Print Page | Close Window

Bypassed all rules

Printed From: LogSat Software
Category: Spam Filter ISP
Forum Name: Spam Filter ISP Support
Forum Description: General support for Spam Filter ISP
URL: https://www.logsat.com/spamfilter/forums/forum_posts.asp?TID=1728
Printed Date: 28 December 2024 at 2:01am


Topic: Bypassed all rules
Posted By: Guests
Subject: Bypassed all rules
Date Posted: 18 August 2003 at 5:03pm

Just installed SpamFilter ISP, with no black/whitelists, and only one keyword for testing. I keep getting "Bypassed all rules for..." in the log, no matter the sender or recipient, and of course the keyword filter fails.

Any ideas?

Thanks.




Replies:
Posted By: LogSat
Date Posted: 19 August 2003 at 8:10pm

Can you either post or email at support @ logsat.com a copy of your SpamFilter.ini file?

Roberto F.
LogSat Software



Posted By: Guests
Date Posted: 20 August 2003 at 4:02pm

Here is the spamfilter.ini. Thanks.

[blacklists]
; a true after an ordb entry means their DNS is expecting the IP to be reversed
; i.e. to test a connection from 1.2.3.4 they expect 4.3.2.1.bl.spamcop.net
;site1=bl.spamcop.net, true
;site2=sbl.spamhaus.org, true
;site3=relays.osirusoft.com, true
;site4=spam.dnsrbl.net, true
;site5=dnsbl.njabl.org, true
;site6=dun.dnsrbl.net, true

[server settings]
; dns - your DNS server
dns=192.168.0.200

; the SpamFilter can be limited to listen on a specific IP:port. Leave empty for all IPs bound to nic
;ListenIP=209.26.140.2
ListenFQDN=mail.widgets.com
ListenPort=26

;The email address to use in Error Replies to senders
ErrorHandlerEmailAddress="System Administrator" < mailto:postmaster_no_reply@widgets.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - postmaster_no_reply@widgets.com >

; DestinationServer is where you want all mail received by SpamFilter to be forwarded to
DestinationServer=localhost
DestinationPort=24

; AllowPercent is used to accept (AllowPercent=1) or reject (AllowPercent=0) emails containing the % character.
; Many SMTP servers are susceptible to being tricked into relaying with this.
; Ex. if you are netwide.net, then a spammer can use
; mail to: mailto:joe%yahoo.com@netwide.net" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - joe%yahoo.com@netwide.net
; to relay mail to mailto:joe@yahoo.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - joe@yahoo.com if your server is vulnerable
; Setting AllowPercent to 1 rejects ALL recipients email addresses conatining the % sign
AllowPercent=0

;log daily activity to logfiles
Logging=1
ListenIP=
LocalIPBlackListFileName=
ExcludedFromEmailsFileName=
LocalDomainsBlackListFileName=
KeywordsFileName=C:\Program Files\SFISP\keywords.txt
ExcludedDomainsFileName=
AuthorizedTOEmailsFileName=
LocalEMailsBlacklistFileName=
LocalEMailsTOBlacklistFileName=
ExcludedEmailsFileName=
LogKeywords=1
AutoVersionCheck=0
DisableConnectionsGrid=0
RejectNoReverse=0
RejectNoReverseForceDelete=0
RejectEmptyMailFrom=0
RejectEmptyMailFromForceDelete=0
RejectSameToFrom=0
RejectSameToFromForceDelete=0
RejectSameToFromDomain=0
RejectSameToFromDomainForceDelete=0
BlackListForceDelete=0
ContentFilterForceDelete=0
LocalIPBlacklistForceDelete=0
LocalDomainsBlacklistForceDelete=0
CountriesForceDelete=0
LocalEmailsBlacklistForceDelete=0
LocalEmailsTOBlacklistForceDelete=0
RememberStats=1
MaxInboundConnections=40
MaxRCPTTO=20
MinMAPS=1
FlushQueueInterval=60
MaxMsgSizeForKeywordScan=64
ArchiveSpamDays=0
DeleteExpiredEmailInterval=60
DisableEHLO=0


[allowed domains]
allow1=widgets.com
; avoid being ourselves an open relay...
; enter here the recipient domains that SpamFilter will accept.
; I.E. if you are hosting netwide.net, then only emails addressed to mailto:user@netwide.net" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - user@netwide.net will
; be accepted and passed on to your DestinationServer.
; if your first entry is allow1=* then all emails will be accepted (not recommended)
; allow1=*


