Spam Filter ISP Support Forum

  New Posts New Posts RSS Feed - problem with split messages and v 704
  FAQ FAQ  Forum Search   Register Register  Login Login

problem with split messages and v 704

 Post Reply Post Reply
Author
Terry View Drop Down
Senior Member
Senior Member


Joined: 06 February 2005
Status: Offline
Points: 155
Post Options Post Options   Thanks (0) Thanks(0)   Quote Terry Quote  Post ReplyReply Direct Link To This Post Topic: problem with split messages and v 704
    Posted: 04 September 2007 at 4:38pm
We are seeing an on-going problem with this release when emails come in to a group of recipients and it is quarantined for at least 1 recipient.  It appears that the sender is notified of a non-deliverable message and resends that message a short-while later triggering the same problem again and again...recipients are getting upwards of 100 duplicate emails with this scenario.
 
This is really getting annoying for our users....we are going to again try to upload a log file to your ftp site today so that you can see what we see....we will also add some notes to point to an example....
Back to Top
Terry View Drop Down
Senior Member
Senior Member


Joined: 06 February 2005
Status: Offline
Points: 155
Post Options Post Options   Thanks (0) Thanks(0)   Quote Terry Quote  Post ReplyReply Direct Link To This Post Posted: 05 September 2007 at 1:13pm
just so you know the ftp'd file is now there...it starts with 20070903...
 
 
Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4068
Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 05 September 2007 at 11:00pm
Terry,

We received the log file, but have no indication of which emails have been received in duplicate.

While we look into this, please note that spammers sometimes try to re-send the same emails more than once, since SpamFilter will reject their spam. This has always been apparent by looking at the quarantined emails, as often there will be duplicate messages from the same sender. This has always happened, and about a year ago we were ale to reduce (but not eliminate) this duplication by introducing a new filter that cached the IPs of the spammers in memory, temporarily preventing them form reconnecting if they try to resend spam in a short period of time.

Starting with SpamFilter v3.5, we are now able to “split” an email with multiple recipients, so that the whitelisted ones receive it, while the others do not. In the past, if a spam email with multiple recipients arrived, and one was whitelisted, the *entire* email would be delivered to all users, even the ones not being whitelisted. As the email was being delivered, the sender would not retry to send it, and thus only one copy would be delivered.

With this new version however, if the email contains multiple recipients, and one of them is whitelisted, it is possible that the remote server will retry to send the email may times, and in this case the whitelisted recipient will receive it each time. If this is the case, there is really nothing to do. Whitelisted recipients do not have their emails filtered, so each new incoming email to them will be delivered. If the remote sender retries to send it for whatever reason, it will be delivered.

There is really no good solution to this problem. With the older releases, the email was no being split, and it was being delivered to all receipients, whitelisted or not. This caused spam to go thru because of users being whitelisted.

With this version, now spam is being blocked for "normal" receipients. However the whitelisted ones will get all the ones that the senders re-try to send.

SpamFilter could also accept all such spam emails, and only deliver them to the whitelisted users. This would not cause the sender to re-send them, as they see them as being accepted. However in this case SpamFilter *must* send a non-delivery notification email back to the sender to inform them that some receipients did not receive the email. If we were to do this, SpamFilter could potentially send out thousands of spam emails per day, as most of the times the sender is fake, so we would be sending spam to a poor innocent victim whoe email was spoofed by the spammer, and this would cause SpamFilter's IP address to be potentially blacklisted very, very fast...


Roberto Franceschetti

LogSat Software

Spam Filter ISP
Back to Top
Terry View Drop Down
Senior Member
Senior Member


Joined: 06 February 2005
Status: Offline
Points: 155
Post Options Post Options   Thanks (0) Thanks(0)   Quote Terry Quote  Post ReplyReply Direct Link To This Post Posted: 06 September 2007 at 2:46pm

Roberto, I am a little confused...in order to split the delivery of the email for those that have a sender whitelisted and those that don't...are you changing the "to" line?  How else would our backend exchange servers know how to deliver it to just one recipient?  If so I am worried that we may be altering a possible legal document......  If this is the case can we add this feature as a switch we can enable or disable?  Also we put annotation in the beginning of the log file with a location we thought showed a pretty clear problem...

