Spam Filter ISP Support Forum

  New Posts New Posts RSS Feed - Is MAPS Work in Spamfilter ?
  FAQ FAQ  Forum Search   Register Register  Login Login

Is MAPS Work in Spamfilter ?

 Post Reply Post Reply
Author
Lee View Drop Down
Guest Group
Guest Group
Post Options Post Options   Thanks (0) Thanks(0)   Quote Lee Quote  Post ReplyReply Direct Link To This Post Topic: Is MAPS Work in Spamfilter ?
    Posted: 29 March 2003 at 12:00am

I have been evaluating Spamfilter and trying to figure out if it is actually helping. As I watch the activity screen there seems to be a LOT of spam that still gets through.

The Reverse DNS seems to catch a lot of mail but not sure the MAPS is actually working correctly.

I continue to receive emails from IP's that I know is listed in the MAP servers such as dnsbl.njabl.org.

Do all MAP servers require the "dnsbl.njabl.org, true" format ? Does the TRUE statement mean you get a reverse IP response ?

Any suggestions ?

Lee

Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4104
Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 29 March 2003 at 12:00am

Lee,

If you can email us your SpamFilter.ini file at support@logsat.com we can take a look at how you configured SpamFilter to make sure everything is working correctly.

The MAPS lookups are working correctly. I just checked our logs and we have thousands of rejects by njabl.org. Can you please let us know some examples of which IP you are referring to, and provide us with a copy of your SpamFilter logfile that shows the email getting thru?

The "true" next to a RBL means their DNS is expecting the IP to be reversed, i.e. to test a connection from 1.2.3.4 they expect a query for 4.3.2.1.bl.spamcop.net.

Hope this helps,

Roberto Franceschetti LogSat Software

Back to Top
Lee View Drop Down
Guest Group
Guest Group
Post Options Post Options   Thanks (0) Thanks(0)   Quote Lee Quote  Post ReplyReply Direct Link To This Post Posted: 29 March 2003 at 12:00am

Roberto, here is an example of what I am talking about.

This IP 67.34.45.66 was in an email I just received. When I do a lookup at http://www.njabl.org/cgi-bin/lookup.cgi?query=67.34.45.66

It shows up in their database as an open proxy. So why did this make it through Spamfilter and the MAPS lookup ?

Thanks again,

Lee

Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4104
Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 29 March 2003 at 12:00am

The IP 67.34.45.66 is currently listed by both bl.spamcop.net and dnsbl.njabl.org. SpamFilter should indeed have stopped it. As mentioned in the other posts, if you can send us your ini and a logfile we can take a look at what is happening on your system.

Roberto Franceschetti LogSat Software

Back to Top
Lee View Drop Down
Guest Group
Guest Group
Post Options Post Options   Thanks (0) Thanks(0)   Quote Lee Quote  Post ReplyReply Direct Link To This Post Posted: 29 March 2003 at 12:00am

Roberto, thanks for the reply.

I think part of the problem might be I needed to stop and restart the service so it would reload the ini file. But I looked at the log files and how can you tell if and what MAPS server is rejecting the email ?

The only thing I can see in the log file that mentions the MAPS search is... "MAPS search done... ."

Is there suppose to be a list of MAPS queries or rejection notices in the log file ?

Obviously there is a trade off between enough debug info and filling up your disk with useless log files.

Lee

Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4104
Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 29 March 2003 at 12:00am

Lee,

The logfile and the activity log in the GUI do show MAPS rejects, along with which RBL rejected the connection. Here's a sample from our own logs:

03/29/03 00:01:06:756 -- (414) Connection from: 208.237.122.151 - Originating country : United States 03/29/03 00:01:07:176 -- (414) Resolving 208.237.122.151 - mail2.adultdailydigest.com 03/29/03 00:01:07:176 -- (414) Mail from: bounce-kleckley_netwide.net@adultdailydigest.com 03/29/03 00:01:07:266 -- (414) - MAPS search done... 521 The IP 208.237.122.151 is Blacklisted by bl.spamcop.net.9Blocked - see http://spamcop.net/bl.shtml?208.237.122.151 . 03/29/03 00:01:07:266 -- (414) 208.237.122.151 - Mail from: bounce-kleckley_netwide.net@adultdailydigest.com To: kleckley@netwide.net will be quarantined 03/29/03 00:01:07:557 -- (414) EMail from sheri@adultdailydigest.com to kleckley@netwide.net was received and quarantined. Size: 1 KB 03/29/03 00:01:07:667 -- (414) Disconnect

Once making changes to the MAPS Servers in the SpamFilter's Settings tab, all that's needed is to click on the "Save Settings" button to activate them.

If you do not see lolg entries like the one above, there may be other problems in your config. We may be able to tell if you can send us a copy of your ini file and of one of your spamfilter logs.

Roberto Franceschetti LogSat Software .

Back to Top
Lee View Drop Down
Guest Group
Guest Group
Post Options Post Options   Thanks (0) Thanks(0)   Quote Lee Quote  Post ReplyReply Direct Link To This Post Posted: 29 March 2003 at 12:00am

Roberto, I figured out the problem.

On a 800x600 (at least mine) screen resolution the DNS SERVER field is covered up by the SAVE SETTINGS button. So I never entered my DNS info.

After getting your post I started staring at the INI file, line by line and noticed the DNS was 1.1.1.1. After changing this and restarting the app it is now blocking MAPS information.

Works great now ! Thanks.

Lee

Back to Top
Lee View Drop Down
Guest Group
Guest Group
Post Options Post Options   Thanks (0) Thanks(0)   Quote Lee Quote  Post ReplyReply Direct Link To This Post Posted: 29 March 2003 at 12:00am

Roberto, I emailed you the information you requested. Thanks for your help.

On a related topic....

If I enter an IP in the ORBS search box does it search the MAPS servers in my ini file ?

Can this be used as a tool to determine if my configuration is correct ? In other words if I enter a known blacklisted IP in the ORBS shouldn't it come back as "Found" ?

Lee

Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down



This page was generated in 0.297 seconds.