Post ReplyReply Direct Link To This Post Topic: New release / aggressive blocking
    Posted: 06 May 2003 at 11:46am

THe new registred release has caused very aggressive blocking. We did not change any of the rules. INI below. Any feedback would be helpful. We have had to shut down the filter until we figure this out.

 

; a true after an ordb entry means their DNS is expecting the IP to be reversed
; i.e. to test a connection from 1.2.3.4 they expect 4.3.2.1.bl.spamcop.net
[blacklists]
site1=BL.SPAMCOP.NET, TRUE
site2=SBL.SPAMHAUS.ORG, TRUE
site3=RELAYS.OSIRUSOFT.COM, TRUE
site4=SPAM.DNSRBL.NET, TRUE
site5=DNSBL.NJABL.ORG, TRUE
;site6=dun.dnsrbl.net, true

[server settings] ; dns - your DNS server dns=192.168.0.30

; the SpamFilter can be limited to listen on a specific IP:port. Leave empty for all IPs bound to nic ;ListenIP=209.26.140.2 ListenFQDN=worldlinks.com ListenPort=2505

;The email address to use in Error Replies to senders ErrorHandlerEmailAddress="System Administrator" <rkelly@worldlinks.com>

; DestinationServer is where you want all mail received by SpamFilter to be forwarded to DestinationServer=192.168.0.6 DestinationPort=2501

; AllowPercent is used to accept (AllowPercent=1) or reject (AllowPercent=0) emails containing the % character. ; Many SMTP servers are susceptible to being tricked into relaying with this. ; Ex. if you are netwide.net, then a spammer can use ; mail to: joe%yahoo.com@netwide.net ; to relay mail to joe@yahoo.com if your server is vulnerable ; Setting AllowPercent to 1 rejects ALL recipients email addresses conatining the % sign AllowPercent=1

;log daily activity to logfiles Logging=1 ListenIP=192.168.0.6 MultiThreaded=0 MaxInboundConnections=10 LocalBlackListFileName= LogKeywords=1 AutoVersionCheck=0 LocalIPBlackListFileName= LocalDomainsBlackListFileName= RejectNoReverse=0 DisableConnectionsGrid=0 MaxRCPTTO=20 MinMAPS=2 ArchiveSpamDays=0 KeywordsFileName=C:\Program Files\SpamFilter\keywords.txt ExcludedDomainsFileName=C:\Program Files\SpamFilter\ExcludedDomains.txt ExcludedFromEmailsFileName= AuthorizedTOEmailsFileName= LocalEMailsBlacklistFileName= LocalEMailsTOBlacklistFileName= RejectNoReverseForceDelete=0 RejectEmptyMailFrom=0 RejectEmptyMailFromForceDelete=0 RejectSameToFrom=0 RejectSameToFromForceDelete=0 BlackListForceDelete=0 ContentFilterForceDelete=0 LocalIPBlacklistForceDelete=0 LocalDomainsBlacklistForceDelete=0 CountriesForceDelete=0 LocalEmailsBlacklistForceDelete=0 LocalEmailsTOBlacklistForceDelete=0

; avoid being ourselves an open relay... ; enter here the recipient domains that SpamFilter will accept. ; I.E. if you are hosting netwide.net, then only emails addressed to user@netwide.net will ; be accepted and passed on to your DestinationServer. ; if your first entry is allow1=* then all emails will be accepted (not recommended) ; allow1=* [allowed domains] allow1=DISCOVEREUROPE.COM allow2=MAIL.DISCOVEREUROPE.COM allow3=WORLDLINKS.COM allow4=MAIL.WORLDLINKS.COM allow5=MAIL2.WORLDLINKS.COM allow6=WORLDVACATIONS.COM allow7=MAIL.WORLDVACATIONS.COM allow8=MAIL2.WORLDVACATIONS.COM allow9=PUBSYSTEM.COM allow10=MAIL.PUBSYSTEM.COM allow11=MAIL2.PUBSYSTEM.COM allow12=HANROUSA.COM allow13=MAIL.HANROUSA.COM allow14=MAIL2.HANROUSA.COM allow15=DISCOVERBRAZIL.COM allow16=MAIL.DISCOVERBRAZIL.COM allow17=MAIL2.DISCOVERBRAZIL.COM allow18=HOTELLINKS.COM allow19=CARIBBEANCOAST.COM allow20=MAYANRIVIERA.COM allow21=PLAYADELCARMEN.COM allow22=TULUM.COM allow23=DISCOVERCOZUMEL.NET allow24=DISCOVERLAFRANCE.COM allow25=DISCOVERPARIS.COM allow26=DISCOVERMEXICO.COM allow27=DISCOVERSTBARTHS.COM allow28=ELEGANTTRAVELER.COM allow29=ELEGANTTRAVELLER.COM allow30=RW-3.COM allow31=DHINET.COM allow32=207.224.106.221

