Spam seems to be climbing after new 384 release
Printed From: LogSat Software
Category: Spam Filter ISP
Forum Name: Spam Filter ISP Support
Forum Description: General support for Spam Filter ISP
URL: https://www.logsat.com/spamfilter/forums/forum_posts.asp?TID=4343
Printed Date: 15 December 2025 at 11:06pm
Topic: Spam seems to be climbing after new 384 release
Posted By: Guests
Subject: Spam seems to be climbing after new 384 release
Date Posted: 25 September 2004 at 6:14pm
|
I am seeing what appears to be a trend in increased spam getting through since I upgraded to release 384. I am trying to make sense out of the log here but when I look at it it really appears that it is blocking part of the emails and accepting others from the same message? Maybe I just don't understand this or am missing something obvious? I will do some more research...but this this log excerpt for 3900 appear right to you or is it saying part of the transactions are going through?
Terry
09/25/04 14:45:00:220 -- (3900) Connection from: 218.128.168.126 - Originating country : Japan
09/25/04 14:45:01:095 -- (3604) Resolving 204.9.21.68 - mail68.101stocks.biz
09/25/04 14:45:01:111 -- wrldnews.com is a domain, searching for SPF record
09/25/04 14:45:01:111 -- (3604) - SPF analysis for wrldnews.com done: - none
09/25/04 14:45:01:111 -- (3604) Mail from: mailto:LauraHarris@wrldnews.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - LauraHarris@wrldnews.com
09/25/04 14:45:01:267 -- (3604) - MAPS search done... 521 The IP 204.9.21.68 is Blacklisted by sbl.spamhaus.org.4 http://www.spamhaus.org/SBL/sbl.lasso?query=SBL19426" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - http://www.spamhaus.org/SBL/sbl.lasso?query=SBL19426
09/25/04 14:45:01:267 -- (3604) 204.9.21.68 - Mail from: mailto:LauraHarris@wrldnews.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - LauraHarris@wrldnews.com To: mailto:hansej@portptld.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - hansej@portptld.com will be disconnected
09/25/04 14:45:01:267 -- (3604) Disconnect
09/25/04 14:45:01:611 -- (3900) Resolving 218.128.168.126 - YahooBB218128168126.bbtec.net
09/25/04 14:45:01:626 -- guay.com is a domain, searching for SPF record
09/25/04 14:45:01:689 -- (3900) - SPF record for guay.com found. analyzing: - v=spf1 -all
09/25/04 14:45:01:689 -- (3900) - SPF analysis for guay.com done: - fail
09/25/04 14:45:01:689 -- (3900) failed SPF test (fail) - Disconnecting 218.128.168.126
09/25/04 14:45:01:689 -- (3900) 218.128.168.126 - Mail from: mailto:KTXJJXZL@guay.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - KTXJJXZL@guay.com To: mailto:angelr@portptld.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - angelr@portptld.com will be rejected
09/25/04 14:45:02:064 -- (3900) Mail from: mailto:KTXJJXZL@guay.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - KTXJJXZL@guay.com
09/25/04 14:45:02:064 -- (3900) 218.128.168.126 - Mail from: mailto:KTXJJXZL@guay.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - KTXJJXZL@guay.com To: mailto:aster@portptld.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - aster@portptld.com will be rejected
09/25/04 14:45:02:470 -- (3900) Mail from: mailto:KTXJJXZL@guay.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - KTXJJXZL@guay.com
09/25/04 14:45:02:470 -- (3900) RCPT TO: mailto:baumak@portptld.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - baumak@portptld.com accepted
09/25/04 14:45:02:830 -- (3900) Mail from: mailto:KTXJJXZL@guay.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - KTXJJXZL@guay.com
09/25/04 14:45:02:830 -- (3900) RCPT TO: mailto:brantm@portptld.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - brantm@portptld.com accepted
09/25/04 14:45:03:205 -- (3900) Mail from: mailto:KTXJJXZL@guay.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - KTXJJXZL@guay.com
09/25/04 14:45:03:205 -- (3900) RCPT TO: mailto:carmic@portptld.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - carmic@portptld.com accepted
09/25/04 14:45:03:970 -- (3900) Mail from: mailto:KTXJJXZL@guay.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - KTXJJXZL@guay.com
09/25/04 14:45:03:970 -- (3900) RCPT TO: mailto:cross@portptld.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - cross@portptld.com accepted
09/25/04 14:45:05:111 -- (3900) EMail from mailto:KTXJJXZL@guay.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - KTXJJXZL@guay.com to mailto:angelr@portptld.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - angelr@portptld.com , mailto:aster@portptld.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - aster@portptld.com , mailto:baumak@portptld.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - baumak@portptld.com , mailto:brantm@portptld.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - brantm@portptld.com , mailto:carmic@portptld.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - carmic@portptld.com , mailto:cross@portptld.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - cross@portptld.com passes Bayesian filter - 0% spam (0ms)
09/25/04 14:45:05:111 -- (3900) EMail from mailto:KTXJJXZL@guay.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - KTXJJXZL@guay.com to mailto:angelr@portptld.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - angelr@portptld.com , mailto:aster@portptld.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - aster@portptld.com , mailto:baumak@portptld.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - baumak@portptld.com , mailto:brantm@portptld.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - brantm@portptld.com , mailto:carmic@portptld.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - carmic@portptld.com , mailto:cross@portptld.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - cross@portptld.com was queued. Size: 1 KB, 1024 bytes
