Spam Filter ISP Support Forum

  New Posts New Posts RSS Feed - Bypassed all rules
  FAQ FAQ  Forum Search   Register Register  Login Login

Bypassed all rules

 Post Reply Post Reply
Author
widget View Drop Down
Guest Group
Guest Group
Post Options Post Options   Thanks (0) Thanks(0)   Quote widget Quote  Post ReplyReply Direct Link To This Post Topic: Bypassed all rules
    Posted: 18 August 2003 at 5:03pm

Just installed SpamFilter ISP, with no black/whitelists, and only one keyword for testing. I keep getting "Bypassed all rules for..." in the log, no matter the sender or recipient, and of course the keyword filter fails.

Any ideas?

Thanks.

Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4104
Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 19 August 2003 at 8:10pm

Can you either post or email at support @ logsat.com a copy of your SpamFilter.ini file?

Roberto F.
LogSat Software

Back to Top
widget View Drop Down
Guest Group
Guest Group
Post Options Post Options   Thanks (0) Thanks(0)   Quote widget Quote  Post ReplyReply Direct Link To This Post Posted: 20 August 2003 at 4:02pm

Here is the spamfilter.ini. Thanks.

[blacklists]
; a true after an ordb entry means their DNS is expecting the IP to be reversed
; i.e. to test a connection from 1.2.3.4 they expect 4.3.2.1.bl.spamcop.net
;site1=bl.spamcop.net, true
;site2=sbl.spamhaus.org, true
;site3=relays.osirusoft.com, true
;site4=spam.dnsrbl.net, true
;site5=dnsbl.njabl.org, true
;site6=dun.dnsrbl.net, true

[server settings]
; dns - your DNS server
dns=192.168.0.200

; the SpamFilter can be limited to listen on a specific IP:port. Leave empty for all IPs bound to nic
;ListenIP=209.26.140.2
ListenFQDN=mail.widgets.com
ListenPort=26

;The email address to use in Error Replies to senders
ErrorHandlerEmailAddress="System Administrator" <postmaster_no_reply@widgets.com>

; DestinationServer is where you want all mail received by SpamFilter to be forwarded to
DestinationServer=localhost
DestinationPort=24

; AllowPercent is used to accept (AllowPercent=1) or reject (AllowPercent=0) emails containing the % character.
; Many SMTP servers are susceptible to being tricked into relaying with this.
; Ex. if you are netwide.net, then a spammer can use
; mail to: joe%yahoo.com@netwide.net
; to relay mail to joe@yahoo.com if your server is vulnerable
; Setting AllowPercent to 1 rejects ALL recipients email addresses conatining the % sign
AllowPercent=0

;log daily activity to logfiles
Logging=1
ListenIP=
LocalIPBlackListFileName=
ExcludedFromEmailsFileName=
LocalDomainsBlackListFileName=
KeywordsFileName=C:\Program Files\SFISP\keywords.txt
ExcludedDomainsFileName=
AuthorizedTOEmailsFileName=
LocalEMailsBlacklistFileName=
LocalEMailsTOBlacklistFileName=
ExcludedEmailsFileName=
LogKeywords=1
AutoVersionCheck=0
DisableConnectionsGrid=0
RejectNoReverse=0
RejectNoReverseForceDelete=0
RejectEmptyMailFrom=0
RejectEmptyMailFromForceDelete=0
RejectSameToFrom=0
RejectSameToFromForceDelete=0
RejectSameToFromDomain=0
RejectSameToFromDomainForceDelete=0
BlackListForceDelete=0
ContentFilterForceDelete=0
LocalIPBlacklistForceDelete=0
LocalDomainsBlacklistForceDelete=0
CountriesForceDelete=0
LocalEmailsBlacklistForceDelete=0
LocalEmailsTOBlacklistForceDelete=0
RememberStats=1
MaxInboundConnections=40
MaxRCPTTO=20
MinMAPS=1
FlushQueueInterval=60
MaxMsgSizeForKeywordScan=64
ArchiveSpamDays=0
DeleteExpiredEmailInterval=60
DisableEHLO=0


[allowed domains]
allow1=widgets.com
; avoid being ourselves an open relay...
; enter here the recipient domains that SpamFilter will accept.
; I.E. if you are hosting netwide.net, then only emails addressed to user@netwide.net will
; be accepted and passed on to your DestinationServer.
; if your first entry is allow1=* then all emails will be accepted (not recommended)
; allow1=*


