Print Page | Close Window

Spam not stopped

Printed From: LogSat Software
Category: Spam Filter ISP
Forum Name: Spam Filter ISP Support
Forum Description: General support for Spam Filter ISP
URL: https://www.logsat.com/spamfilter/forums/forum_posts.asp?TID=6471
Printed Date: 15 March 2025 at 12:23am


Topic: Spam not stopped
Posted By: sevo
Subject: Spam not stopped
Date Posted: 05 May 2008 at 10:57am
all,
 
we are seeing a number of messages getting through to our mail server. these messages typically have only two X-SF entries in the header.
 
is there anything wrong or is this expected behaviour?
 
not sure what next step would be to stop these
 
*********
 
Microsoft Mail Internet Headers Version 2.0
Received: from LogSatServer ([192.168.80.3]) by x.destination.com
with Microsoft SMTPSVC(6.0.3790.3959);
  Sat, 3 May 2008 11:12:48 +0200
Received: from 79.65.93.36 by  (LogSat Software SMTP Server); Sat, 3 May 2008 11:13:44 +0200
Message-ID: < mailto:000a01c8acfd$03d10bea$da57fea0@tesihsv - 000a01c8acfd$03d10bea$da57fea0@tesihsv >
From: "emery luiz" < mailto:xenos@sinagirl.com - xenos@sinagirl.com >
To: < mailto:sevo@volders.org - xy z@destination.com>
Subject: BUY CIALLIS GENERIC, order ciallis
Date: Sat, 03 May 2008 07:26:10 +0000
MIME-Version: 1.0
Content-Type: multipart/alternative;
 boundary="----=_NextPart_000_0007_01C8ACFD.03CC0305"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.3138
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198
X-Server: LogSat Software SMTP Server
X-SF-RX-Return-Path: < mailto:xenos@sinagirl.com - xenos@sinagirl.com >
X-SF-HELO-Domain: 79-65-93-36.dynamic.dsl.as9105.com
Return-Path: mailto:xenos@sinagirl.com - xenos@sinagirl.com
X-OriginalArrivalTime: 03 May 2008 09:12:48.0125 (UTC) FILETIME=[DB043AD0:01C8ACFD]


Replies:
Posted By: LogSat
Date Posted: 05 May 2008 at 5:22pm
Sevo,

In this case, we can see that SpamFilter did process the email but did not stop it. The IP that sent it, "79.65.93.36" is blacklisted in our SFDB blacklist, but we can't tell if it was blacklisted on Saturday when you received the email. We'd need to see your SpamFilter activity logfile, possibly trimmed to show the 30 minutes before and the 30 minutes after, the time the email was received (Saturday May 3, 11:13AM). If you can zip it and email it to us, along with your SpamFilter.ini file, and the contents of the \SpamFilter\Domains directory tree, we'll be glad to take a look.

-------------
Roberto Franceschetti

http://www.logsat.com" rel="nofollow - LogSat Software

http://www.logsat.com/sfi-spam-filter.asp" rel="nofollow - Spam Filter ISP

Posted By: LogSat
Date Posted: 06 May 2008 at 10:51pm
Sevo,

I'm afraid you may be having issues with your DNS server at 192.168.10.4. In this specific email, there was a DNS timeout while checking the MAPS servers to see if the P was blacklisted. The entries in your logs for this are:

05/05/08 18:35:04:349 -- (4312) DNS Error:TimedOut
05/05/08 18:35:04:506 -- (4312) - MAPS search done...

I scanned the section of logfile you sent, and it showed you received 5592 connections attempts during that day. However, during the same, day, SpamFilter experienced 1018 DNS timeout errors. Compared to the small amount of traffic you receive, the number of DNS timeouts is, I'm sorry to say, huge. Everytime there is a DNS timeout, the specific filter being checked (usually the MAPS filter, one of the most effective ones) will allow the email thru, as SpamFilter cannot risk stopping legitimate emails if there is a DNS error.

You will need to see why your DNS server is not responding in a timely manner. While SpamFilter does have a setting to increase the default DNS timeout, we strongly discourage against increasing it, as it may lead to other problems.


-------------
Roberto Franceschetti

http://www.logsat.com" rel="nofollow - LogSat Software

http://www.logsat.com/sfi-spam-filter.asp" rel="nofollow - Spam Filter ISP


Print Page | Close Window