Spam Filter ISP Support Forum

  New Posts New Posts RSS Feed - how can I tell if maps servers are being checked
  FAQ FAQ  Forum Search   Register Register  Login Login

how can I tell if maps servers are being checked

 Post Reply Post Reply
Author
Terry View Drop Down
Senior Member
Senior Member


Joined: 06 February 2005
Status: Offline
Points: 155
Post Options Post Options   Thanks (0) Thanks(0)   Quote Terry Quote  Post ReplyReply Direct Link To This Post Topic: how can I tell if maps servers are being checked
    Posted: 30 July 2014 at 11:15am
I am running v4.5.1.98...we continue to get more and more spam getting to our staff....nearly every time I research the ip's of the sender I am finding them blocked by one of our maps providers....this morning I got a spam message that made it through at about 6:30am...when I looked up the address at 7am I find that spamhaus-zen blacklisted the address.....
This seems to be a regular occurrence...is there a logging option to see if it really is testing the maps servers?  I am getting more and more complaints from the staff about spam getting through that wasn't before. 
Also seeing some errors from the sfdc process at times in the log that are new but I don't believe that has anything to do with it.
 
07/30/14 06:27:41:840 -- (145381504) Detected TCP Connection: 173.232.22.70
07/30/14 06:27:41:840 -- (145381504) Connection from: 173.232.22.70  -  Originating country : United States
07/30/14 06:27:41:965 -- (145381504) Received MAIL FROM: LaserTreatmentforToenails@fungus-toenails.info
07/30/14 06:27:42:012 -- (145389312) Received RCPT TO: xxxxxxxxxxx@portptld.com
07/30/14 06:27:42:027 -- (145381504) Received RCPT TO: sxxxxxxx@portofportland.com
07/30/14 06:27:42:043 -- (145381504) Resolving 173.232.22.70 - 173-232-22.static.rdns.serverhub.com
07/30/14 06:27:42:043 -- (145381504) found SPF record for fungus-toenails.info: v=spf1 a mx ip4:173.232.22.0/24 -all
07/30/14 06:27:42:043 -- (145381504) SPF query result: pass
07/30/14 06:27:42:043 -- (145381504) - SPF analysis for fungus-toenails.info done: - pass
07/30/14 06:27:42:043 -- (145381504) Mail from: LaserTreatmentforToenails@fungus-toenails.info
07/30/14 06:27:42:043 -- (145389312) Resolving 212.117.36.229 - client-36-229.speedy-net.bg
07/30/14 06:27:42:043 -- (145381504) - MAPS search done...
07/30/14 06:27:42:043 -- (145381504) RCPT TO: xxxxxxxxrs@portofportland.com accepted
07/30/14 06:27:42:183 -- (145381504) Checking SFDC
07/30/14 06:27:42:183 -- (145381504) Checking SFDE
07/30/14 06:27:42:215 -- (145381504) EMail from LaserTreatmentforToenails@fungus-toenails.info to stan.watters@portofportland.com passes Bayesian filter - 0% spam  (32ms)
07/30/14 06:27:42:215 -- (145381504) Checking SURBL
07/30/14 06:27:42:230 -- (145381504) Start virus scan
07/30/14 06:27:42:246 -- (145381504) Starting queueing procedures
07/30/14 06:27:42:246 -- (145381504) EMail from LaserTreatmentforToenails@fungus-toenails.info to stan.watters@portofportland.com was queued (IndyF093449A-0C76-4080-B3DC-209CE21B2CB4.~tmp). Size: 4 KB, 4575 bytes
07/30/14 06:27:42:246 -- (145381504) Created thread (127311888) to handle delivery
07/30/14 06:27:42:246 -- (127311888) Sending email from LaserTreatmentforToenails@fungus-toenails.info to xxxxxxxs@portofportland.com --
07/30/14 06:27:42:293 -- (145389312) - Invalid MX record -
07/30/14 06:27:42:293 -- (145389312) 212.117.36.229 - Mail from: lberryf4@client-36-229.speedy-net.bg To: xxxxxy@portptld.com will be rejected
07/30/14 06:27:43:057 -- (145389312) Start virus scan
07/30/14 06:27:43:088 -- (145389312) Warning - SFDC_WebErrorsUpload has reached its limit, SFDC checks are paused temporarily
07/30/14 06:27:43:088 -- (145389312) Warning - SFDC_WebErrorsUpload has reached its limit, SFDC checks are paused temporarily
07/30/14 06:27:43:104 -- (145389312) Starting quarantine procedures
07/30/14 06:27:43:104 -- (145389312) Created thread (145364608) to add email to quarantine
07/30/14 06:27:43:104 -- (145389312) Starting bayesian procedures
Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4104
Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 30 July 2014 at 9:32pm
Terry,

If you go to the "Activity Log" tab in SpamFilter, you will see an input box where you can enter an IP and check to see if it listed in one of the MAPS RBL servers in SpamFilter by clicking on the "Check if IP in ORBS" button.

If the IP is blacklisted, you will see this message replace the IP address being searched:

521 The IP 173.232.22.70 is Blacklisted by zen.spamhaus.org. ttp://www.spamhaus.org/sbl/query/SBLCSS --  -- 

You can also see if IPs are being blocked by looking at SpamFilter's activity logfiles for messages similar to this:

07/29/14 00:11:21:704 -- (20930032) - MAPS search done... 521 The IP 107.184.134.107 is Blacklisted by cbl.abuseat.org. locked - see http://cbl.abuseat.org/lookup.cgi?ip=107.184.134.107 --  -- 

I highlighted in bold the text that will always be present when a match is found - the rest depends on the specific IP and the response by the MAPS RBL server.

If you do not see any emails being blocked by your MAPS servers, if you'd like to zip us the following so we can take a look:

• SpamFilter's latest activity logfile

• The \SpamFilter\Domains directory structure (if the files containing any of your blacklists/whitelists are outside that directory tree, please include those as well.


If the zipped file is over 8MB in size, I'll send you via PM a URL you can use to upload us the zip.




Roberto Franceschetti

LogSat Software

Spam Filter ISP
Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down



This page was generated in 0.164 seconds.