By doing this, our customers do not have to create a new user on logsat any time they add a user to their mailserver. Our system therefore doesn't use the tblwl_authorizedtoemails table.

 

Instead, we put invalid users in the tblbl_emailsto list.

 

So far, so good. But today, we had a sender who sent an email to nine users on the domain, one of which was in the tblbl_emailsto list.

 

Spamfilter rejected the entire list, so the sender received an NDR stating none of the recipients were valid. And the email was rejected.

 

Logfile....

06/03/09 10:33:34:375 -- (1792) Received MAIL FROM: < mailto:store4906@senderdomain - store4906@senderdomain >
06/03/09 10:33:34:422 -- (1792) Received RCPT TO: mailto:charityr@example.com - charityr@example.com
06/03/09 10:33:37:203 -- (1792) Resolving 1.2.3.4 - cmsout01.mbox.net
06/03/09 10:33:43:265 -- (1792) - SPF analysis for senderdomain done: - none
06/03/09 10:33:43:265 -- (1792) Mail from: mailto:store4906@senderdomain - store4906@senderdomain
06/03/09 10:34:13:203 -- (1792) - MAPS search done...
06/03/09 10:34:13:203 -- (1792) RCPT TO: mailto:charityr@example.com - charityr@example.com accepted
06/03/09 10:34:13:234 -- (1792) Received RCPT TO: mailto:davidf@example.com - davidf@example.com
06/03/09 10:34:13:234 -- (1792) Mail from: mailto:store4906@senderdomain - store4906@senderdomain
06/03/09 10:34:13:234 -- (1792) RCPT TO: mailto:davidf@example.com - davidf@example.com accepted
06/03/09 10:34:13:281 -- (1792) Received RCPT TO: mailto:debbiew@example.com - debbiew@example.com
06/03/09 10:34:13:281 -- (1792) Mail from: mailto:store4906@senderdomain - store4906@senderdomain
06/03/09 10:34:13:281 -- (1792) RCPT TO: mailto:debbiew@example.com - debbiew@example.com accepted
06/03/09 10:34:13:328 -- (1792) Received RCPT TO: mailto:ellenr@example.com - ellenr@example.com
06/03/09 10:34:13:328 -- (1792) Mail from: mailto:store4906@senderdomain - store4906@senderdomain
06/03/09 10:34:13:328 -- (1792) RCPT TO: mailto:ellenr@example.com - ellenr@example.com accepted
06/03/09 10:34:13:375 -- (1792) Received RCPT TO: mailto:erink@example.com - erink@example.com
06/03/09 10:34:13:375 -- (1792) Mail from: mailto:store4906@senderdomain - store4906@senderdomain
06/03/09 10:34:13:375 -- (1792) RCPT TO: mailto:erink@example.com - erink@example.com accepted
06/03/09 10:34:13:422 -- (1792) Received RCPT TO: mailto:jessm@example.com - jessm@example.com
06/03/09 10:34:13:422 -- (1792) - EmailTO is in local blacklist file...
06/03/09 10:34:13:422 -- (1792) 1.2.3.4 - Mail from: mailto:store4906@senderdomain - store4906@senderdomain To: mailto:jessm@example.com - jessm@example.com will be rejected
06/03/09 10:34:13:453 -- (1792) Received RCPT TO: mailto:joanns@example.com - joanns@example.com
06/03/09 10:34:13:468 -- (1792) Mail from: mailto:store4906@senderdomain - store4906@senderdomain
06/03/09 10:34:13:468 -- (1792) 1.2.3.4 - Mail from: mailto:store4906@senderdomain - store4906@senderdomain To: mailto:joanns@example.com - joanns@example.com will be rejected
06/03/09 10:34:13:500 -- (1792) Received RCPT TO: mailto:katiec@example.com - katiec@example.com
06/03/09 10:34:13:500 -- (1792) Mail from: mailto:store4906@senderdomain - store4906@senderdomain
06/03/09 10:34:13:500 -- (1792) 1.2.3.4 - Mail from: mailto:store4906@senderdomain - store4906@senderdomain To: mailto:katiec@example.com - katiec@example.com will be rejected
06/03/09 10:34:13:547 -- (1792) Received RCPT TO: mailto:kimb@example.com - kimb@example.com
06/03/09 10:34:13:547 -- (1792) Mail from: mailto:store4906@senderdomain - store4906@senderdomain
06/03/09 10:34:13:547 -- (1792) 1.2.3.4 - Mail from: mailto:store4906@senderdomain - store4906@senderdomain To: mailto:kimb@example.com - kimb@example.com will be rejected
06/03/09 10:34:13:593 -- (1792) Received RCPT TO: mailto:rondat@example.com - rondat@example.com
06/03/09 10:34:13:593 -- (1792) Mail from: mailto:store4906@senderdomain - store4906@senderdomain
06/03/09 10:34:13:593 -- (1792) 1.2.3.4 - Mail from: mailto:store4906@senderdomain - store4906@senderdomain To: mailto:rondat@example.com - rondat@example.com will be rejected
06/03/09 10:34:13:953 -- (1792) Start virus scan
06/03/09 10:34:13:984 -- (1792) Starting bayesian procedures
06/03/09 10:34:14:062 -- (1792) Blacklist cache - Added 1.2.3.4 to limbo
06/03/09 10:34:14:218 -- (1792) SFDB - Added 1.2.3.4 - Response: Error=0
06/03/09 10:34:14:218 -- (1792) Disconnect

 

Does Logsat not have the granularity to deliver / process the message and simply NDR the single invalid recipient?

 

Being able to have a list of invalid recipients drastically reduces our Quarantine tables, which is great for performance. So I'd really like to be able to keep that methodology.

 

I'm just surprised that one bad user (jessm) prevented all the legitimate recipients from receiving the email...

 

Any tips/help greatly appreciated. Thanks!

 

The tblbl_emailsto and tblbl_honeypotemails seem to accomplish the same thing as each other today.

 

Maybe down the road, something to consider as an enhancement... Thanks!