Keyword Whitelist |
Post Reply 
|
| Author | |
rdemeyer 
Newbie 
Joined: 29 October 2007 Location: United States Status: Offline Points: 10 |
 Post Options
 Thanks(0)
 Quote Reply
 Topic: Keyword WhitelistPosted: 09 November 2010 at 3:17pm |
|
Lately we are getting SPAM mail past the filters due to Keyword Whitelist. I have two domains in the Keyword Whitelist (added from a previous issue). There are now messages that show they are passed to the receipient as "Keyword Whitelist". I find NOTHING in these messages that even closely matches the two items in the Whitelist, how can I figure out why they are passing? Thanks
Randy
Edited these headers to tidy up the REAL info.
Microsoft Mail Internet Headers Version 2.0
Received: from Tue, 9 Nov 2010 10:38:56 -0600 Received: from 66.207.162.202 by (LogSat Software SMTP Server); Tue, 9 Nov 2010 10:38:56 -0600 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=default; d=adighedemove.net; h=To:Message-ID:Date:Mime-Version:Subject:From:Content-type; i=info@adighedemove.net; bh=1koPN7z07mUtbZJ1mAeszMaENo8=; b=CXJbxhH4KbCtN+Z1nQyVL4wdAOu8Y2rE5j9BHXDP5S/LChR80EnDs0HU97+y9oNyyvLKeDhFNYoF 2H0sLobFetRNozsPKyAV3WD0k5DADPGWEE00J4xaHZKUhgSW5+7CcmXQqoFvKvWa3w47h6udiJ1m CjHLX4xYiiw2z0UFGGU= DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=default; d=adighedemove.net; b=MJRNG53kgYHZuoQRiX79asIOQFCl/LkilzkddVnTxTUfFS9hnS6LYw9dCYkxHNHkW7Klba0AKMkI 0FHoHtAjkH1pQ7xILx+hUNmSn9/duGcDunAWwsI+eaRcbAnwUvgkoucEE+jcehxAXXSs8CAT4kue CZOhh6RE1Akf6/E0EfE=; To: <XXX@iwatsu.com> Message-ID: <12753691507079543821475@sfa202.adighedemove.net> Date: Tue, 9 Nov 2010 11:36:55 -0500 Mime-Version: 1.0 Subject: Blue Cross Blue Shield is offering Affordable Health Insurance From: "Affordable Health-Rates" <info@adighedemove.net> Content-type: multipart/alternative; boundary="_NextPart_MDIxMjY3NTY3NDcyMTQ3NWE4ZWFhMDA5YTk3YzhiNWI_" X-Server: LogSat Software SMTP Server X-SF-RX-Return-Path: <info@adighedemove.net> X-SF-HELO-Domain: sfa202.adighedemove.net X-SF-Originating-IP: 66.207.162.202 X-SF-WhiteListedReason: keyword whitelist match Return-Path: info@adighedemove.net X-OriginalArrivalTime: 09 Nov 2010 16:38:56.0382 (UTC) FILETIME=[9A2E19E0:01CB802C] --_NextPart_MDIxMjY3NTY3NDcyMTQ3NWE4ZWFhMDA5YTk3YzhiNWI_
Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit Content-Disposition: inline --_NextPart_MDIxMjY3NTY3NDcyMTQ3NWE4ZWFhMDA5YTk3YzhiNWI_
Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 8bit Content-Disposition: inline |
|
 |
|
|
LogSat
Admin Group 
Joined: 25 January 2005 Location: United States Status: Offline Points: 4104 |
Post Options
Thanks(0)
Quote Reply
Posted: 09 November 2010 at 10:24pm |
|
rdemeyer,
If you look in SpamFilter's activity logfile for the entries relative to this email, you should find two entries similar to the following, which will display the specific whitelist keyword that was matched to the content of the email: 11/08/10 22:03:10:750 -- (2820) Found Keywords: [spamfilter_test_keyword] 11/08/10 22:03:10:765 -- (2820) Bypassed all rules for: test1@test.logsat.com from test2@test.logsat.com - keyword whitelist match |
|
|
|
|
rdemeyer
Newbie
Joined: 29 October 2007 Location: United States Status: Offline Points: 10 |
Post Options
Thanks(0)
Quote Reply
Posted: 10 November 2010 at 4:03pm |
|
Here is a sample of one from the logs. I still don't get it. :/
11/09/10 10:38:55:695 -- (7140) Connection from: 66.207.162.202 - Originating country : United States
11/09/10 10:38:55:914 -- (7140) Received MAIL FROM: <info@adighedemove.net> 11/09/10 10:38:55:929 -- (7140) Received RCPT TO: X1@iwatsu.com 11/09/10 10:38:55:960 -- (7140) Resolving 66.207.162.202 - Not found 11/09/10 10:38:55:960 -- (7140) - Reverse DNS not found - 11/09/10 10:38:55:960 -- (7140) 66.207.162.202 - Mail from: info@adighedemove.net To: X1@iwatsu.com will be rejected 11/09/10 10:38:56:023 -- (7140) Bypassed all rules for: X1@iwatsu.com from info@adighedemove.net - keyword whitelist match 11/09/10 10:38:56:023 -- (7140) Starting queueing procedures 11/09/10 10:38:56:023 -- (7140) EMail from info@adighedemove.net to X1@iwatsu.com was queued. Size: 15 KB, 15360 bytes 11/09/10 10:38:56:054 -- (7140) Received MAIL FROM: <info@adighedemove.net>
11/09/10 10:38:56:070 -- (7140) Received RCPT TO: X2@iwatsu.com 11/09/10 10:38:56:101 -- (7140) - Reverse DNS not found - 11/09/10 10:38:56:101 -- (7140) 66.207.162.202 - Mail from: info@adighedemove.net To: X2@iwatsu.com will be rejected 11/09/10 10:38:56:257 -- (7140) Bypassed all rules for: X2@iwatsu.com from info@adighedemove.net - keyword whitelist match 11/09/10 10:38:56:257 -- (7140) Starting queueing procedures 11/09/10 10:38:56:257 -- (7140) EMail from info@adighedemove.net to dcarissimi@iwatsu.com was queued. Size: 15 KB, 15360 bytes 11/09/10 10:38:56:273 -- (7140) Disconnect |
|
|
|
|
LogSat
Admin Group
Joined: 25 January 2005 Location: United States Status: Offline Points: 4104 |
Post Options
Thanks(0)
Quote Reply
Posted: 10 November 2010 at 10:26pm |
|
..if that is indeed the complete log, then I'm scratching my head too....!
Could you please zip us (support at logsat dot com) the entire section of that SpamFilter's activity logfile from 10:30 to 11:00 so we can have a better look? Please also include a copy of the \SpamFilter\Domains directory tree in the zip. If the file containing the whitelist keywords is outside of that directory, please include that as well.
|
|
|
|
Topic Options|
Post Reply
|
|
Tweet
|
| Forum Jump | Forum Permissions You cannot post new topics in this forum You cannot reply to topics in this forum You cannot delete your posts in this forum You cannot edit your posts in this forum You cannot create polls in this forum You cannot vote in polls in this forum |
This page was generated in 0.307 seconds.