LogSat Software

Message Topic Search Topic Options Post Reply Create New Topic Printable Version Translate Topic

   THe new registred release has caused very aggressive blocking. We did not change any of the rules. INI below. Any feedback would be helpful. We have had to shut down the filter until we figure this out.

; a true after an ordb entry means their DNS is expecting the IP to be reversed
; i.e. to test a connection from 1.2.3.4 they expect 4.3.2.1.bl.spamcop.net
[blacklists]
site1=BL.SPAMCOP.NET, TRUE
site2=SBL.SPAMHAUS.ORG, TRUE
site3=RELAYS.OSIRUSOFT.COM, TRUE
site4=SPAM.DNSRBL.NET, TRUE
site5=DNSBL.NJABL.ORG, TRUE
;site6=dun.dnsrbl.net, true[server settings]
; dns - your DNS server
dns=192.168.0.30; the SpamFilter can be limited to listen on a specific IP:port. Leave empty for all IPs bound to nic
;ListenIP=209.26.140.2
ListenFQDN=worldlinks.com
ListenPort=2505;The email address to use in Error Replies to senders
ErrorHandlerEmailAddress="System Administrator" <rkelly@worldlinks.com>; DestinationServer is where you want all mail received by SpamFilter to be forwarded to
DestinationServer=192.168.0.6
DestinationPort=2501; AllowPercent is used to accept (AllowPercent=1) or reject (AllowPercent=0) emails containing the % character.
; Many SMTP servers are susceptible to being tricked into relaying with this.
; Ex. if you are netwide.net, then a spammer can use
; mail to: joe%yahoo.com@netwide.net
; to relay mail to joe@yahoo.com if your server is vulnerable
; Setting AllowPercent to 1 rejects ALL recipients email addresses conatining the % sign
AllowPercent=1;log daily activity to logfiles
Logging=1
ListenIP=192.168.0.6
MultiThreaded=0
MaxInboundConnections=10
LocalBlackListFileName=
LogKeywords=1
AutoVersionCheck=0
LocalIPBlackListFileName=
LocalDomainsBlackListFileName=
RejectNoReverse=0
DisableConnectionsGrid=0
MaxRCPTTO=20
MinMAPS=2
ArchiveSpamDays=0
KeywordsFileName=C:\Program Files\SpamFilter\keywords.txt
ExcludedDomainsFileName=C:\Program Files\SpamFilter\ExcludedDomains.txt
ExcludedFromEmailsFileName=
AuthorizedTOEmailsFileName=
LocalEMailsBlacklistFileName=
LocalEMailsTOBlacklistFileName=
RejectNoReverseForceDelete=0
RejectEmptyMailFrom=0
RejectEmptyMailFromForceDelete=0
RejectSameToFrom=0
RejectSameToFromForceDelete=0
BlackListForceDelete=0
ContentFilterForceDelete=0
LocalIPBlacklistForceDelete=0
LocalDomainsBlacklistForceDelete=0
CountriesForceDelete=0
LocalEmailsBlacklistForceDelete=0
LocalEmailsTOBlacklistForceDelete=0
; avoid being ourselves an open relay...
; enter here the recipient domains that SpamFilter will accept.
; I.E. if you are hosting netwide.net, then only emails addressed to user@netwide.net will
; be accepted and passed on to your DestinationServer.
; if your first entry is allow1=* then all emails will be accepted (not recommended)
; allow1=*
[allowed domains]
allow1=DISCOVEREUROPE.COM
allow2=MAIL.DISCOVEREUROPE.COM
allow3=WORLDLINKS.COM
allow4=MAIL.WORLDLINKS.COM
allow5=MAIL2.WORLDLINKS.COM
allow6=WORLDVACATIONS.COM
allow7=MAIL.WORLDVACATIONS.COM
allow8=MAIL2.WORLDVACATIONS.COM
allow9=PUBSYSTEM.COM
allow10=MAIL.PUBSYSTEM.COM
allow11=MAIL2.PUBSYSTEM.COM
allow12=HANROUSA.COM
allow13=MAIL.HANROUSA.COM
allow14=MAIL2.HANROUSA.COM
allow15=DISCOVERBRAZIL.COM
allow16=MAIL.DISCOVERBRAZIL.COM
allow17=MAIL2.DISCOVERBRAZIL.COM
allow18=HOTELLINKS.COM
allow19=CARIBBEANCOAST.COM
allow20=MAYANRIVIERA.COM
allow21=PLAYADELCARMEN.COM
allow22=TULUM.COM
allow23=DISCOVERCOZUMEL.NET
allow24=DISCOVERLAFRANCE.COM
allow25=DISCOVERPARIS.COM
allow26=DISCOVERMEXICO.COM
allow27=DISCOVERSTBARTHS.COM
allow28=ELEGANTTRAVELER.COM
allow29=ELEGANTTRAVELLER.COM
allow30=RW-3.COM
allow31=DHINET.COM
allow32=207.224.106.221; if you REALLY must be able to receive emails from a domain which is
; blacklisted, you can bypass the filter by adding it here...
;exclude1=somedomain1.com
;exclude2=somdomain.com[Error Response]
ResponseBlacklistedMAPS=521 The IP %IP% is Blacklisted by %MAPSResponse%.
ResponseBlacklistLocalIP=521 The IP %IP% is Blacklisted.
ResponseBlacklistLocalDomain=521 The domain %Domain% is Blacklisted.
ResponseBlacklistLocalEMail=521 The EMail %EMailFrom% is Blacklisted.
ResponseNoReverseDNS=550 Your IP %IP% does not have a reverse DNS entry. Disconnecting...
ResponseMaxRCPTTO=550 You exceeded then maximum number of RCPT TO. Disconnecting...
ResponseCountryBlacklist=550 Your IP address is from a blacklisted country. Disconnecting..
ResponseRelayRestricted=550 You are not allowed to send mail to %EMailTo%
ResponseKeywordMatch=552 This email is rejected. It contains keywords rejected by the antispam content filter.
ResponseBlacklistLocalEMailTo=521 The EMail %EMailTo% is Blacklisted.
[CountryBlackList]
Country1=NG

