Spam Filter ISP Support - SFDB incorrectly blocking email?

Print Page | Close Window

SFDB incorrectly blocking email?

Printed From: LogSat Software
Category: Spam Filter ISP
Forum Name: Spam Filter ISP Support
Forum Description: General support for Spam Filter ISP
URL: https://www.logsat.com/spamfilter/forums/forum_posts.asp?TID=5587
Printed Date: 31 July 2025 at 11:10am

Topic: SFDB incorrectly blocking email?

Posted By: lyndonje
Subject: SFDB incorrectly blocking email?
Date Posted: 20 April 2006 at 10:43am

Hi All,

A customer has ask us if we can whitelist an email and on checking looks as though it was blocked by SFDB. In the logs is states the following:

04/20/06 10:31:22:904 -- (3064) Connection from: 193.252.22.157 - Originating country : France
04/20/06 10:31:23:201 -- (3064) Resolving 193.252.22.157 - smtp2.wanadoo.co.uk
04/20/06 10:31:24:201 -- (3064) - SFDB filter match - relevance:3
04/20/06 10:31:24:201 -- (3064) 193.252.22.157 - Mail from: mailto:aaa@aaa - aaa@aaa To: mailto:xxx@xxx - xxx@xxx will be rejected

Indicating to me that the SFDB matches based on filter 3. If I'm correct, filter 3 is reverse DNS, however the IP address 193.252.22.157 does have a reverse DNS entry.

I'm wondering what may have caused this? Could this be due to other SF users having a DNS problem in not being able to resolve reverse DNS entries, and therefore reporting the IP to SFDB?

Replies:

Posted By: lyndonje
Date Posted: 20 April 2006 at 11:00am

Just read another post relating to the SFDB IP lookup in the registered area, checked the IP and seen the following:

Num of Referrals	Filter ID	Filter Description
2	10	EmailTO is not in AuthorizedTOEmail list
2	4	Empty Mail From
1	19	URL in email found in SURBL search

In which case, why does my log show relevance:3? Does something start counting at 0 therefore nocking out the numbers by 1??

Urm... just wondered something else, if my network reliability is set to 3, yet above the maximum number of referals is 2, so why was this email blocked at all?

Posted By: Desperado
Date Posted: 20 April 2006 at 11:26am

Actually, the number of referals above is 5. There is a custom setup for which referals you wish to accept that may help you. I have found that some users are more agressive than I want to be so I have the following settings:
SFDB_URL=http://sfdb.logsat.com/SFDBUpload/
SFDB_NetworkReliability=4
SFDB_FiltersAll=0
SFDB_FiltersList=2,3,10,11,12,16,19

-------------
The Desperado
Dan Seligmann.
Work: http://www.mags.net
Personal: http://www.desperado.com

Posted By: lyndonje
Date Posted: 20 April 2006 at 11:36am

Hi D,

OK, well I think that answers my second question, which is Network Reliability is per IP, rather than per IP per filter. My reliability is set to 3, and as you say the TOTAL above is 5. What I was looking at is no individual filter was above 3.

My first question remains unanswered, log shows relevance:3, yet on the lookup filter ID 3 is not present. My filter list is:

SFDB_FiltersList=1,2,3,5,6,7,9,10,11,12,13,14,15,16,18,19,21 .

So 10 & 19 would have matched? If you get me?

Posted By: Desperado
Date Posted: 20 April 2006 at 12:17pm

lyndonje,

The relevance is not the filter number ... At lease, I do not think it is and actually, I do not know *what* it refers to so I will leave that up to Roberto to answer.

-------------
The Desperado
Dan Seligmann.
Work: http://www.mags.net
Personal: http://www.desperado.com

Posted By: LogSat
Date Posted: 20 April 2006 at 1:55pm

I'll try to clear things up. The network reliabilty in the settings indicates how many different users (or IPs) must reject an IP address before triggering the filter on your end. The relevance in the logfile indicates the number of separate users who have reported that IP address.

Please note that multiple users can report the same IP multiple times for different filters , but they will still count as one user on a query.

-------------
Roberto Franceschetti

http://www.logsat.com" rel="nofollow - LogSat Software

http://www.logsat.com/sfi-spam-filter.asp" rel="nofollow - Spam Filter ISP

Posted By: lyndonje
Date Posted: 20 April 2006 at 3:17pm

OK.... I think get you now. So if I wanted to find out which filter ID within SFDB actually caused the block, I'd have to check the SFDB query? So in this scenario, we blocked the IP in question because there were 5, or at the time 3 (relavance 3) which was => our Network Reliability setting, and as I have filter ID's 10 & 19 enabled the email was blocked?

Print Page | Close Window