SpamFilter ISP v2.6.3.473 is available (l
Printed From: LogSat Software
Category: Spam Filter ISP
Forum Name: Spam Filter ISP Support
Forum Description: General support for Spam Filter ISP
URL: https://www.logsat.com/spamfilter/forums/forum_posts.asp?TID=5276
Printed Date: 15 December 2025 at 2:42am
Topic: SpamFilter ISP v2.6.3.473 is available (l
Posted By: LogSat
Subject: SpamFilter ISP v2.6.3.473 is available (l
Date Posted: 25 July 2005 at 9:30am
SpamFilter ISP v2.6.3.473 is now officially available for licensed
users and as a free download. As always, the free version is a fully
functional copy, it has no expiration dates. The improvements since the
previous build 2.5.1.441 are listed below:
// New to VersionNumber = '2.6.3.473';
{TODO -cFix : 100% CPU usage with certain RegEx keywords caused by certain malformed MIME messages}
{TODO -cFix : SPF bug - mx tests where A records have multiple IPs would sometimes incorrectly fail }
{TODO -cFix : SPF bug introduced in build 456 caused some SPF test to
pass even though the "A" identifier should have caused them to fail }
{TODO -cFix : New per-domain filter GUI grid was being reloaded while the user was interactively making changes to it}
{TODO -cFix : New per-domain filter can get out-of-sync with the local domains list}
// New to VersionNumber = '2.6.3.467';
{TODO -cNew : New tab allows to enable/disable any filter on a
per-domain basis, allowing further customizations for your local
domains}
// New to VersionNumber = '2.5.2.462';
{TODO -cFix : Logfile was not flushed to disk until SpamFilter terminated or the log rotated - bug was introduced in build 461}
// New to VersionNumber = '2.5.2.461';
{TODO -cNew : Added RealtimeDiskLogging option in SpamFilter.ini file to have log being flushed to disk with every entry}
{TODO -cNew : Added DoNotAddIPToHoneypot option to SpamFilter.ini file
to prevent certain trusted IPs from being blacklisted by the honeypot
filter}
{TODO -cNew : Changed the logging on screen performance to increase reliability and have a smoother scroll}
// New to VersionNumber = '2.5.2.459';
{TODO -cFix : SURBL Do Not Quarantine setting was saving, but the mail was still not being quarantined}
// New to VersionNumber = '2.5.2.458';
{TODO -cFix : Could save the SURBL Do Not Quarantine setting}
{TODO -cFix : Could not empty the SURBL list, the default multi.surbl.org list was re-added automatically}
{TODO -cFix : AutoWhiteList was not always case-insensitive}
// New to VersionNumber = '2.5.2.457';
{TODO -cNew : Automatically adding "multi.surbl.org" to SURBL servers
if the SURBL section is not present in SpamFilter.ini file. Used to
provide default in upgrades...}
// New to VersionNumber = '2.5.2.456';
{TODO -cFix : EMail forwarded/blocked/attempts counters were resetting themselves}
{TODO -cFix : SPF test incorrectly handled "exists" directive for A record tests}
{TODO -cFix : SPF test incorrectly handled l,s,o,d,i macro directive arguments}
// New to VersionNumber = '2.5.2.454';
{TODO -cNew : Added support for the :Honeypot tag in some blacklists to
automatically blacklist sender's IP if it triggers the blacklist entry}
{TODO -cNew : Added option to add to honeypot blacklist the sender's IP if the email contains a virus}
{TODO -cNew : Implement SURBL filtering}
{TODO -cNew : Require a valid email address in the "MAIL FROM" SMTP comamnd (NULL - <> is still allowed per RFC) }
// New to VersionNumber = '2.5.1.450';