Author	Message Topic Search Topic Options Post Reply Create New Topic Printable Version Translate Topic
Russ Kelly Members Profile Send Private Message Find Members Posts Add to Buddy List Guest Group	Post Options Post Reply Quote Russ Kelly Thanks(0) Quote Reply Topic: New release / aggressive blocking Posted: 06 May 2003 at 11:46am
	THe new registred release has caused very aggressive blocking. We did not change any of the rules. INI below. Any feedback would be helpful. We have had to shut down the filter until we figure this out. ; a true after an ordb entry means their DNS is expecting the IP to be reversed ; i.e. to test a connection from 1.2.3.4 they expect 4.3.2.1.bl.spamcop.net [blacklists] site1=BL.SPAMCOP.NET, TRUE site2=SBL.SPAMHAUS.ORG, TRUE site3=RELAYS.OSIRUSOFT.COM, TRUE site4=SPAM.DNSRBL.NET, TRUE site5=DNSBL.NJABL.ORG, TRUE ;site6=dun.dnsrbl.net, true [server settings] ; dns - your DNS server dns=192.168.0.30 ; the SpamFilter can be limited to listen on a specific IP:port. Leave empty for all IPs bound to nic ;ListenIP=209.26.140.2 ListenFQDN=worldlinks.com ListenPort=2505 ;The email address to use in Error Replies to senders ErrorHandlerEmailAddress="System Administrator" <rkelly@worldlinks.com> ; DestinationServer is where you want all mail received by SpamFilter to be forwarded to DestinationServer=192.168.0.6 DestinationPort=2501 ; AllowPercent is used to accept (AllowPercent=1) or reject (AllowPercent=0) emails containing the % character. ; Many SMTP servers are susceptible to being tricked into relaying with this. ; Ex. if you are netwide.net, then a spammer can use ; mail to: joe%yahoo.com@netwide.net ; to relay mail to joe@yahoo.com if your server is vulnerable ; Setting AllowPercent to 1 rejects ALL recipients email addresses conatining the % sign AllowPercent=1 ;log daily activity to logfiles Logging=1 ListenIP=192.168.0.6 MultiThreaded=0 MaxInboundConnections=10 LocalBlackListFileName= LogKeywords=1 AutoVersionCheck=0 LocalIPBlackListFileName= LocalDomainsBlackListFileName= RejectNoReverse=0 DisableConnectionsGrid=0 MaxRCPTTO=20 MinMAPS=2 ArchiveSpamDays=0 KeywordsFileName=C:\Program Files\SpamFilter\keywords.txt ExcludedDomainsFileName=C:\Program Files\SpamFilter\ExcludedDomains.txt ExcludedFromEmailsFileName= AuthorizedTOEmailsFileName= LocalEMailsBlacklistFileName= LocalEMailsTOBlacklistFileName= RejectNoReverseForceDelete=0 RejectEmptyMailFrom=0 RejectEmptyMailFromForceDelete=0 RejectSameToFrom=0 