Tenon Intersystems Please see text links at bottom of page for navigation
Please see text links at bottom of page for navigation

Search tenon.com

Thanks to:

Post.Office
[Top] [All Lists]
<prev [Date] next> <prev [Thread] next>

Re: How did this not get blocked???

To: <post_office@xxxxxxxxxxxxxxx>
Subject: Re: How did this not get blocked???
From: john@xxxxxxxxxxxxxxx (John Sievert)
Date: Wed, 04 Jun 2003 20:33:33 -0500 
Oh, I don't think you want to make this redundant.  We have a list that is
hundreds long.  Some of these spammers use many different domain names but
they come from the same ip subnets.  We would have to have hundreds of
filters to get this stuff out.  I wrote a utility that lists by domain all
the received emails from that domain along with their IP addresses.  With
this, it is pretty easy to harvest the worst offenders and deny their IP
addresses.

What would be even better if is we could specify servers by from and by
source address with wildcards in the ip blocking page.

For example, gettimg mail from mailxx.transcentives.com where xx is a
number, it would be really useful if we could put, by source name, in that
page a domain listing of *transcentives.com.  Right now we need to
explicitly list the domain names and then they are only for the From:
address.

The other thing that would be huge is if the opposite of pop before smtp
were done - i.e. When a spammer ip address is failed by a filter, then there
would be an option to cache that address for a period of time (settable)
during which that ip address would automatically be denied.  Used with a
blackhole server or filtering, that would be very cool.

J

On 6/4/03 5:28p, "Anita Holmgren" <anita@xxxxxxxxx> wrote:

> At 5:12 PM -0500 6/4/03, John Sievert wrote:
>> This is not a filter, this is a case of where the IP is entered in the block
>> IP box in the page for Blocking mail.  It is not a filter.
> 
> This "Set Mail Blocking Options" is actually redundant now that we
> have SMTP filtering.  The Blocking Options panel was part of
> Software.com's original Post.Office, and probably has suffered from
> lack of attention, since it is deemed unneeded now.  We'll definitely
> take a look at this and at its interactions with our filtering.
> 
>> On 6/4/03 4:19p, "Michael Bigley" <wakinyan@xxxxxxxx> wrote:
>> 
>>>>  Here is a snippet from my log:
>>>> 
>>>> 
>>>> 20020604101914-0500:SMTP-Accept:Received:[216.23.198.139]:20020604151914.AA
>>>> A5
>>>> 
>>>> 361@xxxxxxxxxxxxxxxxxxxx@mail19.transcentives.net:11568:0:<mailer@xxxxxxxxx
>>>> an
>>>>  scentives.net>:<danc@xxxxxxxxxxxxxxx>
>>>> 
>>>> 20020604052655-0500:SMTP-Accept:Received:[216.23.198.148]:20020604102654.AA
>>>> A5
>>>> 
>>>> 181@xxxxxxxxxxxxxxxxxxxx@mail12.transcentives.net:7868:1:<mailer@xxxxxxxxxx
>>>> ns
>>>>  centives.net>:<gail@xxxxxxxxxxxxxxx>
>>>> 
>>>>  Yet, in the blocked Ips box I have 216.23.198.0.
>>>> 
>>>>  How did this not get blocked?
>>> 
>>>  This is puzzling to me as well, which is why I questioned in an
>>>  earlier post whether any of this is actually working in P.O.  I have
>>>  a filter based on subject with the following syntax:
>>> 
>>>  *[mM]ichael*|^[mM]ichael*
>>> 
>>>  Many spams place the recipient email in the subject, so, in my
>>>  understanding if michael or Michael is in the subject or if the
>>>  subject starts with either spelling, it will block it.  But that is
>>>  not the case as he is still receiving such spams.
>>> 
>>>  I also copied a filter right from the Tenon Online FAQ that includes
>>>  the word refinance in the subject, but I am still getting spams with
>>>  that word in the subject.
>>> 
>>>  Unless I am really missing something of major import here, I am not
>>> convinced that it is really working on a consistent basis.
> 
> From time to time users suggest that certain filters are either
> filtering out what they should not or not filtering what they should.
> Everytime we test, we find the filters performing well.
> 
> But, as I've said, they're very tricky, and our experience is either
> that something else in the filter is causing the problem or, in the
> case of filtering what they shouldn't, that something else, like a
> black list, is causing the problem.
> 
> At any rate, Michael, if you privately give us access to your system
> (both admin and ssh), we'll take a close look, because,  yes,  you
> absolutely should be able to filter out Michael in the subject.
> 
> -Anita
> 

-- 
'What if the Hokey Pokey is what it's all about?'
-Jimmy Buffett, 2002

John Sievert
Customer 1st, Inc.
2950 Metro Drive, #101
Mpls, MN 55425
952.851.7901 office
952.851.7907 fax
mailto:john.pager@xxxxxxxxxxxxxxx (150 chars, text pager)

---------
Tenon Intersystems' Post.Office Mailing List
To unsubscribe: send mailto:post_office-request@xxxxxxxxxxxxxxx
with the body only containing:
unsubscribe
Find the searchable mailing list archives at:
http://postoffice.computeroil.com/
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: How did this not get blocked???, Michael Bigley
Next by Date:  Re: How did this not get blocked???, John Sievert
Previous by Thread:  Re: AntiSpam list contains an amazon.com server, John Sievert
Next by Thread:  Anyone using PO with PHP?, Alexander Gorr
Indexes:  [Date] [Thread] [Top] [All Lists]
| Tenon Home | Products | Order | Contact Us | About Tenon | Register | Tech Support | Resources | Press Room | Mailing Lists |

Powered By iTools

Copyright©2003 Tenon Intersystems, 232 Anacapa Street, Suite 2A, Santa Barbara, CA 93101. All rights reserved.
Questions about our website - Contact: webmaster@tenon.com.

Tenon Home Tenon Home Tenon Home Tenon Home Product Info Tenon Ordering Contact About Register Support Resources Press Mailing Lists