{TODO -cNew : Added "Honeypot" feature to automatically block IPs that send emails to specified honeypot addresses}
// New to VersionNumber = '2.5.1.448';
{TODO -cFix : SPF record incorrectly flagged a fails tests where the -a
mechanism specified a host name instead of an IP and the name in the
DNS A record was different}
{TODO -cNew : When MX record test fails, additional information about the error details is logged}
// New to VersionNumber = '2.5.1.446';
{TODO -cFix : Local blacklist/whitelist files were not immediately
reloaded when clicking on the "Save Settings" button - they were
reloaded within 3 minutes of the event}
{TODO -cNew : automatic reload of blacklist/whitelist and SpamFilter.ini files reduced to 1 minute instead of 3}
{TODO -cNew : Added to logfile the reason of why an email is being whitelisted, indicating which whitelist triggered the event}
// New to VersionNumber = '2.5.1.443';
{TODO -cFix : virus emails were not being blocked if any of the "Tag and deliver" options were checked}
{TODO -cNew : SpamFilter.ini is automatically reloaded if modified by external application}
{TODO -cNew : When automatic reload of blacklist/whitelist and SpamFilter.ini files, the event is now logged}
-------------
Roberto Franceschetti
http://www.logsat.com" rel="nofollow - LogSat Software
http://www.logsat.com/sfi-spam-filter.asp" rel="nofollow - Spam Filter ISP
|
Replies:
Posted By: Dan B
Date Posted: 26 July 2005 at 3:53pm
|
R, I don't think that the SPF logic is still working. We have the latest release and I had a few emails from a certain domain that is getting rejected. It looks like it is taking the last response and softfail.
Here is the ip address of the server that is connecting: 24.140.1.147 and according to dnsstuff test (below) it passes without any trouble.
SPF Test Results SPF lookup of sender droid@eohio.net from IP 24.140.1.147:
SPF string used: v=spf1 ip4:192.168.4.2/29 ip4:24.140.1.27/32 ip4:24.140.1.4/32 ip4:24.140.1.13/32 ip4:24.140.1.45/32 ip4:24.140.1.58/32 ip4:24.140.1.120/30 ip4:24.140.1.124/30 ip4:24.140.1.128/28 ip4:24.140.1.144/30 ip4:24.140.1.148/31 ip4:24.140.1.150/32 mx -all.
Processing SPF string: v=spf1 a mx a:relay.eohio.net include:sssnet.com ~all.
Testing 'a' on IP=24.140.1.147, target domain eohio.net, CIDR 32, default=PASS. No match.
Testing 'mx' on IP=24.140.1.147, target domain eohio.net, CIDR 32, default=PASS. No match.
Testing 'a:relay.eohio.net' on IP=24.140.1.147, target domain relay.eohio.net, CIDR 32, default=PASS. No match.
Testing 'include:sssnet.com' on IP=24.140.1.147, target domain sssnet.com, CIDR 32, default=PASS.
include: including SPF at sssnet.com.
Processing SPF string: v=spf1 ip4:192.168.4.2/29 ip4:24.140.1.27/32 ip4:24.140.1.4/32 ip4:24.140.1.13/32 ip4:24.140.1.45/32 ip4:24.140.1.58/32 ip4:24.140.1.120/30 ip4:24.140.1.124/30 ip4:24.140.1.128/28 ip4:24.140.1.144/30 ip4:24.140.1.148/31 ip4:24.140.1.150/32 mx -all.
Testing 'ip4:192.168.4.2/29' on IP=24.140.1.147, target domain 192.168.4.2/29, CIDR 29, default=PASS. No match.
Testing 'ip4:24.140.1.27/32' on IP=24.140.1.147, target domain 24.140.1.27/32, CIDR 32, default=PASS. No match.
Testing 'ip4:24.140.1.4/32' on IP=24.140.1.147, target domain 24.140.1.4/32, CIDR 32, default=PASS. No match.
Testing 'ip4:24.140.1.13/32' on IP=24.140.1.147, target domain 24.140.1.13/32, CIDR 32, default=PASS. No match.
Testing 'ip4:24.140.1.45/32' on IP=24.140.1.147, target domain 24.140.1.45/32, CIDR 32, default=PASS. No match.