RejectSameToFromForceDelete=0 BlackListForceDelete=0 ContentFilterForceDelete=0 LocalIPBlacklistForceDelete=0 LocalDomainsBlacklistForceDelete=0 CountriesForceDelete=0 LocalEmailsBlacklistForceDelete=0 LocalEmailsTOBlacklistForceDelete=0 ; avoid being ourselves an open relay... ; enter here the recipient domains that SpamFilter will accept. ; I.E. if you are hosting netwide.net, then only emails addressed to user@netwide.net will ; be accepted and passed on to your DestinationServer. ; if your first entry is allow1=* then all emails will be accepted (not recommended) ; allow1=* [allowed domains] allow1=DISCOVEREUROPE.COM allow2=MAIL.DISCOVEREUROPE.COM allow3=WORLDLINKS.COM allow4=MAIL.WORLDLINKS.COM allow5=MAIL2.WORLDLINKS.COM allow6=WORLDVACATIONS.COM allow7=MAIL.WORLDVACATIONS.COM allow8=MAIL2.WORLDVACATIONS.COM allow9=PUBSYSTEM.COM allow10=MAIL.PUBSYSTEM.COM allow11=MAIL2.PUBSYSTEM.COM allow12=HANROUSA.COM allow13=MAIL.HANROUSA.COM allow14=MAIL2.HANROUSA.COM allow15=DISCOVERBRAZIL.COM allow16=MAIL.DISCOVERBRAZIL.COM allow17=MAIL2.DISCOVERBRAZIL.COM allow18=HOTELLINKS.COM allow19=CARIBBEANCOAST.COM allow20=MAYANRIVIERA.COM allow21=PLAYADELCARMEN.COM allow22=TULUM.COM allow23=DISCOVERCOZUMEL.NET allow24=DISCOVERLAFRANCE.COM allow25=DISCOVERPARIS.COM allow26=DISCOVERMEXICO.COM allow27=DISCOVERSTBARTHS.COM allow28=ELEGANTTRAVELER.COM allow29=ELEGANTTRAVELLER.COM allow30=RW-3.COM allow31=DHINET.COM allow32=207.224.106.221 ; if you REALLY must be able to receive emails from a domain which is ; blacklisted, you can bypass the filter by adding it here... ;exclude1=somedomain1.com ;exclude2=somdomain.com [Error Response] ResponseBlacklistedMAPS=521 The IP %IP% is Blacklisted by %MAPSResponse%. ResponseBlacklistLocalIP=521 The IP %IP% is Blacklisted. ResponseBlacklistLocalDomain=521 The domain %Domain% is Blacklisted. ResponseBlacklistLocalEMail=521 The EMail %EMailFrom% is Blacklisted. ResponseNoReverseDNS=550 Your IP %IP% does not have a reverse DNS entry. Disconnecting... ResponseMaxRCPTTO=550 You exceeded then maximum number of RCPT TO. Disconnecting... ResponseCountryBlacklist=550 Your IP address is from a blacklisted country. Disconnecting.. ResponseRelayRestricted=550 You are not allowed to send mail to %EMailTo% ResponseKeywordMatch=552 This email is rejected. It contains keywords rejected by the antispam content filter. ResponseBlacklistLocalEMailTo=521 The EMail %EMailTo% is Blacklisted. [CountryBlackList] Country1=NG