...like:
- (1960) Adding to d:\program files\spamfilter\AutoWhiteListForceDelivery.txt:criminaljusticebulletin-bounces@listsmart.osl.state.or.us|wallij@portptld.com
09/03/07 09:55:31:562 -- (1960) Delivering quarantined email from <criminaljusticebulletin-bounces@listsmart.osl.state.or.us> to wallij@portptld.com
09/03/07 09:55:31:578 -- (1960) Adding to d:\program files\spamfilter\AutoWhiteListForceDelivery.txt:criminaljusticebulletin-bounces@listsmart.osl.state.or.us|wallij@portptld.com
09/03/07 09:55:31:578 -- (1960) Delivering quarantined email from <criminaljusticebulletin-bounces@listsmart.osl.state.or.us> to wallij@portptld.com
09/03/07 09:55:31:593 -- (1960) Adding to d:\program files\spamfilter\AutoWhiteListForceDelivery.txt:criminaljusticebulletin-bounces@listsmart.osl.state.or.us|wallij@portptld.com
09/03/07 09:55:31:593 -- (1960) Delivering quarantined email from <criminaljusticebulletin-bounces@listsmart.osl.state.or.us> to wallij@portptld.com
09/03/07 09:55:31:609 -- (1960) Adding to d:\program files\spamfilter\AutoWhiteListForceDelivery.txt:criminaljusticebulletin-bounces@listsmart.osl.state.or.us|wallij@portptld.com
09/03/07 09:55:31:609 -- (3380) Resolving 69.94.139.248 - Not found
09/03/07 09:55:31:609 -- (3380) - Reverse DNS not found -
09/03/07 09:55:31:609 -- (3380) 69.94.139.248 - Mail from: ApprovalsDept@yellowaccord.com To: nichoj@portptld.com will be rejected
09/03/07 09:55:31:609 -- (1960) Delivering quarantined email from <criminaljusticebulletin-bounces@listsmart.osl.state.or.us> to wallij@portptld.com
09/03/07 09:55:31:625 -- (1960) Adding to d:\program files\spamfilter\AutoWhiteListForceDelivery.txt:criminaljusticebulletin-bounces@listsmart.osl.state.or.us|wallij@portptld.com
09/03/07 09:55:31:625 -- (1960) Delivering quarantined email from <criminaljusticebulletin-bounces@listsmart.osl.state.or.us> to wallij@portptld.com
09/03/07 09:55:31:640 -- (1960) Adding to d:\program files\spamfilter\AutoWhiteListForceDelivery.txt:criminaljusticebulletin-bounces@listsmart.osl.state.or.us|wallij@portptld.com
09/03/07 09:55:31:640 -- (1960) Delivering quarantined email from <criminaljusticebulletin-bounces@listsmart.osl.state.or.us> to wallij@portptld.com
09/03/07 09:55:31:656 -- (1960) Adding to d:\program files\spamfilter\AutoWhiteListForceDelivery.txt:criminaljusticebulletin-bounces@listsmart.osl.state.or.us|wallij@portptld.com
09/03/07 09:55:31:656 -- (1960) Delivering quarantined email from <criminaljusticebulletin-bounces@listsmart.osl.state.or.us> to wallij@portptld.com
09/03/07 09:55:31:671 -- (1960) Adding to d:\program files\spamfilter\AutoWhiteListForceDelivery.txt:criminaljusticebulletin-bounces@listsmart.osl.state.or.us|wallij@portptld.com
09/03/07 09:55:31:671 -- (1960) Delivering quarantined email from <criminaljusticebulletin-bounces@listsmart.osl.state.or.us> to wallij@portptld.com
09/03/07 09:55:31:687 -- (1960) Adding to d:\program files\spamfilter\AutoWhiteListForceDelivery.txt:criminaljusticebulletin-bounces@listsmart.osl.state.or.us|wallij@portptld.com
09/03/07 09:55:31:703 -- (1960) Delivering quarantined email from <criminaljusticebulletin-bounces@listsmart.osl.state.or.us> to wallij@portptld.com
09/03/07 09:55:31:718 -- (1960) Adding to d:\program files\spamfilter\AutoWhiteListForceDelivery.txt:criminaljusticebulletin-bounces@listsmart.osl.state.or.us|wallij@portptld.com
09/03/07 09:55:31:718 -- (1960) Delivering quarantined email from <criminaljusticebulletin-bounces@listsmart.osl.state.or.us> to wallij@portptld.com
09/03/07 09:55:31:734 -- (1960) Adding to d:\program files\spamfilter\AutoWhiteListForceDelivery.txt:criminaljusticebulletin-bounces@listsmart.osl.state.or.us|wallij@portptld.com
09/03/07 09:55:31:734 -- (1960) Delivering quarantined email from <criminaljusticebulletin-bounces@listsmart.osl.state.or.us> to wallij@portptld.com
09/03/07 09:55:31:750 -- (1960) Adding to d:\program files\spamfilter\AutoWhiteListForceDelivery.txt:criminaljusticebulletin-bounces@listsmart.osl.state.or.us|wallij@portptld.com
09/03/07 09:55:31:750 -- (1960) Delivering quarantined email from <criminaljusticebulletin-bounces@listsmart.osl.state.or.us> to wallij@portptld.com
09/03/07 09:55:31:765 -- (1960) Adding to d:\program files\spamfilter\AutoWhiteListForceDelivery.txt:criminaljusticebulletin-bounces@listsmart.osl.state.or.us|wallij@portptld.com
09/03/07 09:55:31:765 -- (1960) Delivering quarantined email from <criminaljusticebulletin-bounces@listsmart.osl.state.or.us> to wallij@portptld.com
09/03/07 09:55:31:781 -- (3380) Start virus scan
09/03/07 09:55:31:796 -- (3380) Starting quarantine procedures
09/03/07 09:55:31:796 -- (3380) Created thread (2328) to add email to quarantine
09/03/07 09:55:31:796 -- (3380) Starting bayesian procedures
09/03/07 09:55:31:796 -- (1960) Adding to d:\program files\spamfilter\AutoWhiteListForceDelivery.txt:criminaljusticebulletin-bounces@listsmart.osl.state.or.us|wallij@portptld.com
09/03/07 09:55:31:796 -- (1960) Delivering quarantined email from <criminaljusticebulletin-bounces@listsmart.osl.state.or.us> to wallij@portptld.com
09/03/07 09:55:31:828 -- (1960) Adding to d:\program files\spamfilter\AutoWhiteListForceDelivery.txt:criminaljusticebulletin-bounces@listsmart.osl.state.or.us|wallij@portptld.com
09/03/07 09:55:31:828 -- (2328) EMail from ApprovalsDept@yellowaccord.com to nichoj@portptld.com was received and quarantined. Size: 1 KB, 1024 bytes
09/03/07 09:55:31:828 -- (1960) Delivering quarantined email from <criminaljusticebulletin-bounces@listsmart.osl.state.or.us> to wallij@portptld.com
09/03/07 09:55:31:843 -- (1960) Adding to d:\program files\spamfilter\AutoWhiteListForceDelivery.txt:criminaljusticebulletin-bounces@listsmart.osl.state.or.us|wallij@portptld.com
09/03/07 09:55:31:843 -- (1960) Delivering quarantined email from <criminaljusticebulletin-bounces@listsmart.osl.state.or.us> to wallij@portptld.com
Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4068
Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 06 September 2007 at 5:52pm
Terry,

