Spam Filter ISP Support Forum

  New Posts New Posts RSS Feed - Check valid MX record on receive
  FAQ FAQ  Forum Search   Register Register  Login Login

Check valid MX record on receive

 Post Reply Post Reply Page  <12
Author
Clator View Drop Down
Guest Group
Guest Group
Post Options Post Options   Thanks (0) Thanks(0)   Quote Clator Quote  Post ReplyReply Direct Link To This Post Posted: 03 March 2006 at 10:35am
Just upgraded to .532 and have gotten a couple more false positives as described above.  The cox.net address in particular.
Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4065
Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 03 March 2006 at 4:15pm
Clator,

Can you post (or email us) the SpamFilter's logfile entries that show these false positives? We'll need to see the log to find out what is happening.
Roberto Franceschetti

LogSat Software

Spam Filter ISP
Back to Top
dcook View Drop Down
Senior Member
Senior Member
Avatar

Joined: 31 January 2005
Location: United States
Status: Offline
Points: 174
Post Options Post Options   Thanks (0) Thanks(0)   Quote dcook Quote  Post ReplyReply Direct Link To This Post Posted: 03 March 2006 at 6:03pm
I am currently having success with the following maps setting:
sbl-xbl.spamhaus.org, true
combined.njabl.org, true
bl.spamcop.net, true
block.rhs.mailpolice.com, true
dul.dnsbl.sorbs.net, true

tanks alot
Dwight
www.vividmix.com
Back to Top
WebGuyz View Drop Down
Senior Member
Senior Member


Joined: 09 May 2005
Location: United States
Status: Offline
Points: 348
Post Options Post Options   Thanks (0) Thanks(0)   Quote WebGuyz Quote  Post ReplyReply Direct Link To This Post Posted: 03 March 2006 at 6:24pm
Originally posted by Desperado Desperado wrote:

COMMENT ON SORBS:

We had to stop using SORBS.  They adopted a policy of charging for being de-listed and as a result most folks don't bother.  I had a bitter argument with them on several IP's that were blocked.  I feel the list (which used to be fantastic) is now very problematic and we saw a huge upsurge in false positives.

Same here. Did you delete your Bayes Corpus and let it grow again or just leave it be after you dropped SORB? The Bayes catch rate is great now but maybe a little too sensitive, still trying to figure out.

Thinking that any major change may require a corpus dump to make bayes 'forget' about what it caught using whatever it was you stopped using.

http://www.webguyz.net
Back to Top
Clator View Drop Down
Guest Group
Guest Group
Post Options Post Options   Thanks (0) Thanks(0)   Quote Clator Quote  Post ReplyReply Direct Link To This Post Posted: 07 March 2006 at 2:19pm

Posted these in the wrong thread.  They should go here.

Per Dan's suggestion, Ive created a new corpus directory.  Meanwhile some of the domains that are failing MX checks are elon.edu, aapa.org, and gci.net.  Sorry I don't have the full headers at the moment.  I went ahead and forced the messages through.

Some more potential false positives ...

Received: from 205.188.139.137 by clator.com (LogSat Software SMTP Server - Unlicensed Evaluation Copy) Tue, 7 Mar 2006 08:01:11 -0500
Received: from [...] by imo-d23.mx.aol.com (mail_out_v38_r7.3.) id 3.214.1439293c (3657)
  for <...>; Tue, 7 Mar 2006 08:01:07 -0500 (EST)
From: [...]Message-ID: <...@aol.com>
Date: Tue, 7 Mar 2006 08:01:07 EST
Subject: Club Mom info from [...]
To: [...]MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="part1_214.1439293c.313ede13_boundary"
X-Mailer: 9.0 SE for Windows sub 5021
X-Spam-Flag: NO
X-Server: LogSat Software SMTP Server - Unlicensed Evaluation Copy
X-SF-RX-Return-Path: <...>
X-SF-HELO-Domain: imo-d23.mx.aol.com
 
Back to Top   
 
Clator
Guest Group

 

Joined: 25 January 2005
Online Status: Online
Posts: 2999  Posted: 07 March 2006 at 8:18am | IP Logged   

------------------------------------------------------------ --------------------
 

and another ...  personall details removed again to keep the bots from picking it up.

Received: from 204.127.192.82 by clator.com (LogSat Software SMTP Server - Unlicensed Evaluation Copy) Mon, 6 Mar 2006 19:34:08 -0500
Received: from mack ([node].hsd1.va.comcast.net[69.143.209.237])
          by comcast.net (rwcrmhc12) with SMTP
          id <20060307003406m12001ichve>; Tue, 7 Mar 2006 00:34:07 +0000
Message-ID: <000a01c6417e$9c3c9aa0$6401a8c0@mack>
Reply-To: "..." <...@comcast.net>
From: "..." <...@comcast.net>
To: <...>
Subject: Simpsons video
Date: Mon, 6 Mar 2006 19:32:26 -0500
MIME-Version: 1.0
Content-Type: multipart/alternative;
 boundary="----=_NextPart_000_0007_01C64154.B2EC5990"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2741.2600
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2742.200
X-Server: LogSat Software SMTP Server - Unlicensed Evaluation Copy
X-SF-RX-Return-Path: <...@comcast.net>
X-SF-HELO-Domain: rwcrmhc12.comcast.net
 


more.  several legit mails from Amazon.com getting caught.  Here's an example.

