Messages quarantined even if sender white
Printed From: LogSat Software
Category: Spam Filter ISP
Forum Name: Spam Filter ISP Support
Forum Description: General support for Spam Filter ISP
URL: https://www.logsat.com/spamfilter/forums/forum_posts.asp?TID=6186
Printed Date: 05 February 2025 at 12:53pm
Topic: Messages quarantined even if sender white
Posted By: Terry
Subject: Messages quarantined even if sender white
Date Posted: 08 August 2007 at 9:13am
|
We have experienced a problem where an email was quarantined even though the sender was whitelisted by the recipient. In looking at the logs it appears this may occur because the program must check the SFDB before the whitelist... 08/02/07 15:34:32:263 -- (1104) Connection from: 65.54.246.107 - Originating country : United States
the "vigilante1" email address was whitelisted for the recipient already when this quarantine occurred so it should have checked the whitelist first.......
We are on release 3.5.4.692 |
Replies:
Posted By: Desperado
Date Posted: 08 August 2007 at 10:30am
|
I am not sure if this applies but ... // New to VersionNumber = '3.5.4.700'; Also, How did you whitelist the sender? ------------- The Desperado Dan Seligmann. Work: http://www.mags.net Personal: http://www.desperado.com |
Posted By: Terry
Date Posted: 08 August 2007 at 10:35am
|
I don't think that those really apply. The sender was whitelisted by the user by releasing email from quarantine weeks earlier....here is a log entry from several days earlier that shows the fact that the sender was whitelisted for this recipient 07/30/07 08:59:54:218 -- (3040) Bypassed all rules for: mailto:Renee.Dowlin@portofportland.com - Renee.Dowlin@portofportland.com from mailto:vigilante1@msn.com - vigilante1@msn.com ( AutoWhiteList Force Delivery) I am really think it must be the order of checking....
|
Posted By: Desperado
Date Posted: 08 August 2007 at 10:44am
|
Hmmm I believe a whitelist entry will over-ride anything but there were some AutoWhiteList issues that were also resolved after the 692 build. Or .... there may be a bug I have not experienced yet. ------------- The Desperado Dan Seligmann. Work: http://www.mags.net Personal: http://www.desperado.com |
Posted By: RBarrow
Date Posted: 08 August 2007 at 4:27pm
|
We have reports from our users indicating the same problem (build 700). In researching this report, we think found a seemingly unrelated issue which may give the appearance of a whitelisted email not coming through. In situations where an email was addressed to several recipients and one or two had the sender whitelisted while the others did not, the email is sent to the whitelisted recipients (as it should be) but the email is also quarantined for ALL the recipients in the list instead of just those without a whitelist entry. This gives the appearance of a previously whitelisted address being blocked when the user checks the quarantine later. This situation is causing us a LOT of problems...!!! Roy The mail is |
Posted By: LogSat
Date Posted: 08 August 2007 at 4:28pm
|
Terry, We can't replicate this, the email should have been whitelisted. The filtering order can be found at http://www.logsat.com/spamfilter/forums/forum_posts.asp?TID=5171#7776 - www.logsat.com/spamfilter/forums/forum_posts.asp?TID=5171#77 76 . As you can see, most whitelists are always checked before the blacklists. If you're using SpamFilter ISP "standard", can you please edit the file: \SpamFilter\Domains\SFI\Filters.ini and check to ensure that WL_AuthorizedTOEmailsFileName entry has the full path to the WL_AuthorizedTOEmails.txt file (drive letter + path), and not just a relative filename by itself? ------------- Roberto Franceschetti http://www.logsat.com" rel="nofollow - LogSat Software http://www.logsat.com/sfi-spam-filter.asp" rel="nofollow - Spam Filter ISP |
Posted By: Terry
Date Posted: 08 August 2007 at 9:23pm
|
Roberto, here is what I have in that line WL_AuthorizedTOEmailsFileName=
does this need to be changed? |
Posted By: LogSat
Date Posted: 08 August 2007 at 10:17pm
|
No, that entry should be fine. Could you please email us at support at logsat dot com that AutoWhiteListForceDelivery.txt file, and the \SpamFilter\Domains\SFI\Filters.ini as well?
