Spam Filter ISP Support - GFI mail security test

Print Page | Close Window

GFI mail security test

Printed From: LogSat Software
Category: Spam Filter ISP
Forum Name: Spam Filter ISP Support
Forum Description: General support for Spam Filter ISP
URL: https://www.logsat.com/spamfilter/forums/forum_posts.asp?TID=5497
Printed Date: 12 March 2025 at 7:33am

Topic: GFI mail security test

Posted By: Benny
Subject: GFI mail security test
Date Posted: 09 February 2006 at 5:27pm

Interesting.

02/09/06 15:05:06:847 -- (5376) Connection from: 69.20.55.130 - Originating country : United States
02/09/06 15:05:07:081 -- (2096) Connection from: 69.20.55.130 - Originating country : United States
02/09/06 15:05:07:237 -- (5376) Resolving 69.20.55.130 - gfiservers.gfi.com
02/09/06 15:05:07:269 -- (5376) found SPF record for gfi.com: v=spf1 ip4:80.85.99.13 ip4:80.85.100.4 ip4:69.20.55.130 ip4:69.20.55.131 ip4:69.20.55.132 ip4:69.20.55.135 ip4:69.20.55.136 ip4:69.20.55.137 ip4:66.162.193.195 ip4:66.162.193.196 ~all
02/09/06 15:05:07:284 -- (5376) SPF query result: pass
02/09/06 15:05:07:284 -- (5376) - SPF analysis for gfi.com done: - pass
02/09/06 15:05:07:300 -- (5376) Mail from: mailto:emailtesting@gfi.com - emailtesting@gfi.com
02/09/06 15:05:07:331 -- (5376) - MAPS search done...
02/09/06 15:05:07:331 -- (5376) RCPT TO: mailto:benny@mycompany.com - benny@mycompany.com accepted
02/09/06 15:05:07:440 -- (2096) Resolving 69.20.55.130 - gfiservers.gfi.com
02/09/06 15:05:07:472 -- (2096) found SPF record for gfi.com: v=spf1 ip4:80.85.99.13 ip4:80.85.100.4 ip4:69.20.55.130 ip4:69.20.55.131 ip4:69.20.55.132 ip4:69.20.55.135 ip4:69.20.55.136 ip4:69.20.55.137 ip4:66.162.193.195 ip4:66.162.193.196 ~all
02/09/06 15:05:07:472 -- (2096) SPF query result: pass
02/09/06 15:05:07:487 -- (2096) - SPF analysis for gfi.com done: - pass
02/09/06 15:05:07:503 -- (2096) Mail from: mailto:emailtesting@gfi.com - emailtesting@gfi.com
02/09/06 15:05:07:519 -- (2096) - MAPS search done...
02/09/06 15:05:07:534 -- (2096) RCPT TO: mailto:benny@mycompany.com - benny@mycompany.com accepted
02/09/06 15:05:07:550 -- (5376) Found Keywords: [Found prohibited attachment: viewthis.jpg.vbs]
02/09/06 15:05:07:565 -- (5376) EMail from mailto:emailtesting@gfi.com - emailtesting@gfi.com to mailto:benny@mycompany.com - benny@mycompany.com was sent to NULL
02/09/06 15:05:07:722 -- (2096) Found Keywords: [Found prohibited attachment: viewthis.jpg.{3050f4d8-98b5-11cf-bb82-00aa00bdce0b}]
02/09/06 15:05:07:753 -- (2096) EMail from mailto:emailtesting@gfi.com - emailtesting@gfi.com to mailto:benny@mycompany.com - benny@mycompany.com was sent to NULL
02/09/06 15:05:07:769 -- (5376) Mail from: mailto:emailtesting@gfi.com - emailtesting@gfi.com
02/09/06 15:05:07:769 -- (5376) 69.20.55.130 - Mail from: mailto:emailtesting@gfi.com - emailtesting@gfi.com To: mailto:benny@mycompany.com - benny@mycompany.com will be sent to NULL
02/09/06 15:05:07:909 -- (5376) EMail from mailto:emailtesting@gfi.com - emailtesting@gfi.com to mailto:benny@mycompany.com - benny@mycompany.com was sent to NULL
02/09/06 15:05:07:956 -- (2096) Mail from: mailto:emailtesting@gfi.com - emailtesting@gfi.com
02/09/06 15:05:07:956 -- (2096) 69.20.55.130 - Mail from: mailto:emailtesting@gfi.com - emailtesting@gfi.com To: mailto:benny@mycompany.com - benny@mycompany.com will be sent to NULL
02/09/06 15:05:08:112 -- (2096) EMail from mailto:emailtesting@gfi.com - emailtesting@gfi.com to mailto:benny@mycompany.com - benny@mycompany.com was sent to NULL
02/09/06 15:05:08:112 -- (5376) Mail from: mailto:emailtesting@gfi.com - emailtesting@gfi.com
02/09/06 15:05:08:128 -- (5376) 69.20.55.130 - Mail from: mailto:emailtesting@gfi.com - emailtesting@gfi.com To: mailto:benny@mycompany.com - benny@mycompany.com will be sent to NULL
02/09/06 15:05:08:269 -- (5376) EMail from mailto:emailtesting@gfi.com - emailtesting@gfi.com to mailto:benny@mycompany.com - benny@mycompany.com was sent to NULL
02/09/06 15:05:08:300 -- (2096) Mail from: mailto:emailtesting@gfi.com - emailtesting@gfi.com
