Spam Filter ISP Forums : bug: whitelist versus authorizedToEmail

Spam Filter ISP Forums : bug: whitelist versus authorizedToEmail https://www.logsat.com/spamfilter/forums/ Sun, 15 Mar 2026 22:14:52 +0000 Sat, 13 Sep 2008 18:33:26 +0000 http://blogs.law.harvard.edu/tech/rss Web Wiz Forums 11.04 360 https://www.logsat.com/spamfilter/forums/RSS_post_feed.asp?TID=6553 <![CDATA[Spam Filter ISP Forums]]> https://www.logsat.com/spamfilter/forums/forum_images/web_wiz_forums.png https://www.logsat.com/spamfilter/forums/ <![CDATA[bug: whitelist versus authorizedToEmail : Having to wait for the remote...]]> https://www.logsat.com/spamfilter/forums/forum_posts.asp?TID=6553&PID=12390&title=bug-whitelist-versus-authorizedtoemail#12390 Author: LogSat
Subject: 6553
Posted: 13 September 2008 at 6:33pm

Having to wait for the remote server to send their HELO string would diminish the effectiveness of these two filters, and render SpamFilter more vulnerable to DoS attacks. If you receive thousands of connections in a few seconds, and for each one the hacker/spammer waits 30 seconds before sending the HELO command, as SpamFilter would have to wait for that string before disconnecting them, within a few seconds your server would pretty much be toast. Allowing the blacklist cache and the greylist filter to disconnect the connection immediately helps a lot in defying such attacks.

This said, please do note that you can add IPs to a whitelist that excludes them from the greylist filter. Please see:
www.logsat.com/spamfilter/forums/forum_posts.asp?TID=6379&PID=11747#11665
]]> Sat, 13 Sep 2008 18:33:26 +0000 https://www.logsat.com/spamfilter/forums/forum_posts.asp?TID=6553&PID=12390&title=bug-whitelist-versus-authorizedtoemail#12390 <![CDATA[bug: whitelist versus authorizedToEmail : Hi, ok i understand this but...]]> https://www.logsat.com/spamfilter/forums/forum_posts.asp?TID=6553&PID=12389&title=bug-whitelist-versus-authorizedtoemail#12389 Author: kp4711
Subject: 6553
Posted: 12 September 2008 at 6:43am

Hi,

ok i understand this but there are many problems with some servers for example mailout01.t-online.de is not able to understand greylisting before HELO or EHELO Command. There are a lot of implementation wich only understand the SMTP-Errors like 421 after they have send there HELO or EHLO Command.

So i think that is a good Idea to implement a check of the whitelistedIP-List in the greylist-process. So we are able to allow some Servers who have problems with greylisting before SMTP to bypass the greylistProcess.

What say other users to this feature-request?

kp4711

]]> Fri, 12 Sep 2008 06:43:20 +0000 https://www.logsat.com/spamfilter/forums/forum_posts.asp?TID=6553&PID=12389&title=bug-whitelist-versus-authorizedtoemail#12389 <![CDATA[bug: whitelist versus authorizedToEmail : kp4711,The behavior is not a bug,...]]> https://www.logsat.com/spamfilter/forums/forum_posts.asp?TID=6553&PID=12388&title=bug-whitelist-versus-authorizedtoemail#12388 Author: LogSat
Subject: 6553
Posted: 11 September 2008 at 10:13pm

kp4711,

The behavior is not a bug, it is by design. All whitelists take precedence over any other filter, with the exception of the two filters that work based on a TCP level even before any SMTP sessions take place. The order in which the filters are applied is at:

www.logsat.com/SpamFilter/Forums/forum_posts.asp?TID=5171#11418

We always accept feedback from users however, so if we receive enough requests to alter this behavior, we may be changing it in the future.
]]> Thu, 11 Sep 2008 22:13:48 +0000 https://www.logsat.com/spamfilter/forums/forum_posts.asp?TID=6553&PID=12388&title=bug-whitelist-versus-authorizedtoemail#12388 <![CDATA[bug: whitelist versus authorizedToEmail : Hi, I think there is a bug: When...]]> https://www.logsat.com/spamfilter/forums/forum_posts.asp?TID=6553&PID=12387&title=bug-whitelist-versus-authorizedtoemail#12387 Author: kp4711
Subject: 6553
Posted: 11 September 2008 at 12:21pm

Hi,

I think there is a bug:

When the from-address ist in whitelist the sender can send to addresses wich are not written in the authorizedToEmail-List.

The CustomDomainFiler "authorizedTo" is enabled for the receipient-Doamin.

Using SF 4.0.0.772

I know that addresses which are on the whitelist passes all filters, but I think that the filter "authorizedTo" should be active. In practise a spammer can use a well-known-address like

ebay@ebay.de which are often on the whitelist and then he can send much automaticly generated mails to the reciepient-Domain.

Sorry for my bad english, but I hope you understand me.

greeting

kp4711

]]> Thu, 11 Sep 2008 12:21:39 +0000 https://www.logsat.com/spamfilter/forums/forum_posts.asp?TID=6553&PID=12387&title=bug-whitelist-versus-authorizedtoemail#12387