Spam Filter ISP Support Forum

  New Posts New Posts RSS Feed - GFI mail security test
  FAQ FAQ  Forum Search   Register Register  Login Login

GFI mail security test
 Post Reply Post Reply
Author
  Topic Search Topic Search  Topic Options Topic Options
Benny View Drop Down
Newbie
Newbie


Joined: 17 January 2006
Status: Offline
Points: 24 		Post Options Post Options   Thanks (0) Thanks(0)   Quote Benny Quote  Post ReplyReply Direct Link To This Post Topic: GFI mail security test
    Posted: 09 February 2006 at 5:27pm

Interesting.

02/09/06 15:05:06:847 -- (5376) Connection from: 69.20.55.130  -  Originating country : United States
02/09/06 15:05:07:081 -- (2096) Connection from: 69.20.55.130  -  Originating country : United States
02/09/06 15:05:07:237 -- (5376) Resolving 69.20.55.130 - gfiservers.gfi.com
02/09/06 15:05:07:269 -- (5376) found SPF record for gfi.com: v=spf1 ip4:80.85.99.13 ip4:80.85.100.4 ip4:69.20.55.130 ip4:69.20.55.131 ip4:69.20.55.132 ip4:69.20.55.135 ip4:69.20.55.136 ip4:69.20.55.137 ip4:66.162.193.195 ip4:66.162.193.196 ~all
02/09/06 15:05:07:284 -- (5376) SPF query result: pass
02/09/06 15:05:07:284 -- (5376) - SPF analysis for gfi.com done: - pass
02/09/06 15:05:07:300 -- (5376) Mail from: emailtesting@gfi.com
02/09/06 15:05:07:331 -- (5376) - MAPS search done...
02/09/06 15:05:07:331 -- (5376) RCPT TO: benny@mycompany.com accepted
02/09/06 15:05:07:440 -- (2096) Resolving 69.20.55.130 - gfiservers.gfi.com
02/09/06 15:05:07:472 -- (2096) found SPF record for gfi.com: v=spf1 ip4:80.85.99.13 ip4:80.85.100.4 ip4:69.20.55.130 ip4:69.20.55.131 ip4:69.20.55.132 ip4:69.20.55.135 ip4:69.20.55.136 ip4:69.20.55.137 ip4:66.162.193.195 ip4:66.162.193.196 ~all
02/09/06 15:05:07:472 -- (2096) SPF query result: pass
02/09/06 15:05:07:487 -- (2096) - SPF analysis for gfi.com done: - pass
02/09/06 15:05:07:503 -- (2096) Mail from: emailtesting@gfi.com
02/09/06 15:05:07:519 -- (2096) - MAPS search done...
02/09/06 15:05:07:534 -- (2096) RCPT TO: benny@mycompany.com accepted
02/09/06 15:05:07:550 -- (5376) Found Keywords: [Found prohibited attachment: viewthis.jpg.vbs]
02/09/06 15:05:07:565 -- (5376) EMail from emailtesting@gfi.com to benny@mycompany.com was sent to NULL
02/09/06 15:05:07:722 -- (2096) Found Keywords: [Found prohibited attachment: viewthis.jpg.{3050f4d8-98b5-11cf-bb82-00aa00bdce0b}]
02/09/06 15:05:07:753 -- (2096) EMail from emailtesting@gfi.com to benny@mycompany.com was sent to NULL
02/09/06 15:05:07:769 -- (5376) Mail from: emailtesting@gfi.com
02/09/06 15:05:07:769 -- (5376) 69.20.55.130 - Mail from: emailtesting@gfi.com To: benny@mycompany.com will be sent to NULL
02/09/06 15:05:07:909 -- (5376) EMail from emailtesting@gfi.com to benny@mycompany.com was sent to NULL
02/09/06 15:05:07:956 -- (2096) Mail from: emailtesting@gfi.com
02/09/06 15:05:07:956 -- (2096) 69.20.55.130 - Mail from: emailtesting@gfi.com To: benny@mycompany.com will be sent to NULL
02/09/06 15:05:08:112 -- (2096) EMail from emailtesting@gfi.com to benny@mycompany.com was sent to NULL
02/09/06 15:05:08:112 -- (5376) Mail from: emailtesting@gfi.com
02/09/06 15:05:08:128 -- (5376) 69.20.55.130 - Mail from: emailtesting@gfi.com To: benny@mycompany.com will be sent to NULL
02/09/06 15:05:08:269 -- (5376) EMail from emailtesting@gfi.com to benny@mycompany.com was sent to NULL
02/09/06 15:05:08:300 -- (2096) Mail from: emailtesting@gfi.com
02/09/06 15:05:08:347 -- (2096) 69.20.55.130 - Mail from: emailtesting@gfi.com To: benny@mycompany.com will be sent to NULL
02/09/06 15:05:08:503 -- (5376) Mail from: emailtesting@gfi.com
02/09/06 15:05:08:503 -- (5376) 69.20.55.130 - Mail from: emailtesting@gfi.com To: benny@mycompany.com will be sent to NULL
02/09/06 15:05:08:550 -- (2096) EMail from emailtesting@gfi.com to benny@mycompany.com was sent to NULL
02/09/06 15:05:08:644 -- (5376) EMail from emailtesting@gfi.com to benny@mycompany.com was sent to NULL
02/09/06 15:05:08:769 -- (2096) Mail from: emailtesting@gfi.com
02/09/06 15:05:08:769 -- (2096) 69.20.55.130 - Mail from: emailtesting@gfi.com To: benny@mycompany.com will be sent to NULL
02/09/06 15:05:08:831 -- (5376) Mail from: emailtesting@gfi.com
02/09/06 15:05:08:831 -- (5376) 69.20.55.130 - Mail from: emailtesting@gfi.com To: benny@mycompany.com will be sent to NULL
02/09/06 15:05:08:909 -- (2096) EMail from emailtesting@gfi.com to benny@mycompany.com was sent to NULL
02/09/06 15:05:08:987 -- (5376) EMail from emailtesting@gfi.com to benny@mycompany.com was sent to NULL
