Spam Filter ISP Support Forum

  New Posts New Posts RSS Feed - can SF reject all spam?
  FAQ FAQ  Forum Search   Register Register  Login Login

can SF reject all spam?

 Post Reply Post Reply
Author
ImInAfrica View Drop Down
Groupie
Groupie
Avatar

Joined: 27 June 2006
Location: FL, USA
Status: Offline
Points: 60
Post Options Post Options   Thanks (0) Thanks(0)   Quote ImInAfrica Quote  Post ReplyReply Direct Link To This Post Topic: can SF reject all spam?
    Posted: 12 June 2009 at 6:25pm
I can't find the reference to this, but i understand Spamfilter can either quarantine spam or deliver it.
does SF have the feature to either STOP the smtp session if it figures the message is spam (obviously before the DATA commnad) meaning drop the connection?
can it bounce the message if it realizes that it's spam in the checks after the session to the sender is disconnected?

I am sure i have seen it before but can't find it anywhere.

Thanks in advance.
Amir
Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4065
Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 12 June 2009 at 11:08pm
This one is a bit tricky, as the behavior (disconnect before/after the DATA command) depends on the filter configuration. As a rule of thumb, if the Bayesian filter is disabled, and the filter that is triggered has the associated "Do not quarantine" option checked, the SMTP session will be disconnected after the RCPT TO command (thus before the DATA command). IF the Bayesian filter is enabled, then SpamFilter must allow the Bayesian filter learn about the new incoming spam, thus the email must be received in full.

Of course when the SMTP session is dropped, an SMTP error code is sent to the sender before disconnecting them, so the remote server should see it, and thus the remote server then is in charge of sending an NDR (non-delivery receipt) back to the sender.
Roberto Franceschetti

LogSat Software

Spam Filter ISP
Back to Top
ImInAfrica View Drop Down
Groupie
Groupie
Avatar

Joined: 27 June 2006
Location: FL, USA
Status: Offline
Points: 60
Post Options Post Options   Thanks (0) Thanks(0)   Quote ImInAfrica Quote  Post ReplyReply Direct Link To This Post Posted: 13 June 2009 at 2:38pm
Thanks for the reply.
I think old age is getting to me.

Am I to understand that if the bayesian filter is enabled and "do not quarantine" is enabled as well, the sending SMTP will NOT complete the smtp session?
I don't really care about spammers and bots.

Will this mean that legitimate email which is incorrectly tagged as spam will be returned to the sender by the ORIGINATING smtp?

One more question: what happens to an email if the trigerred rule has "do not quarantine" enabled.

What I am trying to achieve is get rid of all the obvious spam sitting in the quarantine area.

Thanks.
Amir

Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4065
Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 14 June 2009 at 9:08am
Amir,

First of all, whenever *any* kind of email is blocked, we have, since our first release in 2002, designed SpamFilter so that it is always the remote server (the originating SMTP server) that sends an NDR, never SpamFilter. So when an email is blocked/quarantined/deleted, not a single NDR email will ever be generated from within your network to the internet. We truly do not understand why some of our competitors do not do the same thing, as if this weren't the case, your own network would become a source of spam if the antispam software was to send NDRs back out to the internet...

For your question, as a rule of thumb (there are sometimes exception with multiple recipients), only if the Bayesian filter is *disabled* and the "do not quarantine" option is enabled, the SMTP session will be dropped before the DATA command is accepted (thus preventing the email itself to be transmitted). If the Bayesian filter is *enabled* however the email will be received.

To the remote server, whether an email is quarantined or not will make no difference. In both cases, the SMTP error code sent to the remote server will be the same, and the descriptive text contained in the email that the *remote server** will send back via the NDR to the sender will inform them that the email was blocked. Please note that even if an email is quarantined, it is very, very unlikely a user will ever see it (don't know about the others, but I personally check my quarantine only about once a month) , so it essentially not delivered and thus the NDR will state so.

To be noted that there is an option suffix :NULL that can be added to some blacklists. This was added to stop "repeated offenders", that is spammers who will keep sending the same email over and over if it gets blocked. This suffix causes SpamFilter to let the spammer know that the spam email was received and accepted (so they shouldn't retry to send it), but in reality SpamFilter will simply drop (send to NULL) the email without forwarding/quarantining it.
Roberto Franceschetti

LogSat Software

Spam Filter ISP
Back to Top
ImInAfrica View Drop Down
Groupie
Groupie
Avatar

Joined: 27 June 2006
Location: FL, USA
Status: Offline
Points: 60
Post Options Post Options   Thanks (0) Thanks(0)   Quote ImInAfrica Quote  Post ReplyReply Direct Link To This Post Posted: 14 June 2009 at 11:23am
Roberto, thanks for the response.
What I understand is that if the Bayesian filter is <U>enabled</U> and the email is determined to be spam by <U>ANY</U> rule the sender will not be notified about it.

the question that no we have to ask is how big of a part does the Bayesian filter play in the spam filtering process?

Thanks
Amir
Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4065
Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 15 June 2009 at 8:12pm
Amir,

On average, the bayesian filter is rather ineffective compared to the other filters, as we usually see it catching between 0.1% and 1% of the total spam blocked by SpamFilter. You can verify this yourself on your own installation by going to the "Statistics" tab in SpamFilter, and look at the "Emails by filter" sub-tab, which will give you the count of spam emails in your quarantine database being blocked by the various filters.
Roberto Franceschetti

LogSat Software

Spam Filter ISP
Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down



This page was generated in 0.078 seconds.