Spam Filter ISP Support Forum

  New Posts New Posts RSS Feed - Keyword Whitelist
  FAQ FAQ  Forum Search   Register Register  Login Login

Keyword Whitelist

 Post Reply Post Reply
Author
rdemeyer View Drop Down
Newbie
Newbie


Joined: 29 October 2007
Location: United States
Status: Offline
Points: 10
Post Options Post Options   Thanks (0) Thanks(0)   Quote rdemeyer Quote  Post ReplyReply Direct Link To This Post Topic: Keyword Whitelist
    Posted: 09 November 2010 at 3:17pm

Lately we are getting SPAM mail past the filters due to Keyword Whitelist.  I have two domains in the Keyword Whitelist (added from a previous issue).  There are now messages that show they are passed to the receipient as "Keyword Whitelist".  I find NOTHING in these messages that even closely matches the two items in the Whitelist, how can I figure out why they are passing?

Thanks
Randy
 
Edited these headers to tidy up the REAL info.
 
Microsoft Mail Internet Headers Version 2.0
Received: from XXXXexch1 ([127.0.0.1]) by XXXX.iwatsu.com with Microsoft SMTPSVC(6.0.3790.4675);
  Tue, 9 Nov 2010 10:38:56 -0600
Received: from 66.207.162.202 by  (LogSat Software SMTP Server); Tue, 9 Nov 2010 10:38:56 -0600
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=default; d=adighedemove.net;
 h=To:Message-ID:Date:Mime-Version:Subject:From:Content-type; i=info@adighedemove.net;
 bh=1koPN7z07mUtbZJ1mAeszMaENo8=;
 b=CXJbxhH4KbCtN+Z1nQyVL4wdAOu8Y2rE5j9BHXDP5S/LChR80EnDs0HU97+y9oNyyvLKeDhFNYoF
   2H0sLobFetRNozsPKyAV3WD0k5DADPGWEE00J4xaHZKUhgSW5+7CcmXQqoFvKvWa3w47h6udiJ1m
   CjHLX4xYiiw2z0UFGGU=
DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=default; d=adighedemove.net;
 b=MJRNG53kgYHZuoQRiX79asIOQFCl/LkilzkddVnTxTUfFS9hnS6LYw9dCYkxHNHkW7Klba0AKMkI
   0FHoHtAjkH1pQ7xILx+hUNmSn9/duGcDunAWwsI+eaRcbAnwUvgkoucEE+jcehxAXXSs8CAT4kue
   CZOhh6RE1Akf6/E0EfE=;
To: <XXX@iwatsu.com>
Message-ID: <12753691507079543821475@sfa202.adighedemove.net>
Date: Tue, 9 Nov 2010 11:36:55 -0500
Mime-Version: 1.0
Subject: Blue Cross Blue Shield is offering Affordable Health Insurance
From: "Affordable Health-Rates" <info@adighedemove.net>
Content-type: multipart/alternative; boundary="_NextPart_MDIxMjY3NTY3NDcyMTQ3NWE4ZWFhMDA5YTk3YzhiNWI_"
X-Server: LogSat Software SMTP Server
X-SF-RX-Return-Path: <info@adighedemove.net>
X-SF-HELO-Domain: sfa202.adighedemove.net
X-SF-Originating-IP: 66.207.162.202
X-SF-WhiteListedReason: keyword whitelist match
Return-Path: info@adighedemove.net
X-OriginalArrivalTime: 09 Nov 2010 16:38:56.0382 (UTC) FILETIME=[9A2E19E0:01CB802C]
--_NextPart_MDIxMjY3NTY3NDcyMTQ3NWE4ZWFhMDA5YTk3YzhiNWI_
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 8bit
Content-Disposition: inline
--_NextPart_MDIxMjY3NTY3NDcyMTQ3NWE4ZWFhMDA5YTk3YzhiNWI_
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 8bit
Content-Disposition: inline
 
Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4104
Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 09 November 2010 at 10:24pm
rdemeyer,

If you look in SpamFilter's activity logfile for the entries relative to this email, you should find two entries similar to the following, which will display the specific whitelist keyword that was matched to the content of the email:

11/08/10 22:03:10:750 -- (2820) Found Keywords: [spamfilter_test_keyword]
11/08/10 22:03:10:765 -- (2820) Bypassed all rules for: test1@test.logsat.com from test2@test.logsat.com - keyword whitelist match

Roberto Franceschetti

LogSat Software

Spam Filter ISP
Back to Top
rdemeyer View Drop Down
Newbie
Newbie


Joined: 29 October 2007
Location: United States
Status: Offline
Points: 10
Post Options Post Options   Thanks (0) Thanks(0)   Quote rdemeyer Quote  Post ReplyReply Direct Link To This Post Posted: 10 November 2010 at 4:03pm
Here is a sample of one from the logs.  I still don't get it.  :/
 
 
11/09/10 10:38:55:695 -- (7140) Connection from: 66.207.162.202  -  Originating country : United States
11/09/10 10:38:55:914 -- (7140) Received MAIL FROM: <info@adighedemove.net>
11/09/10 10:38:55:929 -- (7140) Received RCPT TO: X1@iwatsu.com
11/09/10 10:38:55:960 -- (7140) Resolving 66.207.162.202 - Not found
11/09/10 10:38:55:960 -- (7140) - Reverse DNS not found -
11/09/10 10:38:55:960 -- (7140) 66.207.162.202 - Mail from: info@adighedemove.net To: X1@iwatsu.com will be rejected
11/09/10 10:38:56:023 -- (7140) Bypassed all rules for: X1@iwatsu.com from info@adighedemove.net - keyword whitelist match
11/09/10 10:38:56:023 -- (7140) Starting queueing procedures
11/09/10 10:38:56:023 -- (7140) EMail from info@adighedemove.net to X1@iwatsu.com was queued. Size: 15 KB, 15360 bytes
11/09/10 10:38:56:054 -- (7140) Received MAIL FROM: <info@adighedemove.net>
11/09/10 10:38:56:070 -- (7140) Received RCPT TO: X2@iwatsu.com
11/09/10 10:38:56:101 -- (7140) - Reverse DNS not found -
11/09/10 10:38:56:101 -- (7140) 66.207.162.202 - Mail from: info@adighedemove.net To: X2@iwatsu.com will be rejected
11/09/10 10:38:56:257 -- (7140) Bypassed all rules for: X2@iwatsu.com from info@adighedemove.net - keyword whitelist match
11/09/10 10:38:56:257 -- (7140) Starting queueing procedures
11/09/10 10:38:56:257 -- (7140) EMail from info@adighedemove.net to dcarissimi@iwatsu.com was queued. Size: 15 KB, 15360 bytes
11/09/10 10:38:56:273 -- (7140) Disconnect
Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4104
Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 10 November 2010 at 10:26pm
..if that is indeed the complete log, then I'm scratching my head too....!

Could you please zip us (support at logsat dot com) the entire section of that SpamFilter's activity logfile from 10:30 to 11:00 so we can have a better look? Please also include a copy of the \SpamFilter\Domains directory tree in the zip. If the file containing the whitelist keywords is outside of that directory, please include that as well.
Roberto Franceschetti

LogSat Software

Spam Filter ISP
Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down



This page was generated in 0.273 seconds.