Spam Filter ISP Support

Print Page | Close Window

Bug?

Printed From: LogSat Software
Category: Spam Filter ISP
Forum Name: Spam Filter ISP Support
Forum Description: General support for Spam Filter ISP
URL: https://www.logsat.com/spamfilter/forums/forum_posts.asp?TID=5233
Printed Date: 15 November 2025 at 11:18pm

Topic: Bug?

Posted By: kspare
Subject: Bug?
Date Posted: 18 June 2005 at 3:14pm

I may have found a bug in the black/whitelist order...

My backup mailserver has the same honeypot email address' as all my servers. But being offsite it does not have access to the sql server. So it just takes the message as spam and forwards it to one of the primrary servers, and adds the ip to the honeypot blocks ips list.

When the message gets to the main server, it too sees that the honeypot email address is coming through and now blocks the backup gateways ip address.

So two things need to happen to fix this.

1. Allow us to whitelist in the hotpot certain ips so the honey pot does not catch them.

2. Move the honeypot email address black list behind the subject tag black list...

Kevin

Replies:

Posted By: LogSat
Date Posted: 21 June 2005 at 7:01pm

Kevin,

This is not a bug, but just the way emails and filters are processed. We posted more info on this issue at http://logsat.com/spamfilter/forums/forum_posts.asp?TID=5217#6068 - http://logsat.com/spamfilter/forums/forum_posts.asp?TID=5217 #6068 as follows:

==============================
SpamFilter should really see the original IP of the sender when procesing emails. If SpamFilter handles emails that are being relayed by a "friendly" server, then things are bound to go wrong, not just with the honeypot file. Think about the SPF filter for example... If the IP of the server connecting to SpamFilter is not listed in the SPF DNS record of the sender, the email will be rejected. And if your secondary is forwarding emails to SpamFilter, that *will* cause a big issue.

The mains solutions that come to mind are to:
(1) place SpamFilter (or any other antispam software) in front of all the servers listed as MX records,
or (2) forward the email from the secondaries directly to your main SMTP server, bypassing the main spam filter.
or (3) install a second SpamFilter on a separate IP or separate server, configure it skip ALL IP-based tests (reverse-DNS, country, SPF, MAPS-RBL, IP blacklists, MX checks etc.), and have the secondary forward emails to this lesser-featured SpamFilter.
=========================================

-------------
Roberto Franceschetti

http://www.logsat.com" rel="nofollow - LogSat Software

http://www.logsat.com/sfi-spam-filter.asp" rel="nofollow - Spam Filter ISP

Posted By: kspare
Date Posted: 21 June 2005 at 7:33pm

Server #3 DOES run spamfilter, infact spamfilter forwards the mail directly to the primary server. It has already tagged the email as spam, but the honeypot still picks it up.

Basically all i'm asking for is that the honeypot detection be after the tagged line detection.

Being that server #3 is already spamfilter and has already detected a honeypot email, it tags the subject line and sends the email to server #1 to be put into the quaruntine database. But Server#1 sees the honeypot email address and blocks server #3. When really it should see that it has already tagged the subject line and just quaruntine the email....

Print Page | Close Window