; if you REALLY must be able to receive emails from a domain which is ; blacklisted, you can bypass the filter by adding it here... ;exclude1=somedomain1.com ;exclude2=somdomain.com

[Error Response] ResponseBlacklistedMAPS=521 The IP %IP% is Blacklisted by %MAPSResponse%. ResponseBlacklistLocalIP=521 The IP %IP% is Blacklisted. ResponseBlacklistLocalDomain=521 The domain %Domain% is Blacklisted. ResponseBlacklistLocalEMail=521 The EMail %EMailFrom% is Blacklisted. ResponseNoReverseDNS=550 Your IP %IP% does not have a reverse DNS entry. Disconnecting... ResponseMaxRCPTTO=550 You exceeded then maximum number of RCPT TO. Disconnecting... ResponseCountryBlacklist=550 Your IP address is from a blacklisted country. Disconnecting.. ResponseRelayRestricted=550 You are not allowed to send mail to %EMailTo% ResponseKeywordMatch=552 This email is rejected. It contains keywords rejected by the antispam content filter. ResponseBlacklistLocalEMailTo=521 The EMail %EMailTo% is Blacklisted. [CountryBlackList] Country1=NG
Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4068
Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 06 May 2003 at 3:53pm

Russ,

Could you also show some spamfilter log entries showing why emails are being rejected?

Roberto Franceschetti
LogSat Software

Back to Top
Russ Kelly View Drop Down
Guest Group
Guest Group
Post Options Post Options   Thanks (0) Thanks(0)   Quote Russ Kelly Quote  Post ReplyReply Direct Link To This Post Posted: 06 May 2003 at 4:41pm

Howdy,

Here is the repetetive line

" rejected - no relay allowed or % found"

