bug: whitelist versus authorizedToEmail |
Post Reply 
|
| Author | |
kp4711 
Newbie 
Joined: 04 December 2006 Location: Germany Status: Offline Points: 33 |
 Post Options
 Thanks(0)
 Quote Reply
 Topic: bug: whitelist versus authorizedToEmailPosted: 11 September 2008 at 12:21pm |
|
Hi,
I think there is a bug:
When the from-address ist in whitelist the sender can send to addresses wich are not written in the authorizedToEmail-List.
The CustomDomainFiler "authorizedTo" is enabled for the receipient-Doamin.
Using SF 4.0.0.772
I know that addresses which are on the whitelist passes all filters, but I think that the filter "authorizedTo" should be active. In practise a spammer can use a well-known-address like
ebay@ebay.de which are often on the whitelist and then he can send much automaticly generated mails to the reciepient-Domain.
Sorry for my bad english, but I hope you understand me.
greeting
kp4711
|
|
 |
|
|
LogSat
Admin Group 
Joined: 25 January 2005 Location: United States Status: Offline Points: 4104 |
Post Options
Thanks(0)
Quote Reply
Posted: 11 September 2008 at 10:13pm |
|
kp4711,
The behavior is not a bug, it is by design. All whitelists take precedence over any other filter, with the exception of the two filters that work based on a TCP level even before any SMTP sessions take place. The order in which the filters are applied is at: www.logsat.com/SpamFilter/Forums/forum_posts.asp?TID=5171#11418 We always accept feedback from users however, so if we receive enough requests to alter this behavior, we may be changing it in the future. |
|
|
|
|
kp4711
Newbie
Joined: 04 December 2006 Location: Germany Status: Offline Points: 33 |
Post Options
Thanks(0)
Quote Reply
Posted: 12 September 2008 at 6:43am |
|
Hi,
ok i understand this but there are many problems with some servers for example mailout01.t-online.de is not able to understand greylisting before HELO or EHELO Command. There are a lot of implementation wich only understand the SMTP-Errors like 421 after they have send there HELO or EHLO Command.
So i think that is a good Idea to implement a check of the whitelistedIP-List in the greylist-process. So we are able to allow some Servers who have problems with greylisting before SMTP to bypass the greylistProcess.
What say other users to this feature-request?
kp4711
|
|
|
|
|
LogSat
Admin Group
Joined: 25 January 2005 Location: United States Status: Offline Points: 4104 |
Post Options
Thanks(0)
Quote Reply
Posted: 13 September 2008 at 6:33pm |
|
Having to wait for the remote server to send their HELO string would diminish the effectiveness of these two filters, and render SpamFilter more vulnerable to DoS attacks. If you receive thousands of connections in a few seconds, and for each one the hacker/spammer waits 30 seconds before sending the HELO command, as SpamFilter would have to wait for that string before disconnecting them, within a few seconds your server would pretty much be toast. Allowing the blacklist cache and the greylist filter to disconnect the connection immediately helps a lot in defying such attacks.
This said, please do note that you can add IPs to a whitelist that excludes them from the greylist filter. Please see: www.logsat.com/spamfilter/forums/forum_posts.asp?TID=6379&PID=11747#11665 |
|
|
|
Topic Options|
Post Reply
|
|
Tweet
|
| Forum Jump | Forum Permissions You cannot post new topics in this forum You cannot reply to topics in this forum You cannot delete your posts in this forum You cannot edit your posts in this forum You cannot create polls in this forum You cannot vote in polls in this forum |
This page was generated in 0.259 seconds.