Hi
Scott:
Here a log
entry.
Notice how
Dynamic-IP and Open-Relay were both triggered. Dynamic-IP is a TestsFailed
Contains filter for 4 different DUL/DYNA/DUHL test (each individual test has a
weight=0). Those tests do not show up in the first log line (since their
tests were 0).
However, they ALSO
do not show up in the "Tests Failed" line!?
Stranger yet,
Open-Relay is a TestsFailed Contains filter for 6 different open relay tests
(each one having a weight of 0). Again, they are not listed in the first
log line - but WHY does "DSBL" suddenly show in the "Tests Failed" line when the
individual Dynamic-IP tests are suppressed in that line?
02/19/2004 00:00:16 Q42d8809400a4d6a0 SPAMCOP:7 WEIGHTFILTER:6 DYNAMIC-IP:6 OPEN-RELAY:6 . Total
weight = 25.
02/19/2004 00:00:16 Q42d8809400a4d6a0 Bypassing whitelisting of E-mail with weight >=20 (25) and at least 1 recipients (1).
02/19/2004 00:00:16 Q42d8809400a4d6a0 NOT bypassing whitelisting of E-mail with weight >=15 (25) and at least 4 recipients (1).
02/19/2004 00:00:16 Q42d8809400a4d6a0 Deleting spam from [EMAIL PROTECTED] to [EMAIL PROTECTED]
02/19/2004 00:00:16 Q42d8809400a4d6a0 Subject: FWD: Got all meds 4 U. :Valium: , xana_x_ < v|agr@ ? Fi0`ric3t < /Pntermin/ ' Som|a| iqXm6
02/19/2004 00:00:16 Q42d8809400a4d6a0 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] IP: 4.60.102.175 ID:
02/19/2004 00:00:16 Q42d8809400a4d6a0 Tests failed [weight=25]: DSBL=WARN SPAMCOP=WARN SORBS=WARN WEIGHTFILTER=WARN DYNAMIC-IP=IGNORE OPEN-RELAY=IGNORE WEIGHTKILL=DELETE
02/19/2004 00:00:16 Q42d8809400a4d6a0 Bypassing whitelisting of E-mail with weight >=20 (25) and at least 1 recipients (1).
02/19/2004 00:00:16 Q42d8809400a4d6a0 NOT bypassing whitelisting of E-mail with weight >=15 (25) and at least 4 recipients (1).
02/19/2004 00:00:16 Q42d8809400a4d6a0 Deleting spam from [EMAIL PROTECTED] to [EMAIL PROTECTED]
02/19/2004 00:00:16 Q42d8809400a4d6a0 Subject: FWD: Got all meds 4 U. :Valium: , xana_x_ < v|agr@ ? Fi0`ric3t < /Pntermin/ ' Som|a| iqXm6
02/19/2004 00:00:16 Q42d8809400a4d6a0 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] IP: 4.60.102.175 ID:
02/19/2004 00:00:16 Q42d8809400a4d6a0 Tests failed [weight=25]: DSBL=WARN SPAMCOP=WARN SORBS=WARN WEIGHTFILTER=WARN DYNAMIC-IP=IGNORE OPEN-RELAY=IGNORE WEIGHTKILL=DELETE
Here is how
"Dynamic-IP" and "Open-Relay" is defined:
WEIGHTFILTER filter D:\IMail\Declude\WeightFilter.txt x 0 0
DYNAMIC-IP filter D:\IMail\Declude\DUHLfilter.txt x 6 0
OPEN-RELAY filter D:\IMail\Declude\RELAYSfilter.txt x 6 0
MULTI-RELAY filter D:\IMail\Declude\MULTIRELAYSfilter.txt x 6 0
FORMMAIL filter D:\IMail\Declude\WEBfilter.txt x 8 0
DYNAMIC-IP filter D:\IMail\Declude\DUHLfilter.txt x 6 0
OPEN-RELAY filter D:\IMail\Declude\RELAYSfilter.txt x 6 0
MULTI-RELAY filter D:\IMail\Declude\MULTIRELAYSfilter.txt x 6 0
FORMMAIL filter D:\IMail\Declude\WEBfilter.txt x 8 0
Here
is the two text files:
DuhlFilter.txt
TESTSFAILED 0 CONTAINS NJABLDUL
TESTSFAILED 0 CONTAINS NJABLDYNA
TESTSFAILED 0 CONTAINS AHBLDYNA
TESTSFAILED 0 CONTAINS SORBS-DUHL
TESTSFAILED 0 CONTAINS NJABLDYNA
TESTSFAILED 0 CONTAINS AHBLDYNA
TESTSFAILED 0 CONTAINS SORBS-DUHL
RelaysFilter.txt
TESTSFAILED 0 CONTAINS DSBL
TESTSFAILED 0 CONTAINS ORDB
TESTSFAILED 0 CONTAINS KUNDENSERVER
TESTSFAILED 0 CONTAINS NJABLRELAYS
TESTSFAILED 0 CONTAINS AHBLRELAYS
TESTSFAILED 0 CONTAINS SORBS-SMTP
TESTSFAILED 0 CONTAINS DSBL
TESTSFAILED 0 CONTAINS ORDB
TESTSFAILED 0 CONTAINS KUNDENSERVER
TESTSFAILED 0 CONTAINS NJABLRELAYS
TESTSFAILED 0 CONTAINS AHBLRELAYS
TESTSFAILED 0 CONTAINS SORBS-SMTP
Best
Regards
Andy Schmidt
H&M Systems Software, Inc.
600 East Crescent
Avenue, Suite 203
Upper Saddle River, NJ 07458-1846
Phone: +1 201 934-3414 x20
(Business)
Fax: +1 201 934-9206
http://www.HM-Software.com/