SpamFilter will never change the contents of the emails. Changes to occur in headers:

The "Return-Path" header that is in the email is removed, and SpamFilter adds a new "Return-Path" containing the email address that was specified in the MAIL FROM command from the remote server. This is per RFC 2821 (every mail server that processes an emal must replace the return-path header with one containing the sender.

SpamFilter adds a "Received:" header at the top of the header list showing which IP the email was received from and marks it with a time stamp.

SamFilter adds several X-SF-something headers containing additional information about the email.

All other headers are left intact, including the "From:", "To:", "CC:", and any others.

The email headers are irrelevant as to who the email is delivered to and who it's coming from. The only thing that matters as to define the recipients and the sender are the "MAIL FROM" and "RCPT TO" commands exchanged during the SMTP sessions.

The "MAIL FROM" command is sent by the remote server to specify who the "real" sender is. This can be different fro the address specified in the "From:" header.

The "RCPT TO" command is used by the remote sender to specify the recipient(s) of the email. If there are multiple recipients, each one is specified using a separate RCPT TO command. There can thus be several sch commands in a single SMTP session. Please note tat these addresses can be different than those specified in the "To:" and "CC:" headers.

SpamFilter will deliver the emails to your whitelisted sender(s) by specifying them via an "RCPT TO" command to your Exchange server. When a email with multiple recipients arrives, and one or more are whitelisted, SpamFilter will only issue a "RCPT TO" command to your Exchange server for the whitelisted recipient(s).