02/09/06 15:05:08:347 -- (2096) 69.20.55.130 - Mail from: mailto:emailtesting@gfi.com - emailtesting@gfi.com To: mailto:benny@mycompany.com - benny@mycompany.com will be sent to NULL
02/09/06 15:05:08:503 -- (5376) Mail from: mailto:emailtesting@gfi.com - emailtesting@gfi.com
02/09/06 15:05:08:503 -- (5376) 69.20.55.130 - Mail from: mailto:emailtesting@gfi.com - emailtesting@gfi.com To: mailto:benny@mycompany.com - benny@mycompany.com will be sent to NULL
02/09/06 15:05:08:550 -- (2096) EMail from mailto:emailtesting@gfi.com - emailtesting@gfi.com to mailto:benny@mycompany.com - benny@mycompany.com was sent to NULL
02/09/06 15:05:08:644 -- (5376) EMail from mailto:emailtesting@gfi.com - emailtesting@gfi.com to mailto:benny@mycompany.com - benny@mycompany.com was sent to NULL
02/09/06 15:05:08:769 -- (2096) Mail from: mailto:emailtesting@gfi.com - emailtesting@gfi.com
02/09/06 15:05:08:769 -- (2096) 69.20.55.130 - Mail from: mailto:emailtesting@gfi.com - emailtesting@gfi.com To: mailto:benny@mycompany.com - benny@mycompany.com will be sent to NULL
02/09/06 15:05:08:831 -- (5376) Mail from: mailto:emailtesting@gfi.com - emailtesting@gfi.com
02/09/06 15:05:08:831 -- (5376) 69.20.55.130 - Mail from: mailto:emailtesting@gfi.com - emailtesting@gfi.com To: mailto:benny@mycompany.com - benny@mycompany.com will be sent to NULL
02/09/06 15:05:08:909 -- (2096) EMail from mailto:emailtesting@gfi.com - emailtesting@gfi.com to mailto:benny@mycompany.com - benny@mycompany.com was sent to NULL
02/09/06 15:05:08:987 -- (5376) EMail from mailto:emailtesting@gfi.com - emailtesting@gfi.com to mailto:benny@mycompany.com - benny@mycompany.com was sent to NULL
02/09/06 15:05:09:112 -- (2096) Mail from: mailto:emailtesting@gfi.com - emailtesting@gfi.com
02/09/06 15:05:09:128 -- (2096) 69.20.55.130 - Mail from: mailto:emailtesting@gfi.com - emailtesting@gfi.com To: mailto:benny@mycompany.com - benny@mycompany.com will be sent to NULL
02/09/06 15:05:09:159 -- (5376) Mail from: mailto:emailtesting@gfi.com - emailtesting@gfi.com
02/09/06 15:05:09:175 -- (5376) 69.20.55.130 - Mail from: mailto:emailtesting@gfi.com - emailtesting@gfi.com To: mailto:benny@mycompany.com - benny@mycompany.com will be sent to NULL
02/09/06 15:05:09:253 -- (2096) EMail from mailto:emailtesting@gfi.com - emailtesting@gfi.com to mailto:benny@mycompany.com - benny@mycompany.com was sent to NULL
02/09/06 15:05:09:300 -- (5376) EMail from mailto:emailtesting@gfi.com - emailtesting@gfi.com to mailto:benny@mycompany.com - benny@mycompany.com was sent to NULL
02/09/06 15:05:09:425 -- (2096) Mail from: mailto:emailtesting@gfi.com - emailtesting@gfi.com
02/09/06 15:05:09:440 -- (2096) 69.20.55.130 - Mail from: mailto:emailtesting@gfi.com - emailtesting@gfi.com To: mailto:benny@mycompany.com - benny@mycompany.com will be sent to NULL
02/09/06 15:05:09:487 -- (5376) Mail from: mailto:emailtesting@gfi.com - emailtesting@gfi.com
02/09/06 15:05:09:487 -- (5376) 69.20.55.130 - Mail from: mailto:emailtesting@gfi.com - emailtesting@gfi.com To: mailto:benny@mycompany.com - benny@mycompany.com will be sent to NULL
02/09/06 15:05:09:550 -- (2096) EMail from mailto:emailtesting@gfi.com - emailtesting@gfi.com to mailto:benny@mycompany.com - benny@mycompany.com was sent to NULL
02/09/06 15:05:09:597 -- (5376) EMail from mailto:emailtesting@gfi.com - emailtesting@gfi.com to mailto:benny@mycompany.com - benny@mycompany.com was sent to NULL
02/09/06 15:05:09:737 -- (2096) Mail from: mailto:emailtesting@gfi.com - emailtesting@gfi.com
02/09/06 15:05:09:737 -- (2096) 69.20.55.130 - Mail from: mailto:emailtesting@gfi.com - emailtesting@gfi.com To: mailto:benny@mycompany.com - benny@mycompany.com will be sent to NULL
02/09/06 15:05:09:784 -- (5376) Mail from: mailto:emailtesting@gfi.com - emailtesting@gfi.com
02/09/06 15:05:09:800 -- (5376) 69.20.55.130 - Mail from: mailto:emailtesting@gfi.com - emailtesting@gfi.com To: mailto:benny@mycompany.com - benny@mycompany.com will be sent to NULL
