Spam Filter ISP Support Forum

  New Posts New Posts RSS Feed - Problem with filtering order
  FAQ FAQ  Forum Search   Register Register  Login Login

Problem with filtering order

 Post Reply Post Reply
Author
WebGuyz View Drop Down
Senior Member
Senior Member


Joined: 09 May 2005
Location: United States
Status: Offline
Points: 348
Post Options Post Options   Thanks (0) Thanks(0)   Quote WebGuyz Quote  Post ReplyReply Direct Link To This Post Topic: Problem with filtering order
    Posted: 22 May 2005 at 9:48am
  I am using the latest released Spamfilter version and have an issue with the order in which you do the checking. We received a ton of messages to a domain we host and the FROM: address was actually in our whitelist. The problem is the the users its forwarding mail to do NOT exist in our AuthorizedTo list.
 
It appears the Spamfilter is ignoring the users in Authorizedto list and only focusing on the Whitelisted FROM: entry. What happens is that all of these messages get forwarded to the Exchange administrator we are filtering mail for as unknown users and they want to know why they are getting past the spamfilter.
 
Don't you think it makes sense to verify the TO: users are valid even if the entry is whitelisted?????????
 
 
http://www.webguyz.net
Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4065
Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 22 May 2005 at 4:28pm
Actually not. The whole purpose of the whitelists is to allow incoming email from a sender even if they were blocked by another filter. The AuthorizedTo list is treated no different. There are some users who are not using it as you're doing, and a different behavior as you suggest would create problems for them.

The *only* exception is with viruses. If the antivirus plugin is installed, even whitelisted senders will be blocked if the email contains a virus.

Please note that spammers will often use a fake "from" sender to make it look like it's coming from your own domain. If you add your domain(s) to a whitelist, this will cause the email to bypass all filtering rules, and is generally not a good idea.
Roberto Franceschetti

LogSat Software

Spam Filter ISP
Back to Top
WebGuyz View Drop Down
Senior Member
Senior Member


Joined: 09 May 2005
Location: United States
Status: Offline
Points: 348
Post Options Post Options   Thanks (0) Thanks(0)   Quote WebGuyz Quote  Post ReplyReply Direct Link To This Post Posted: 22 May 2005 at 5:00pm

Not having an authorizedto list is open invitation to get hammered by dictionary attacks.

Looks the the only whitelist worth keeping is the autowhitelist where you can whitelist by domain or user. The rest are worthless in a multi-domain enviroement.

Any consideration foroffering a more feature rich ISP friendly version of Spamfilter?

I realize that you can't be all things to all people but you do so many things right with SF, just needs a little bit more to be perfect.

Thanks!

http://www.webguyz.net
Back to Top
Desperado View Drop Down
Senior Member
Senior Member
Avatar

Joined: 27 January 2005
Location: United States
Status: Offline
Points: 1143
Post Options Post Options   Thanks (0) Thanks(0)   Quote Desperado Quote  Post ReplyReply Direct Link To This Post Posted: 23 May 2005 at 11:09am

An authorized to list is not always realistic to do in an ISP environment as it would be an accounting nightmare .... 15 servers with 20,000 addresses changing on an hourly basis.

Regards,

The Desperado
Dan Seligmann.
Work: http://www.mags.net
Personal: http://www.desperado.com

Back to Top
WebGuyz View Drop Down
Senior Member
Senior Member


Joined: 09 May 2005
Location: United States
Status: Offline
Points: 348
Post Options Post Options   Thanks (0) Thanks(0)   Quote WebGuyz Quote  Post ReplyReply Direct Link To This Post Posted: 23 May 2005 at 11:40am

We automatically rebuild our authorizedto list every 15 minutes, but we only have about 3 thousand users. How do you keep dictionary attacks at bay since SF does not have tarpitting.

 

http://www.webguyz.net
Back to Top
Desperado View Drop Down
Senior Member
Senior Member
Avatar

Joined: 27 January 2005
Location: United States
Status: Offline
Points: 1143
Post Options Post Options   Thanks (0) Thanks(0)   Quote Desperado Quote  Post ReplyReply Direct Link To This Post Posted: 23 May 2005 at 11:49am

Our customers that have their own servers deal with invalid addresses however they want and our primary mail server (sendmail) nulls any invalid addresses and only "NDR's" single recpt messages.

Regards,

The Desperado
Dan Seligmann.
Work: http://www.mags.net
Personal: http://www.desperado.com

Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down



This page was generated in 0.063 seconds.