Spam Filter ISP Support Forum

  New Posts New Posts RSS Feed - SURBL filter issue
  FAQ FAQ  Forum Search   Register Register  Login Login

SURBL filter issue
 Post Reply Post Reply
Author
  Topic Search Topic Search  Topic Options Topic Options
miltonqp View Drop Down
Newbie
Newbie
Avatar

Joined: 11 January 2008
Location: -
Status: Offline
Points: 5 		Post Options Post Options   Thanks (0) Thanks(0)   Quote miltonqp Quote  Post ReplyReply Direct Link To This Post Topic: SURBL filter issue
    Posted: 30 January 2009 at 12:43pm
We use SpamFilter 4.0.0.172  and we have an issue with the SURBL filters.
I'm sending two log extracts:

Case 1

01/23/09 23:12:58:458 -- (3336) Connection from: 129.121.104.137  -  Originating country : United States
01/23/09 23:12:58:614 -- (3336) Received MAIL FROM: <Acai-xxx=xxx.xxx@unifiedinspires.net>
01/23/09 23:12:58:661 -- (3336) Received RCPT TO: xxx@xxx.xxx
01/23/09 23:12:58:692 -- (3336) Resolving 129.121.104.137 - mx2.unifiedinspires.net
01/23/09 23:12:58:895 -- (3336) found SPF record for unifiedinspires.net: v=spf1 mx ptr -all
01/23/09 23:12:58:942 -- (3336) SPF query result: pass
01/23/09 23:12:58:942 -- (3336) - SPF analysis for unifiedinspires.net done: - pass
01/23/09 23:12:58:942 -- (3336) Mail from: Acai-celia=foundhair.com@unifiedinspires.net
01/23/09 23:12:59:161 -- (3336) - MAPS search done...
01/23/09 23:12:59:161 -- (3336) RCPT TO: xxx@xxx.xxx accepted
01/23/09 23:12:59:317 -- (3336) Checking SFDC
01/23/09 23:12:59:505 -- (3336) Hash cache - Added OK
01/23/09 23:12:59:505 -- (3336) Checking SURBL
01/23/09 23:12:59:505 -- (3336) SURBL: unifiedinspires.net - 521 A URL in the email is Blacklisted by SURBL: multi.surbl.org. Blocked, unifiedinspires.net on lists [ws], See: http://www.surbl.org/lists.html --
01/23/09 23:12:59:505 -- (3336) Starting quarantine procedures
01/23/09 23:12:59:536 -- (3336) Created thread (1564) to add email to quarantine
01/23/09 23:12:59:536 -- (3336) Starting bayesian procedures
01/23/09 23:12:59:536 -- (1564) Adding to Quarantine file:Qrt890B.tmp
01/23/09 23:12:59:552 -- (1564) EMail from Acai-xxx=xxx.xxx@unifiedinspires.net to xxx@xxx.xxx was received and quarantined. Size: 5 KB, 5120 bytes
01/23/09 23:12:59:552 -- (3336) Blacklist cache - Added 129.121.104.137 to limbo
01/23/09 23:12:59:723 -- (3336) SFDB - Added 129.121.104.137 - Response: Error=0
01/23/09 23:12:59:723 -- (3336) Disconnect

Case 2

01/23/09 23:28:07:779 -- (3896) Connection from: 85.133.50.137  -  Originating country : United Kingdom
01/23/09 23:28:08:138 -- (3896) Received MAIL FROM: <daily@astrocenter.com>
01/23/09 23:28:08:279 -- (3896) Received RCPT TO: xxx@xxx.xxx
01/23/09 23:28:08:279 -- (3896) Resolving 85.133.50.137 - mail13.center.com
01/23/09 23:28:08:528 -- (3896) found SPF record for astrocenter.com: v=spf1 ip4:85.133.50.128/28 ip4:67.107.27.68 ip4:62.23.37.61 ip4:213.215.10.34 ip4:207.47.28.163 ip4:149.7.36.144/28 mx -all
01/23/09 23:28:08:528 -- (3896) SPF query result: pass
01/23/09 23:28:08:528 -- (3896) - SPF analysis for astrocenter.com done: - pass
01/23/09 23:28:08:528 -- (3896) Mail from: daily@astrocenter.com
01/23/09 23:28:08:575 -- (3896) - MAPS search done...
01/23/09 23:28:08:575 -- (3896) RCPT TO: xxx@xxx.xxx accepted
01/23/09 23:28:09:341 -- (3896) Checking SFDC
01/23/09 23:28:09:653 -- (3896) Hash cache - Added OK
01/23/09 23:28:09:653 -- (3896) Checking SURBL
01/23/09 23:28:09:887 -- (3896) SURBL: doubleclick.net - 521 A URL in the email is Blacklisted by SURBL: multi.uribl.com. Greylisted, see http://lookup.uribl.com/?domain=doubleclick.net --
01/23/09 23:28:09:903 -- (3896) Starting bayesian procedures
01/23/09 23:28:10:122 -- (3896) Blacklist cache - Added 85.133.50.137 to limbo
01/23/09 23:28:10:294 -- (3896) SFDB - Added 85.133.50.137 - Response: Error=0
01/23/09 23:28:10:294 -- (3896) Disconnect

