Spam Filter ISP Support Forum

  New Posts New Posts RSS Feed - bug: whitelist versus authorizedToEmail
  FAQ FAQ  Forum Search   Register Register  Login Login

bug: whitelist versus authorizedToEmail

 Post Reply Post Reply
Author
kp4711 View Drop Down
Newbie
Newbie


Joined: 04 December 2006
Location: Germany
Status: Offline
Points: 33
Post Options Post Options   Thanks (0) Thanks(0)   Quote kp4711 Quote  Post ReplyReply Direct Link To This Post Topic: bug: whitelist versus authorizedToEmail
    Posted: 11 September 2008 at 12:21pm
Hi,
 
I think there is a bug:
When the from-address ist in whitelist the sender can send to addresses wich are not written in the authorizedToEmail-List.
The CustomDomainFiler "authorizedTo" is enabled for the receipient-Doamin.
Using SF 4.0.0.772
 
I know that addresses which are on the whitelist passes all filters, but I think that the filter "authorizedTo" should be active. In practise a spammer can use a well-known-address like
ebay@ebay.de which are often on the whitelist and then he can send much automaticly generated mails to the reciepient-Domain.
 
Sorry for my bad english, but I hope you understand me.
 
greeting
kp4711
Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4104
Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 11 September 2008 at 10:13pm
kp4711,

The behavior is not a bug, it is by design. All whitelists take precedence over any other filter, with the exception of the two filters that work based on a TCP level even before any SMTP sessions take place. The order in which the filters are applied is at:

www.logsat.com/SpamFilter/Forums/forum_posts.asp?TID=5171#11418

We always accept feedback from users however, so if we receive enough requests to alter this behavior, we may be changing it in the future.
Roberto Franceschetti

LogSat Software

Spam Filter ISP
Back to Top
kp4711 View Drop Down
Newbie
Newbie


Joined: 04 December 2006
Location: Germany
Status: Offline
Points: 33
Post Options Post Options   Thanks (0) Thanks(0)   Quote kp4711 Quote  Post ReplyReply Direct Link To This Post Posted: 12 September 2008 at 6:43am
Hi,
 
ok i understand this but there are many problems with some servers for example mailout01.t-online.de is not able to understand greylisting before HELO or EHELO Command. There are a lot of implementation wich only understand the SMTP-Errors like 421 after they have send there HELO or EHLO Command.
 
So i think that is a good Idea to implement a check of the whitelistedIP-List in the greylist-process. So we are able to allow some Servers who have problems with greylisting before SMTP to bypass the greylistProcess.
 
What say other users to this feature-request?
 
kp4711
Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4104
Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 13 September 2008 at 6:33pm
Having to wait for the remote server to send their HELO string would diminish the effectiveness of these two filters, and render SpamFilter more vulnerable to DoS attacks. If you receive thousands of connections in a few seconds, and for each one the hacker/spammer waits 30 seconds before sending the HELO command, as SpamFilter would have to wait for that string before disconnecting them, within a few seconds your server would pretty much be toast. Allowing the blacklist cache and the greylist filter to disconnect the connection immediately helps a lot in defying such attacks.

This said, please do note that you can add IPs to a whitelist that excludes them from the greylist filter. Please see:
www.logsat.com/spamfilter/forums/forum_posts.asp?TID=6379&PID=11747#11665
Roberto Franceschetti

LogSat Software

Spam Filter ISP
Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down



This page was generated in 0.098 seconds.