[exclude from orbs check]
; if you REALLY must be able to receive emails from a domain which is
; blacklisted, you can bypass the filter by adding it here...
;exclude1=somedomain1.com
;exclude2=somdomain.com
[Error Response]
ResponseBlacklistedMAPS=521 The IP %IP% is Blacklisted by %MAPSResponse%.
ResponseBlacklistLocalIP=521 The IP %IP% is Blacklisted.
ResponseBlacklistLocalDomain=521 The domain %Domain% is Blacklisted.
ResponseBlacklistLocalEMail=521 The EMail %EMailFrom% is Blacklisted.
ResponseBlacklistLocalEMailTo=521 The EMail %EMailTo% is Blacklisted.
ResponseNoReverseDNS=557 Your IP %IP% does not have a reverse DNS entry. Disconnecting...
ResponseMaxRCPTTO=557 You exceeded then maximum number of RCPT TO. Disconnecting...
ResponseCountryBlacklist=557 Your IP address is from a blacklisted country. Disconnecting..
ResponseRelayRestricted=557 You are not allowed to send mail to %EMailTo%
ResponseKeywordMatch=557 This email is rejected. It contains keywords rejected by the antispam content filter.
[stats]
RequestCount=14
EMailsBlocked=0
EMailsForwarded:=14
EmailsReceived=14
[statscountry]
C0=14
C1=0
C2=0
C3=0
C4=0
C5=0
C6=0
C7=0
C8=0
C9=0
C10=0
C11=0
C12=0
C13=0
C14=0
C15=0
C16=0
C17=0
C18=0
C19=0
C20=0
C21=0
C22=0
C23=0
C24=0
C25=0
C26=0
C27=0
C28=0
C29=0
C30=0
C31=0
C32=0
C33=0
C34=0
C35=0
C36=0
C37=0
C38=0
C39=0
C40=0
C41=0
C42=0
C43=0
C44=0
C45=0
C46=0
C47=0
C48=0
C49=0
C50=0
C51=0
C52=0
C53=0
C54=0
C55=0
C56=0
C57=0
C58=0
C59=0
C60=0
C61=0
C62=0
C63=0
C64=0
C65=0
C66=0
C67=0
C68=0
C69=0
C70=0
C71=0
C72=0
C73=0
C74=0
C75=0
C76=0
C77=0
C78=0
C79=0
C80=0
C81=0
C82=0
C83=0
C84=0
C85=0
C86=0
C87=0
C88=0
C89=0
C90=0
C91=0
C92=0
C93=0
C94=0
C95=0
C96=0
C97=0
C98=0
C99=0
C100=0
C101=0
C102=0
C103=0
C104=0
C105=0
C106=0
C107=0
C108=0
C109=0
C110=0
C111=0
C112=0
C113=0
C114=0
C115=0
C116=0
C117=0
C118=0
C119=0
C120=0
C121=0
C122=0
C123=0
C124=0
C125=0
C126=0
C127=0
C128=0
C129=0
C130=0
C131=0
C132=0
C133=0
C134=0
C135=0
C136=0
C137=0
C138=0
C139=0
C140=0
C141=0
C142=0
C143=0
C144=0
C145=0
C146=0
C147=0
C148=0
C149=0
C150=0
C151=0
C152=0
C153=0
C154=0
C155=0
C156=0
C157=0
C158=0
C159=0
C160=0
C161=0
C162=0
C163=0
C164=0
C165=0
C166=0
C167=0
C168=0
C169=0
C170=0
C171=0
C172=0
C173=0
C174=0
C175=0
C176=0
C177=0
C178=0
C179=0
C180=0
C181=0
C182=0
C183=0
C184=0
C185=0
C186=0
C187=0
C188=0
C189=0
C190=0
C191=0
C192=0
C193=0
C194=0
C195=0
C196=0
C197=0
C198=0
C199=0
C200=0
C201=0
C202=0
C203=0
C204=0
C205=0
C206=0
C207=0
C208=0
C209=0
C210=0
C211=0
C212=0
C213=0
C214=0
C215=0
C216=0
C217=0
C218=0
C219=0
C220=0
C221=0
C222=0
C223=0
C224=0
C225=0
C226=0
C227=0
C228=0
C229=0
C230=0
C231=0
C232=0
C233=0
C234=0
C235=0
C236=0
C237=0
C238=0
C239=0
C240=0
C241=0
C242=0
C243=0
C244=0
C245=0

 

Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4104
Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 21 August 2003 at 1:03am

The ini file looks and works fine, we were not able to replicate the problem.

Can you please post or email us also a copy of your keywords.txt file, and an excerpt of the spamfilter activity log that shows the incoming connection up to the point where you see the entry indicating the "bypass all rules"?

Roberto
LogSat Software

Back to Top
widget View Drop Down
Guest Group
Guest Group
Post Options Post Options   Thanks (0) Thanks(0)   Quote widget Quote  Post ReplyReply Direct Link To This Post Posted: 21 August 2003 at 12:46pm

Keywerds.txt contains a single line:

spamfilteringrocks
(trailing line feed)

The log snippet is:

08/20/03 12:41:44:712 -- Listening on all IPs port 26
08/20/03 12:41:45:728 -- Starting to process queue directory...
08/20/03 12:44:02:946 -- (458) Connection from: 127.0.0.1  -  Originating country : N/A
08/20/03 12:44:03:415 -- (458) Resolving 127.0.0.1 - localhost
08/20/03 12:44:03:415 -- (458) Bypassed all rules for: administrator@widgets.com from no_reply@widgetstoo.com

Thanks.

Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4104
Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 21 August 2003 at 4:45pm

Mistery solved. You're attempting to test from the server itself (127.0.0.1). By default, SpamFilter trusts its own IP, so you will be able to send email anywhere bypassing all rules if you are physically on the server at 127.0.0.1.

If you use any opther IPs you should see normal behavior.

Roberto F.
LogSat Software

Back to Top
widget View Drop Down
Guest Group
Guest Group
Post Options Post Options   Thanks (0) Thanks(0)   Quote widget Quote  Post ReplyReply Direct Link To This Post Posted: 21 August 2003 at 6:25pm

Ah... this makes sense. Is there any configuration switch to turn off that default behaviour? 

Thanks.

Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4104
Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 21 August 2003 at 11:17pm

No, that's hardcoded in the application...

Roberto
LogSat Software

Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down



This page was generated in 0.281 seconds.