09/25/04 14:45:05:126 -- (1936) Sending email from mailto:KTXJJXZL@guay.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - KTXJJXZL@guay.com to mailto:angelr@portptld.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - angelr@portptld.com , mailto:aster@portptld.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - aster@portptld.com , mailto:baumak@portptld.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - baumak@portptld.com , mailto:brantm@portptld.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - brantm@portptld.com , mailto:carmic@portptld.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - carmic@portptld.com , mailto:cross@portptld.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - cross@portptld.com
09/25/04 14:45:05:142 -- (2160) Time to add Msg to Bayes corpus:0
09/25/04 14:45:05:830 -- (1936) EMail from mailto:KTXJJXZL@guay.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - KTXJJXZL@guay.com to mailto:angelr@portptld.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - angelr@portptld.com , mailto:aster@portptld.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - aster@portptld.com , mailto:baumak@portptld.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - baumak@portptld.com , mailto:brantm@portptld.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - brantm@portptld.com , mailto:carmic@portptld.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - carmic@portptld.com , mailto:cross@portptld.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - cross@portptld.com was forwarded to 10.192.34.83:25
09/25/04 14:45:06:298 -- (3900) Mail from: mailto:fkvkbbz@stareastnet.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - fkvkbbz@stareastnet.com
09/25/04 14:45:06:298 -- (3900) RCPT TO: mailto:crosst@portptld.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - crosst@portptld.com accepted
09/25/04 14:45:06:689 -- (3900) Mail from: mailto:fkvkbbz@stareastnet.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - fkvkbbz@stareastnet.com
09/25/04 14:45:06:689 -- (3900) RCPT TO: mailto:dickis@portptld.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - dickis@portptld.com accepted
09/25/04 14:45:07:048 -- (3900) Mail from: mailto:fkvkbbz@stareastnet.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - fkvkbbz@stareastnet.com
09/25/04 14:45:07:048 -- (3900) RCPT TO: mailto:dodged@portptld.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - dodged@portptld.com accepted
09/25/04 14:45:07:470 -- (3900) Mail from: mailto:fkvkbbz@stareastnet.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - fkvkbbz@stareastnet.com
09/25/04 14:45:07:470 -- (3900) RCPT TO: mailto:dozone@portptld.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - dozone@portptld.com accepted
09/25/04 14:45:07:830 -- (3900) Mail from: mailto:fkvkbbz@stareastnet.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - fkvkbbz@stareastnet.com
09/25/04 14:45:07:830 -- (3900) RCPT TO: mailto:ebmaster@portptld.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - ebmaster@portptld.com accepted
09/25/04 14:45:08:236 -- (3900) Mail from: mailto:fkvkbbz@stareastnet.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - fkvkbbz@stareastnet.com
09/25/04 14:45:08:236 -- (3900) RCPT TO: mailto:ellisa@portptld.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - ellisa@portptld.com accepted
09/25/04 14:45:08:611 -- (3900) Mail from: mailto:fkvkbbz@stareastnet.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - fkvkbbz@stareastnet.com
09/25/04 14:45:08:611 -- (3900) RCPT TO: mailto:frisit@portptld.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - frisit@portptld.com accepted
09/25/04 14:45:09:017 -- (3900) Mail from: mailto:fkvkbbz@stareastnet.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - fkvkbbz@stareastnet.com
09/25/04 14:45:09:017 -- (3900) RCPT TO: mailto:fuhrmh@portptld.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - fuhrmh@portptld.com accepted
09/25/04 14:45:09:392 -- (3900) Mail from: mailto:fkvkbbz@stareastnet.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - fkvkbbz@stareastnet.com
09/25/04 14:45:09:392 -- (3900) RCPT TO: mailto:furnid@portptld.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - furnid@portptld.com accepted
09/25/04 14:45:09:798 -- (3900) Mail from: mailto:fkvkbbz@stareastnet.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - fkvkbbz@stareastnet.com
09/25/04 14:45:09:814 -- (3900) RCPT TO: mailto:garcid@portptld.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - garcid@portptld.com accepted
|
Replies:
Posted By: LogSat
Date Posted: 25 September 2004 at 11:01pm
|
Terry,At first sight no, it does not look right as the email should have been rejected. Without looking at all your black/white list files and SpamFilter.ini files we can't be sure though. If you can send them to support@logsat.com we'll take a look, but please note that within 3-4 hours we'll have a hurricane over our heads, and we may loose power/internet/phones for a few days as it happened twice already (we're in central florida). This may delay our technical support respoinses a bit.One thing you can check is to make sure you have a valid 3-digit code prefixing *all* of your "Customized Items" tab under settings. If there is not a valid error code, even though an email is to be rejected, since SpamFilter does not have a valid error code to provide the remote server, it has no chouce but to accept the email anyways.Roberto F.