Testing 'ip4:24.140.1.58/32' on IP=24.140.1.147, target domain 24.140.1.58/32, CIDR 32, default=PASS. No match.
Testing 'ip4:24.140.1.120/30' on IP=24.140.1.147, target domain 24.140.1.120/30, CIDR 30, default=PASS. No match.
Testing 'ip4:24.140.1.124/30' on IP=24.140.1.147, target domain 24.140.1.124/30, CIDR 30, default=PASS. No match.
Testing 'ip4:24.140.1.128/28' on IP=24.140.1.147, target domain 24.140.1.128/28, CIDR 28, default=PASS. No match.
Testing 'ip4:24.140.1.144/30' on IP=24.140.1.147, target domain 24.140.1.144/30, CIDR 30, default=PASS. MATCH!
Testing 'ip4:24.140.1.148/31' on IP=24.140.1.147, target domain 24.140.1.148/31, CIDR 31, default=PASS.
Testing 'ip4:24.140.1.150/32' on IP=24.140.1.147, target domain 24.140.1.150/32, CIDR 32, default=PASS.
Testing 'mx' on IP=24.140.1.147, target domain sssnet.com, CIDR 32, default=PASS.
Testing 'all' on IP=24.140.1.147, target domain sssnet.com, CIDR 32, default=FAIL.
Testing 'all' on IP=24.140.1.147, target domain eohio.net, CIDR 32, default=SOFTFAIL.
Result: PASS
Here is the SF logs 07/26/05 00:31:41:090 -- (1768) Connection from: 24.140.1.147 - Originating country : United States
07/26/05 00:31:41:090 -- (2028) Connection from: 24.140.1.147 - Originating country : United States
07/26/05 00:31:41:100 -- (100) Connection from: 24.140.1.147 - Originating country : United States
07/26/05 00:31:41:280 -- (1768) Resolving 24.140.1.147 - nat-147.sssnet.com
07/26/05 00:31:41:300 -- (2028) Resolving 24.140.1.147 - nat-147.sssnet.com
07/26/05 00:31:41:330 -- (100) Resolving 24.140.1.147 - nat-147.sssnet.com 07/26/05 00:31:41:591 -- (1768) failed SPF test (softfail) - Disconnecting 24.140.1.147
07/26/05 00:31:41:591 -- (1768) 24.140.1.147 - Mail from: mailto:emailfrom@eohio.net - emailfrom@eohio.net To: mailto:user1@mydomain.com - user1@mydomain.com will be rejected
07/26/05 00:31:41:591 -- (2028) failed SPF test (softfail) - Disconnecting 24.140.1.147
07/26/05 00:31:41:591 -- (2028) 24.140.1.147 - Mail from: mailto:emailfrom@eohio.net - emailfrom mailto:jhmcclain@eohio.net - @eohio.net To: mailto:user2@mydomain.com - user2@mydomain.com will be rejected
07/26/05 00:31:41:591 -- (100) failed SPF test (softfail) - Disconnecting 24.140.1.147
07/26/05 00:31:41:591 -- (100) 24.140.1.147 - Mail from: mailto:emailfrom@eohio.net - emailfrom mailto:jhmcclain@eohio.net - @eohio.net To: mailto:user3@mydomain.com - user3@mydomain.com will be rejected 07/26/05 00:31:41:971 -- (100) EMail from mailto:emailfrom@eohio.net - emailfrom mailto:jhmcclain@eohio.net - @eohio.net to mailto:user3@mydomain.com - user3@mydomain.com was received and quarantined. Size: 6 KB, 6144 bytes
07/26/05 00:31:41:971 -- (100) Disconnect
07/26/05 00:31:42:001 -- (1768) EMail from mailto:emailfrom@eohio.net - emailfrom mailto:jhmcclain@eohio.net - @eohio.net to mailto:user1@mydomain.com - user1@mydomain.com was received and quarantined. Size: 6 KB, 6144 bytes
07/26/05 00:31:42:001 -- (1768) Disconnect
07/26/05 00:31:42:021 -- (2028) EMail from mailto:emailfrom@eohio.net - emailfrom mailto:jhmcclain@eohio.net - @eohio.net to mailto:user2@mydomain.com - user2@mydomain.com was received and quarantined. Size: 6 KB, 6144 bytes
07/26/05 00:31:42:021 -- (2028) Disconnect
Let me know what you find out.
