Problem with filtering order
Printed From: LogSat Software
Category: Spam Filter ISP
Forum Name: Spam Filter ISP Support
Forum Description: General support for Spam Filter ISP
URL: https://www.logsat.com/spamfilter/forums/forum_posts.asp?TID=5179
Printed Date: 09 May 2025 at 1:11pm
Topic: Problem with filtering order
Posted By: WebGuyz
Subject: Problem with filtering order
Date Posted: 22 May 2005 at 9:48am
|
I am using the latest released Spamfilter version and have an issue with the order in which you do the checking. We received a ton of messages to a domain we host and the FROM: address was actually in our whitelist. The problem is the the users its forwarding mail to do NOT exist in our AuthorizedTo list.
It appears the Spamfilter is ignoring the users in Authorizedto list and only focusing on the Whitelisted FROM: entry. What happens is that all of these messages get forwarded to the Exchange administrator we are filtering mail for as unknown users and they want to know why they are getting past the spamfilter.
Don't you think it makes sense to verify the TO: users are valid even if the entry is whitelisted?????????
------------- http://www.webguyz.net |
Replies:
Posted By: LogSat
Date Posted: 22 May 2005 at 4:28pm
|
Actually not. The whole purpose of the whitelists is to allow incoming
email from a sender even if they were blocked by another filter. The
AuthorizedTo list is treated no different. There are some users who are
not using it as you're doing, and a different behavior as you suggest
would create problems for them. The *only* exception is with viruses. If the antivirus plugin is installed, even whitelisted senders will be blocked if the email contains a virus. Please note that spammers will often use a fake "from" sender to make it look like it's coming from your own domain. If you add your domain(s) to a whitelist, this will cause the email to bypass all filtering rules, and is generally not a good idea. ------------- Roberto Franceschetti http://www.logsat.com" rel="nofollow - LogSat Software http://www.logsat.com/sfi-spam-filter.asp" rel="nofollow - Spam Filter ISP |
Posted By: WebGuyz
Date Posted: 22 May 2005 at 5:00pm
|
Not having an authorizedto list is open invitation to get hammered by dictionary attacks. Looks the the only whitelist worth keeping is the autowhitelist where you can whitelist by domain or user. The rest are worthless in a multi-domain enviroement. Any consideration foroffering a more feature rich ISP friendly version of Spamfilter? I realize that you can't be all things to all people but you do so many things right with SF, just needs a little bit more to be perfect. Thanks! ------------- http://www.webguyz.net |
Posted By: Desperado
Date Posted: 23 May 2005 at 11:09am
|
An authorized to list is not always realistic to do in an ISP environment as it would be an accounting nightmare .... 15 servers with 20,000 addresses changing on an hourly basis. Regards, ------------- The Desperado Dan Seligmann. Work: http://www.mags.net Personal: http://www.desperado.com |
Posted By: WebGuyz
Date Posted: 23 May 2005 at 11:40am
|
We automatically rebuild our authorizedto list every 15 minutes, but we only have about 3 thousand users. How do you keep dictionary attacks at bay since SF does not have tarpitting.
------------- http://www.webguyz.net |
Posted By: Desperado
Date Posted: 23 May 2005 at 11:49am
|
Our customers that have their own servers deal with invalid addresses however they want and our primary mail server (sendmail) nulls any invalid addresses and only "NDR's" single recpt messages. Regards, ------------- The Desperado Dan Seligmann. Work: http://www.mags.net Personal: http://www.desperado.com |