After installing the latest evaluation version I have noticed that the program is bypassing all my blacklists.  I am having mail routed from the firewall to my local machine where the program is running.  that's the 10.228 number.   mailto:tvoge@caltim.com - tvoge@caltim.com  is in the TOMAILBLOCKS.txt file for blocking and yet it's getting passed to the mail server where it will bounce.  10.228.215.210:25 is the mail server behind the firewall.  This all started after I installed the latest eval.  I went and reverted to the previous version and the same thing is happening.

Anyone have any ideas as to what might be a miss?

05/25/06 19:24:38:248 -- (5680) Connection from: 10.228.215.1  -  Originating country : N/A
05/25/06 19:24:38:264 -- (5680) Bypassed all rules for: mailto:tvoge@caltim.com - tvoge@caltim.com from mailto:charlene074eo@earthlink.net - charlene074eo@earthlink.net ( Whitelisted Peer IP)
05/25/06 19:24:38:295 -- (5680) EMail from mailto:charlene074eo@earthlink.net - charlene074eo@earthlink.net to mailto:tvoge@caltim.com - tvoge@caltim.com was queued. Size: 1 KB, 1024 bytes
05/25/06 19:24:38:311 -- (5680) Disconnect
05/25/06 19:24:38:326 -- (4968) Sending email from mailto:charlene074eo@earthlink.net - charlene074eo@earthlink.net to mailto:tvoge@caltim.com - tvoge@caltim.com
05/25/06 19:24:38:748 -- (4968) EMail from mailto:charlene074eo@earthlink.net - charlene074eo@earthlink.net to mailto:tvoge@caltim.com - tvoge@caltim.com   was forwarded to 10.228.215.210:25
05/25/06 19:24:46:654 -- Starting to process queue directory...
05/25/06 19:24:46:686 -- (4948) Blacklist cache - starting cleanup

Here is more of the same. 

The problem seems to be the (Whitelisted Peer IP).  mailto:tvogel@attractionsusa.com - tvogel@attractionsusa.com  It's set up for only AUTHORIZED TO EMAIL lists.  This address is NOT in the TO list.   

05/25/06 19:47:51:967 -- (4060) Connection from: 10.228.215.1  -  Originating country : N/A
05/25/06 19:47:52:014 -- (4060) Resolving 10.228.215.1 - nutcracker.caltim.com
05/25/06 19:47:52:014 -- (4060) Bypassed all rules for: mailto:tvogel@attractionsusa.com - tvogel@attractionsusa.com from mailto:hotwizard2000@hotmail.com - hotwizard2000@hotmail.com ( Whitelisted Peer IP)
05/25/06 19:47:52:045 -- (4060) EMail from mailto:hotwizard2000@hotmail.com - hotwizard2000@hotmail.com to mailto:tvogel@attractionsusa.com - tvogel@attractionsusa.com was queued. Size: 1 KB, 1024 bytes
05/25/06 19:47:52:076 -- (5824) Sending email from mailto:hotwizard2000@hotmail.com - hotwizard2000@hotmail.com to mailto:tvogel@attractionsusa.com - tvogel@attractionsusa.com
05/25/06 19:47:52:217 -- (4060) Disconnect
05/25/06 19:47:52:592 -- (5824) EMail from mailto:hotwizard2000@hotmail.com - hotwizard2000@hotmail.com to mailto:tvogel@attractionsusa.com - tvogel@attractionsusa.com   was forwarded to 10.228.215.210:25

LogSat wrote: SpamFilter needs to see the original IP of the sender's server in order to perform all the IP-based tests. You will need to configure your firewall to pass SpamFilter the IP of the remote server. Without being able to see the real IP address, filters like the MAPS RBL servers, SPF, reverse DNS, MX tests, IP blacklists and more cannot be used.

Thanks for responding so quickly Roberto.

The weird thing is that SF has been working this way fine for the past several weeks in it's current configuration.  The trouble started when I installed the latest eval version. 

Tim

LogSat wrote: If you have not changed your firewall/network settings, that should indicate that SpamFilter has always seen the same IP addresses. SpamFilter will see the IP that is reported by the Operating System, upgrading SpamFilter will not change that. Are you 100% certain that before you were seing the real IP address of the sender, and not IPs from your internal network? If you were before, again, an upgrade would not have changed that. You should look at any possible network/firewall changes that would instead indeed cause this to happen.

The IP it's been seeing is the internal.  I HATE that I can't use the Country Block but the firewall has it's own RBL lookups and antivirus.  But it doesn't have the country IP block which I love.  I am trying to get it all reconfigured from scratch so that SF sees it all.

Thanks again for all the help.

--tim