Why did this not get quarantined?
Printed From: LogSat Software
Category: Spam Filter ISP
Forum Name: Spam Filter ISP Support
Forum Description: General support for Spam Filter ISP
URL: https://www.logsat.com/spamfilter/forums/forum_posts.asp?TID=6637
Printed Date: 05 February 2025 at 1:08pm
Topic: Why did this not get quarantined?
Posted By: Straker
Subject: Why did this not get quarantined?
Date Posted: 20 March 2009 at 1:31pm
|
Here's the issue. This message's header was clearly labeled spam (via DNSBL zen.spamhaus) by logsat, but it was forwarded to the email address anyway, and the log file shows no problem. It should have been quarantined. Header:
Log File:
Thanks. |
Replies:
Posted By: LogSat
Date Posted: 20 March 2009 at 10:50pm
|
Staker,
Actually SpamFilter did not label the email as spam in the headers due to spamhaus. If that had happened, you would have seen an entry like the following: X-Rejection-Reason: 12 - 521 The IP 87.30.11.157 is Blacklisted by sbl-xbl.spamhaus.org. http://www.spamhaus.org/query/bl?ip= 87.30.11.157 -- The entry you see in the headers: X-DN-Spam-Blacklisted-By-DNSBL: sbl-xbl.spamhaus.org (blacklisted sender IP was 87.30.11.157) was *not* added by SpamFilter. The question is thus "why didn't SpamFilter check the spamhaus RBL blacklist? Could you then please check the "MAPS Servers" blacklist to ensure you have a list of valid MAPS RBL servers, with the correct trailing suffix (usually ",true") at the end? The list should look similar to the screenshot at: http://www.logsat.com/sfi-spam-filter-screenshots/sfi-more-filtering-options.asp If you are running SpamFilter ISP "standard" instead of Enterprise, the tab should also contain a valid path+filename to store the list of servers. ------------- Roberto Franceschetti http://www.logsat.com" rel="nofollow - LogSat Software http://www.logsat.com/sfi-spam-filter.asp" rel="nofollow - Spam Filter ISP |
Posted By: Straker
Date Posted: 21 March 2009 at 5:09pm
|
The only MAPS Server I have listed is: zen.spamhaus.org, true and the checkbox for "Do not quarantine rejected emails from this blacklist" is UNCHECKED. Spamhaus is detecting that IP address as blacklisted. but for some reason, it appears that SpamFilter did not check spamhaus even though its listed in my MAPS server list. My email server (where SpamFilter forwarded the message to) must have flagged the header, after it checked spamhaus (notice the "sbl-xbl" subdomain instead of the now recommended "zen"). hmmm..... I am running SpamFilter standard |
Posted By: LogSat
Date Posted: 22 March 2009 at 11:02pm
|
Could you please zip and email us (at support at logsat.com) the section of SpamFilter's activity logfile for the 20th, from 2AM to 4AM, so we can take a look? Please also include your SpamFilter.ini file and the entire \SpamFilter\Domains directory structure. We don't see other test being performed either, the most likely cause at this point indicating an issue with your DNS server(s). With this data we should be able to find out more info on what is happening. ------------- Roberto Franceschetti http://www.logsat.com" rel="nofollow - LogSat Software http://www.logsat.com/sfi-spam-filter.asp" rel="nofollow - Spam Filter ISP |