Print Page | Close Window

Filter Order

Printed From: LogSat Software
Category: Spam Filter ISP
Forum Name: Spam Filter ISP Support
Forum Description: General support for Spam Filter ISP
URL: https://www.logsat.com/spamfilter/forums/forum_posts.asp?TID=6771
Printed Date: 05 February 2025 at 6:13pm


Topic: Filter Order
Posted By: kspare
Subject: Filter Order
Date Posted: 11 November 2009 at 9:54am
  1. Why is Not in Authorized TO Emails so low in the list? we are having spam get into the quaruntine for people that don't exist. My customers are asking why?

Should the authto list supercede anything else?

In fact logically the allowed domain and auth too should be the first two things checked? If we delete a domain or an auth to list, it shouldn't get through. Period.

  2. Cached IP blacklist
  3. Greylist
  4.         Whitelisted IP
  5.         Whitelisted Email Address To
  6.         Whitelisted EMail Address From
  7.         Whitelisted Email From Domain
  8.         Whitelisted Auto White List Force Delivery
  9. Allowed Domains
  10. Local IP Blacklist
  11. Local Domain Blacklist
  12. Local Emails Blacklist
  13. Local Emails TO Blacklist
  14. Not in Authorized TO Emails
  15. Country Blacklist
  16. Reject No Reverse DNS
  17. Reject Empty Mail From
  18. Reject Same To From Email address
  19. Reject if Recipient's email in Honeypot email list
  20. Reject if IP in Honeypot-generated auto-ban list
  21. Reject Same To From Domain
  22. Recipient Count > Max RCPTTO
  23. MX Record check
  24. SFDB Filter
  25. SPF Filter
  26. MAPS check
    1.         Exceeded MaxMsgSizeForSpamFiltering
            Keyword Whitelist
  28. SFDC Filter
  29. Blank emails with attachments only
  30. Spam Images in PDFs
  31. Attachment Filter
  32. Keywords
  33. Image Filtering
  34. Bayesian Filtering
  35. SURBL check
  36. Resolve URLs and check IPs in MAPS
  37. Antivirus Plugin


Replies:
Posted By: LogSat
Date Posted: 19 November 2009 at 4:52pm
kspare had a very valid point, so today we released SpamFilter build 4.1.2.819 that changes the order of the filters. The updated list is being updated in http://www.logsat.com/SpamFilter/Forums/forum_posts.asp?TID=6726&KW=filter+order&title=filter-order-how-filters-are-applied - this forum thread .

If anyone has comments on if this "Not in Authorized TO Emails" filter should be placed even higher in the priority list, we'll monitor this thread for user-input.


-------------
Roberto Franceschetti

http://www.logsat.com" rel="nofollow - LogSat Software

http://www.logsat.com/sfi-spam-filter.asp" rel="nofollow - Spam Filter ISP

Posted By: kspare
Date Posted: 20 November 2009 at 8:15am
I've been thinking more about this, and I'm leaning towards the logic that allowed domains and authto should be after greylist, for the simple fact that if you host email, and you remove a domain, that domains whitelist etc is still valid.

It then allows the allowed domain and auth to, to kind of act like an access control list.

Posted By: yapadu
Date Posted: 21 November 2009 at 4:40am
Thanks for this change, we also noticed spam for email addresses that did not exist in quarantine.  We had built a script that ran every so often and removed from quarantine any messages that were to users that did not exist.

Posted By: Neolisk
Date Posted: 02 December 2009 at 11:36am
I was thinking if it's possible to let administrators choose the filter order per their needs. For instance, if we whitelist our customers, somebody can forge an email to make it look as if was coming from them and we will get it. From an odd IP, violating SPF etc. - just because the domain is whitelisted and this rule is applied earlier.

i.e. Usually we whitelist domains, because in one of their emails some content was blocked. So we want to be able to put domain whitelist rules just above content filtering, but after country blacklist, MX check, SPF and other useful blocking features.


Print Page | Close Window