Thanks, Dan B
|
Posted By: LogSat
Date Posted: 26 July 2005 at 11:19pm
Dan,
We were able to duplicate the problem. It appears so far only for this
domain (actually sssnet.com, an "included" domain in ehoio.com's SPF
directives). It is apparently caused by a "line break" in their TXT
record, which should not cause a problem but in this case it definetly
is causing an issue in SpamFilter. We're trying to pinpoint the cause
so we can release a patch.
-------------
Roberto Franceschetti
http://www.logsat.com" rel="nofollow - LogSat Software
http://www.logsat.com/sfi-spam-filter.asp" rel="nofollow - Spam Filter ISP
|
Posted By: LogSat
Date Posted: 28 July 2005 at 10:37am
Dan,
The issue occurred with domains that have multiple "strings" in their
DNS's SPF record. We've created a patched build (2.6.3.474) available
in the registered download area. Please note however that it is a
pre-release as we're still testing to ensure there fix did not create
other issues (none so far...).
-------------
Roberto Franceschetti
http://www.logsat.com" rel="nofollow - LogSat Software
http://www.logsat.com/sfi-spam-filter.asp" rel="nofollow - Spam Filter ISP
|
Posted By: Dan B
Date Posted: 02 August 2005 at 11:10pm
|
Roberto,
I'm still seeing SPF failures I have the latest 474 version. Here is an example.
Thanks,
Dan B
Reject Details: 550 The sender did not meet Sender Policy Framework rules. Please see http://spf.pobox.com - http://spf.pobox.com
Received: from 65.54.161.23 by spam-gateway-4.tusco.net (LogSat Software SMTP Server) Tue, 2 Aug 2005 18:15:38 -0400
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
Tue, 2 Aug 2005 15:15:19 -0700
Message-ID: < mailto:BAY106-F1342B6B179A08782FD5C27C3C20@phx.gbl - BAY106-F1342B6B179A08782FD5C27C3C20@phx.gbl >
Received: from 65.54.161.205 by by106fd.bay106.hotmail.msn.com with HTTP;
Tue, 02 Aug 2005 22:15:19 GMT
X-Originating-IP: [65.54.161.205]
X-Originating-Email: [emailaddress@msn.com]
X-Sender: emailaddress mailto:melsewgood@msn.com - @msn.com
In-Reply-To: < mailto:42EF684C.000003.05543@COMPUTER - 42EF684C.000003.05543@COMPUTER >
From: "Mel H" mailto:emailaddress@msn.com - emailaddress mailto:melsewgood@msn.com - @msn.com
Here is the SPF test for DNSStuff.
SPF lookup of sender droid@msn.com from IP 65.54.161.23 :
SPF string used: v=spf1 ip4:209.240.192.0/19 ip4:65.52.0.0/14 ip4:131.107.0.0/16 ip4:157.54.0.0/15 ip4:157.56.0.0/14 ip4:157.60.0.0/16 ip4:167.220.0.0/16 ip4:204.79.135.0/24 ip4:204.79.188.0/24 ip4:204.79.252.0/24 ip4:207.46.0.0/16 ip4:199.2.137.0/24 ~all.
Processing SPF string: v=spf1 include:spf-a.hotmail.com include:spf-b.hotmail.com include:spf-c.hotmail.com include:spf-d.hotmail.com ~all.
Testing 'include:spf-a.hotmail.com' on IP=65.54.161.23 , target domain spf-a.hotmail.com, CIDR 32, default=PASS.
include: including SPF at spf-a.hotmail.com.
