I have the antispam
Domain URL black list enable and when there is a 'positive' it will send it to a
specific account, with the default prefix subject
(X-IMail-SPAM-URL-DBL)
I've seen quite a
bit false positives and inmediately go to find the domain under the
url-domain-bl.txt file (using notepad because that little window is
useless). If I find the domain, I delete the entry, save the file and
restart SMTP and Queue manager (I don't know if I have to restart
them).
If I don't find the
entry, I go to the Tursted Addresses tab and add the email address or domain and
restart SMTP and Queue manager. Sometimes this doesn't work either, those
false positives keep getting blocked, and today I found that with one in
particular that made me think that the filter is not matching the exact domain
name but anything that contains the word, ie:
The domain to
be allowed in this case is extremehealthus.com
syslog
entry
01:17 13:14
SMTPD(0e85000b0284ce68) [192.9.200.77] RCPT TO: <[EMAIL PROTECTED]>
01:17 13:14 SMTPD(0e85000b0284ce68) [192.9.200.77] D:\imail\spool\D0e85000b0284ce68.SMD 14732
01:17 13:14 SMTP-(0e85000b0284ce68) processing D:\imail\spool\Q0e85000b0284ce68.SMD
01:17 13:14 SMTP-(0e85000b0284ce68) ldeliver mail.initialplants.com root-spam (1) [EMAIL PROTECTED] 14754
01:17 13:14 SMTP-(0e85000b0284ce68) finished D:\imail\spool\Q0e85000b0284ce68.SMD status=1
01:17 13:14 SMTPD(0e85000b0284ce68) [192.9.200.77] D:\imail\spool\D0e85000b0284ce68.SMD 14732
01:17 13:14 SMTP-(0e85000b0284ce68) processing D:\imail\spool\Q0e85000b0284ce68.SMD
01:17 13:14 SMTP-(0e85000b0284ce68) ldeliver mail.initialplants.com root-spam (1) [EMAIL PROTECTED] 14754
01:17 13:14 SMTP-(0e85000b0284ce68) finished D:\imail\spool\Q0e85000b0284ce68.SMD status=1
Spam log
entry
01:17 13:14
SMTP(0e85000b0284ce68) Got Content Filter for mail.initialplants.com
01:17 13:14 SMTP(0e85000b0284ce68) scanning the subject for phrases
01:17 13:14 SMTP(0e85000b0284ce68) performing statistical analysis
01:17 13:14 SMTP(0e85000b0284ce68) matched URL Domain [t.extreme-dm.com]
01:17 13:14 SMTP(0e85000b0284ce68) scanning the subject for phrases
01:17 13:14 SMTP(0e85000b0284ce68) performing statistical analysis
01:17 13:14 SMTP(0e85000b0284ce68) matched URL Domain [t.extreme-dm.com]
so,
extremehealthus.com looks like extreme-dm.com.
I appreciate any
direction on this
Thank
you,
Elliott
===============================
Elliott
Bujan
Initial Tropical Plants - USA
(847) 634 4250 ext. 99281
[EMAIL PROTECTED]
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________
