LogSat Software

Message Topic Search Topic Options Post Reply Create New Topic Printable Version Translate Topic

   Why is Not in Authorized TO Emails so low in the list? we are having spam get into the quaruntine for people that don't exist. My customers are asking why?

Should the authto list supercede anything else? 

In fact logically the allowed domain and auth too should be the first two things checked? If we delete a domain or an auth to list, it shouldn't get through. Period.

Cached IP blacklist
Greylist
        Whitelisted IP
        Whitelisted Email Address To
        Whitelisted EMail Address From
        Whitelisted Email From Domain
        Whitelisted Auto White List Force Delivery
Allowed Domains
Local IP Blacklist
Local Domain Blacklist
Local Emails Blacklist
Local Emails TO Blacklist
Not in Authorized TO Emails
Country Blacklist
Reject No Reverse DNS
Reject Empty Mail From
Reject Same To From Email address
Reject if Recipient's email in Honeypot email list
Reject if IP in Honeypot-generated auto-ban list
Reject Same To From Domain
Recipient Count > Max RCPTTO
MX Record check
SFDB Filter
SPF Filter
MAPS check
        Exceeded MaxMsgSizeForSpamFiltering        Keyword Whitelist
SFDC Filter
Blank emails with attachments only
Spam Images in PDFs
Attachment Filter
Keywords
Image Filtering
Bayesian Filtering
SURBL check
Resolve URLs and check IPs in MAPS
Antivirus Plugin

Author	Message Topic Search Topic Options Post Reply Create New Topic Printable Version Translate Topic
kspare Members Profile Send Private Message Find Members Posts Add to Buddy List Senior Member Joined: 26 January 2005 Location: Canada Status: Offline Points: 334	Post Options Post Reply Quote kspare Report Post Thanks(0) Quote Reply Topic: Filter Order Posted: 11 November 2009 at 9:54am
	Why is Not in Authorized TO Emails so low in the list? we are having spam get into the quaruntine for people that don't exist. My customers are asking why? Should the authto list supercede anything else? In fact logically the allowed domain and auth too should be the first two things checked? If we delete a domain or an auth to list, it shouldn't get through. Period. Cached IP blacklist Greylist Whitelisted IP Whitelisted Email Address To Whitelisted EMail Address From Whitelisted Email From Domain Whitelisted Auto White List Force Delivery Allowed Domains Local IP Blacklist Local Domain Blacklist Local Emails Blacklist Local Emails TO Blacklist Not in Authorized TO Emails Country Blacklist Reject No Reverse DNS Reject Empty Mail From Reject Same To From Email address Reject if Recipient's email in Honeypot email list Reject if IP in Honeypot-generated auto-ban list Reject Same To From Domain Recipient Count > Max RCPTTO MX Record check SFDB Filter SPF Filter MAPS check Exceeded MaxMsgSizeForSpamFiltering Keyword Whitelist SFDC Filter Blank emails with attachments only Spam Images in PDFs Attachment Filter Keywords Image Filtering Bayesian Filtering SURBL check Resolve URLs and check IPs in MAPS Antivirus Plugin

LogSat Members Profile Send Private Message Find Members Posts Add to Buddy List Admin Group Joined: 25 January 2005 Location: United States Status: Offline Points: 4104	Post Options Post Reply Quote LogSat Report Post Thanks(0) Quote Reply Posted: 19 November 2009 at 4:52pm
	kspare had a very valid point, so today we released SpamFilter build 4.1.2.819 that changes the order of the filters. The updated list is being updated in this forum thread. If anyone has comments on if this "Not in Authorized TO Emails" filter should be placed even higher in the priority list, we'll monitor this thread for user-input.
	Roberto Franceschetti LogSat Software Spam Filter ISP

kspare Members Profile Send Private Message Find Members Posts Add to Buddy List Senior Member Joined: 26 January 2005 Location: Canada Status: Offline Points: 334	Post Options Post Reply Quote kspare Report Post Thanks(0) Quote Reply Posted: 20 November 2009 at 8:15am
	I've been thinking more about this, and I'm leaning towards the logic that allowed domains and authto should be after greylist, for the simple fact that if you host email, and you remove a domain, that domains whitelist etc is still valid. It then allows the allowed domain and auth to, to kind of act like an access control list.

yapadu Members Profile Send Private Message Find Members Posts Add to Buddy List Senior Member Joined: 12 May 2005 Status: Offline Points: 297	Post Options Post Reply Quote yapadu Report Post Thanks(0) Quote Reply Posted: 21 November 2009 at 4:40am
	Thanks for this change, we also noticed spam for email addresses that did not exist in quarantine. We had built a script that ran every so often and removed from quarantine any messages that were to users that did not exist.

Neolisk Members Profile Send Private Message Find Members Posts Add to Buddy List Newbie Joined: 13 July 2009 Location: Toronto, ON Status: Offline Points: 27	Post Options Post Reply Quote Neolisk Report Post Thanks(0) Quote Reply Posted: 02 December 2009 at 11:36am
	I was thinking if it's possible to let administrators choose the filter order per their needs. For instance, if we whitelist our customers, somebody can forge an email to make it look as if was coming from them and we will get it. From an odd IP, violating SPF etc. - just because the domain is whitelisted and this rule is applied earlier. i.e. Usually we whitelist domains, because in one of their emails some content was blocked. So we want to be able to put domain whitelist rules just above content filtering, but after country blacklist, MX check, SPF and other useful blocking features. Edited by Neolisk - 02 December 2009 at 11:36am

LogSat Software

Site Navigation[Skip]

Spam Filter ISP Support Forum

Filter Order