02/09/06 15:05:09:112 -- (2096) Mail from: emailtesting@gfi.com
02/09/06 15:05:09:128 -- (2096) 69.20.55.130 - Mail from: emailtesting@gfi.com To: benny@mycompany.com will be sent to NULL
02/09/06 15:05:09:159 -- (5376) Mail from: emailtesting@gfi.com
02/09/06 15:05:09:175 -- (5376) 69.20.55.130 - Mail from: emailtesting@gfi.com To: benny@mycompany.com will be sent to NULL
02/09/06 15:05:09:253 -- (2096) EMail from emailtesting@gfi.com to benny@mycompany.com was sent to NULL
02/09/06 15:05:09:300 -- (5376) EMail from emailtesting@gfi.com to benny@mycompany.com was sent to NULL
02/09/06 15:05:09:425 -- (2096) Mail from: emailtesting@gfi.com
02/09/06 15:05:09:440 -- (2096) 69.20.55.130 - Mail from: emailtesting@gfi.com To: benny@mycompany.com will be sent to NULL
02/09/06 15:05:09:487 -- (5376) Mail from: emailtesting@gfi.com
02/09/06 15:05:09:487 -- (5376) 69.20.55.130 - Mail from: emailtesting@gfi.com To: benny@mycompany.com will be sent to NULL
02/09/06 15:05:09:550 -- (2096) EMail from emailtesting@gfi.com to benny@mycompany.com was sent to NULL
02/09/06 15:05:09:597 -- (5376) EMail from emailtesting@gfi.com to benny@mycompany.com was sent to NULL
02/09/06 15:05:09:737 -- (2096) Mail from: emailtesting@gfi.com
02/09/06 15:05:09:737 -- (2096) 69.20.55.130 - Mail from: emailtesting@gfi.com To: benny@mycompany.com will be sent to NULL
02/09/06 15:05:09:784 -- (5376) Mail from: emailtesting@gfi.com
02/09/06 15:05:09:800 -- (5376) 69.20.55.130 - Mail from: emailtesting@gfi.com To: benny@mycompany.com will be sent to NULL
02/09/06 15:05:09:862 -- (2096) EMail from emailtesting@gfi.com to benny@mycompany.com was sent to NULL
02/09/06 15:05:09:909 -- (5376) EMail from emailtesting@gfi.com to benny@mycompany.com was sent to NULL
02/09/06 15:05:10:050 -- (2096) Mail from: emailtesting@gfi.com
02/09/06 15:05:10:050 -- (2096) 69.20.55.130 - Mail from: emailtesting@gfi.com To: benny@mycompany.com will be sent to NULL
02/09/06 15:05:10:097 -- (5376) Mail from: emailtesting@gfi.com
02/09/06 15:05:10:097 -- (5376) 69.20.55.130 - Mail from: emailtesting@gfi.com To: benny@mycompany.com will be sent to NULL
02/09/06 15:05:10:175 -- (2096) EMail from emailtesting@gfi.com to benny@mycompany.com was sent to NULL
02/09/06 15:05:10:222 -- (5376) EMail from emailtesting@gfi.com to benny@mycompany.com was sent to NULL
02/09/06 15:05:10:362 -- (2096) Mail from: emailtesting@gfi.com
02/09/06 15:05:10:362 -- (2096) 69.20.55.130 - Mail from: emailtesting@gfi.com To: benny@mycompany.com will be sent to NULL
02/09/06 15:05:10:409 -- (5376) Mail from: emailtesting@gfi.com
02/09/06 15:05:10:409 -- (5376) 69.20.55.130 - Mail from: emailtesting@gfi.com To: benny@mycompany.com will be sent to NULL
02/09/06 15:05:10:487 -- (2096) EMail from emailtesting@gfi.com to benny@mycompany.com was sent to NULL
02/09/06 15:05:10:534 -- (5376) EMail from emailtesting@gfi.com to benny@mycompany.com was sent to NULL
02/09/06 15:05:10:675 -- (2096) Mail from: emailtesting@gfi.com
02/09/06 15:05:10:690 -- (2096) 69.20.55.130 - Mail from: emailtesting@gfi.com To: benny@mycompany.com will be sent to NULL
02/09/06 15:05:10:722 -- (5376) Exceeded maximum number of RCPT TO (11) - Disconnecting 69.20.55.130
02/09/06 15:05:10:722 -- (5376) 69.20.55.130 - Mail from: emailtesting@gfi.com To: benny@mycompany.com will be sent to NULL
02/09/06 15:05:10:831 -- (2096) EMail from emailtesting@gfi.com to benny@mycompany.com was sent to NULL
02/09/06 15:05:10:878 -- (5376) EMail from emailtesting@gfi.com to benny@mycompany.com was sent to NULL
02/09/06 15:05:11:034 -- (2096) Exceeded maximum number of RCPT TO (11) - Disconnecting 69.20.55.130
02/09/06 15:05:11:050 -- (2096) 69.20.55.130 - Mail from: emailtesting@gfi.com To: benny@mycompany.com will be sent to NULL
02/09/06 15:05:11:081 -- (5376) Exceeded maximum number of RCPT TO (12) - Disconnecting 69.20.55.130
02/09/06 15:05:11:097 -- (5376) 69.20.55.130 - Mail from: emailtesting@gfi.com To: benny@mycompany.com will be sent to NULL
02/09/06 15:05:11:190 -- (2096) EMail from emailtesting@gfi.com to benny@mycompany.com was sent to NULL
02/09/06 15:05:11:222 -- (5376) EMail from emailtesting@gfi.com to benny@mycompany.com was sent to NULL
02/09/06 15:05:11:253 -- (2096) Blacklist cache - Added 69.20.55.130 to limbo
02/09/06 15:05:11:269 -- (2096) Disconnect
02/09/06 15:05:11:284 -- (5376) Blacklist cache - Updated limbo counter for 69.20.55.130
Back to Top
Desperado View Drop Down
Senior Member
Senior Member
Avatar

