Too Much Spam Still Getting Through
Printed From: LogSat Software
Category: Spam Filter ISP
Forum Name: Spam Filter ISP Support
Forum Description: General support for Spam Filter ISP
URL: https://www.logsat.com/spamfilter/forums/forum_posts.asp?TID=6360
Printed Date: 12 March 2025 at 8:29pm
Topic: Too Much Spam Still Getting Through
Posted By: saracen
Subject: Too Much Spam Still Getting Through
Date Posted: 21 January 2008 at 5:34pm
Currently, there is still a good amount of Spam getting through Spam Filter ISP when compared to other solutions we've had in place.
Over the course of a day I will get 15-20 messages that are spam in my inbox while only 2-4 show up in my quarantine. I know that more is getting disconnected based on being from foreign addresses, etc. but more is getting through than what we experienced with previous solutions. For example, with a competing product I would get2-4 messages per week in my inbox.
Also, I'm finding that clients of ours are having their emails rejected by the spam filter unless they are added to the domain-to-domain whitelist. Yet, nothing in the content once it's received is indicative of spam (they get an NDR that states that there was a spam signature embedded in the message).
Additionally, our clients that we have going through the filter also report the same things, that companies sending email to them get rejected unless defined in the domain-to-domain filter yet they continue to receive emails that are clearly and unquestionably spam in their inboxes.
One of the things we love about the product is that it drops connections from most sources limiting the bandwidth being used, but it's frustrating to our clients that mail that is clearly spam gets through while legitimate email is rejected unless the domain is whitelisted.
Any thoughts as to why this is happening?
|
Replies:
Posted By: Stupid
Date Posted: 21 January 2008 at 6:47pm
I am not trying to step on Roberto's toes, but if you want, you can post spamfilter.ini and filters.ini. we can probably help you a bit. A lot of other people here are far more knowledgeable too.
It takes some time to tune it and it also depends on your attractiveness. I run a very small shop and majority of my spam is caught under "honeypots."
1. Set up some keywords that you are sure your clients are not using.
2. Set up MAPS, SURBL, Attachments, SFDB, Filters (reject if no reverse DNS, invalid MX, Mail From=Mail TO, From Domain=To Domain)
3. Monitor a while, then turn on Country filters
4. Start to use Honeypots
|
Posted By: LogSat
Date Posted: 21 January 2008 at 6:48pm
saracen,
Most likely this is either caused by a misconfiguration in SpamFilter, or it is due to the fact that SpamFilter is not seeing the "real" IP address of the sender (this happens if you have another server process the emails before they reach SpamFilter, or if your firewall masks the IPs from the internet when NAT'ting them). If you can please zip and email us (support at logsat dot com) about one hour worth of logs from SpamFilter's activity logfile, along with the SpamFilter.ini file, and you let us know what version of SpamFilter you're using, we'll try to help.
Please also include the various text files containing your configuration files, especially the one containing the list of your local domains.
-------------
Roberto Franceschetti
http://www.logsat.com" rel="nofollow - LogSat Software
http://www.logsat.com/sfi-spam-filter.asp" rel="nofollow - Spam Filter ISP
|
Posted By: saracen
Date Posted: 21 January 2008 at 9:05pm
Thank you. I've gathered the logs and config files and will be sending them in tonight.
|
Posted By: __M__
Date Posted: 22 January 2008 at 2:06am
|
saracen, just my 2 cents worth:
Persist with the configuration of SFI as from our testing it is the most accurate, affordable and best supported anti-spam product going around.
I'm a big fan-boy because the product is so great (and keeps getting greater).
Mike
|
Posted By: LogSat
Date Posted: 25 January 2008 at 9:43pm
For the record, the logs showed that the MAPS RBLs, the SURBLs and the SPF filters where not stopping any spam. Further research pinpointed the problem with the DNS servers that SpamFilter was using. None of the DNS servers were configured as forwarders, and thus all DNS queries were not being answered. Changing DNS servers allowed all the above 3 filters to function again.
-------------
Roberto Franceschetti
http://www.logsat.com" rel="nofollow - LogSat Software
http://www.logsat.com/sfi-spam-filter.asp" rel="nofollow - Spam Filter ISP
|
Posted By: lewiskerns
Date Posted: 10 September 2008 at 9:55am
|
LogSat,
I'm having similar problems with those filters not stopping any spam. Can you elaborate on the changes you made to the DNS servers? Currently, I'musing my local router as well as my ISP's DNS.
|
Posted By: LogSat
Date Posted: 10 September 2008 at 4:44pm
lewiskerns,
If you can zip and email us (support @ logsat.com) about one hour's worth of activity from your SpamFilter activity logfile, we'll be glad to look into this for you. Please include your SpamFilter.ini file, and your entire SpamFilter\domains directory structure (all files and folders).
-------------
Roberto Franceschetti
http://www.logsat.com" rel="nofollow - LogSat Software
http://www.logsat.com/sfi-spam-filter.asp" rel="nofollow - Spam Filter ISP
|
Posted By: lewiskerns
Date Posted: 10 September 2008 at 5:20pm
|
Thanks LogSat. I made some changes earlier today to my MAPS and SURBL lists, as well as updated my DNS servers and they seem to be catching emails now.
|
|