whitelist issue 2 |
Post Reply 
|
| Author | |
Dan B 
Senior Member 
Joined: 09 February 2005 Location: United States Status: Offline Points: 105 |
 Post Options
 Thanks(0)
 Quote Reply
 Topic: whitelist issue 2Posted: 22 June 2007 at 12:49pm |
|
Roberto, We are seeing email messages getting caught even when the person is set as bypass whitelist to table. The user christi@thisdmain.org is set to be bypass white listed. Below are logs showing that it's working most of the time but she is still getting some messages caught. This is showing the user is set to bypass and receiving email from bl country.
Here are the logs that show it begin caught. 06/21/07 03:18:55:937 -- (1184) Connection from: 81.155.36.31 - Originating country : United Kingdom
Here the logs show that it was caught but some of the receipents were whitelisted. 06/21/07 03:19:13:984 -- (540) - SPF analysis for petermann.com done: - none 06/21/07 03:19:15:406 -- (540) Starting quarantine procedures I changed the domain for the local users to thisdomain.org to keep them from getting spammed. Can you tell me why this is happening. The timing tables reloading isn't the issue because the they were updated at midnight and 4 am. Thanks, |
|
|
Dan B
|
|
 |
|
|
WebGuyz
Senior Member
Joined: 09 May 2005 Location: United States Status: Offline Points: 348 |
Post Options
Thanks(0)
Quote Reply
Posted: 22 June 2007 at 1:55pm |
|
What version are you running? In SFI or SFE mode? |
|
|
http://www.webguyz.net
|
|
|
|
|
Dan B
Senior Member
Joined: 09 February 2005 Location: United States Status: Offline Points: 105 |
Post Options
Thanks(0)
Quote Reply
Posted: 22 June 2007 at 2:07pm |
|
WebGuyz, This one is running SFI mode and we have the licenses for SFE but haven't got all of our programming converted to SFE database features yet. Dan B |
|
|
Dan B
|
|
|
|
|
WebGuyz
Senior Member
Joined: 09 May 2005 Location: United States Status: Offline Points: 348 |
Post Options
Thanks(0)
Quote Reply
Posted: 22 June 2007 at 2:24pm |
|
3.5.? |
|
|
http://www.webguyz.net
|
|
|
|
|
Dan B
Senior Member
Joined: 09 February 2005 Location: United States Status: Offline Points: 105 |
Post Options
Thanks(0)
Quote Reply
Posted: 22 June 2007 at 2:33pm |
|
Dan B |
|
|
Dan B
|
|
|
|
|
LogSat
Admin Group 
Joined: 25 January 2005 Location: United States Status: Offline Points: 4105 |
Post Options
Thanks(0)
Quote Reply
Posted: 22 June 2007 at 4:24pm |
|
We're not able to reproduce this unfortunately... We simulated your scenario by using the same recipients as yours, but adding them to our "logsat.com" domain. We tried to guess your settings, but we'll get to that later.
After reconfiguring our network so we could use the sender's IP, and adding "christi@logsat.com" to the unfiltered emails list, this is what we got: 06/22/07 16:14:24:468 -- (3852) Connection from: 81.155.36.31 - Originating country : N/A 06/22/07 16:14:24:984 -- (3852) Mail from: kafphilacricketfuv@philacricket.com 06/22/07 16:14:25:000 -- (3852) - SPF analysis for philacricket.com done: - none 06/22/07 16:14:25:140 -- (3852) - MAPS search done... 521 The IP 81.155.36.31 is Blacklisted by zen.spamhaus.org. http://www.spamhaus.org/query/bl?ip=81.155.36.31 -- 06/22/07 16:14:25:171 -- (3852) 81.155.36.31 - Mail from: kafphilacricketfuv@philacricket.com To: christi@logsat.com will be rejected 06/22/07 16:14:25:203 -- (3852) Mail from: kafphilacricketfuv@philacricket.com 06/22/07 16:14:25:234 -- (3852) 81.155.36.31 - Mail from: kafphilacricketfuv@philacricket.com To: david@logsat.com will be rejected 06/22/07 16:14:25:265 -- (3852) Mail from: kafphilacricketfuv@philacricket.com 06/22/07 16:14:25:281 -- (3852) 81.155.36.31 - Mail from: kafphilacricketfuv@philacricket.com To: lenny@logsat.com will be rejected 06/22/07 16:14:25:328 -- (3852) 81.155.36.31 - Mail from: kafphilacricketfuv@philacricket.com To: webmaster@logsat.com will be rejected 06/22/07 16:14:25:359 -- (3852) - EmailTO is not in AuthorizedTOEmail list... 06/22/07 16:14:25:406 -- (3852) Start virus scan 06/22/07 16:14:25:421 -- (3852) Starting queueing procedures 06/22/07 16:14:25:437 -- (3852) Info - some recipients were in the WhitelistedEmailsTO list. Email will be split so they receive it while the others will not 06/22/07 16:14:25:453 -- (3852) EMail from kafphilacricketfuv@philacricket.com to christi@logsat.com was queued. Size: 1 KB, 1024 bytes 06/22/07 16:14:25:468 -- (3704) Sending email from kafphilacricketfuv@philacricket.com to christi@logsat.com -- 06/22/07 16:14:25:484 -- (3852) Starting quarantine procedures 06/22/07 16:14:25:500 -- (3852) Created thread (7904) to add email to quarantine As you see, everything is working as it should, and christi@logsat.com is being forwarded the email, while it's being rejected for the others. What we do see as a difference is that, in your case, the connection was terminated right away after the attempt to webmaster@thisdomain.org: 06/21/07 03:18:57:609 -- (1184) - EmailTO is not in AuthorizedTOEmail list... 06/21/07 03:18:57:625 -- (1184) 81.155.36.31 - Mail from: kafphilacricketfuv@philacricket.com To: webmaster@thisdomain.org will be disconnected 06/21/07 03:18:57:625 -- (1184) Blacklist cache - Updated limbo counter for 81.155.36.31 06/21/07 03:18:57:796 -- (1184) SFDB - Added 81.155.36.31 - Response: Error=0 06/21/07 03:18:57:796 -- (1184) Disconnect The above is did not get quarantined, in your case. However you do have quarantine enabled, as in the other email sample you provided the email was quarantined: 06/21/07 03:19:15:406 -- (540) Starting quarantine procedures 06/21/07 03:19:15:437 -- (540) Created thread (120) to add email to quarantine 06/21/07 03:19:15:609 -- (120) EMail from kafpetermannfuv@petermann.com to christi@thisdomain.org, david@thisdomain.org, lenny@thisdomain.org was received and quarantined. Size: 2 KB, 2048 bytes I'm not aware there could be any specific setting that would cause this (mis) behavior. Is this happening on other occasions as well? It could be possible that on that one time the sender issued a disconnect before sending the email, and that is why it was never quarantined to begin with (it's wishful thinking, but still possible). If it happened other times as well, if ou could zip us the entire SpamFilter's logfile, we'd like to have a look at the one with the original email addresses. |
|
|
|
Topic Options
I forgot that info.. Ver. 3.5.3.678 |
Post Reply
|
|
Tweet
|
| Forum Jump | Forum Permissions You cannot post new topics in this forum You cannot reply to topics in this forum You cannot delete your posts in this forum You cannot edit your posts in this forum You cannot create polls in this forum You cannot vote in polls in this forum |
This page was generated in 0.305 seconds.