Print Page | Close Window

Country of Origin Problem

Printed From: LogSat Software
Category: Spam Filter ISP
Forum Name: Spam Filter ISP Support
Forum Description: General support for Spam Filter ISP
URL: https://www.logsat.com/spamfilter/forums/forum_posts.asp?TID=6029
Printed Date: 07 December 2025 at 9:30pm


Topic: Country of Origin Problem
Posted By: jerbo128
Subject: Country of Origin Problem
Date Posted: 14 April 2007 at 10:31pm

I am running SFE .654 on a test machine.   I use the block by country filter and currently block many including Romania.  Here is a tidbit from the log......

04/14/07 02:35:51:921 -- (3724) Connection from: 82.77.153.86  -  Originating country : Romania
04/14/07 02:35:56:359 -- (3724) Resolving 82.77.153.86 - unresolved.rdstm.ro
04/14/07 02:35:56:937 -- (3724) - SPF analysis for rdstm.ro done: - none
04/14/07 02:35:56:937 -- (3724) Mail from: mailto:armyersejua@rdstm.ro - armyersejua@rdstm.ro
04/14/07 02:35:59:593 -- (3724) - MAPS search done...
04/14/07 02:35:59:593 -- (3724) RCPT TO:  mailto:myuser@domain.com - myuser@domain.com accepted
04/14/07 02:36:01:953 -- (3724) Scanning image for spam:sugs.gif
04/14/07 02:36:01:968 -- (3724) EMail from mailto:armyersejua@rdstm.ro - armyersejua@rdstm.ro to  mailto:myuser@domain.com - myuser@domain.com passes Bayesian

filter - 0% spam  (15ms)
04/14/07 02:36:02:000 -- (3724) EMail from mailto:armyersejua@rdstm.ro - armyersejua@rdstm.ro to  mailto:myuser@domain.com - myuser@domain.com was queued. Size:

19 KB, 19456 bytes
04/14/07 02:36:02:000 -- (3560) Sending email from mailto:armyersejua@rdstm.ro - armyersejua@rdstm.ro to  mailto:myuser@domain.com - myuser@domain.com --
04/14/07 02:36:02:046 -- (1640) Time to add Msg to Bayes corpus:0
04/14/07 02:36:02:656 -- (3724) Disconnect
04/14/07 02:36:02:750 -- (3560) EMail from mailto:armyersejua@rdstm.ro - armyersejua@rdstm.ro to  mailto:myuser@domain.com - myuser@domain.com --  was forwarded to mail.mydomain.com:25

As you can see, SFE identified the country as Romania, but allowed the email anyway.  Here are the headers from the email itself:...........

Received: from spam2.mydomain.com [XXX.XXX.XXX.XXX] by mailserver.mydomain.com with ESMTP
  (SMTPD32-8.05) id A50B22C400A2; Sat, 14 Apr 2007 03:38:51 -0400
Received: from 82.77.153.86 by spam2.mydomain.com (LogSat Software SMTP Server - RC); Sat, 14 Apr 2007 02:36:01 -0500
Message-ID: < mailto:2a3f01c77e97$82fe3dd0$4ce7c034@armyersejua - 2a3f01c77e97$82fe3dd0$4ce7c034@armyersejua >
Reply-To: "Andra" < mailto:armyersejua@rdstm.ro - armyersejua@rdstm.ro >
From: "Andra" < mailto:armyersejua@rdstm.ro - armyersejua@rdstm.ro >
To: "Eugenio Martin" < mailto:user@mydomain.com - user@mydomain.com >
Subject: Timing, important
Date: Sat, 14 Apr 2007 13:19:20 +0600
MIME-Version: 1.0
Content-Type: multipart/related;
 type="multipart/alternative";
 boundary="----=_NextPart_CD1_8FFE_97E7B9CC.36FE576C"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4807.1700
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700
X-Server: LogSat Software SMTP Server - RC
X-SF-RX-Return-Path: < mailto:armyersejua@rdstm.ro - armyersejua@rdstm.ro >
X-SF-HELO-Domain: rdstm.ro
X-RCPT-TO: < mailto:user@mydomain.com - user@mydomain.com >
Status: U
X-UIDL: 358912251

Any idea's why this email would have been allowed?

Jerbo128

 


Replies:
Posted By: LogSat
Date Posted: 15 April 2007 at 12:50am
Jerbo128,

Could you please zip us the contents of the "SpamFilter\Domains" directory, along with all subdirectories? Can you please also let us know if you're using SpamFilter in "Enterprise" or in "Standard" mode? If possible, could you also include in the zip today's SpamFilter's activity logfile?



-------------
Roberto Franceschetti

http://www.logsat.com" rel="nofollow - LogSat Software

http://www.logsat.com/sfi-spam-filter.asp" rel="nofollow - Spam Filter ISP

Posted By: LogSat
Date Posted: 15 April 2007 at 1:06pm
Jerbo128,

Never mind all the extra info we asked for. We do see a problem with SpamFilter in "Standard" mode and the country blacklist. Can you please just let us know if you're using "Standard" or "Enterprise" mode?


-------------
Roberto Franceschetti

http://www.logsat.com" rel="nofollow - LogSat Software

http://www.logsat.com/sfi-spam-filter.asp" rel="nofollow - Spam Filter ISP

Posted By: jerbo128
Date Posted: 15 April 2007 at 7:38pm

Roberto -

We are running in Enterprise Mode. 

FYI:  MSSQL, win2003, 64 bit machine.  I only have 2 domains on this machine, and so have only run 4000-5000 messages through it.  Bayes has not yet kicked in.

On the country filtering tab, each time I view it, I have to click the "update stats" button, else all hits show 0.  Another thing I noticed is that I cannot sort by Country, hits, or description like I could in the past versions.

I am sure that 98% of that was unneeded info, but thought I would throw it out there just in case.

Jeremy

 

Posted By: LogSat
Date Posted: 15 April 2007 at 11:39pm
Jeremy,

We uploaded a new build real quick with a fix to address the problem of SpamFilter not blocking emails from the selected countries. It did affect both SFE and SFI.
We also duplicated the problem with the "update stats" counter not working. It was related to the above bug, but will take a bit longer to fix. We wanted to provide a patch asap to address the blocking 1st, we'll be releasing a new one in a few days to address the counter as well.

For the moment we won't release updates containing the binaries only for the patches. We've only re-released the complete SpamFilter install. If you wish, you can simply extract the two SpamFilter.exe and SpamFilterSvc.exe from the Win32 directory in the zip, and overwrite the two existing files. Within a couple of weeks we'll resume releasing updates that contain binaries only as well.


-------------
Roberto Franceschetti

http://www.logsat.com" rel="nofollow - LogSat Software

http://www.logsat.com/sfi-spam-filter.asp" rel="nofollow - Spam Filter ISP


Print Page | Close Window