05/06/03 10:18:59:140 -- (10444) Disconnect
05/06/03 10:19:39:390 -- Loading local black / white lists
05/06/03 10:20:39:390 -- Loading local black / white lists
05/06/03 10:21:38:828 -- (10480) Connection from: 146.82.86.12  -  Originating country : N/A
05/06/03 10:21:39:015 -- (10480) Resolving 146.82.86.12 - Not found
05/06/03 10:21:39:015 -- (10480) Mail from: bmi@mailunique.com To: rkelly@worldlinks.com - rejected - no relay allowed or % found in FROM address
05/06/03 10:21:39:015 -- (10480) 146.82.86.12 - Mail from: bmi@mailunique.com To: rkelly@worldlinks.com will be disconnected
05/06/03 10:21:39:015 -- (10480) Disconnect
05/06/03 10:21:39:390 -- Loading local black / white lists
05/06/03 10:21:54:937 -- (10480) Connection from: 208.46.113.4  -  Originating country : N/A
05/06/03 10:21:55:796 -- (10480) Resolving 208.46.113.4 - iad1.efax.com
05/06/03 10:21:55:796 -- (10480) Mail from: message@mail.efax.com To: patrizio@worldlinks.com - rejected - no relay allowed or % found in FROM address
05/06/03 10:21:55:796 -- (10480) 208.46.113.4 - Mail from: message@mail.efax.com To: patrizio@worldlinks.com will be disconnected
05/06/03 10:21:55:796 -- (10480) Disconnect
05/06/03 10:22:39:390 -- Loading local black / white lists
05/06/03 10:23:16:406 -- (9984) Connection from: 69.41.72.117  -  Originating country : N/A
05/06/03 10:23:16:562 -- (9984) Resolving 69.41.72.117 - jr117.lesscpa.com
05/06/03 10:23:16:562 -- (9984) Mail from: autoloans@oinlist.lesscpa.com To: awatts@worldlinks.com - rejected - no relay allowed or % found in FROM address
05/06/03 10:23:16:562 -- (9984) 69.41.72.117 - Mail from: autoloans@oinlist.lesscpa.com To: awatts@worldlinks.com will be disconnected
05/06/03 10:23:16:562 -- (9984) Disconnect
05/06/03 10:23:39:390 -- Loading local black / white lists
05/06/03 10:24:39:390 -- Loading local black / white lists
05/06/03 10:25:12:156 -- (10536) Connection from: 69.24.239.52  -  Originating country : N/A
05/06/03 10:25:12:500 -- (10536) Resolving 69.24.239.52 - out032.tpcper.com
05/06/03 10:25:12:500 -- (10536) Mail from: perf-news-errors.9224.211401.37135356.501.0.4@b.AdvizeMark1.com To: neal@worldvacations.com - rejected - no relay allowed or % found in FROM address
05/06/03 10:25:12:500 -- (10536) 69.24.239.52 - Mail from: perf-news-errors.9224.211401.37135356.501.0.4@b.AdvizeMark1.com To: neal@worldvacations.com will be disconnected
05/06/03 10:25:12:500 -- (10536) Disconnect
05/06/03 10:25:15:562 -- (9984) Connection from: 81.53.42.105  -  Originating country : N/A
05/06/03 10:25:18:218 -- (9984) Resolving 81.53.42.105 - arennes-303-1-27-105.abo.wanadoo.fr
05/06/03 10:25:18:218 -- (9984) Mail from: vxf0x8bf6xbe@attbi.com To: neal@worldlinks.com - rejected - no relay allowed or % found in FROM address
05/06/03 10:25:18:218 -- (9984) 81.53.42.105 - Mail from: vxf0x8bf6xbe@attbi.com To: neal@worldlinks.com will be disconnected
05/06/03 10:25:18:218 -- (9984) Disconnect
05/06/03 10:25:25:625 -- (10536) Connection from: 211.107.175.246  -  Originating country : N/A
05/06/03 10:25:29:687 -- (10536) Resolving 211.107.175.246 - Not found
05/06/03 10:25:29:687 -- (10536) Mail from: bnglel1bpln@swbell.net To: loks@worldvacations.com - rejected - no relay allowed or % found in FROM address
05/06/03 10:25:29:687 -- (10536) 211.107.175.246 - Mail from: bnglel1bpln@swbell.net To: loks@worldvacations.com will be disconnected
05/06/03 10:25:29:687 -- (10536) Disconnect
05/06/03 10:25:31:859 -- (10536) Connection from: 61.186.102.213  -  Originating country : N/A
05/06/03 10:25:39:390 -- Loading local black / white lists
05/06/03 10:25:46:703 -- (10536) Resolving 61.186.102.213 - Not found
05/06/03 10:25:46:703 -- (10536) Mail from: 6w9gk8x8@swbell.net To: loks@worldlinks.com - rejected - no relay allowed or % found in FROM address

Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4068
Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 06 May 2003 at 10:54pm

Ouch, this was missed during testing. It turns out the match against the allowed domains is failing if the "Allowed Domains" are entered in uppercase. It's definetly a bug and we'll release a patch within the next few hours.

In the meantime you can solve the problem by converting your "Allowed domains" to lowercase. This bug is limited to the upper case in your local list, the upper/lower case which the remote sender uses is handled correctly.

Roberto Franceschetti
LogSat Software

Back to Top
Marian Dumitrascu View Drop Down
Guest Group
Guest Group
Post Options Post Options   Thanks (0) Thanks(0)   Quote Marian Dumitrascu Quote  Post ReplyReply Direct Link To This Post Posted: 07 May 2003 at 10:34am

Thanks. That works.

-Marian

 

Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4068
Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 07 May 2003 at 10:41am

We released build 117 ast night that fixes this problem.

Roberto Franceschetti
LogSat Software

Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down



This page was generated in 0.063 seconds.