------------- Roberto Franceschetti http://www.logsat.com" rel="nofollow - LogSat Software http://www.logsat.com/sfi-spam-filter.asp" rel="nofollow - Spam Filter ISP |
Posted By: Terry
Date Posted: 09 August 2007 at 9:20am
|
Those files have now been emailed to you...in reading the previous posts I did notice that the line in our filters.ini that was for WL_AuthorizedTOEmailsFileName= is blank...does the other line supercede that entry? |
Posted By: LogSat
Date Posted: 09 August 2007 at 12:53pm
|
Terry, We received the files, and everything does indeed look in order. We're trying to determine what happened, as that email should have indeed been whitelisted. In regards to the "WL_AuthorizedTOEmailsFileName" entry, if you are not using the "AuthorizedTO" list, it's normal for it to be blank. That filter is used only if you wish to provide SpamFilter with a list of all the valid email accounts on your system. If you do provide it, SpamFilter will only accept emails for those users and will reject all others. ------------- Roberto Franceschetti http://www.logsat.com" rel="nofollow - LogSat Software http://www.logsat.com/sfi-spam-filter.asp" rel="nofollow - Spam Filter ISP |
Posted By: LogSat
Date Posted: 12 August 2007 at 12:00pm
|
We've been looking thru several days of logfiles, and have found a bug in SpamFilter which could have caused the AutoWhiteListForceDelivery.txt to become corrupted. The following log entries do point to a possible problem: 07/16/07 07:36:36:921 -- (3400) Exception occurred during FindMatchInStringList: Invalid pointer operation 07/16/07 07:36:36:953 -- (2528) Reloading file for tblWL_AutoWhiteListForceDelivery: AutoWhiteListForceDelivery.txt We've fixed the bug in red above with build 3.5.4.705 that has just been uploaded in the registered user area of the website. Please note that we are still not 100% certain that the above bug was indeed the cause for the AutoWhiteList corruption. We are currently examining the other logs to see if this issue occurred more than once. ------------- Roberto Franceschetti http://www.logsat.com" rel="nofollow - LogSat Software http://www.logsat.com/sfi-spam-filter.asp" rel="nofollow - Spam Filter ISP |
Posted By: Terry
Date Posted: 12 August 2007 at 12:42pm
| Thanks Roberto....I want you to know how much I appreciate the great support we have had for this product. Whenever we have had a problem you have been right on it to either fix it or show us what we did wrong...Great job..I want you to know I have recommended this product many time to others.... |
Posted By: LogSat
Date Posted: 12 August 2007 at 8:13pm
|
Thank you for the support! We just finished going thru your logs, and saw the exact same erros on the 9th, 11th, 16th and 18th. In all cases the two events I mentioned in the above post in red and green occur within 10-50 milliseconds of each other. While we still cannot replicate the issue in the lab, I can confirm that there was a bug in the code isolation within SpamFilter that could have caused it to happen. As we found 5 instances (two of them on happened on the 11th), I'm at this point pretty certain that this bug should be what caused you to loose entries in the AutoWhiteListForceDelivery.txt file. Build 705 that we uploaded should have taken care of it. Please do let us know if you see further problems, as when there's an error we can't duplicate in the lab, there's always a level of uncertainty that we cannot avoid. ------------- Roberto Franceschetti http://www.logsat.com" rel="nofollow - LogSat Software http://www.logsat.com/sfi-spam-filter.asp" rel="nofollow - Spam Filter ISP |
Posted By: pcmatt
Date Posted: 13 August 2007 at 8:18am
|
Roberto, This issue still exists in build 704. Had a complaint on this today. This is related to your "email splitting" logic. What happens is that SpamFilter correctly splits the email for the purpose of sending only to whitelisted users and not others in the message, however, since one or more recipients are not whitelisted EVERYONE gets a copy of the item in their quarantines.
So the email being "split" is processed correctly in terms of delivering the message, however, the quarantine entries are not split, causing a confusing entry in each of the whitelisted recipient's quarantines.
-Matt ------------- -Matt R |
Posted By: LogSat
Date Posted: 13 August 2007 at 9:54pm
|
Matt, This issue is different from the one reported by Terry. We've however patched this one too, and the fix will be included in the next released build. Please contact us if you wish to receive this intermediate build privately. ------------- Roberto Franceschetti http://www.logsat.com" rel="nofollow - LogSat Software http://www.logsat.com/sfi-spam-filter.asp" rel="nofollow - Spam Filter ISP |
Posted By: LogSat
Date Posted: 14 August 2007 at 7:13am
Update. Due to popular demand via emails  we pre-released build 3.5.4.707 in the registered user area. The release notes are as usually posted on our website. This is the relevant section:// New to VersionNumber = '3.5.4.707'; {TODO -cNew : Added option in SpamFilter.ini file: HideXSFWhiteListedReasonHeader} {TODO -cNew : In SFE, SpamFilter is able to now startup even if the database server is unavailable} {TODO -cFix : If a spam email is split so that it is delivered for whitelisted recipients but blocked for the rest, it was still being stored in the quarantine database for all receipients, including the whitelisted ones} {TODO -cFix : The HTML parser used to detect blank html emails was expecting legitimate opening and closing html tags to define text, and was ignoring any text outside these tags. This could cause very short html emails to appear blank if they were not following correct html syntax. We are now auto-fixing the invalid html code to be less restrictive} // New to VersionNumber = '3.5.4.705'; {TODO -cNew : "Exception occurred during FindMatchInStringList: Invalid pointer operation" errors could cause problems with the reloading of some black / white lists} {TODO -cNew : Added the logging of the filesize when reloading the black / white list files} {TODO -cNew : The SURBL blacklist is not being automatically sorted to allow user-defined order} {TODO -cNew : Added options in [authentication settings] of SpamFilter.ini: ActiveDirectoryAuthAppendDefaultDomain, ActiveDirectoryAuthPrefixDefaultDomain to automatically append or prefix the default domain when authenticating users via SMTP AUTH} ------------- Roberto Franceschetti http://www.logsat.com" rel="nofollow - LogSat Software http://www.logsat.com/sfi-spam-filter.asp" rel="nofollow - Spam Filter ISP |