LogSat Software

Message Topic Search Topic Options Post Reply Create New Topic Printable Version Translate Topic

   Im running 1.2.0.212 and I have added my email address to the To Blacklist. I dont receive many legit outside emails, but i receive tons of spam, so i figure i will just sort them through the quarantine web interface. The problem is that i am still receiving at least 50-60 spam emails per day into my inbox. How is this happening, how are the spammers able to get past this? Ive read the logs and it says "EmailTO is in local blacklist file" but the next line says "rcpt to xxx@xx.com accepted". This does work most of the time but why not all of the time.
Thanks

Author	Message Topic Search Topic Options Post Reply Create New Topic Printable Version Translate Topic
Brian Trinidad Members Profile Send Private Message Find Members Posts Add to Buddy List Guest Group	Post Options Post Reply Quote Brian Trinidad Thanks(0) Quote Reply Topic: To Email Black List Posted: 31 March 2004 at 12:26pm
	Im running 1.2.0.212 and I have added my email address to the To Blacklist. I dont receive many legit outside emails, but i receive tons of spam, so i figure i will just sort them through the quarantine web interface. The problem is that i am still receiving at least 50-60 spam emails per day into my inbox. How is this happening, how are the spammers able to get past this? Ive read the logs and it says "EmailTO is in local blacklist file" but the next line says "rcpt to xxx@xx.com accepted". This does work most of the time but why not all of the time. Thanks

LogSat Members Profile Send Private Message Find Members Posts Add to Buddy List Admin Group Joined: 25 January 2005 Location: United States Status: Offline Points: 4104	Post Options Post Reply Quote LogSat Report Post Thanks(0) Quote Reply Posted: 31 March 2004 at 10:07pm
	Brian, In SpamFilter, the activity log for an emaiTO that is blacklisted looks like: 03/21/04 00:08:40:781 -- (1192) Connection from: 65.208.146.26 - Originating country : United States 03/21/04 00:08:41:296 -- (1192) Resolving 65.208.146.26 - Not found 03/21/04 00:08:41:312 -- (1192) - EmailTO is in local blacklist file... 03/21/04 00:08:41:312 -- (1192) 65.208.146.26 - Mail from: agmv@isqdun.structuredrelease.com To: tlindley@ppc-corp.com will be quarantined 03/21/04 00:08:41:687 -- Time to add Msg to Bayes corpus:0 03/21/04 00:08:41:765 -- (1192) Disconnect The (1192) after the timestamp is the Windows internal ID of the thread that is handling that particular email. Can you post a section of your log that shows all actions for when an email addressed to you is blocked and another that shows it going thru? We'll need everything from the connection to the disconnect (the Thread ID should be the same thruout a session). As a side note, do you have an active secondary MX record in your DNS? Is there a mail server accepting email for it? If so, please not a lot of spam is sent directly to your secondary MX records, bypassing the primary. If you do not have anti-spam software running on that second server, you will receive spam there as well. Roberto F. LogSat Software

LogSat Software

Site Navigation[Skip]

Spam Filter ISP Support Forum

To Email Black List