Print Page | Close Window

Filter Order

Printed From: LogSat Software
Category: Spam Filter ISP
Forum Name: Spam Filter ISP Support
Forum Description: General support for Spam Filter ISP
URL: http://www.logsat.com/spamfilter/forums/forum_posts.asp?TID=6771
Printed Date: 21 October 2017 at 5:25pm


Topic: Filter Order
Posted By: kspare
Subject: Filter Order
Date Posted: 11 November 2009 at 9:54am
  1. Why is Not in Authorized TO Emails so low in the list? we are having spam get into the quaruntine for people that don't exist. My customers are asking why?

Should the authto list supercede anything else?

In fact logically the allowed domain and auth too should be the first two things checked? If we delete a domain or an auth to list, it shouldn't get through. Period.

  1. Cached IP blacklist
  2. Greylist
  3.         Whitelisted IP
  4.         Whitelisted Email Address To
  5.         Whitelisted EMail Address From
  6.         Whitelisted Email From Domain
  7.         Whitelisted Auto White List Force Delivery
  8. Allowed Domains
  9. Local IP Blacklist
  10. Local Domain Blacklist
  11. Local Emails Blacklist
  12. Local Emails TO Blacklist
  13. Not in Authorized TO Emails
  14. Country Blacklist
  15. Reject No Reverse DNS
  16. Reject Empty Mail From
  17. Reject Same To From Email address
  18. Reject if Recipient's email in Honeypot email list
  19. Reject if IP in Honeypot-generated auto-ban list
  20. Reject Same To From Domain
  21. Recipient Count > Max RCPTTO
  22. MX Record check
  23. SFDB Filter
  24. SPF Filter
  25. MAPS check
    1.         Exceeded MaxMsgSizeForSpamFiltering
            Keyword Whitelist
  26. SFDC Filter
  27. Blank emails with attachments only
  28. Spam Images in PDFs
  29. Attachment Filter
  30. Keywords
  31. Image Filtering
  32. Bayesian Filtering
  33. SURBL check
  34. Resolve URLs and check IPs in MAPS
  35. Antivirus Plugin



Replies:
Posted By: LogSat
Date Posted: 19 November 2009 at 4:52pm
kspare had a very valid point, so today we released SpamFilter build 4.1.2.819 that changes the order of the filters. The updated list is being updated in http://www.logsat.com/SpamFilter/Forums/forum_posts.asp?TID=6726&KW=filter+order&title=filter-order-how-filters-are-applied - this forum thread .

If anyone has comments on if this "Not in Authorized TO Emails" filter should be placed even higher in the priority list, we'll monitor this thread for user-input.


-------------
Roberto Franceschetti

http://www.logsat.com" rel="nofollow - LogSat Software

http://www.logsat.com/sfi-spam-filter.asp" rel="nofollow - Spam Filter ISP


Posted By: kspare
Date Posted: 20 November 2009 at 8:15am
I've been thinking more about this, and I'm leaning towards the logic that allowed domains and authto should be after greylist, for the simple fact that if you host email, and you remove a domain, that domains whitelist etc is still valid.

It then allows the allowed domain and auth to, to kind of act like an access control list.


Posted By: yapadu
Date Posted: 21 November 2009 at 4:40am
Thanks for this change, we also noticed spam for email addresses that did not exist in quarantine.  We had built a script that ran every so often and removed from quarantine any messages that were to users that did not exist.


Posted By: Neolisk
Date Posted: 02 December 2009 at 11:36am
I was thinking if it's possible to let administrators choose the filter order per their needs. For instance, if we whitelist our customers, somebody can forge an email to make it look as if was coming from them and we will get it. From an odd IP, violating SPF etc. - just because the domain is whitelisted and this rule is applied earlier.

i.e. Usually we whitelist domains, because in one of their emails some content was blocked. So we want to be able to put domain whitelist rules just above content filtering, but after country blacklist, MX check, SPF and other useful blocking features.



Print Page | Close Window