LogSat Software
|
Posted By: Guests
Date Posted: 26 September 2004 at 8:00pm
|
Roberto, I have emailed the files per your request. Hope all goes okay with the hurricane...
Terry
|
Posted By: LogSat
Date Posted: 28 September 2004 at 12:21am
|
Terry, we finally had power returned this evening. Right away we were able to verify that you're correct, your logs and settings do show a problem sometimes in cases where 3 or more recipients appear in an email.I believe we pinpointed the problem, and have made a pre-release build available to address it. If youlogin the registered user are you will see build 385. Please note that as we just (actually as you just have) discovered the problem, we were not able to thoroughly test it yet.The release notes for this build are as follows:// New to VersionNumber = '2.1.1.385';
{TODO -cWish : Add label to indicate "Bayesian Probability results show up in Corpus Database tab"}
{TODO -cFix : if more than 3 RCPT TO's were specfied, spam emails may have not been filtered}
{TODO -cWish : Add option to specify directory path for logfiles}Roberto F.
LogSat Software
|
Posted By: Terry
Date Posted: 28 September 2004 at 4:59pm
|
Thanks Roberto, I have downloaded and installed it. I will let you know how it does.
|
Posted By: Guests
Date Posted: 30 September 2004 at 7:53pm
|
Roberto, I also tried the new build, but I am still experiencing this same problem with the 385 build.
09/30/04 16:35:31:719 -- (425) Connection from: 199.181.164.12 - Originating country : United States
09/30/04 16:35:31:769 -- (425) Resolving 199.181.164.12 - smtpgate.seanet.com
09/30/04 16:35:31:819 -- undivided6399dryg.com is a domain, searching for SPF record
09/30/04 16:35:32:010 -- (425) - SPF analysis for undivided6399dryg.com done: - none
09/30/04 16:35:32:010 -- (425) Mail from: mailto:Deeqcttoxhdpbsaz@undivided6399dryg.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - Deeqcttoxhdpbsaz@undivided6399dryg.com
09/30/04 16:35:37:808 -- (425) - MAPS search done...