02/09/06 15:05:09:862 -- (2096) EMail from mailto:emailtesting@gfi.com - emailtesting@gfi.com to mailto:benny@mycompany.com - benny@mycompany.com was sent to NULL
02/09/06 15:05:09:909 -- (5376) EMail from mailto:emailtesting@gfi.com - emailtesting@gfi.com to mailto:benny@mycompany.com - benny@mycompany.com was sent to NULL
02/09/06 15:05:10:050 -- (2096) Mail from: mailto:emailtesting@gfi.com - emailtesting@gfi.com
02/09/06 15:05:10:050 -- (2096) 69.20.55.130 - Mail from: mailto:emailtesting@gfi.com - emailtesting@gfi.com To: mailto:benny@mycompany.com - benny@mycompany.com will be sent to NULL
02/09/06 15:05:10:097 -- (5376) Mail from: mailto:emailtesting@gfi.com - emailtesting@gfi.com
02/09/06 15:05:10:097 -- (5376) 69.20.55.130 - Mail from: mailto:emailtesting@gfi.com - emailtesting@gfi.com To: mailto:benny@mycompany.com - benny@mycompany.com will be sent to NULL
02/09/06 15:05:10:175 -- (2096) EMail from mailto:emailtesting@gfi.com - emailtesting@gfi.com to mailto:benny@mycompany.com - benny@mycompany.com was sent to NULL
02/09/06 15:05:10:222 -- (5376) EMail from mailto:emailtesting@gfi.com - emailtesting@gfi.com to mailto:benny@mycompany.com - benny@mycompany.com was sent to NULL
02/09/06 15:05:10:362 -- (2096) Mail from: mailto:emailtesting@gfi.com - emailtesting@gfi.com
02/09/06 15:05:10:362 -- (2096) 69.20.55.130 - Mail from: mailto:emailtesting@gfi.com - emailtesting@gfi.com To: mailto:benny@mycompany.com - benny@mycompany.com will be sent to NULL
02/09/06 15:05:10:409 -- (5376) Mail from: mailto:emailtesting@gfi.com - emailtesting@gfi.com
02/09/06 15:05:10:409 -- (5376) 69.20.55.130 - Mail from: mailto:emailtesting@gfi.com - emailtesting@gfi.com To: mailto:benny@mycompany.com - benny@mycompany.com will be sent to NULL
02/09/06 15:05:10:487 -- (2096) EMail from mailto:emailtesting@gfi.com - emailtesting@gfi.com to mailto:benny@mycompany.com - benny@mycompany.com was sent to NULL
02/09/06 15:05:10:534 -- (5376) EMail from mailto:emailtesting@gfi.com - emailtesting@gfi.com to mailto:benny@mycompany.com - benny@mycompany.com was sent to NULL
02/09/06 15:05:10:675 -- (2096) Mail from: mailto:emailtesting@gfi.com - emailtesting@gfi.com
02/09/06 15:05:10:690 -- (2096) 69.20.55.130 - Mail from: mailto:emailtesting@gfi.com - emailtesting@gfi.com To: mailto:benny@mycompany.com - benny@mycompany.com will be sent to NULL
02/09/06 15:05:10:722 -- (5376) Exceeded maximum number of RCPT TO (11) - Disconnecting 69.20.55.130
02/09/06 15:05:10:722 -- (5376) 69.20.55.130 - Mail from: mailto:emailtesting@gfi.com - emailtesting@gfi.com To: mailto:benny@mycompany.com - benny@mycompany.com will be sent to NULL
02/09/06 15:05:10:831 -- (2096) EMail from mailto:emailtesting@gfi.com - emailtesting@gfi.com to mailto:benny@mycompany.com - benny@mycompany.com was sent to NULL
02/09/06 15:05:10:878 -- (5376) EMail from mailto:emailtesting@gfi.com - emailtesting@gfi.com to mailto:benny@mycompany.com - benny@mycompany.com was sent to NULL
02/09/06 15:05:11:034 -- (2096) Exceeded maximum number of RCPT TO (11) - Disconnecting 69.20.55.130
02/09/06 15:05:11:050 -- (2096) 69.20.55.130 - Mail from: mailto:emailtesting@gfi.com - emailtesting@gfi.com To: mailto:benny@mycompany.com - benny@mycompany.com will be sent to NULL
02/09/06 15:05:11:081 -- (5376) Exceeded maximum number of RCPT TO (12) - Disconnecting 69.20.55.130
02/09/06 15:05:11:097 -- (5376) 69.20.55.130 - Mail from: mailto:emailtesting@gfi.com - emailtesting@gfi.com To: mailto:benny@mycompany.com - benny@mycompany.com will be sent to NULL
02/09/06 15:05:11:190 -- (2096) EMail from mailto:emailtesting@gfi.com - emailtesting@gfi.com to mailto:benny@mycompany.com - benny@mycompany.com was sent to NULL
02/09/06 15:05:11:222 -- (5376) EMail from mailto:emailtesting@gfi.com - emailtesting@gfi.com to mailto:benny@mycompany.com - benny@mycompany.com was sent to NULL
02/09/06 15:05:11:253 -- (2096) Blacklist cache - Added 69.20.55.130 to limbo
02/09/06 15:05:11:269 -- (2096) Disconnect
02/09/06 15:05:11:284 -- (5376) Blacklist cache - Updated limbo counter for 69.20.55.130

