|
Brian,
In SpamFilter, the activity log for an emaiTO that is blacklisted looks like:
03/21/04 00:08:40:781 -- (1192) Connection from: 65.208.146.26 - Originating country : United States
03/21/04 00:08:41:296 -- (1192) Resolving 65.208.146.26 - Not found
03/21/04 00:08:41:312 -- (1192) - EmailTO is in local blacklist file...
03/21/04 00:08:41:312 -- (1192) 65.208.146.26 - Mail from: mailto:agmv@isqdun.structuredrelease.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - agmv@isqdun.structuredrelease.com To: mailto:tlindley@ppc-corp.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - tlindley@ppc-corp.com will be quarantined
03/21/04 00:08:41:687 -- Time to add Msg to Bayes corpus:0
03/21/04 00:08:41:765 -- (1192) Disconnect
The (1192) after the timestamp is the Windows internal ID of the thread that is handling that particular email. Can you post a section of your log that shows all actions for when an email addressed to you is blocked and another that shows it going thru? We'll need everything from the connection to the disconnect (the Thread ID should be the same thruout a session).
As a side note, do you have an active secondary MX record in your DNS? Is there a mail server accepting email for it? If so, please not a lot of spam is sent directly to your secondary MX records, bypassing the primary. If you do not have anti-spam software running on that second server, you will receive spam there as well.
Roberto F.
LogSat Software
|