Spam Filter ISP Support Forum

  New Posts New Posts RSS Feed - Error report on buildt build 2.0.1.302
  FAQ FAQ  Forum Search   Register Register  Login Login

Error report on buildt build 2.0.1.302
 Post Reply Post Reply
Author
  Topic Search Topic Search  Topic Options Topic Options
Allan View Drop Down
Guest Group
Guest Group
Post Options Post Options   Thanks (0) Thanks(0)   Quote Allan Quote  Post ReplyReply Direct Link To This Post Topic: Error report on buildt build 2.0.1.302
    Posted: 18 March 2004 at 4:55am

I've sent an email to you dated 24/2 but havent received any response what so ever - I will now try here:

I've purchased the new v.2 and found this to be a problem:

With the new version, I've spent some time observing the log and qurantine to ensure that my users are receiving mail as usual. In this process I noticed something odd.
 
I am receiving one email with two receiptiens - one is not employed here anymore so I've blocked the e-mail adress. The blocked address is ld@x.com
 
The e-mail is blocked for both receiptiens - with the msg: 550 The EMail ld@x.com is not in use anymore
 
why ?
 
The e-mail IS junk, so there is no problem with this one, but....
 
Hope to hear from you !!
Back to Top
bpogue99 View Drop Down
Groupie
Groupie


Joined: 26 January 2005
Status: Offline
Points: 59 		Post Options Post Options   Thanks (0) Thanks(0)   Quote bpogue99 Quote  Post ReplyReply Direct Link To This Post Posted: 18 March 2004 at 11:30am

An email is either delivered or not as a single piece of mail. It's not broken into multiple pieces by spam filter for each recipient. So if just one person on the email is blocked, the whole email will be blocked. So in that regard I've seen the same thing as you. Very valid point.

I guess the alternative is to determine how many addresses are on the TO and CC and BCC lines and how many of those addresses are blocked. If just one address is not blocked then the whole email has to be delivered. Might be something the guys need to consider for the next release.

bill
Back to Top
Alan View Drop Down
Guest Group
Guest Group
Post Options Post Options   Thanks (0) Thanks(0)   Quote Alan Quote  Post ReplyReply Direct Link To This Post Posted: 18 March 2004 at 11:37am

Bill I believe that is already the case.

I have only 4 addresses that are set for unfiltered mail.

When any one of those 4 appear in a spam email, it forces the spam to go through to all the reciepients because of the occurance of that one unfiltered address.
Back to Top
bpogue99 View Drop Down
Groupie
Groupie


Joined: 26 January 2005
Status: Offline
Points: 59 		Post Options Post Options   Thanks (0) Thanks(0)   Quote bpogue99 Quote  Post ReplyReply Direct Link To This Post Posted: 18 March 2004 at 11:44am

That's what I see too when I have whitelisted email's in the unfiltered area. I think though this particular issue applies when the criteria is that there are multiple email addresses, none of which are whitelisted specifically, but at least one is blacklisted in the email-to list. In that case, the email gets blocked as it "passes" the blacklist email-to test even though there are valid recipients for the email. I'm not sure exactly how to work around that event without whitelisting all valid addresses <g> which of course defeats our whole purpose of using the product.

bill
Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4106 		Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 18 March 2004 at 3:53pm
Allan,
 
There's two ways Carbon Copies can work. The only thing that decides where an email is sent is the RCPT TO command (all the "CC:" headers are just that, headers that tell the email clients who the carbon copies were..)
 
1) The remote server initiates multiple SMTP transactions, all with separate HELO, MAIL FROM, RCPT TO, DATA sequences. Each individual one will have a separate RCPT TO recipient.
 
2) The remote server initiates a single SMTP transaction, with a single HELO, single MAIL FROM, and multiple consecutive RCPT TO commands, one for each recipient. After the last RCPT TO, the DATA command follows.
 
Yes, (2) is much more efficient, but there's many servers (inlcuding either RoadRunner or Yahoo, don't remember which) that uses (1).
 
If case (1), no problem, each mail has a separate recipient, so SpamFilter will only reject the one for which the recipient is blocked, the other one will be delivered if it passes the other filters. In case (2), the single transaction must be accepted (or rejected) globally for all RCPT TO's. Only at the end of the DATA message can we give them the "557 you can't send email", but if we do that, being a single email, the remote server will get an error for ALL recipients, even the good ones... There is not really a workaround here, and it's not really a bug. That single SMTP transaction needs to be rejected since one of the recipients is blacklisted, and this will cause all recipients to be rejected. There's a similar problem with "unfiltered addresses". If a spam email is sent to a user who is unfiltered, all the carbon copies sent using method (2) will still be delivered even if the other users are not whitelisted.
 
We have some ideas in mind not on how to completely solve this (RFCs were not written with SPAM in their minds...) but on how to limit the damage. It will take a few days to release a new build with the workarounds.
 
Roberto F.
LogSat Software
Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down



This page was generated in 0.281 seconds.

Copyright (c)2002-2025 LogSat Software LLC - Sales: sales@LogSat.com
Contact Us