Spam Filter ISP Support - Error report on buildt build 2.0.1.302

Error report on buildt build 2.0.1.302

Printed From: LogSat Software
Category: Spam Filter ISP
Forum Name: Spam Filter ISP Support
Forum Description: General support for Spam Filter ISP
URL: https://www.logsat.com/spamfilter/forums/forum_posts.asp?TID=3281
Printed Date: 20 October 2025 at 12:52am

Topic: Error report on buildt build 2.0.1.302

Posted By: Guests
Subject: Error report on buildt build 2.0.1.302
Date Posted: 18 March 2004 at 4:55am

I've sent an email to you dated 24/2 but havent received any response what so ever - I will now try here:

I've purchased the new v.2 and found this to be a problem:

With the new version, I've spent some time observing the log and qurantine to ensure that my users are receiving mail as usual. In this process I noticed something odd.

I am receiving one email with two receiptiens - one is not employed here anymore so I've blocked the e-mail adress. The blocked address is mailto:ld@x.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - ld@x.com

The e-mail is blocked for both receiptiens - with the msg: 550 The EMail mailto:ld@x.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - ld@x.com is not in use anymore

why ?

The e-mail IS junk, so there is no problem with this one, but....

Hope to hear from you !!

Replies:

Posted By: bpogue99
Date Posted: 18 March 2004 at 11:30am

An email is either delivered or not as a single piece of mail. It's not broken into multiple pieces by spam filter for each recipient. So if just one person on the email is blocked, the whole email will be blocked. So in that regard I've seen the same thing as you. Very valid point.

I guess the alternative is to determine how many addresses are on the TO and CC and BCC lines and how many of those addresses are blocked. If just one address is not blocked then the whole email has to be delivered. Might be something the guys need to consider for the next release.

bill

Posted By: Guests
Date Posted: 18 March 2004 at 11:37am

Bill I believe that is already the case.

I have only 4 addresses that are set for unfiltered mail.

When any one of those 4 appear in a spam email, it forces the spam to go through to all the reciepients because of the occurance of that one unfiltered address.

Posted By: bpogue99
Date Posted: 18 March 2004 at 11:44am

That's what I see too when I have whitelisted email's in the unfiltered area. I think though this particular issue applies when the criteria is that there are multiple email addresses, none of which are whitelisted specifically, but at least one is blacklisted in the email-to list. In that case, the email gets blocked as it "passes" the blacklist email-to test even though there are valid recipients for the email. I'm not sure exactly how to work around that event without whitelisting all valid addresses <g> which of course defeats our whole purpose of using the product.

bill

Posted By: LogSat
Date Posted: 18 March 2004 at 3:53pm

Allan,

There's two ways Carbon Copies can work. The only thing that decides where an email is sent is the RCPT TO command (all the "CC:" headers are just that, headers that tell the email clients who the carbon copies were..)

1) The remote server initiates multiple SMTP transactions, all with separate HELO, MAIL FROM, RCPT TO, DATA sequences. Each individual one will have a separate RCPT TO recipient.

2) The remote server initiates a single SMTP transaction, with a single HELO, single MAIL FROM, and multiple consecutive RCPT TO commands, one for each recipient. After the last RCPT TO, the DATA command follows.

Yes, (2) is much more efficient, but there's many servers (inlcuding either RoadRunner or Yahoo, don't remember which) that uses (1).

If case (1), no problem, each mail has a separate recipient, so SpamFilter will only reject the one for which the recipient is blocked, the other one will be delivered if it passes the other filters. In case (2), the single transaction must be accepted (or rejected) globally for all RCPT TO's. Only at the end of the DATA message can we give them the "557 you can't send email", but if we do that, being a single email, the remote server will get an error for ALL recipients, even the good ones... There is not really a workaround here, and it's not really a bug. That single SMTP transaction needs to be rejected since one of the recipients is blacklisted, and this will cause all recipients to be rejected. There's a similar problem with "unfiltered addresses". If a spam email is sent to a user who is unfiltered, all the carbon copies sent using method (2) will still be delivered even if the other users are not whitelisted.

We have some ideas in mind not on how to completely solve this (RFCs were not written with SPAM in their minds...) but on how to limit the damage. It will take a few days to release a new build with the workarounds.

Roberto F.
LogSat Software