Processing SPF string: v=spf1 ip4:209.240.192.0/19 ip4:65.52.0.0/14 ip4:131.107.0.0/16 ip4:157.54.0.0/15 ip4:157.56.0.0/14 ip4:157.60.0.0/16 ip4:167.220.0.0/16 ip4:204.79.135.0/24 ip4:204.79.188.0/24 ip4:204.79.252.0/24 ip4:207.46.0.0/16 ip4:199.2.137.0/24 ~all.
Testing 'ip4:209.240.192.0/19' on IP=65.54.161.23 , target domain 209.240.192.0/19, CIDR 19, default=PASS. No match.
Testing 'ip4:65.52.0.0/14' on IP=65.54.161.23 , target domain 65.52.0.0/14, CIDR 14, default=PASS. MATCH!
Testing 'ip4:131.107.0.0/16' on IP=65.54.161.23 , target domain 131.107.0.0/16, CIDR 16, default=PASS.
Testing 'ip4:157.54.0.0/15' on IP=65.54.161.23 , target domain 157.54.0.0/15, CIDR 15, default=PASS.
Testing 'ip4:157.56.0.0/14' on IP=65.54.161.23 , target domain 157.56.0.0/14, CIDR 14, default=PASS.
Testing 'ip4:157.60.0.0/16' on IP=65.54.161.23 , target domain 157.60.0.0/16, CIDR 16, default=PASS.
Testing 'ip4:167.220.0.0/16' on IP=65.54.161.23 , target domain 167.220.0.0/16, CIDR 16, default=PASS.
Testing 'ip4:204.79.135.0/24' on IP=65.54.161.23 , target domain 204.79.135.0/24, CIDR 24, default=PASS.
Testing 'ip4:204.79.188.0/24' on IP=65.54.161.23 , target domain 204.79.188.0/24, CIDR 24, default=PASS.
Testing 'ip4:204.79.252.0/24' on IP=65.54.161.23 , target domain 204.79.252.0/24, CIDR 24, default=PASS.
Testing 'ip4:207.46.0.0/16' on IP=65.54.161.23 , target domain 207.46.0.0/16, CIDR 16, default=PASS.
Testing 'ip4:199.2.137.0/24' on IP=65.54.161.23 , target domain 199.2.137.0/24, CIDR 24, default=PASS.
Testing 'all' on IP=65.54.161.23 , target domain spf-a.hotmail.com, CIDR 32, default=SOFTFAIL.
Testing 'include:spf-b.hotmail.com' on IP=65.54.161.23 , target domain spf-b.hotmail.com, CIDR 32, default=PASS.
Testing 'include:spf-c.hotmail.com' on IP=65.54.161.23 , target domain spf-c.hotmail.com, CIDR 32, default=PASS.
Testing 'include:spf-d.hotmail.com' on IP=65.54.161.23 , target domain spf-d.hotmail.com, CIDR 32, default=PASS.
Testing 'all' on IP=65.54.161.23 , target domain msn.com, CIDR 32, default=SOFTFAIL.
Result: PASS
|
Posted By: LogSat
Date Posted: 03 August 2005 at 10:09pm
Dan,
You are once more correct, we apologize. The fix for your original
issue did introduce a new problem with certain multi-line SPF records.
We should have fixed that too now, and a patched build 2.6.3.475 is now
avail in the registered download area.
Please note that this build has one new minor feature as described in the release notes below.
// New to VersionNumber = '2.6.3.475';
{TODO -cFix : SPF bug introduced by build 474 on certain domains with SPF records spanning multiple lines}
{TODO -cNew : Added SpamFilter.ini option to use an alternate SMTP server to send out NDR (non-delivery) email notifications}
-------------
Roberto Franceschetti
http://www.logsat.com" rel="nofollow - LogSat Software
http://www.logsat.com/sfi-spam-filter.asp" rel="nofollow - Spam Filter ISP
|
|