Spam Filter ISP Support Forum

  New Posts New Posts RSS Feed - Filter Order
  FAQ FAQ  Forum Search   Register Register  Login Login

Filter Order

 Post Reply Post Reply
Author
kspare View Drop Down
Senior Member
Senior Member


Joined: 26 January 2005
Location: Canada
Status: Offline
Points: 334
Post Options Post Options   Thanks (0) Thanks(0)   Quote kspare Quote  Post ReplyReply Direct Link To This Post Topic: Filter Order
    Posted: 11 November 2009 at 9:54am
  1. Why is Not in Authorized TO Emails so low in the list? we are having spam get into the quaruntine for people that don't exist. My customers are asking why?

Should the authto list supercede anything else?

In fact logically the allowed domain and auth too should be the first two things checked? If we delete a domain or an auth to list, it shouldn't get through. Period.

  1. Cached IP blacklist
  2. Greylist
  3.         Whitelisted IP
  4.         Whitelisted Email Address To
  5.         Whitelisted EMail Address From
  6.         Whitelisted Email From Domain
  7.         Whitelisted Auto White List Force Delivery
  8. Allowed Domains
  9. Local IP Blacklist
  10. Local Domain Blacklist
  11. Local Emails Blacklist
  12. Local Emails TO Blacklist
  13. Not in Authorized TO Emails
  14. Country Blacklist
  15. Reject No Reverse DNS
  16. Reject Empty Mail From
  17. Reject Same To From Email address
  18. Reject if Recipient's email in Honeypot email list
  19. Reject if IP in Honeypot-generated auto-ban list
  20. Reject Same To From Domain
  21. Recipient Count > Max RCPTTO
  22. MX Record check
  23. SFDB Filter
  24. SPF Filter
  25. MAPS check
    1.         Exceeded MaxMsgSizeForSpamFiltering
            Keyword Whitelist
  26. SFDC Filter
  27. Blank emails with attachments only
  28. Spam Images in PDFs
  29. Attachment Filter
  30. Keywords
  31. Image Filtering
  32. Bayesian Filtering
  33. SURBL check
  34. Resolve URLs and check IPs in MAPS
  35. Antivirus Plugin
Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4068
Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 19 November 2009 at 4:52pm
kspare had a very valid point, so today we released SpamFilter build 4.1.2.819 that changes the order of the filters. The updated list is being updated in this forum thread.

If anyone has comments on if this "Not in Authorized TO Emails" filter should be placed even higher in the priority list, we'll monitor this thread for user-input.
Roberto Franceschetti

LogSat Software

Spam Filter ISP
Back to Top
kspare View Drop Down
Senior Member
Senior Member


Joined: 26 January 2005
Location: Canada
Status: Offline
Points: 334
Post Options Post Options   Thanks (0) Thanks(0)   Quote kspare Quote  Post ReplyReply Direct Link To This Post Posted: 20 November 2009 at 8:15am
I've been thinking more about this, and I'm leaning towards the logic that allowed domains and authto should be after greylist, for the simple fact that if you host email, and you remove a domain, that domains whitelist etc is still valid.

It then allows the allowed domain and auth to, to kind of act like an access control list.
Back to Top
yapadu View Drop Down
Senior Member
Senior Member


Joined: 12 May 2005
Status: Offline
Points: 272
Post Options Post Options   Thanks (0) Thanks(0)   Quote yapadu Quote  Post ReplyReply Direct Link To This Post Posted: 21 November 2009 at 4:40am
Thanks for this change, we also noticed spam for email addresses that did not exist in quarantine.  We had built a script that ran every so often and removed from quarantine any messages that were to users that did not exist.
Back to Top
Neolisk View Drop Down
Newbie
Newbie


Joined: 13 July 2009
Location: Toronto, ON
Status: Offline
Points: 27
Post Options Post Options   Thanks (0) Thanks(0)   Quote Neolisk Quote  Post ReplyReply Direct Link To This Post Posted: 02 December 2009 at 11:36am
I was thinking if it's possible to let administrators choose the filter order per their needs. For instance, if we whitelist our customers, somebody can forge an email to make it look as if was coming from them and we will get it. From an odd IP, violating SPF etc. - just because the domain is whitelisted and this rule is applied earlier.

i.e. Usually we whitelist domains, because in one of their emails some content was blocked. So we want to be able to put domain whitelist rules just above content filtering, but after country blacklist, MX check, SPF and other useful blocking features.


Edited by Neolisk - 02 December 2009 at 11:36am
Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down



This page was generated in 0.141 seconds.