LogSat Members Profile Send Private Message Find Members Posts Add to Buddy List Admin Group Joined: 25 January 2005 Location: United States Status: Offline Points: 4104	Post Options Post Reply Quote LogSat Report Post Thanks(0) Quote Reply Posted: 06 May 2003 at 3:53pm
	Russ, Could you also show some spamfilter log entries showing why emails are being rejected? Roberto Franceschetti LogSat Software

Russ Kelly Members Profile Send Private Message Find Members Posts Add to Buddy List Guest Group	Post Options Post Reply Quote Russ Kelly Thanks(0) Quote Reply Posted: 06 May 2003 at 4:41pm
	Howdy, Here is the repetetive line " rejected - no relay allowed or % found" 05/06/03 10:18:59:140 -- (10444) Disconnect 05/06/03 10:19:39:390 -- Loading local black / white lists 05/06/03 10:20:39:390 -- Loading local black / white lists 05/06/03 10:21:38:828 -- (10480) Connection from: 146.82.86.12 - Originating country : N/A 05/06/03 10:21:39:015 -- (10480) Resolving 146.82.86.12 - Not found 05/06/03 10:21:39:015 -- (10480) Mail from: bmi@mailunique.com To: rkelly@worldlinks.com - rejected - no relay allowed or % found in FROM address 05/06/03 10:21:39:015 -- (10480) 146.82.86.12 - Mail from: bmi@mailunique.com To: rkelly@worldlinks.com will be disconnected 05/06/03 10:21:39:015 -- (10480) Disconnect 05/06/03 10:21:39:390 -- Loading local black / white lists 05/06/03 10:21:54:937 -- (10480) Connection from: 208.46.113.4 - Originating country : N/A 05/06/03 10:21:55:796 -- (10480) Resolving 208.46.113.4 - iad1.efax.com 05/06/03 10:21:55:796 -- (10480) Mail from: message@mail.efax.com To: patrizio@worldlinks.com - rejected - no relay allowed or % found in FROM address 05/06/03 10:21:55:796 -- (10480) 208.46.113.4 - Mail from: message@mail.efax.com To: patrizio@worldlinks.com will be disconnected 05/06/03 10:21:55:796 -- (10480) Disconnect 05/06/03 10:22:39:390 -- Loading local black / white lists 05/06/03 10:23:16:406 -- (9984) Connection from: 69.41.72.117 - Originating country : N/A 05/06/03 10:23:16:562 -- (9984) Resolving 69.41.72.117 - jr117.lesscpa.com 05/06/03 10:23:16:562 -- (9984) Mail from: autoloans@oinlist.lesscpa.com To: awatts@worldlinks.com - rejected - no relay allowed or % found in FROM address 05/06/03 10:23:16:562 -- (9984) 69.41.72.117 - Mail from: autoloans@oinlist.lesscpa.com To: awatts@worldlinks.com will be disconnected 05/06/03 10:23:16:562 -- (9984) Disconnect 05/06/03 10:23:39:390 -- Loading local black / white lists 05/06/03 10:24:39:390 -- Loading local black / white lists 05/06/03 10:25:12:156 -- (10536) Connection from: 69.24.239.52 - Originating country : N/A 05/06/03 10:25:12:500 -- (10536) Resolving 69.24.239.52 - out032.tpcper.com 05/06/03 10:25:12:500 -- (10536) Mail from: perf-news-errors.9224.211401.37135356.501.0.4@b.AdvizeMark1.com To: neal@worldvacations.com - rejected - no relay allowed or % found in FROM address 05/06/03 10:25:12:500 -- (10536) 69.24.239.52 - Mail from: perf-news-errors.9224.211401.37135356.501.0.4@b.AdvizeMark1.com To: neal@worldvacations.com will be disconnected 05/06/03 10:25:12:500 -- (10536) Disconnect 05/06/03 10:25:15:562 -- (9984) Connection from: 81.53.42.105 - Originating country : N/A 05/06/03 10:25:18:218 -- (9984) Resolving 81.53.42.105 - arennes-303-1-27-105.abo.wanadoo.fr 05/06/03 10:25:18:218 -- (9984) Mail from: vxf0x8bf6xbe@attbi.com To: neal@worldlinks.com - rejected - no relay allowed or % found in FROM address 05/06/03 10:25:18:218 -- (9984) 81.53.42.105 - Mail from: vxf0x8bf6xbe@attbi.com To: neal@worldlinks.com will be disconnected 05/06/03 10:25:18:218 -- (9984) Disconnect 05/06/03 10:25:25:625 -- (10536) Connection from: 211.107.175.246 - Originating country : N/A 05/06/03 10:25:29:687 -- (10536) Resolving 211.107.175.246 - Not found 05/06/03 10:25:29:687 -- (10536) Mail from: bnglel1bpln@swbell.net To: loks@worldvacations.com - rejected - no relay allowed or % found in FROM address 05/06/03 10:25:29:687 -- (10536) 211.107.175.246 - Mail from: bnglel1bpln@swbell.net To: loks@worldvacations.com will be disconnected 05/06/03 10:25:29:687 -- (10536) Disconnect 05/06/03 10:25:31:859 -- (10536) Connection from: 61.186.102.213 - Originating country : N/A 05/06/03 10:25:39:390 -- Loading local black / white lists 05/06/03 10:25:46:703 -- (10536) Resolving 61.186.102.213 - Not found 05/06/03 10:25:46:703 -- (10536) Mail from: 6w9gk8x8@swbell.net To: loks@worldlinks.com - rejected - no relay allowed or % found in FROM address

