Print Page | Close Window

Spam is getting through our Spamfilter

Printed From: LogSat Software
Category: Spam Filter ISP
Forum Name: Spam Filter ISP Support
Forum Description: General support for Spam Filter ISP
URL: http://www.logsat.com/spamfilter/forums/forum_posts.asp?TID=6650
Printed Date: 20 October 2017 at 1:22am


Topic: Spam is getting through our Spamfilter
Posted By: ostaa
Subject: Spam is getting through our Spamfilter
Date Posted: 13 April 2009 at 7:28am
We have SF enterprise with the following config :

Maps :
bl.spamcop.net, true
cbl.abuseat.org, true
combined.njabl.org, true
dnsbl.sorbs.net, true
zen.spamhaus.org, true

Surbl:
black.uribl.com
multi.surbl.org
zen.spamhaus.org

Keyword filter
Subject:koi8
koi8
viagra
((?i)charset=("){0,1}.*((windows-1251)|(koi8-r)|(2022-jp)))

SPF (pass on all three) - we tried to block on failed, but recieved to many blocks on no-spam servers

SFDB : value 2
SFDC: value 2

On filter setting we have 1,10,15 as values
The bayesian filter is set to 85% (btw - this is nearly never trigged).

We have two other spamwalls in our ISP topic (Trend IMSS).

We are very happy with the SP solutions, and we want to deploy this on our other server. But.. I need to trap more of the mails with sexual advert. I still get mail like this :

04.13.09 01:59:37:625 -- (5632) EMail from uninitiatedesw388@thevillagejazz.com to trond.anvik@visionpartner.no passes Bayesian filter - 0% spam (0ms)

Subject : raise your sweet sexual adventures with wonderful meds.
Content :raise your sweet sexual adventures with wonderful meds.

beneficial effect ensure. awesome bonus for every sale

This mail is trapped as spam in Trend, in Outlook and in Entourage.

Du You have any suggestion on how we could tighten our Spamfilter - please let me know.




Replies:
Posted By: LogSat
Date Posted: 13 April 2009 at 10:22pm
ostaa,

If you could please zip us SpamFilter’s activity logfile for today (or a day when you had the problems), we’ll analyze it to ensure there are no issues with your configuration. Please also include your SpamFilter.ini file, and the entire \SpamFilter\Domains directory structure (files and subfolders). We will also need to know the to/from addresses for a few of the spam emails in question that have been missed by SpamFilter.

If the zipped file is over 5MB in size, I will send you a PM with the login details for our FTP site, so you may upload the files there.

-------------
Roberto Franceschetti

http://www.logsat.com" rel="nofollow - LogSat Software

http://www.logsat.com/sfi-spam-filter.asp" rel="nofollow - Spam Filter ISP


Posted By: ostaa
Date Posted: 14 April 2009 at 5:58pm
Hi Roberto - still having problems with your FTP :

Hi.
I have tried this before - I am not able to put anything to your FTP server.

When using MSDOS ftp I get :

C:\temp>ftp ftp.logsat.com
Connected to ftp.logsat.com.
220 Microsoft FTP Service
User (ftp.logsat.com:(none)): logsatuser
331 Password required for logsatuser.
Password:
230-Welcome to the LogSat FTP site.
    Anonymous access is not allowed.
230 User logsatuser logged in.
ftp> bin
200 Type set to I.
ftp> put ostaa0413.zip
200 PORT command successful.
550 Access is denied.
ftp>

Any advice would be app.

/Trond



Posted By: LogSat
Date Posted: 14 April 2009 at 11:31pm
ostaa,

Unfortunately we're not able to reproduce the FTP issue, even with the command line. Is there any way you can make the zip available for us to download from your site?

-------------
Roberto Franceschetti

http://www.logsat.com" rel="nofollow - LogSat Software

http://www.logsat.com/sfi-spam-filter.asp" rel="nofollow - Spam Filter ISP


Posted By: ostaa
Date Posted: 15 April 2009 at 3:08am
Hi Roberto.
I have uploaded the files on my FTP server. ftp.visionpartner.no Username and password is the the same as you mailed me.

/Trond


Posted By: LogSat
Date Posted: 16 April 2009 at 12:41am
ostaa,

The day in your logs (the 13th), SpamFilter processed 78,624 connections, and blocked 67,404 emails - it thus prevented 86% of the incoming emails from being received.

Now, of the 11,033 emails that were queued for delivery, a very high percentage of them, 10,338, were delivered because of your whitelisting rules. This left *only* 695 emails that passed (0.88% of the incoming emails) that passed all of SpamFilter's various filters. Most of these 695 emails are likely legitimate, valid emails. Now assuming that 1 out of every 5 emails of those 695 that SpamFilter allowed are spam (meaning that a whopping 20% of the emails SpamFilter missed are spam), this means that only 20% of 0.88% is being missed as spam (0.18% - indicating a 99.82% accuracy if I did the math correctly).

If you see a lot of spam coming in, I would recommend double-checking the whitelist filters you have in place to see if they are allowing spam to go thru, as whitelisted emails represent the vast majority of email that is being delivered.

-------------
Roberto Franceschetti

http://www.logsat.com" rel="nofollow - LogSat Software

http://www.logsat.com/sfi-spam-filter.asp" rel="nofollow - Spam Filter ISP


Posted By: ostaa
Date Posted: 16 April 2009 at 4:31am
Hi Roberto and thank you for fast reply. I only have my own IPnet in the whitelist config have I missed any parameters? (PS Your math is correct :-) )

It is not a LOT of spam, but my customer complains when they now receive more spam after I have changed the spamfilter. Do not misunderstand me, it is not a big problem – but I will try to correct this before I move my other two servers to this platform.

/Trond




Print Page | Close Window