Spam Filter ISP Support Forum

  New Posts New Posts RSS Feed - Receive Mail without log entry
  FAQ FAQ  Forum Search   Register Register  Login Login

Receive Mail without log entry

 Post Reply Post Reply
Gerd View Drop Down
Guest Group
Guest Group
Post Options Post Options   Thanks (0) Thanks(0)   Quote Gerd Quote  Post ReplyReply Direct Link To This Post Topic: Receive Mail without log entry
    Posted: 18 April 2003 at 5:55pm

Several times a day I get some e-mails in my Outlook with a "from address". Actually when displaying the options of the e-mail there is a from e-mail address but with 2 "" in front of the name. I assume that this causes Outlook to not display the from address.

The strange thing is I can't find any log entries for that e-mail in my SPAM log file. Nor is there any entry in my Quarantine file.

And 3rd, I have a keyword filter file with the words   online,pharmacy   which should have caught the above e-mail. Again, I assume after it's not in the log file that SPAMFilter did not see it, thus, did not reject it.

I am curious how somebody could send an e-mail circumventing the SPAMFilter alltogether?

Here is a part of the log http://file:

04/18/03 13:51:52:890 -- (380) Connection from:  -  Originating country : United States
04/18/03 13:51:53:327 -- (380) Resolving - Not found
04/18/03 13:51:53:327 -- (380) - Reverse DNS not found -
04/18/03 13:51:53:327 -- (380) - Mail from: To: will be quarantined
04/18/03 13:51:53:984 -- (380) EMail from to was received and quarantined. Size: 8 KB
04/18/03 13:51:54:077 -- (380) Disconnect
04/18/03 14:05:32:796 -- (1864) Connection from:  -  Originating country : United States
04/18/03 14:05:33:062 -- (1864) Resolving -
04/18/03 14:05:33:077 -- (1864) Mail from:
04/18/03 14:05:33:374 -- (1864) - MAPS search done... .
04/18/03 14:05:33:390 -- (1864) RCPT TO: accepted
04/18/03 14:05:33:984 -- (1864) EMail from to was queued. Size: 5 KB
04/18/03 14:05:33:999 -- (380) Sending email from to
04/18/03 14:05:34:218 -- (380) EMail from to  was forwarded to
04/18/03 14:05:34:280 -- (1864) Disconnect
04/18/03 14:11:35:952 -- (380) Connection from:  -  Originating country : N/A
04/18/03 14:11:36:124 -- (380) Resolving -
04/18/03 14:11:36:140 -- (380) Mail from:
04/18/03 14:11:36:249 -- (380) - MAPS search done... 521 The IP is Blacklisted by - see .
04/18/03 14:11:36:249 -- (380) - Mail from: To: will be quarantined
04/18/03 14:11:36:702 -- (380) EMail from to was received and quarantined. Size: 3 KB
04/18/03 14:11:36:780 -- (380) Disconnect

This is the e-mail header from Outlook:

Microsoft Mail Internet Headers Version 2.0

Received: from ([]) by with Microsoft SMTPSVC(5.0.2195.5329);

Fri, 18 Apr 2003 14:06:24 -0700

Received: from []

by with ESMTP id 68885965;

Fri, 18 Apr 2003 19:06:00 -0300

Message-ID: <na-n60$3h6mi26$ca-i94$x2z-8-4@3ja.1vu>

From: "" <>

To: <>

Subject: Fw: Meds - Never Leave Home!

Date: Fri, 18 Apr 03 19:06:00 GMT

X-Priority: 3

X-MSMail-Priority: Normal

X-Mailer: Microsoft Outlook Express 6.00.2600.0000

MIME-Version: 1.0

Content-Type: multipart/alternative;



X-OriginalArrivalTime: 18 Apr 2003 21:06:26.0562 (UTC) FILETIME=[5FE3B620:01C305EE]


Content-Type: text/html

Content-Transfer-Encoding: quoted-printable



And this is the contents of the e-mail:

24 Hour
Online Pharmacy

No Prior Prescriptions
Private & Confidential
Overnight Shipping

We have a very large selection of
FDA approved medications!

Come Take A Look

Not Interested



Back to Top
LogSat View Drop Down
Admin Group
Admin Group

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4077
Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 18 April 2003 at 11:39pm


From its headers, it looks like the email was not sent to SpamFilter, but went directly to your smtp server.

I checked your DNS MX record configs, and saw that you have your primary MX record pointing to (SpamFilter) and your secondary to (Microsoft SMTP). At you'll find more info on this, in the meantime here's the section that concerns you:


Please note the comment relative to the backup MX record. While it's a good idea to add them in case with problems with SpamFilter, keep in mind that some spammers will send emails to any server they find an MX record for. This means that they can send mail directly to your unprotected MTA, which will bypass SpamFilter and thus deliver the spam to the intended recipient. A good tradeoff would be to leave the backup MX during your testing phases, then remove it when you are confident SpamFilter does it's job.


Roberto Franceschetti
LogSat Software
Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down

This page was generated in 0.047 seconds.