Received: from 207.171.160.42 by clator.com (LogSat Software SMTP Server - Unlicensed Evaluation Copy) Tue, 7 Mar 2006 13:33:57 -0500
Received: from na-rte-app-5102.iad5.amazon.com ([10.216.250.37])
  by mm-notify-out-2103.amazon.com with ESMTP; 07 Mar 2006 10:32:55 -0800
Received: by na-rte-app-5102.iad5.amazon.com
 id AAA-notification-29959,8591; 7 Mar 2006 10:32:37 -0800
Date: 7 Mar 2006 10:32:37 -0800
Message-ID: <...@na-rte-app-5102.iad5.amazon.com>
X-AMAZON-TRACK: notification
To: ...@clator.com
From: "Amazon.com Payments" <gameowner@msn.com>
Subject: Your Amazon Marketplace Purchase
Cc: payments-mail@amazon.com
Bounces-to: ...@bounces.amazon.com
Content-Type: text/plain
MIME-Version: 1.0
X-AMAZON-MAIL-RELAY-TYPE: notification
X-Server: LogSat Software SMTP Server - Unlicensed Evaluation Copy
X-SF-RX-Return-Path: <...@bounces.amazon.com>
X-SF-HELO-Domain: mm-notify-out-2103.amazon.com


a legit one from turner.com ...

Received: from 64.236.240.147 by clator.com (LogSat Software SMTP Server - Unlicensed Evaluation Copy) Tue, 7 Mar 2006 13:52:01 -0500
Received: from CNNCIMSS05.turner.com (cnncimss05.turner.com [10.188.171.204])
 by smtpgw2.turner.com (8.12.10/8.12.11) with ESMTP id k27Ipw4c020541
 for <...@clator.com>; Tue, 7 Mar 2006 13:51:59 -0500 (EST)
Received: from ATLBH01.turner.com ([10.188.157.231]) by CNNCIMSS05.turner.com with InterScan Messaging Security Suite; Tue, 07 Mar 2006 13:51:58 -0500
Received: from ATLPF02.turner.com ([10.188.156.206]) by ATLBH01.turner.com with Microsoft SMTPSVC(6.0.3790.211);
  Tue, 7 Mar 2006 13:51:58 -0500
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative;
 boundary="----_=_NextPart_001_01C64218.363A93AC"
X-MimeOLE: Produced By Microsoft Exchange V6.5
Subject: Top Stories
Date: Tue, 7 Mar 2006 13:51:58 -0500
Message-ID: <BA010952EAB04749A22AE36AB1A1037C0265C3FF@ATLPF02.turner.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: General Comments
Thread-Index: AcZCGDY1/nirXhlcS1SlO6wZI18H7gAAAAAK
From: "News in General" <Topstories4@turner.com>
To: <...@clator.com>
X-OriginalArrivalTime: 07 Mar 2006 18:51:58.0531 (UTC) FILETIME=[365C6130:01C64218]
X-Server: LogSat Software SMTP Server - Unlicensed Evaluation Copy
X-SF-RX-Return-Path: <Topstories4@turner.com>
X-SF-HELO-Domain: smtpgw2.turner.com

 

a legit one from turner.com ...

Received: from 64.236.240.147 by clator.com (LogSat Software SMTP Server - Unlicensed Evaluation Copy) Tue, 7 Mar 2006 13:52:01 -0500
Received: from CNNCIMSS05.turner.com (cnncimss05.turner.com [10.188.171.204])
 by smtpgw2.turner.com (8.12.10/8.12.11) with ESMTP id k27Ipw4c020541
 for <...@clator.com>; Tue, 7 Mar 2006 13:51:59 -0500 (EST)
Received: from ATLBH01.turner.com ([10.188.157.231]) by CNNCIMSS05.turner.com with InterScan Messaging Security Suite; Tue, 07 Mar 2006 13:51:58 -0500
Received: from ATLPF02.turner.com ([10.188.156.206]) by ATLBH01.turner.com with Microsoft SMTPSVC(6.0.3790.211);
  Tue, 7 Mar 2006 13:51:58 -0500
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative;
 boundary="----_=_NextPart_001_01C64218.363A93AC"
X-MimeOLE: Produced By Microsoft Exchange V6.5
Subject: Top Stories
Date: Tue, 7 Mar 2006 13:51:58 -0500
Message-ID: <BA010952EAB04749A22AE36AB1A1037C0265C3FF@ATLPF02.turner.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: General Comments
Thread-Index: AcZCGDY1/nirXhlcS1SlO6wZI18H7gAAAAAK
From: "News in General" <Topstories4@turner.com>
To: <...@clator.com>
X-OriginalArrivalTime: 07 Mar 2006 18:51:58.0531 (UTC) FILETIME=[365C6130:01C64218]
X-Server: LogSat Software SMTP Server - Unlicensed Evaluation Copy
X-SF-RX-Return-Path: <Topstories4@turner.com>
X-SF-HELO-Domain: smtpgw2.turner.com