In regards to the log entries below, I'm not sure what to make of them. Most entries show that a user has forced the delivery of multiple email from their quarantined area. How do these relate to the logfile you uploaded to our FTP server the other day? Are these the ones the user reports as being duplicates?
Roberto Franceschetti

LogSat Software

Spam Filter ISP
Back to Top
Terry View Drop Down
Senior Member
Senior Member


Joined: 06 February 2005
Status: Offline
Points: 155
Post Options Post Options   Thanks (0) Thanks(0)   Quote Terry Quote  Post ReplyReply Direct Link To This Post Posted: 06 September 2007 at 8:20pm
Thank you for the explaination...obviously I am not as smart about how this works as you. 
In answer to your question....yes...somehow the one message was sent about 100+ times....I have no good explaination for it but it happened...
Back to Top
Terry View Drop Down
Senior Member
Senior Member


Joined: 06 February 2005
Status: Offline
Points: 155
Post Options Post Options   Thanks (0) Thanks(0)   Quote Terry Quote  Post ReplyReply Direct Link To This Post Posted: 06 September 2007 at 8:22pm

I forgot to answer the other question about how this relates to the other logs...the others were never successfully uploaded and you are seeing only a piece before I was timed out....we had this one easily available and more recent with what looked like a better more obvious pattern so we sent this. 

Back to Top
Terry View Drop Down
Senior Member
Senior Member


Joined: 06 February 2005
Status: Offline
Points: 155
Post Options Post Options   Thanks (0) Thanks(0)   Quote Terry Quote  Post ReplyReply Direct Link To This Post Posted: 10 September 2007 at 10:47am
Roberto....can you clarify something for me..with version 704...  I have an old email address crosst@portptld.com that I added to the "to emails" blacklist so that I could see how many people were sending to my old address and get them correct the address.  These messages go to quarantine and I can deliver or view them there and act accordingly.  I am thinking now with this release however that the sender is getting some kind of non-delivery code for the message as I see many many many coming in from the same legitimate sender.  I am also getting lots of complaints from others that were on the same "to" line that they are getting many copies also.....if something went to quarantine in prior releases it didn't report a non-delivery to the sender did it?
Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4068
Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 11 September 2007 at 12:03am
When an antispam product blocks an email, per RFC the sender must be informed that the email was not delivered. This can be done in two ways.

1. The antispam product accepts the email from the remote server. After the email is received, the antispam product analyzes it for spm. If it is spam, the antispam software then sends a NDR email (non-deliverable email receipt) back to the sender. If your server blocks 200,000 emails per day, your server will thus be *sending* 200,000 NDR emails to the internet every day. Since most spam emails are being sent from fake, invalid email addresses, antispam servers will be sending out essentially 200,000 spam emails to the internet, and this will often cause your server to blacklisted itself... This is a vey, very bad way to proceed, but is common with some anti-spam appliances.

2. The antispam product analyzes the email for spam in real-time during the SMTP session. If the email is spam, the anti-spam server rejects the email rather than accepting it. The rejection occurs by outputting an SMTP error message to the remote server rather than acknowledging the receipt. Doing so forces the remote server to send an NDR email back to the sender, informing them of the failed delivery.  The antispam server will ths never send emails out itself, saving  a lt of bandwidth, and, most important, without causing the antispam server itself to be blacklisted.
Please note that in this case, sometimes the remote server will not honor the RFC-compliant error codes output by the antispam server. Such codes follow RFC guidelines should prevent remote servers to re-send the emails. Unfortunately some SMTP servers do not follow the RFCs 100%, and will thus re-attempt delivery of emails anyways. The antispam software will continue to block them, but if they end up in a quarantine area there will be duplicates.


Our first version of SpamFilter was released in 2002, and we have *always* used method #2 above to stop spam. Many later products have opted for #1 as it's much easier to implement, but is a terrible idea in terms of functionality.
Our rejection methods have never changed, and there have always been mail servers that have been resending emails, causing duplicate emails in the quarantine database.
Lately we added additional flexibility in the email handling that allows emails to whitelisted recipients to be split, so that other recipients of a spam email, who were not whitelisted, would not have to "suffer" by receiving spam just because one of the receipients was whitelisted. There is a side effect to this, and this is that whitelisted recipients will receive every email that is sent, including any duplicates there may be (if the email has multiple recipients).

