how can I tell if maps servers are being checked |
Post Reply |
Author | |
Terry
Senior Member Joined: 06 February 2005 Status: Offline Points: 155 |
Post Options
Thanks(0)
Posted: 30 July 2014 at 11:15am |
I am running v4.5.1.98...we continue to get more and more spam getting to our staff....nearly every time I research the ip's of the sender I am finding them blocked by one of our maps providers....this morning I got a spam message that made it through at about 6:30am...when I looked up the address at 7am I find that spamhaus-zen blacklisted the address.....
This seems to be a regular occurrence...is there a logging option to see if it really is testing the maps servers? I am getting more and more complaints from the staff about spam getting through that wasn't before. Also seeing some errors from the sfdc process at times in the log that are new but I don't believe that has anything to do with it. 07/30/14 06:27:41:840 -- (145381504) Detected TCP Connection: 173.232.22.70
07/30/14 06:27:41:840 -- (145381504) Connection from: 173.232.22.70 - Originating country : United States 07/30/14 06:27:41:965 -- (145381504) Received MAIL FROM: LaserTreatmentforToenails@fungus-toenails.info 07/30/14 06:27:42:012 -- (145389312) Received RCPT TO: xxxxxxxxxxx@portptld.com 07/30/14 06:27:42:027 -- (145381504) Received RCPT TO: sxxxxxxx@portofportland.com 07/30/14 06:27:42:043 -- (145381504) Resolving 173.232.22.70 - 173-232-22.static.rdns.serverhub.com 07/30/14 06:27:42:043 -- (145381504) found SPF record for fungus-toenails.info: v=spf1 a mx ip4:173.232.22.0/24 -all 07/30/14 06:27:42:043 -- (145381504) SPF query result: pass 07/30/14 06:27:42:043 -- (145381504) - SPF analysis for fungus-toenails.info done: - pass 07/30/14 06:27:42:043 -- (145381504) Mail from: LaserTreatmentforToenails@fungus-toenails.info 07/30/14 06:27:42:043 -- (145389312) Resolving 212.117.36.229 - client-36-229.speedy-net.bg 07/30/14 06:27:42:043 -- (145381504) - MAPS search done... 07/30/14 06:27:42:043 -- (145381504) RCPT TO: xxxxxxxxrs@portofportland.com accepted 07/30/14 06:27:42:183 -- (145381504) Checking SFDC 07/30/14 06:27:42:183 -- (145381504) Checking SFDE 07/30/14 06:27:42:215 -- (145381504) EMail from LaserTreatmentforToenails@fungus-toenails.info to stan.watters@portofportland.com passes Bayesian filter - 0% spam (32ms) 07/30/14 06:27:42:215 -- (145381504) Checking SURBL 07/30/14 06:27:42:230 -- (145381504) Start virus scan 07/30/14 06:27:42:246 -- (145381504) Starting queueing procedures 07/30/14 06:27:42:246 -- (145381504) EMail from LaserTreatmentforToenails@fungus-toenails.info to stan.watters@portofportland.com was queued (IndyF093449A-0C76-4080-B3DC-209CE21B2CB4.~tmp). Size: 4 KB, 4575 bytes 07/30/14 06:27:42:246 -- (145381504) Created thread (127311888) to handle delivery 07/30/14 06:27:42:246 -- (127311888) Sending email from LaserTreatmentforToenails@fungus-toenails.info to xxxxxxxs@portofportland.com -- 07/30/14 06:27:42:293 -- (145389312) - Invalid MX record - 07/30/14 06:27:42:293 -- (145389312) 212.117.36.229 - Mail from: lberryf4@client-36-229.speedy-net.bg To: xxxxxy@portptld.com will be rejected 07/30/14 06:27:43:057 -- (145389312) Start virus scan 07/30/14 06:27:43:088 -- (145389312) Warning - SFDC_WebErrorsUpload has reached its limit, SFDC checks are paused temporarily 07/30/14 06:27:43:088 -- (145389312) Warning - SFDC_WebErrorsUpload has reached its limit, SFDC checks are paused temporarily 07/30/14 06:27:43:104 -- (145389312) Starting quarantine procedures 07/30/14 06:27:43:104 -- (145389312) Created thread (145364608) to add email to quarantine 07/30/14 06:27:43:104 -- (145389312) Starting bayesian procedures |
|
LogSat
Admin Group Joined: 25 January 2005 Location: United States Status: Offline Points: 4104 |
Post Options
Thanks(0)
|
Terry,
If you go to the "Activity Log" tab in SpamFilter, you will see an input box where you can enter an IP and check to see if it listed in one of the MAPS RBL servers in SpamFilter by clicking on the "Check if IP in ORBS" button. If the IP is blacklisted, you will see this message replace the IP address being searched: 521 The IP 173.232.22.70 is Blacklisted by zen.spamhaus.org. ttp://www.spamhaus.org/sbl/query/SBLCSS -- -- You can also see if IPs are being blocked by looking at SpamFilter's activity logfiles for messages similar to this: 07/29/14 00:11:21:704 -- (20930032) - MAPS search done... 521 The IP 107.184.134.107 is Blacklisted by cbl.abuseat.org. locked - see http://cbl.abuseat.org/lookup.cgi?ip=107.184.134.107 -- -- I highlighted in bold the text that will always be present when a match is found - the rest depends on the specific IP and the response by the MAPS RBL server. If you do not see any emails being blocked by your MAPS servers, if you'd like to zip us the following so we can take a look:
• SpamFilter's latest activity logfile • The \SpamFilter\Domains directory structure (if the files containing any of your blacklists/whitelists are outside that directory tree, please include those as well. If the zipped file is over 8MB in size, I'll send you via PM a URL you can use to upload us the zip. |
|
Post Reply | |
Tweet
|
Forum Jump | Forum Permissions You cannot post new topics in this forum You cannot reply to topics in this forum You cannot delete your posts in this forum You cannot edit your posts in this forum You cannot create polls in this forum You cannot vote in polls in this forum |
This page was generated in 0.117 seconds.