Replies:

Posted By: Desperado
Date Posted: 09 February 2006 at 7:46pm

What?

-------------
The Desperado
Dan Seligmann.
Work: http://www.mags.net
Personal: http://www.desperado.com

Posted By: LogSat
Date Posted: 09 February 2006 at 7:54pm

Looks like gfi.com is either infected or is testing Benny's servers... They're sending however a vbs attachment:

[Found prohibited attachment: viewthis.jpg.vbs]

and that is a very, very strange way of "testing"... !

The IP 69.20.55.130 really appears to be from gfi, as pinging gfiservers.gfi.com does indeed resolve to 69.20.55.130.

Weird, or better put, interesting, as Benny said.

-------------
Roberto Franceschetti

http://www.logsat.com" rel="nofollow - LogSat Software

http://www.logsat.com/sfi-spam-filter.asp" rel="nofollow - Spam Filter ISP

Posted By: Guests
Date Posted: 09 February 2006 at 9:20pm

They send over those files to test how secure your email system is. I would suggest all of you guys try it. It's interesting that Spamfilter ISP immediately thought it's a spammer and blocked all emails. :-)

I added their email address into whitelist and 4 of them came into my mail box. that is not good.

http://www.gfi.com/emailsecuritytest/ - http://www.gfi.com/emailsecuritytest/

Posted By: LogSat
Date Posted: 09 February 2006 at 10:42pm

If you add them to a whitelist they will bypass all filtering rules and be delivered, which is exactly what the whitelist is for. The only exception is if the email contains a virus, and you're using our antivirus plugin. In this case, any viruses will be blocked regardless of the whitelists.

Another special case is the IP blacklist cache. As this filter disconnects the remote IP even before any content is sent, if a sender has sent spam before and is thus in the IP blacklist cache, any attempts to send emails from a whitelisted address will fail, as the connection will be dropped before the sender's address is provided.

-------------
Roberto Franceschetti

http://www.logsat.com" rel="nofollow - LogSat Software

http://www.logsat.com/sfi-spam-filter.asp" rel="nofollow - Spam Filter ISP

Print Page | Close Window