Joined: 27 January 2005
Location: United States
Status: Offline
Points: 1143 		Post Options Post Options   Thanks (0) Thanks(0)   Quote Desperado Quote  Post ReplyReply Direct Link To This Post Posted: 09 February 2006 at 7:46pm
What?
The Desperado
Dan Seligmann.
Work: http://www.mags.net
Personal: http://www.desperado.com
Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4104 		Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 09 February 2006 at 7:54pm
Looks like gfi.com is either infected or is testing Benny's servers... They're sending however a vbs attachment:

[Found prohibited attachment: viewthis.jpg.vbs]

and that is a very, very strange way of "testing"... !

The IP 69.20.55.130 really appears to be from gfi, as pinging gfiservers.gfi.com does indeed resolve to 69.20.55.130.

Weird, or better put, interesting, as Benny said.
Roberto Franceschetti

LogSat Software

Spam Filter ISP
Back to Top
Benny View Drop Down
Guest Group
Guest Group
Post Options Post Options   Thanks (0) Thanks(0)   Quote Benny Quote  Post ReplyReply Direct Link To This Post Posted: 09 February 2006 at 9:20pm

They send over those files to test how secure your email system is. I would suggest all of you guys try it.  It's interesting that Spamfilter ISP immediately thought it's a spammer and blocked all emails. :-)

I added their email address into whitelist and 4 of them came into my mail box. that is not good.

http://www.gfi.com/emailsecuritytest/
Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4104 		Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 09 February 2006 at 10:42pm
If you add them to a whitelist they will bypass all filtering rules and be delivered, which is exactly what the whitelist is for. The only exception is if the email contains a virus, and you're using our antivirus plugin. In this case, any viruses will be blocked regardless of the whitelists.

Another special case is the IP blacklist cache. As this filter disconnects the remote IP even before any content is sent, if a sender has sent spam before and is thus in the IP blacklist cache, any attempts to send emails from a whitelisted address will fail, as the connection will be dropped before the sender's address is provided.
Roberto Franceschetti

LogSat Software

Spam Filter ISP
Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down



This page was generated in 0.253 seconds.

Copyright (c)2002-2021 LogSat Software LLC - Sales: sales@LogSat.com
Contact Us