Spam not stopped |
Post Reply 
|
| Author | |
sevo 
Newbie 
Joined: 21 October 2006 Status: Offline Points: 7 |
 Post Options
 Thanks(0)
 Quote Reply
 Topic: Spam not stoppedPosted: 05 May 2008 at 10:57am |
|
all,
we are seeing a number of messages getting through to our mail server. these messages typically have only two X-SF entries in the header.
is there anything wrong or is this expected behaviour?
not sure what next step would be to stop these
*********
Microsoft Mail Internet Headers Version 2.0
Received: from LogSatServer ([192.168.80.3]) by x.destination.com with Microsoft SMTPSVC(6.0.3790.3959);
Sat, 3 May 2008 11:12:48 +0200 Received: from 79.65.93.36 by (LogSat Software SMTP Server); Sat, 3 May 2008 11:13:44 +0200 Message-ID: <000a01c8acfd$03d10bea$da57fea0@tesihsv> From: "emery luiz" <xenos@sinagirl.com> To: <xyz@destination.com> Subject: BUY CIALLIS GENERIC, order ciallis Date: Sat, 03 May 2008 07:26:10 +0000 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0007_01C8ACFD.03CC0305" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.3138 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198 X-Server: LogSat Software SMTP Server X-SF-RX-Return-Path: <xenos@sinagirl.com> X-SF-HELO-Domain: 79-65-93-36.dynamic.dsl.as9105.com Return-Path: xenos@sinagirl.com X-OriginalArrivalTime: 03 May 2008 09:12:48.0125 (UTC) FILETIME=[DB043AD0:01C8ACFD] |
|
 |
|
|
LogSat
Admin Group 
Joined: 25 January 2005 Location: United States Status: Offline Points: 4104 |
Post Options
Thanks(0)
Quote Reply
Posted: 05 May 2008 at 5:22pm |
|
Sevo,
In this case, we can see that SpamFilter did process the email but did not stop it. The IP that sent it, "79.65.93.36" is blacklisted in our SFDB blacklist, but we can't tell if it was blacklisted on Saturday when you received the email. We'd need to see your SpamFilter activity logfile, possibly trimmed to show the 30 minutes before and the 30 minutes after, the time the email was received (Saturday May 3, 11:13AM). If you can zip it and email it to us, along with your SpamFilter.ini file, and the contents of the \SpamFilter\Domains directory tree, we'll be glad to take a look. |
|
|
|
|
LogSat
Admin Group
Joined: 25 January 2005 Location: United States Status: Offline Points: 4104 |
Post Options
Thanks(0)
Quote Reply
Posted: 06 May 2008 at 10:51pm |
|
Sevo,
I'm afraid you may be having issues with your DNS server at 192.168.10.4. In this specific email, there was a DNS timeout while checking the MAPS servers to see if the P was blacklisted. The entries in your logs for this are: 05/05/08 18:35:04:349 -- (4312) DNS Error:TimedOut 05/05/08 18:35:04:506 -- (4312) - MAPS search done... I scanned the section of logfile you sent, and it showed you received 5592 connections attempts during that day. However, during the same, day, SpamFilter experienced 1018 DNS timeout errors. Compared to the small amount of traffic you receive, the number of DNS timeouts is, I'm sorry to say, huge. Everytime there is a DNS timeout, the specific filter being checked (usually the MAPS filter, one of the most effective ones) will allow the email thru, as SpamFilter cannot risk stopping legitimate emails if there is a DNS error. You will need to see why your DNS server is not responding in a timely manner. While SpamFilter does have a setting to increase the default DNS timeout, we strongly discourage against increasing it, as it may lead to other problems. |
|
|
|
Topic Options|
Post Reply
|
|
Tweet
|
| Forum Jump | Forum Permissions You cannot post new topics in this forum You cannot reply to topics in this forum You cannot delete your posts in this forum You cannot edit your posts in this forum You cannot create polls in this forum You cannot vote in polls in this forum |
This page was generated in 0.137 seconds.