Spam is getting through our Spamfilter |
Post Reply 
|
| Author | |
ostaa 
Newbie 
Joined: 09 March 2009 Location: Larvik Status: Offline Points: 15 |
 Post Options
 Thanks(0)
 Quote Reply
 Topic: Spam is getting through our SpamfilterPosted: 13 April 2009 at 7:28am |
|
We have SF enterprise with the following config :
Maps : bl.spamcop.net, true cbl.abuseat.org, true combined.njabl.org, true dnsbl.sorbs.net, true zen.spamhaus.org, true Surbl: black.uribl.com multi.surbl.org zen.spamhaus.org Keyword filter Subject:koi8 koi8 viagra ((?i)charset=("){0,1}.*((windows-1251)|(koi8-r)|(2022-jp))) SPF (pass on all three) - we tried to block on failed, but recieved to many blocks on no-spam servers SFDB : value 2 SFDC: value 2 On filter setting we have 1,10,15 as values The bayesian filter is set to 85% (btw - this is nearly never trigged). We have two other spamwalls in our ISP topic (Trend IMSS). We are very happy with the SP solutions, and we want to deploy this on our other server. But.. I need to trap more of the mails with sexual advert. I still get mail like this : 04.13.09 01:59:37:625 -- (5632) EMail from uninitiatedesw388@thevillagejazz.com to trond.anvik@visionpartner.no passes Bayesian filter - 0% spam (0ms) Subject : raise your sweet sexual adventures with wonderful meds. Content :raise your sweet sexual adventures with wonderful meds. beneficial effect ensure. awesome bonus for every sale This mail is trapped as spam in Trend, in Outlook and in Entourage. Du You have any suggestion on how we could tighten our Spamfilter - please let me know. |
|
 |
|
|
LogSat
Admin Group 
Joined: 25 January 2005 Location: United States Status: Offline Points: 4104 |
Post Options
Thanks(0)
Quote Reply
Posted: 13 April 2009 at 10:22pm |
|
ostaa,
If you could please zip us SpamFilter’s activity logfile for today (or a day when you had the problems), we’ll analyze it to ensure there are no issues with your configuration. Please also include your SpamFilter.ini file, and the entire \SpamFilter\Domains directory structure (files and subfolders). We will also need to know the to/from addresses for a few of the spam emails in question that have been missed by SpamFilter. If the zipped file is over 5MB in size, I will send you a PM with the login details for our FTP site, so you may upload the files there. |
|
|
|
|
ostaa
Newbie
Joined: 09 March 2009 Location: Larvik Status: Offline Points: 15 |
Post Options
Thanks(0)
Quote Reply
Posted: 14 April 2009 at 5:58pm |
|
Hi Roberto - still having problems with your FTP :
Hi. I have tried this before - I am not able to put anything to your FTP server. When using MSDOS ftp I get : C:\temp>ftp ftp.logsat.com Connected to ftp.logsat.com. 220 Microsoft FTP Service User (ftp.logsat.com:(none)): logsatuser 331 Password required for logsatuser. Password: 230-Welcome to the LogSat FTP site. Anonymous access is not allowed. 230 User logsatuser logged in. ftp> bin 200 Type set to I. ftp> put ostaa0413.zip 200 PORT command successful. 550 Access is denied. ftp> Any advice would be app. /Trond |
|
|
|
|
LogSat
Admin Group
Joined: 25 January 2005 Location: United States Status: Offline Points: 4104 |
Post Options
Thanks(0)
Quote Reply
Posted: 14 April 2009 at 11:31pm |
|
ostaa,
Unfortunately we're not able to reproduce the FTP issue, even with the command line. Is there any way you can make the zip available for us to download from your site? |
|
|
|
|
ostaa
Newbie
Joined: 09 March 2009 Location: Larvik Status: Offline Points: 15 |
Post Options
Thanks(0)
Quote Reply
Posted: 15 April 2009 at 3:08am |
|
Hi Roberto.
I have uploaded the files on my FTP server. ftp.visionpartner.no Username and password is the the same as you mailed me. /Trond |
|
|
|
|
LogSat
Admin Group
Joined: 25 January 2005 Location: United States Status: Offline Points: 4104 |
Post Options
Thanks(0)
Quote Reply
Posted: 16 April 2009 at 12:41am |
|
ostaa,
The day in your logs (the 13th), SpamFilter processed 78,624 connections, and blocked 67,404 emails - it thus prevented 86% of the incoming emails from being received. Now, of the 11,033 emails that were queued for delivery, a very high percentage of them, 10,338, were delivered because of your whitelisting rules. This left *only* 695 emails that passed (0.88% of the incoming emails) that passed all of SpamFilter's various filters. Most of these 695 emails are likely legitimate, valid emails. Now assuming that 1 out of every 5 emails of those 695 that SpamFilter allowed are spam (meaning that a whopping 20% of the emails SpamFilter missed are spam), this means that only 20% of 0.88% is being missed as spam (0.18% - indicating a 99.82% accuracy if I did the math correctly). If you see a lot of spam coming in, I would recommend double-checking the whitelist filters you have in place to see if they are allowing spam to go thru, as whitelisted emails represent the vast majority of email that is being delivered. |
|
|
|
|
ostaa
Newbie
Joined: 09 March 2009 Location: Larvik Status: Offline Points: 15 |
Post Options
Thanks(0)
Quote Reply
Posted: 16 April 2009 at 4:31am |
|
Hi Roberto and thank you for fast reply. I only have my own IPnet in the whitelist config have I missed any parameters? (PS Your math is correct :-) )
It is not a LOT of spam, but my customer complains when they now receive more spam after I have changed the spamfilter. Do not misunderstand me, it is not a big problem – but I will try to correct this before I move my other two servers to this platform. /Trond Edited by ostaa - 16 April 2009 at 4:32am |
|
|
|
Topic Options|
Post Reply
|
|
Tweet
|
| Forum Jump | Forum Permissions You cannot post new topics in this forum You cannot reply to topics in this forum You cannot delete your posts in this forum You cannot edit your posts in this forum You cannot create polls in this forum You cannot vote in polls in this forum |
This page was generated in 0.176 seconds.