LogSat Software

Message Topic Search Topic Options Post Reply Create New Topic Printable Version Translate Topic

     I am using the latest released Spamfilter version and have an issue with the order in which you do the checking. We received a ton of messages to a domain we host and the FROM: address was actually in our whitelist. The problem is the the users its forwarding mail to do NOT exist in our AuthorizedTo list. 

It appears the Spamfilter is ignoring the users in Authorizedto list and only focusing on the Whitelisted FROM: entry. What happens is that all of these messages get forwarded to the Exchange administrator we are filtering mail for as unknown users and they want to know why they are getting past the spamfilter.

Don't you think it makes sense to verify the TO: users are valid even if the entry is whitelisted?????????

Author	Message Topic Search Topic Options Post Reply Create New Topic Printable Version Translate Topic
WebGuyz Members Profile Send Private Message Find Members Posts Add to Buddy List Senior Member Joined: 09 May 2005 Location: United States Status: Offline Points: 348	Post Options Post Reply Quote WebGuyz Report Post Thanks(0) Quote Reply Topic: Problem with filtering order Posted: 22 May 2005 at 9:48am
	I am using the latest released Spamfilter version and have an issue with the order in which you do the checking. We received a ton of messages to a domain we host and the FROM: address was actually in our whitelist. The problem is the the users its forwarding mail to do NOT exist in our AuthorizedTo list. It appears the Spamfilter is ignoring the users in Authorizedto list and only focusing on the Whitelisted FROM: entry. What happens is that all of these messages get forwarded to the Exchange administrator we are filtering mail for as unknown users and they want to know why they are getting past the spamfilter. Don't you think it makes sense to verify the TO: users are valid even if the entry is whitelisted?????????
	http://www.webguyz.net

LogSat Members Profile Send Private Message Find Members Posts Add to Buddy List Admin Group Joined: 25 January 2005 Location: United States Status: Offline Points: 4104	Post Options Post Reply Quote LogSat Report Post Thanks(0) Quote Reply Posted: 22 May 2005 at 4:28pm
	Actually not. The whole purpose of the whitelists is to allow incoming email from a sender even if they were blocked by another filter. The AuthorizedTo list is treated no different. There are some users who are not using it as you're doing, and a different behavior as you suggest would create problems for them. The only exception is with viruses. If the antivirus plugin is installed, even whitelisted senders will be blocked if the email contains a virus. Please note that spammers will often use a fake "from" sender to make it look like it's coming from your own domain. If you add your domain(s) to a whitelist, this will cause the email to bypass all filtering rules, and is generally not a good idea.
	Roberto Franceschetti LogSat Software Spam Filter ISP

WebGuyz Members Profile Send Private Message Find Members Posts Add to Buddy List Senior Member Joined: 09 May 2005 Location: United States Status: Offline Points: 348	Post Options Post Reply Quote WebGuyz Report Post Thanks(0) Quote Reply Posted: 22 May 2005 at 5:00pm
	Not having an authorizedto list is open invitation to get hammered by dictionary attacks. Looks the the only whitelist worth keeping is the autowhitelist where you can whitelist by domain or user. The rest are worthless in a multi-domain enviroement. Any consideration foroffering a more feature rich ISP friendly version of Spamfilter? I realize that you can't be all things to all people but you do so many things right with SF, just needs a little bit more to be perfect. Thanks!
	http://www.webguyz.net

Desperado Members Profile Send Private Message Find Members Posts Add to Buddy List Senior Member Joined: 27 January 2005 Location: United States Status: Offline Points: 1143	Post Options Post Reply Quote Desperado Report Post Thanks(0) Quote Reply Posted: 23 May 2005 at 11:09am
	An authorized to list is not always realistic to do in an ISP environment as it would be an accounting nightmare .... 15 servers with 20,000 addresses changing on an hourly basis. Regards,
	The Desperado Dan Seligmann. Work: http://www.mags.net Personal: http://www.desperado.com

WebGuyz Members Profile Send Private Message Find Members Posts Add to Buddy List Senior Member Joined: 09 May 2005 Location: United States Status: Offline Points: 348	Post Options Post Reply Quote WebGuyz Report Post Thanks(0) Quote Reply Posted: 23 May 2005 at 11:40am
	We automatically rebuild our authorizedto list every 15 minutes, but we only have about 3 thousand users. How do you keep dictionary attacks at bay since SF does not have tarpitting.
	http://www.webguyz.net

Desperado Members Profile Send Private Message Find Members Posts Add to Buddy List Senior Member Joined: 27 January 2005 Location: United States Status: Offline Points: 1143	Post Options Post Reply Quote Desperado Report Post Thanks(0) Quote Reply Posted: 23 May 2005 at 11:49am
	Our customers that have their own servers deal with invalid addresses however they want and our primary mail server (sendmail) nulls any invalid addresses and only "NDR's" single recpt messages. Regards,
	The Desperado Dan Seligmann. Work: http://www.mags.net Personal: http://www.desperado.com

LogSat Software

Site Navigation[Skip]

Spam Filter ISP Support Forum

Problem with filtering order