LogSat Members Profile Send Private Message Find Members Posts Add to Buddy List Admin Group Joined: 25 January 2005 Location: United States Status: Offline Points: 4104	Post Options Post Reply Quote LogSat Report Post Thanks(0) Quote Reply Posted: 06 May 2003 at 10:54pm
	Ouch, this was missed during testing. It turns out the match against the allowed domains is failing if the "Allowed Domains" are entered in uppercase. It's definetly a bug and we'll release a patch within the next few hours. In the meantime you can solve the problem by converting your "Allowed domains" to lowercase. This bug is limited to the upper case in your local list, the upper/lower case which the remote sender uses is handled correctly. Roberto Franceschetti LogSat Software

Marian Dumitrascu Members Profile Send Private Message Find Members Posts Add to Buddy List Guest Group	Post Options Post Reply Quote Marian Dumitrascu Thanks(0) Quote Reply Posted: 07 May 2003 at 10:34am
	Thanks. That works. -Marian

LogSat Members Profile Send Private Message Find Members Posts Add to Buddy List Admin Group Joined: 25 January 2005 Location: United States Status: Offline Points: 4104	Post Options Post Reply Quote LogSat Report Post Thanks(0) Quote Reply Posted: 07 May 2003 at 10:41am
	We released build 117 ast night that fixes this problem. Roberto Franceschetti LogSat Software

LogSat Software

Site Navigation[Skip]

Spam Filter ISP Support Forum

New release / aggressive blocking