In case 1, the URL is blocked by SURBL list and mail is quarantined

but in case 2 (the problem), The URL is greylisted by SURBL list,  the mails is not quarantined and is not delivered to mail server; the mail is simply rejected.

Our policies indicate that every mail must be quarantined, then every configuration to do not quarantine and reject mails is disabled.

Please let us know which configuration we should modify to quarantine the mails greylisted by SURBL lists too.

Thanks

Milton Quispe
Surgeon's Advisor
Network Administrator

 
Milton
Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4104 		Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 30 January 2009 at 9:27pm
Milton,

SpamFilter should not make any distinctions between the "blocked" in case #1, and the "greylisted" in case #2. In both examples, the email should have been quarantined. In your examples, do the recipient's email addresses belong to the same domain, or are the emails addressed to two different domains? IN case the recipient's domains are different, is there any chance you have different settings for the two domains that would cause the one in case 2 to not be quarantined in the SUBL filter?

If not, can you please zip us SpamFilter's activity logfile for jan 23, and the one for today, along with your SpamFilter.ini file and the contents of your \SpamFilter\Domains directory tree structure?

If the file is over 5MB in size, I'll send you a separate PM with the login details of our FTP server.
Roberto Franceschetti

LogSat Software

Spam Filter ISP
Back to Top
miltonqp View Drop Down
Newbie
Newbie
Avatar

Joined: 11 January 2008
Location: -
Status: Offline
Points: 5 		Post Options Post Options   Thanks (0) Thanks(0)   Quote miltonqp Quote  Post ReplyReply Direct Link To This Post Posted: 02 February 2009 at 12:06pm
Hi

1. in both examples, the recipient email addresses belong to diifferent domains. however, we have the same settings for all our domains.

2. I'm sending the files that you requested.

thanks

Milton Quispe
Surgeon's Advisor
Network Administrator
Milton
Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4104 		Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 02 February 2009 at 8:08pm
Milton,

We verified that the "greylisted" item in the SURBL provider causes the same behavior as the "blacklisted" in SpamFilter.

Looking thru your logs however, we see that SpamFilter was restarted at 23:26, and from that point on, no emails were being quarantined at all by any filter, not just by the SURBL filter.

We also see that earlier that day, SpamFilter was started at 15:30:09, but it was unable to bind to port 25:

01/23/09 15:30:09:515 -- SpamFilter ISP v4.0.0.772
01/23/09 15:30:11:796 -- Exception occurred during PerformPostStartupTasks: Could not bind socket. Address and port are already in use.

This can happen if another SMTP application was already running when SpamFilter was started, or that the standalone version of SpamFilter (SpamFilter.exe) was started up while SpamFilter's service was running in the background. This may have caused some problems that were later "triggered" when restarting SpamFilter again at 23:26.

When we looked at your settings, and everything in them looks fine. Could you please try to stop SpamFilter, and restart it, but first ensuring via the Task Manager that there are no other instances of SpamFilter running?

If emails are still not quarantined, please contact us via email so we may take a better look.
Roberto Franceschetti

LogSat Software

Spam Filter ISP
Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down



This page was generated in 0.164 seconds.

Copyright (c)2002-2021 LogSat Software LLC - Sales: sales@LogSat.com
Contact Us