09/30/04 16:35:37:808 -- (425) RCPT TO: mailto:alancom3@.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - alancom3@domain.com accepted
09/30/04 16:35:37:828 -- (425) Mail from: mailto:Deeqcttoxhdpbsaz@undivided6399dryg.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - Deeqcttoxhdpbsaz@undivided6399dryg.com
09/30/04 16:35:37:828 -- (425) RCPT TO: mailto:brian@connerhomes.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - brian@domain.com accepted
09/30/04 16:35:37:848 -- (425) Mail from: mailto:Deeqcttoxhdpbsaz@undivided6399dryg.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - Deeqcttoxhdpbsaz@undivided6399dryg.com
09/30/04 16:35:37:848 -- (425) RCPT TO: mailto:jim@connerhomes.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - jim@domain.com accepted
09/30/04 16:35:37:878 -- (425) Mail from: mailto:Deeqcttoxhdpbsaz@undivided6399dryg.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - Deeqcttoxhdpbsaz@undivided6399dryg.com
09/30/04 16:35:37:878 -- (425) RCPT TO: mailto:steve@connerhomes.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - steve@domain.com accepted
09/30/04 16:35:38:038 -- (425) EMail from mailto:Deeqcttoxhdpbsaz@undivided6399dryg.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - Deeqcttoxhdpbsaz@undivided6399dryg.com to mailto:alancom3@connerhomes.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - alancom3@domain.com , mailto:brian@connerhomes.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - brian@domain.com , mailto:jim@connerhomes.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - jim@domain.com , mailto:steve@connerhomes.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - steve@domain.com passes Bayesian filter - 0.0004% spam (20ms)
09/30/04 16:35:38:078 -- (425) EMail from mailto:Deeqcttoxhdpbsaz@undivided6399dryg.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - Deeqcttoxhdpbsaz@undivided6399dryg.com to mailto:alancom3@connerhomes.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - alancom3@domain.com , mailto:brian@connerhomes.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - brian@domain.com , mailto:jim@connerhomes.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - jim@domain.com , mailto:steve@connerhomes.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - steve@domain.com was queued. Size: 1 KB, 1024 bytes
09/30/04 16:35:38:098 -- (421) Sending email from mailto:Deeqcttoxhdpbsaz@undivided6399dryg.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - Deeqcttoxhdpbsaz@undivided6399dryg.com to mailto:alancom3@connerhomes.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - alancom3@domain.com , mailto:brian@connerhomes.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - brian@domain.com , mailto:jim@connerhomes.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - jim@domain.com , mailto:steve@connerhomes.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - steve@domain.com
09/30/04 16:35:38:138 -- (358) Time to add Msg to Bayes corpus:0
09/30/04 16:35:38:249 -- (425) - EmailTO is in local blacklist file...
09/30/04 16:35:38:249 -- (425) 199.181.164.12 - Mail from: mailto:ahkomlqwpclrh@fastwave.net" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - ahkomlqwpclrh@fastwave.net To: mailto:christina@domain.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - christina@domain.com will be disconnected
09/30/04 16:35:38:249 -- (425) Disconnect
|
Posted By: LogSat
Date Posted: 30 September 2004 at 11:29pm
|
Alan,
Judging from these logs, everything seems to be working as expected:
Nothing is causing the email to rejected for the following entries:
09/30/04 16:35:31:719 -- (425) Connection from: 199.181.164.12 - Originating country : United States
09/30/04 16:35:31:769 -- (425) Resolving 199.181.164.12 - smtpgate.seanet.com
09/30/04 16:35:31:819 -- undivided6399dryg.com is a domain, searching for SPF record
09/30/04 16:35:32:010 -- (425) - SPF analysis for undivided6399dryg.com done: - none
09/30/04 16:35:32:010 -- (425) Mail from: mailto:Deeqcttoxhdpbsaz@undivided6399dryg.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. ‘mailto:Deeqcttoxhdpbsaz@undivided6399dryg.com
WARNING: URL created by poster.
’ - Deeqcttoxhdpbsaz@undivided6399dryg.com
09/30/04 16:35:37:808 -- (425) - MAPS search done...
09/30/04 16:35:37:808 -- (425) RCPT TO: mailto:alancom3@.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. ‘mailto:alancom3@.com
WARNING:
URL created by poster. ’ - alancom3@domain.com accepted
09/30/04 16:35:37:828 -- (425) Mail from: mailto:Deeqcttoxhdpbsaz@undivided6399dryg.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. ‘mailto:Deeqcttoxhdpbsaz@undivided6399dryg.com
WARNING: URL created by poster.
’ - Deeqcttoxhdpbsaz@undivided6399dryg.com
09/30/04 16:35:37:828 -- (425) RCPT TO: mailto:brian@connerhomes.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. ‘mailto:brian@connerhomes.com
WARNING: URL created by poster.
’ - brian@domain.com accepted
09/30/04 16:35:37:848 -- (425) Mail from: mailto:Deeqcttoxhdpbsaz@undivided6399dryg.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. ‘mailto:Deeqcttoxhdpbsaz@undivided6399dryg.com
WARNING: URL created by poster.
’ - Deeqcttoxhdpbsaz@undivided6399dryg.com
09/30/04 16:35:37:848 -- (425) RCPT TO: mailto:jim@connerhomes.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. ‘mailto:jim@connerhomes.com
WARNING: URL created by poster.
’ - jim@domain.com accepted
09/30/04 16:35:37:878 -- (425) Mail from: mailto:Deeqcttoxhdpbsaz@undivided6399dryg.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. ‘mailto:Deeqcttoxhdpbsaz@undivided6399dryg.com
WARNING: URL created by poster.
