Spam Filter ISP Support Forum

  New Posts New Posts RSS Feed - Why does it NOT filter out *.eml?
  FAQ FAQ  Forum Search   Register Register  Login Login

Why does it NOT filter out *.eml?
 Post Reply Post Reply
Author
  Topic Search Topic Search  Topic Options Topic Options
Stupid View Drop Down
Guest Group
Guest Group
Post Options Post Options   Thanks (0) Thanks(0)   Quote Stupid Quote  Post ReplyReply Direct Link To This Post Topic: Why does it NOT filter out *.eml?
    Posted: 07 February 2005 at 11:07am

I setup all the attachment filters. *.eml is in there too, but a user just received an email with *.eml attachment within which there are a few other files.

Why does the Spamfilter not filter our *.eml? It does its work on all other file types.
Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4104 		Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 07 February 2005 at 5:30pm
SpamFilter will only stop attachments in the body of the email. If an email has an attached message which in turn has another attachments, the second level attachment will not be detected. Could you either post or email us the full headers of the email that was allowed thru, along with a copy of SpamFilter's logfile for that day (or better, just the relevant section at arounf the time this happened) so we can try to find out what happened?
Roberto Franceschetti

LogSat Software

Spam Filter ISP
Back to Top
chinabee View Drop Down
Groupie
Groupie


Joined: 07 February 2005
Status: Offline
Points: 50 		Post Options Post Options   Thanks (0) Thanks(0)   Quote chinabee Quote  Post ReplyReply Direct Link To This Post Posted: 08 February 2005 at 9:57am

Header:

Microsoft Mail Internet Headers Version 2.0
Received: from smtp.mycompany.com ([172.11.13.84]) by houston1.mycompany.com with Microsoft SMTPSVC(5.0.2195.6713);
  Tue, 8 Feb 2005 08:43:42 -0600
Received: from brantford01.mycompany.com ([172.11.1.80])
 by smtp.mycompany.com (SAVSMTP 3.0.0.44) with SMTP id M2005020808434118662
 for <don@mycompany.com>; Tue, 08 Feb 2005 08:43:41 -0600
Received: (from webmail [172.11.1.200])
 by brantford01.mycompany.com (SMSSMTP 4.0.0.59) with SMTP id M2005020809370413191
 for <don@mycompany.com>; Tue, 08 Feb 2005 09:37:04 -0500
Received: from 68.142.200.103 by  (LogSat Software SMTP Server) Tue, 8 Feb 2005 09:43:41 -0500
Received: (qmail 5074 invoked by uid 60001); 8 Feb 2005 14:43:31 -0000
Comment: DomainKeys? See http://antispam.earthlink.com/domainkeys
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
  s=s1024; d=earthlink.com;
  b=xouZf+ta1XiQJwy9DYgH5lcP6SUSJd+pI2ZgYGFVdnUCMQyba/jTXhKHKR k2x0x6hrwtNVHCg2ifpunXwZYYwYC20Z9DC9vPDlFaHZu7omoumYiNcaQMXR nz6WePBNvlV2hGLCf/09GMbLGDVuPDZKMzM4E+9nePw3EKlaQun5k=  ;
Message-ID: <20050208144331.5072.qmail@web30310.mail.mud.earthlink.com>
Received: from [13.119.22.244] by web30310.mail.mud.earthlink.com via HTTP; Tue, 08 Feb 2005 06:43:31 PST
Date: Tue, 8 Feb 2005 06:43:31 -0800 (PST)
From: Chinabee <chinabee@earthlink.com>
Reply-To: chinabee@earthlink.com
Subject: test attached email
To: don@mycompany.com
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="0-415394763-1107873811=:4989"
X-Server: LogSat Software SMTP Server
X-SF-RX-Return-Path: <chinabee@earthlink.com>
Return-Path: chinabee@earthlink.com
X-OriginalArrivalTime: 08 Feb 2005 14:43:42.0250 (UTC) FILETIME=[958E48A0:01C50DEC]

--0-415394763-1107873811=:4989
Content-Type: multipart/alternative; boundary="0-248409919-1107873811=:4989"

--0-248409919-1107873811=:4989
Content-Type: text/plain; charset=us-ascii

--0-248409919-1107873811=:4989
Content-Type: text/html; charset=us-ascii


--0-248409919-1107873811=:4989--
--0-415394763-1107873811=:4989
Content-Type: message/rfc822

Received: from [66.32.48.192] by web12108.mail.earthlink.com via HTTP; Mon, 13 Dec 2004 09:06:34 PST
Date: Mon, 13 Dec 2004 09:06:33 -0800 (PST)
From: Chinabee <chinabee@earthlink.com>
Reply-To: chinabee@earthlink.com
Subject: Legality of Self-defense at Home
To: prashantmalik@dogmail.com, suhrid@earthlink.com,

MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="0-985010455-1102957593=:62891"
Content-Length: 792

