Too Much Spam Still Getting Through |
Post Reply 
|
| Author | |
saracen 
Newbie 
Joined: 28 November 2007 Status: Offline Points: 15 |
 Post Options
 Thanks(0)
 Quote Reply
 Topic: Too Much Spam Still Getting ThroughPosted: 21 January 2008 at 5:34pm |
|
Currently, there is still a good amount of Spam getting through Spam Filter ISP when compared to other solutions we've had in place.
Over the course of a day I will get 15-20 messages that are spam in my inbox while only 2-4 show up in my quarantine. I know that more is getting disconnected based on being from foreign addresses, etc. but more is getting through than what we experienced with previous solutions. For example, with a competing product I would get2-4 messages per week in my inbox. Also, I'm finding that clients of ours are having their emails rejected by the spam filter unless they are added to the domain-to-domain whitelist. Yet, nothing in the content once it's received is indicative of spam (they get an NDR that states that there was a spam signature embedded in the message). Additionally, our clients that we have going through the filter also report the same things, that companies sending email to them get rejected unless defined in the domain-to-domain filter yet they continue to receive emails that are clearly and unquestionably spam in their inboxes. One of the things we love about the product is that it drops connections from most sources limiting the bandwidth being used, but it's frustrating to our clients that mail that is clearly spam gets through while legitimate email is rejected unless the domain is whitelisted. Any thoughts as to why this is happening? |
|
 |
|
|
Stupid
Senior Member 
Joined: 28 November 2005 Status: Offline Points: 127 |
Post Options
Thanks(0)
Quote Reply
Posted: 21 January 2008 at 6:47pm |
|
I am not trying to step on Roberto's toes, but if you want, you can post spamfilter.ini and filters.ini. we can probably help you a bit. A lot of other people here are far more knowledgeable too.
It takes some time to tune it and it also depends on your attractiveness. I run a very small shop and majority of my spam is caught under "honeypots." 1. Set up some keywords that you are sure your clients are not using. 2. Set up MAPS, SURBL, Attachments, SFDB, Filters (reject if no reverse DNS, invalid MX, Mail From=Mail TO, From Domain=To Domain) 3. Monitor a while, then turn on Country filters 4. Start to use Honeypots Edited by Stupid - 21 January 2008 at 6:49pm |
|
|
|
|
LogSat
Admin Group 
Joined: 25 January 2005 Location: United States Status: Offline Points: 4104 |
Post Options
Thanks(0)
Quote Reply
Posted: 21 January 2008 at 6:48pm |
|
saracen,
Most likely this is either caused by a misconfiguration in SpamFilter, or it is due to the fact that SpamFilter is not seeing the "real" IP address of the sender (this happens if you have another server process the emails before they reach SpamFilter, or if your firewall masks the IPs from the internet when NAT'ting them). If you can please zip and email us (support at logsat dot com) about one hour worth of logs from SpamFilter's activity logfile, along with the SpamFilter.ini file, and you let us know what version of SpamFilter you're using, we'll try to help. Please also include the various text files containing your configuration files, especially the one containing the list of your local domains. |
|
|
|
|
saracen
Newbie
Joined: 28 November 2007 Status: Offline Points: 15 |
Post Options
Thanks(0)
Quote Reply
Posted: 21 January 2008 at 9:05pm |
|
Thank you. I've gathered the logs and config files and will be sending them in tonight.
|
|
|
|
|
__M__
Groupie 
Joined: 30 August 2006 Location: Australia Status: Offline Points: 75 |
Post Options
Thanks(0)
Quote Reply
Posted: 22 January 2008 at 2:06am |
|
saracen, just my 2 cents worth:
Persist with the configuration of SFI as from our testing it is the most accurate, affordable and best supported anti-spam product going around.
I'm a big fan-boy because the product is so great (and keeps getting greater).
Mike
|
|
|
|
|
LogSat
Admin Group
Joined: 25 January 2005 Location: United States Status: Offline Points: 4104 |
Post Options
Thanks(0)
Quote Reply
Posted: 25 January 2008 at 9:43pm |
|
For the record, the logs showed that the MAPS RBLs, the SURBLs and the SPF filters where not stopping any spam. Further research pinpointed the problem with the DNS servers that SpamFilter was using. None of the DNS servers were configured as forwarders, and thus all DNS queries were not being answered. Changing DNS servers allowed all the above 3 filters to function again.
|
|
|
|
|
lewiskerns
Newbie
Joined: 10 September 2008 Location: Virginia Status: Offline Points: 2 |
Post Options
Thanks(0)
Quote Reply
Posted: 10 September 2008 at 9:55am |
|
LogSat,
I'm having similar problems with those filters not stopping any spam. Can you elaborate on the changes you made to the DNS servers? Currently, I'musing my local router as well as my ISP's DNS.
|
|
|
|
|
LogSat
Admin Group
Joined: 25 January 2005 Location: United States Status: Offline Points: 4104 |
Post Options
Thanks(0)
Quote Reply
Posted: 10 September 2008 at 4:44pm |
|
lewiskerns,
If you can zip and email us (support @ logsat.com) about one hour's worth of activity from your SpamFilter activity logfile, we'll be glad to look into this for you. Please include your SpamFilter.ini file, and your entire SpamFilter\domains directory structure (all files and folders). |
|
|
|
|
lewiskerns
Newbie
Joined: 10 September 2008 Location: Virginia Status: Offline Points: 2 |
Post Options
Thanks(0)
Quote Reply
Posted: 10 September 2008 at 5:20pm |
|
Thanks LogSat. I made some changes earlier today to my MAPS and SURBL lists, as well as updated my DNS servers and they seem to be catching emails now.
|
|
|
|
Topic Options|
Post Reply
|
|
Tweet
|
| Forum Jump | Forum Permissions You cannot post new topics in this forum You cannot reply to topics in this forum You cannot delete your posts in this forum You cannot edit your posts in this forum You cannot create polls in this forum You cannot vote in polls in this forum |
This page was generated in 0.199 seconds.