Roberto Franceschetti

LogSat Software

Spam Filter ISP
Back to Top
Terry View Drop Down
Senior Member
Senior Member


Joined: 06 February 2005
Status: Offline
Points: 155
Post Options Post Options   Thanks (0) Thanks(0)   Quote Terry Quote  Post ReplyReply Direct Link To This Post Posted: 11 September 2007 at 9:05am
thank you again for the explaination.  You are right it is definitely causing problems for those of us who get these emails now.  yesterday I received close to 50 of the same message from a vendor that was being quarantined for some others on the same message.  I have whitelisted the address of the sender globally to try to stop the madness.  I have to tell you that I am not sure this new feature is really worth the problems when we have this issue.  Have you considered making this feature something that we can turn on or off in the interface?  I know my other users would be much happier if I could take it back to the old process rather than get 100's of duplicate emails.
Back to Top
Terry View Drop Down
Senior Member
Senior Member


Joined: 06 February 2005
Status: Offline
Points: 155
Post Options Post Options   Thanks (0) Thanks(0)   Quote Terry Quote  Post ReplyReply Direct Link To This Post Posted: 11 September 2007 at 1:59pm
Roberto, after whitelisting the whole invensys domain we still have problems with quarantine and delivery of messages (both happening at once)....I think we are also sending a delivery failure back to the sender since they continue to resend the message....this log excerpt seems wrong to me since it impies that it is both rejecting and forwarding the same message...
09/11/07 10:38:57:370 -- (4960) Connection from: 207.46.163.16  -  Originating country : United States
09/11/07 10:38:57:432 -- (232) Start virus scan
09/11/07 10:38:57:432 -- (232) Starting bayesian procedures
09/11/07 10:38:57:776 -- (5888) Start virus scan
09/11/07 10:38:57:791 -- (5888) Starting bayesian procedures
09/11/07 10:38:57:901 -- (232) Blacklist cache - Added 85.140.96.97 to limbo
09/11/07 10:38:57:995 -- (4560) Resolving 78.166.39.228 - Not found
09/11/07 10:38:57:995 -- (4560) - Reverse DNS not found -
09/11/07 10:38:57:995 -- (4560) 78.166.39.228 - Mail from: dwshortcutsoftm@shortcutsoft.com To: christi.sciacca@portofportland.com will be rejected
09/11/07 10:38:58:073 -- (4960) - EmailTO is in local blacklist file...
09/11/07 10:38:58:073 -- (4960) 207.46.163.16 - Mail from: silvia.cosme@ips.invensys.com To: crosst@portptld.com will be rejected
09/11/07 10:38:58:073 -- (4960) Bypassed all rules for: crosst@portptld.com from silvia.cosme@ips.invensys.com ( AutoWhiteList Force Delivery)
09/11/07 10:38:58:229 -- (4404) Start virus scan
09/11/07 10:38:58:245 -- (4404) Starting bayesian procedures
09/11/07 10:38:58:291 -- (4960) Mail from: silvia.cosme@ips.invensys.com
09/11/07 10:38:58:291 -- (4960) 207.46.163.16 - Mail from: silvia.cosme@ips.invensys.com To: fishet@portptld.com will be rejected
09/11/07 10:38:58:291 -- (4960) Bypassed all rules for: fishet@portptld.com from silvia.cosme@ips.invensys.com ( AutoWhiteList Force Delivery)
09/11/07 10:38:58:354 -- (5888) Blacklist cache - Updated limbo counter for 85.140.96.97
09/11/07 10:38:58:463 -- (4960) Mail from: silvia.cosme@ips.invensys.com
09/11/07 10:38:58:463 -- (4960) 207.46.163.16 - Mail from: silvia.cosme@ips.invensys.com To: gainem@portptld.com will be rejected
09/11/07 10:38:58:463 -- (4960) Bypassed all rules for: gainem@portptld.com from silvia.cosme@ips.invensys.com ( AutoWhiteList Force Delivery)
09/11/07 10:38:58:510 -- (232) SFDB - Added 85.140.96.97 - Response: Error=0
09/11/07 10:38:58:510 -- (232) Disconnect
09/11/07 10:38:58:604 -- (4960) Mail from: silvia.cosme@ips.invensys.com
09/11/07 10:38:58:604 -- (4960) 207.46.163.16 - Mail from: silvia.cosme@ips.invensys.com To: johnsc@portptld.com will be rejected
