Spam Filter ISP Support Forum

  New Posts New Posts RSS Feed - Whitelisted E-mail Quarantined
  FAQ FAQ  Forum Search   Register Register  Login Login

Whitelisted E-mail Quarantined
 Post Reply Post Reply
Author
  Topic Search Topic Search  Topic Options Topic Options
invicta View Drop Down
Newbie
Newbie
Avatar

Joined: 18 August 2009
Status: Offline
Points: 12 		Post Options Post Options   Thanks (0) Thanks(0)   Quote invicta Quote  Post ReplyReply Direct Link To This Post Topic: Whitelisted E-mail Quarantined
    Posted: 19 August 2009 at 12:17am
We have at least one person who e-mailed a client and they were quarantined despite being on the Whitelisted Auto White List Force Delivery file. The user was quarantined to due a keyword match in the filter for this particular domain. My understanding is that if something is whitelisted it will bypass all the other filters except for Cached IP Blacklist and Greylisting. Here are excerpts from the log file:
Note I put the Xs in there.
08/18/09 16:49:22:274 -- (6392) Connection from: 74.10.23.X  -  Originating country : United States
08/18/09 16:49:22:462 -- (6392) Received MAIL FROM: <mxxxxxx@zxxxxx.com>
08/18/09 16:49:22:477 -- (6392) Received RCPT TO: wxxxxx@Hxxxxxx.com
08/18/09 16:49:22:774 -- (6392) Resolving 74.10.23.x - mail.zxxxxx.com
08/18/09 16:49:24:133 -- (6392) - SPF analysis for zxxxxxx.com done: - none
08/18/09 16:49:24:133 -- (6392) Mail from: mxxxxx@zxxxxx.com
08/18/09 16:49:26:508 -- (6392) - MAPS search done...
08/18/09 16:49:26:508 -- (6392) RCPT TO: wxxxxxx@Hxxxxxx.com accepted
08/18/09 16:49:26:555 -- (6392) Checking SFDC
08/18/09 16:49:26:774 -- (6392) Hash cache - Added OK
08/18/09 16:49:26:774 -- (6392) Found Keywords: [get your] (this is a generic keyword set and I removed it)
08/18/09 16:49:26:774 -- (6392) EMail from mxxxxxx@zxxxxx.com to wxxxxx@Hxxxxxx.com matches content filter rules - rejected.
08/18/09 16:49:26:774 -- (6392) Start virus scan
08/18/09 16:49:26:805 -- (6392) Starting quarantine procedures
08/18/09 16:49:26:805 -- (6392) Created thread (2328) to add email to quarantine
08/18/09 16:49:26:805 -- (2328) Adding to Quarantine file:Qrtn14A9CBED-2DC3-4151-936A-D786D37A7B45.tmp
08/18/09 16:49:26:821 -- (6392) Disconnect
08/18/09 16:49:26:837 -- (2328) EMail from mxxxxxx@zxxxxxx.com to wxxxxx@Hxxxxxx.com was received and quarantined. Size: 10 KB, 10240 bytes
Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4104 		Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 19 August 2009 at 7:46pm
invicta,

From your log entries it does not appear that there was a match caused by the from/to email addresses being present in the AutoWhiteList Force Delivery file. If there was a match, the following entry would have been logged:

08/19/09 19:41:23:026 -- (3768) Bypassed all rules for: wxxxxx@Hxxxxxx.com from mxxxxxx@zxxxxx.com ( AutoWhiteList Force Delivery)

Can you please double-check that the file does indeed contain the entry:

mxxxxxx@zxxxxx.com|wxxxxx@Hxxxxxx.com

and that the file is the actual one being used? If you're using SpamFilter ISP "standard", the file being used will be identified by the entry "WL_AuthorizedTOEmailsFileName" in the \SpamFilter\Domains\SFI\Filters.ini
Roberto Franceschetti

LogSat Software

Spam Filter ISP
Back to Top
invicta View Drop Down
Newbie
Newbie
Avatar

Joined: 18 August 2009
Status: Offline
Points: 12 		Post Options Post Options   Thanks (0) Thanks(0)   Quote invicta Quote  Post ReplyReply Direct Link To This Post Posted: 20 August 2009 at 11:39am

Hello,

 
I have the Enterprise version and and see the address whitelisted in the file C:\Program Files\SpamFilter\domains\Hxxxxxx.com\WL_AutoWhiteListForceDelivery.txt
 
 
Is there any way to verify when the entry was whitelisted to verify that the client actually whitelisted it before it was blocked?
 
Thanks!
Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4104 		Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 20 August 2009 at 6:18pm
Sure. When the entry is added to the autowhitelist file, SpamFilter will log the event with a line similar to:

08/20/09 18:14:31:438 -- (288) Adding to C:\Program Files\SpamFilter\domains\Hxxxxxx.com\WL_AutoWhiteListForceDelivery.txt:mxxxxxx@zxxxxx.com|wxxxxx@Hxxxxxx.com

If you run a text search thru SpamFilter's activity logfiles for either the entry in bold above, or more simply for "mxxxxxx@zxxxxx.com|wxxxxx@Hxxxxxx.com" you should be able to pinpoint the date/time when that entry was added.
Roberto Franceschetti

LogSat Software

Spam Filter ISP
Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down



This page was generated in 0.137 seconds.

Copyright (c)2002-2021 LogSat Software LLC - Sales: sales@LogSat.com
Contact Us