[exclude from orbs check]
; if you REALLY must be able to receive emails from a domain which is
; blacklisted, you can bypass the filter by adding it here...
;exclude1=somedomain1.com
;exclude2=somdomain.com
[Error Response]
ResponseBlacklistedMAPS=521 The IP %IP% is Blacklisted by %MAPSResponse%.
ResponseBlacklistLocalIP=521 The IP %IP% is Blacklisted.
ResponseBlacklistLocalDomain=521 The domain %Domain% is Blacklisted.
ResponseBlacklistLocalEMail=521 The EMail %EMailFrom% is Blacklisted.
ResponseBlacklistLocalEMailTo=521 The EMail %EMailTo% is Blacklisted.
ResponseNoReverseDNS=557 Your IP %IP% does not have a reverse DNS entry. Disconnecting...
ResponseMaxRCPTTO=557 You exceeded then maximum number of RCPT TO. Disconnecting...
ResponseCountryBlacklist=557 Your IP address is from a blacklisted country. Disconnecting..
ResponseRelayRestricted=557 You are not allowed to send mail to %EMailTo%
ResponseKeywordMatch=557 This email is rejected. It contains keywords rejected by the antispam content filter.
[stats]
RequestCount=14
EMailsBlocked=0
EMailsForwarded:=14
EmailsReceived=14
[statscountry]
C0=14
C1=0
C2=0
C3=0
C4=0
C5=0
C6=0
C7=0
C8=0
C9=0
C10=0
C11=0
C12=0
C13=0
C14=0
C15=0
C16=0
C17=0
C18=0
C19=0
C20=0
C21=0
C22=0
C23=0
C24=0
C25=0
C26=0
C27=0
C28=0
C29=0
C30=0
C31=0
C32=0
C33=0
C34=0
C35=0
C36=0
C37=0
C38=0
C39=0
C40=0
C41=0
C42=0
C43=0
C44=0
C45=0
C46=0
C47=0
C48=0
C49=0
C50=0
C51=0
C52=0
C53=0
C54=0
C55=0
C56=0
C57=0
C58=0
C59=0
C60=0
C61=0
C62=0
C63=0
C64=0
C65=0
C66=0
C67=0
C68=0
C69=0
C70=0
C71=0
C72=0
C73=0
C74=0
C75=0
C76=0
C77=0
C78=0
C79=0
C80=0
C81=0
C82=0
C83=0
C84=0
C85=0
C86=0
C87=0
C88=0
C89=0
C90=0
C91=0
C92=0
C93=0
C94=0
C95=0
C96=0
C97=0
C98=0
C99=0
C100=0
C101=0
C102=0
C103=0
C104=0
C105=0
C106=0
C107=0
C108=0
C109=0
C110=0
C111=0
C112=0
C113=0
C114=0
C115=0
C116=0
C117=0
C118=0
C119=0
C120=0
C121=0
C122=0
C123=0
C124=0
C125=0
C126=0
C127=0
C128=0
C129=0
C130=0
C131=0
C132=0
C133=0
C134=0
C135=0
C136=0
C137=0
C138=0
C139=0
C140=0
C141=0
C142=0
C143=0
C144=0
C145=0
C146=0
C147=0
C148=0
C149=0
C150=0
C151=0
C152=0
C153=0
C154=0
C155=0
C156=0
C157=0
C158=0
C159=0
C160=0
C161=0
C162=0
C163=0
C164=0
C165=0
C166=0
C167=0
C168=0
C169=0
C170=0
C171=0
C172=0
C173=0
C174=0
C175=0
C176=0
C177=0
C178=0
C179=0
C180=0
C181=0
C182=0
C183=0
C184=0
C185=0
C186=0
C187=0
C188=0
C189=0
C190=0
C191=0
C192=0
C193=0
C194=0
C195=0
C196=0
C197=0
C198=0
C199=0
C200=0
C201=0
C202=0
C203=0
C204=0
C205=0
C206=0
C207=0
C208=0
C209=0
C210=0
C211=0
C212=0
C213=0
C214=0
C215=0
C216=0
C217=0
C218=0
C219=0
C220=0
C221=0
C222=0
C223=0
C224=0
C225=0
C226=0
C227=0
C228=0
C229=0
C230=0
C231=0
C232=0
C233=0
C234=0
C235=0
C236=0
C237=0
C238=0
C239=0
C240=0
C241=0
C242=0
C243=0
C244=0
C245=0

 



Posted By: LogSat
Date Posted: 21 August 2003 at 1:03am

The ini file looks and works fine, we were not able to replicate the problem.

Can you please post or email us also a copy of your keywords.txt file, and an excerpt of the spamfilter activity log that shows the incoming connection up to the point where you see the entry indicating the "bypass all rules"?

Roberto
LogSat Software



Posted By: Guests
Date Posted: 21 August 2003 at 12:46pm

Keywerds.txt contains a single line:

spamfilteringrocks
(trailing line feed)

The log snippet is:

08/20/03 12:41:44:712 -- Listening on all IPs port 26
08/20/03 12:41:45:728 -- Starting to process queue directory...
08/20/03 12:44:02:946 -- (458) Connection from: 127.0.0.1  -  Originating country : N/A
08/20/03 12:44:03:415 -- (458) Resolving 127.0.0.1 - localhost
08/20/03 12:44:03:415 -- (458) Bypassed all rules for: mailto:administrator@widgets.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - administrator@widgets.com from mailto:no_reply@widgetstoo.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - no_reply@widgetstoo.com

Thanks.



Posted By: LogSat
Date Posted: 21 August 2003 at 4:45pm

Mistery solved. You're attempting to test from the server itself (127.0.0.1). By default, SpamFilter trusts its own IP, so you will be able to send email anywhere bypassing all rules if you are physically on the server at 127.0.0.1.

If you use any opther IPs you should see normal behavior.

Roberto F.
LogSat Software



Posted By: Guests
Date Posted: 21 August 2003 at 6:25pm

Ah... this makes sense. Is there any configuration switch to turn off that default behaviour? 

Thanks.



Posted By: LogSat
Date Posted: 21 August 2003 at 11:17pm

No, that's hardcoded in the application...

Roberto
LogSat Software




Print Page | Close Window