09/11/07 10:38:58:604 -- (4960) Bypassed all rules for: johnsc@portptld.com from silvia.cosme@ips.invensys.com ( AutoWhiteList Force Delivery)
09/11/07 10:38:58:729 -- (4960) Mail from: silvia.cosme@ips.invensys.com
09/11/07 10:38:58:729 -- (4960) 207.46.163.16 - Mail from: silvia.cosme@ips.invensys.com To: mclauj@portptld.com will be rejected
09/11/07 10:38:58:729 -- (4960) Bypassed all rules for: mclauj@portptld.com from silvia.cosme@ips.invensys.com ( AutoWhiteList Force Delivery)
09/11/07 10:38:58:823 -- (5888) SFDB - Added 85.140.96.97 - Response: Error=0
09/11/07 10:38:58:823 -- (5888) Disconnect
09/11/07 10:38:58:916 -- (5352) Connection from: 71.182.161.152  -  Originating country : United States
09/11/07 10:38:58:948 -- (4968) Resolving 171.159.192.80 - vamx04.bankofamerica.com
09/11/07 10:38:59:088 -- (5000) Connection from: 69.28.223.135  -  Originating country : Canada
09/11/07 10:38:59:104 -- (5652) Connection from: 200.86.64.148  -  Originating country : Chile
09/11/07 10:38:59:416 -- (5812) Resolving 85.140.96.97 - ppp85-140-96-97.pppoe.mtu-net.ru
09/11/07 10:38:59:479 -- (4560) Start virus scan
09/11/07 10:38:59:495 -- (4560) Starting quarantine procedures
09/11/07 10:38:59:495 -- (4560) Created thread (2164) to add email to quarantine
09/11/07 10:38:59:495 -- (4560) Starting bayesian procedures
09/11/07 10:38:59:541 -- (2164) EMail from dwshortcutsoftm@shortcutsoft.com to christi.sciacca@portofportland.com was received and quarantined. Size: 3 KB, 3072 bytes
09/11/07 10:38:59:682 -- (4960) Start virus scan
09/11/07 10:38:59:807 -- (4960) Starting queueing procedures
09/11/07 10:38:59:807 -- (4960) Info - some recipients were in the WhitelistedEmailsTO list. Email will be split so they receive it while the others will not
09/11/07 10:38:59:807 -- (4960) EMail from silvia.cosme@ips.invensys.com to "crosst@portptld.com, mclauj@portptld.com" was queued. Size: 17 KB, 17408 bytes
09/11/07 10:38:59:807 -- (4960) Starting quarantine procedures
09/11/07 10:38:59:807 -- (5132) Sending email from silvia.cosme@ips.invensys.com to crosst@portptld.com, mclauj@portptld.com --
09/11/07 10:38:59:807 -- (4960) Created thread (4572) to add email to quarantine
09/11/07 10:38:59:807 -- (4960) Starting bayesian procedures
09/11/07 10:38:59:932 -- (4572) EMail from silvia.cosme@ips.invensys.com to crosst@portptld.com, fishet@portptld.com, gainem@portptld.com, johnsc@portptld.com, mclauj@portptld.com was received and quarantined. Size: 19 KB, 19456 bytes
09/11/07 10:38:59:948 -- (4968) found SPF record for bankofamerica.com: v=spf1 a:sfmx02.bankofamerica.com a:sfmx04.bankofamerica.com a:vamx04.bankofamerica.com a:vamx02.bankofamerica.com a:txmx02.bankofamerica.com a:txmx04.bankofamerica.com include:_spfx.bankofamerica.com ~all
09/11/07 10:38:59:963 -- (5132) EMail from silvia.cosme@ips.invensys.com to crosst@portptld.com, mclauj@portptld.com --  was forwarded to portexfe.pop.portptld.com:25
09/11/07 10:38:59:995 -- (5000) Resolving 69.28.223.135 - mta9br.cmpgnr.com 
Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4068
Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 11 September 2007 at 4:33pm
Terry,

There is an entry in the log above that does not look right:

09/11/07 10:38:58:073 -- (4960) - EmailTO is in local blacklist file...

From this entry, it appears you have blacklisted one of the recipients of the email, which will most likely be the first one being logged, "crosst@portptld.com".
Could you please verify your "Emails TO" blacklist ensure that nothing has been unintentionally been added there?

From the log there is also no indication that the "invensys" has been whitelisted. I'll contact you by email to see how we can beter help to torubleshoot all these issues.
Roberto Franceschetti

LogSat Software

Spam Filter ISP
Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down



This page was generated in 0.078 seconds.