’ - Deeqcttoxhdpbsaz@undivided6399dryg.com
09/30/04 16:35:37:878 -- (425) RCPT TO: mailto:steve@connerhomes.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. ‘mailto:steve@connerhomes.com
WARNING: URL created by poster.
’ - steve@domain.com accepted
09/30/04 16:35:38:038 -- (425) EMail from mailto:Deeqcttoxhdpbsaz@undivided6399dryg.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. ‘mailto:Deeqcttoxhdpbsaz@undivided6399dryg.com
WARNING: URL created by poster.
’ - Deeqcttoxhdpbsaz@undivided6399dryg.com to mailto:alancom3@connerhomes.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. ‘mailto:alancom3@connerhomes.com
WARNING: URL created by poster. ’ - alancom3@domain.com , mailto:brian@connerhomes.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. ‘mailto:brian@connerhomes.com
WARNING:
URL created by poster. ’ - brian@domain.com , mailto:jim@connerhomes.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. ‘mailto:jim@connerhomes.com
WARNING:
URL created by poster. ’ - jim@domain.com , mailto:steve@connerhomes.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. ‘mailto:steve@connerhomes.com
WARNING:
URL created by poster. ’ - steve@domain.com passes Bayesian filter - 0.0004% spam (20ms)
09/30/04 16:35:38:078 -- (425) EMail from mailto:Deeqcttoxhdpbsaz@undivided6399dryg.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. ‘mailto:Deeqcttoxhdpbsaz@undivided6399dryg.com
WARNING: URL created by poster.
’ - Deeqcttoxhdpbsaz@undivided6399dryg.com to mailto:alancom3@connerhomes.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. ‘mailto:alancom3@connerhomes.com
WARNING: URL created by poster. ’ - alancom3@domain.com , mailto:brian@connerhomes.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. ‘mailto:brian@connerhomes.com
WARNING:
URL created by poster. ’ - brian@domain.com , mailto:jim@connerhomes.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. ‘mailto:jim@connerhomes.com
WARNING:
URL created by poster. ’ - jim@domain.com , mailto:steve@connerhomes.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. ‘mailto:steve@connerhomes.com
WARNING:
URL created by poster. ’ - steve@domain.com was queued. Size: 1 KB, 1024 bytes
09/30/04 16:35:38:098 -- (421) Sending email from mailto:Deeqcttoxhdpbsaz@undivided6399dryg.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. ‘mailto:Deeqcttoxhdpbsaz@undivided6399dryg.com
WARNING: URL created by poster.
’ - Deeqcttoxhdpbsaz@undivided6399dryg.com to mailto:alancom3@connerhomes.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. ‘mailto:alancom3@connerhomes.com
WARNING: URL created by poster. ’ - alancom3@domain.com , mailto:brian@connerhomes.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. ‘mailto:brian@connerhomes.com
WARNING:
URL created by poster. ’ - brian@domain.com , mailto:jim@connerhomes.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. ‘mailto:jim@connerhomes.com
WARNING:
URL created by poster. ’ - jim@domain.com , mailto:steve@connerhomes.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. ‘mailto:steve@connerhomes.com
WARNING:
URL created by poster. ’ - steve@domain.com
Up until here, even though the email may be spam as far as I can tell (if only we could have a new build that features a live human person looking at spam we'd be infallible!), none of the filters detect it as spam so it's delivered.
Note that from the logs it looks as if the sender has ended the DATA command, which forces SpamFilter to deliver the email. Rather than disconnecting and then reconnecting, the senders appears to remain connected with the same session, and starts to send more commands to send a separate email. But now the first RCPT TO command triggers one of your blacklists:
09/30/04 16:35:38:249 -- (425) - EmailTO is in local blacklist file...
09/30/04 16:35:38:249 -- (425) 199.181.164.12 - Mail from: mailto:ahkomlqwpclrh@fastwave.net" CLASS="ASPForums" TITLE="WARNING: URL created by poster. ‘mailto:ahkomlqwpclrh@fastwave.net
WARNING: URL created by poster.
’ - ahkomlqwpclrh@fastwave.net To: mailto:christina@domain.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. ‘mailto:christina@domain.com
WARNING:
URL created by poster. ’ - christina@domain.com will be disconnected
09/30/04 16:35:38:249 -- (425) Disconnect
At this point, SpamFilter (correctly) immediately disconnect them. If we interpreted the logs correctly, SpamFilter is operating correctly. Please let us know if you see something wrong with our analysis.
Roberto F.
LogSat Software
|
|