--0-985010455-1102957593=:62891
Content-Type: text/plain; charset=us-ascii

--0-985010455-1102957593=:62891
Content-Type: text/html; charset=us-ascii


--0-985010455-1102957593=:62891--

--0-415394763-1107873811=:4989--
------------------------------------------------------------ -----

Logfile

02/08/05 09:43:40:057 -- (2268) Connection from: 68.142.200.103  -  Originating country : United States
02/08/05 09:43:40:369 -- (2268) Resolving 68.142.200.103 - web30310.mail.mud.earthlink.com
02/08/05 09:43:40:541 -- (2268) Mail from: chinabee@earthlink.com
02/08/05 09:43:40:963 -- (2268) - MAPS search done...
02/08/05 09:43:40:963 -- (2268) RCPT TO: don@mycompany.com accepted
02/08/05 09:43:41:197 -- (2268) EMail from chinabee@earthlink.com to don@mycompany.com passes Bayesian filter - 0% spam  (16ms)
02/08/05 09:43:41:213 -- (2268) EMail from chinabee@earthlink.com to don@mycompany.com was queued. Size: 2 KB, 2048 bytes
02/08/05 09:43:41:213 -- (2208) Sending email from chinabee@earthlink.com to don@mycompany.com
02/08/05 09:43:41:260 -- (1456) Time to add Msg to Bayes corpus:0
02/08/05 09:43:41:322 -- (2268) Disconnect
02/08/05 09:43:41:572 -- (2208) EMail from chinabee@earthlink.com to don@mycompany.com  was forwarded to 172.11.1.80:25

 
Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4104 		Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 08 February 2005 at 11:55pm
From you headers we did not see any *.eml attachments. Usually attachments are in the form:

------=_NextPart_000_001A_01C31BA7.813E2D90
Content-Type: application/pdf;
    name="print job.pdf"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
    filename="print job.pdf"


Can you check the rest of the email's source to see if you spot the eml file name somewhere else? Please note that again SpamFilter will not recurse thru the messages if the "outer" message has other messages attached to it.
Roberto Franceschetti

LogSat Software

Spam Filter ISP
Back to Top
chinabee View Drop Down
Groupie
Groupie


Joined: 07 February 2005
Status: Offline
Points: 50 		Post Options Post Options   Thanks (0) Thanks(0)   Quote chinabee Quote  Post ReplyReply Direct Link To This Post Posted: 09 February 2005 at 10:00am

I know that, but those eml attachments do appear as attachments in Outlook.

I am actually using the Spamfilter as a antivirus tool. I have it drop every type of attachment that can possibly carry virus. In this case, the eml attachment was not seen by the SpamFilter. As you said, it does not appear as an attachment.

This is not really a big problem for me as I have antivirus for gateway sitting behind the Spamfilter to scan inside every email. It just supprised me that it did not do what i think it should do.
Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4104 		Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 09 February 2005 at 1:47pm
If you can zip us the original email (full source and headers) at support@logsat.com we can try to see if we spot a problem.
Roberto Franceschetti

LogSat Software

Spam Filter ISP
Back to Top
chinabee View Drop Down
Groupie
Groupie


Joined: 07 February 2005
Status: Offline
Points: 50 		Post Options Post Options   Thanks (0) Thanks(0)   Quote chinabee Quote  Post ReplyReply Direct Link To This Post Posted: 11 February 2005 at 11:03am

You can do that yourself. Just go to Yahoo Mail and forward any email to another email address.

I actually pasted everything from that email here.
Back to Top
Desperado View Drop Down
Senior Member
Senior Member
Avatar

Joined: 27 January 2005
Location: United States
Status: Offline
Points: 1143 		Post Options Post Options   Thanks (0) Thanks(0)   Quote Desperado Quote  Post ReplyReply Direct Link To This Post Posted: 11 February 2005 at 11:58am

This is interesting because I had to REMOVE *.eml from my blocked attachment list because it WAS blocking a lot of forwards from services like hotmail.

Dan S.
The Desperado
Dan Seligmann.
Work: http://www.mags.net
Personal: http://www.desperado.com
Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4104 		Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 11 February 2005 at 4:17pm
As I mentioned before, please look at the source carefully. There is *no* email attachment with the extension .eml in the email from yahoo if sent as you described. The attachment is simply an inline MIME content, of type "message/rfc822".

If you receive such a message with Outlook Express, it is *Outlook* that converts the MIME attachment into an eml attachment so Outlook itself can read it. If youhad tried using Microsoft Outlook (not Outlook Express) you would have seen that the attachment is not at an eml, but somehting else. Other email clients will massage inline messages in different ways.
Roberto Franceschetti

LogSat Software

Spam Filter ISP
Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down



This page was generated in 0.152 seconds.

Copyright (c)2002-2025 LogSat Software LLC - Sales: sales@LogSat.com
Contact Us