 


and lastly, three of these were caught.   All of the above postings were just in the past six hours and were only to me (not being an actual ISP, it's jsut me and the missus using the clator.com domain).

Hopefully these will point to some issues.  In case it hasn't been said, thanks for any help you can provide.

Received: from 68.230.240.34 by clator.com (LogSat Software SMTP Server - Unlicensed Evaluation Copy) Tue, 7 Mar 2006 13:56:40 -0500
Received: from willowoffice ([70.187.202.109]) by eastrmmtao05.cox.net
          (InterMail vM.6.01.05.02 201-2131-123-102-20050715) with ESMTP
          id <...eastrmmtao05.cox.net@willowoffice>
          for <...@clator.com>; Tue, 7 Mar 2006 13:54:21 -0500
From: "..." <...@willowtreemedia.com>
To: <...@clator.com>
Subject: FW: BIOS and Photos for Fertility C.A.R.E
Date: Tue, 7 Mar 2006 13:50:19 -0500
MIME-Version: 1.0
Content-Type: multipart/mixed;
 boundary="----=_NextPart_000_0033_01C641EE.12D79CE0"
X-Mailer: Microsoft Office Outlook, Build 11.0.6353
Thread-Index: AcYQqJIy9GiFULfASdW33ufOnhb1nQxboDEg
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1506
Message-Id: <....eastrmmtao05.cox.net@willowoffice>
X-Server: LogSat Software SMTP Server - Unlicensed Evaluation Copy
X-SF-RX-Return-Path: <...@willowtreemedia.com>
X-SF-HELO-Domain: eastrmmtao05.cox.net

Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4065
Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 07 March 2006 at 4:06pm
Clator,

We'll need to see SpamFilter's activity logfiles showing those emails, as in the logs will be reported the reason for the failure, and we need to cross-reference with the emails themselves you just posted.
Roberto Franceschetti

LogSat Software

Spam Filter ISP
Back to Top
Clator View Drop Down
Guest Group
Guest Group
Post Options Post Options   Thanks (0) Thanks(0)   Quote Clator Quote  Post ReplyReply Direct Link To This Post Posted: 07 March 2006 at 5:10pm

Sure thing.  Is there an email address I should just send the logs to?  I can send them unaltered that way.  (No bots to pick up the various addresses and whatnot).

Thanks.

Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4065
Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 07 March 2006 at 8:10pm
Clator,

Your logs still show the DNS disconnecting SpamFilter when queries are made:

03/07/06 08:01:11:368 -- (404) Resolving 205.188.139.137 - Error resolving IP address (Socket Error # 10054 Connection reset by peer.)
03/07/06 08:01:11:368 -- (404) - Invalid MX record - Socket Error # 10054 Connection reset by peer.

We thought we had modified the MX filter so that forceful disconnects from the DNS server that would cause MX lookups to fail would not cause the filter to fail. Apparently your case is slightly different,and our workaround does not work. We'll try to replicate the problem and ignore the error you are receiving as well.

In the meantime, you may want to check the connection to your DNS server to see if you can find out why it fails every now and then.
Roberto Franceschetti

LogSat Software

Spam Filter ISP
Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4065
Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 07 March 2006 at 9:36pm
We've uploaded build 2.7.1.535 in the registered user area. The release notes are as follows:

// New to VersionNumber = '2.7.1.535';
{TODO -cFix : Sometimes Socket Errors on MX test could cause rejects (catches more cases than in build 531)}
{TODO -cNew : Changed the precedence for the :tag and :tagsubject modifiers for the Unfiltered Emails}
{TODO -cFix : DoNotStartWithoutAV option in SpamFilter.ini file not working correctly}

Roberto Franceschetti

LogSat Software

Spam Filter ISP
Back to Top
Clator View Drop Down
Guest Group
Guest Group
Post Options Post Options   Thanks (0) Thanks(0)   Quote Clator Quote  Post ReplyReply Direct Link To This Post Posted: 10 March 2006 at 10:05am
Thanks again.  I've discovered an internal 10. address where my server is hosted that may prove more reliable for DNS than the current IP.  Hopefully this'll do it.
Back to Top
 Post Reply Post Reply Page  <12
  Share Topic   

Forum Jump Forum Permissions View Drop Down



This page was generated in 0.063 seconds.