Problem with Spam filter, emails to self

Discussion in 'ESET Smart Security' started by red_jack, Aug 25, 2009.

Thread Status:
Not open for further replies.
  1. red_jack

    red_jack Registered Member

    Joined:
    Aug 11, 2005
    Posts:
    56
    The spam filter is flagging all emails sent to an address that equals the sending address from the same machine as spam bypassing the whitelist. Otherwise can't send yourself an email from same machine. If you click exclude or whitelist in the spam folder, it prompts error message saying the address all ready exists in the list. Seems the whitelist is not being processed before another check is done. From self To self works when the client pulled from another machine. So if you sent yourself an email but keep email on the server, if you check that email from another machine the email is not treated as spam. It appears to be the ESS filter causing this, not the email client or server flagging it as spam.
    Have not seen any advanced options that would prevent this from happening but the whitelist/excluded address should trump the other checks first anyway.
     
  2. bokko

    bokko Registered Member

    Joined:
    May 16, 2008
    Posts:
    9
    Yes it has been doing this from the beginning and would have hoped it would be fixed by now. More of a concern from me is fact that it pulls e-mails out of the Junk Mail folder (placed there by MS Junk mail filter) especially when it has a subject like Viagra. Because it doesn't properly look at the e-mail header to identify the reply to address or the mail server is incorrect (bogus)with things like http://www.openspf.org/ in place to prevent this from occuring I am very disappointed they have not adopted it. I have submited this in the past and hope by posting here it might add fuel to the fire. I also don't appricaiate a business level software marking every e-mail as scanned by nod32 that I have sent or recieved while it is running I expect this from freeware not paid software. Don't get me wrong still love the software, runs in small amount of memory is efficient with resources, yes I know how to turn it off thanks if anything should be a question asked in advanced setup.
     
  3. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    you can take the message out that the email was scanned by Eset. Email Client Protection/Alerts and Notifications.

    Personally if Viagra is in the text, thats spam dude.;)
     
  4. bokko

    bokko Registered Member

    Joined:
    May 16, 2008
    Posts:
    9
    Yes I know it's spam and Smart Security Antispam filter pulls it out the junk mail folder due to invalid e-mail header check (it is tricked by invalid mailserver name and reply to address) and yes I know how to turn off the notifications as I mentioned but believe it should be turned off by default. This doesn't mater to home users but business users do not want it!
    Again voicing my opion I have sold this software to 50 some odd people now so am very familiar with it.
     
  5. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    And very good points. I cant argue the issue about it being turned off for business users on default either. Makes sense to me.
     
  6. reevesloh

    reevesloh Registered Member

    Joined:
    Jul 6, 2009
    Posts:
    160
    It is eset antispam module only work in microsoft window outlook n outlook express only?Because everytime i open my mail using internet(without outlook), it seem like eset antispam module doesn't doing any scan n in statistics,i dun look it running even i already enable it...
     
  7. bokko

    bokko Registered Member

    Joined:
    May 16, 2008
    Posts:
    9
    Please Eset fix this or expect fewer renewals from myself and clients. We use a sevice from
    DYDNS.org called mailhop it helps filter spam. I then create a rule in Outlook that moves any
    e-mail with *spam* in subject to junk mail folder Eset smart security pulls it out of junk mail again.
    I xxx'd out the valid username in header below to reduce further spam please explain why this
    is occuring or fix it. I see a simple rule possibility here if "Received: from bd3f46ba.virtua.com.br
    (unknown [189.63.70.186])" and "Return-Path: oscillateggx84@silk.net" the domains don't match
    it is likely spam. Never mind that "bd3f46ba.virtua.com.br (unknown [189.63.70.186" entire "virtua.com.br"
    domain's range of IP addresses has been blacklisted for over two weeks on all known spam detection servers.

    Microsoft Mail Internet Headers Version 2.0
    Received: from mx1.mailhop.org ([216.146.32.23]) by bokko.com with Microsoft SMTPSVC(6.0.3790.3959);
    Mon, 26 Oct 2009 17:50:31 -0400
    Received: from scan-01-iad.mailhop.org (scan-01-iad.local [10.150.0.206])
    by mx1.mailhop.org (Postfix) with ESMTP id 8071C83538A
    for <xxxxxx@bokko.com>; Mon, 26 Oct 2009 21:50:31 +0000 (UTC)
    X-Spam-Score: 14.8 (++++++++++++++)
    X-Spam-Flag: YES
    X-Spam-Report: HTML_IMAGE_ONLY_16=2.498,HTML_MESSAGE=0.001,RCVD_IN_BL_SPAMCOP_NET=2.188,
    RCVD_IN_PBL=0.509,RCVD_IN_XBL=2.896,RDNS_NONE=0.1,URIBL_PH_SURBL=2.035,URIBL_SBL=2.468,URIBL_WS_SURBL=2.1
    X-Mail-Handler: MailHop by DynDNS
    X-Originating-IP: 189.63.70.186
    Received: from bd3f46ba.virtua.com.br (unknown [189.63.70.186])
    by mx1.mailhop.org (Postfix) with ESMTP id 09898835342
    for <xxxxxxx@bokko.com>; Mon, 26 Oct 2009 21:50:30 +0000 (UTC)
    Message-ID: <000d01ca5686$53174200$6400a8c0@oscillateggx84>
    From: "FDIC" <consumeralerts@fdic.gov>
    To: <xxxxxxx@bokko.com>
    Subject: *SPAM* FDIC has officially named your bank a failed bank
    Date: Mon, 26 Oct 2009 19:50:25 -0300
    MIME-Version: 1.0
    Content-Type: multipart/alternative;
    boundary="----=_NextPart_000_0007_01CA5686.53174200"
    X-Priority: 3
    X-MSMail-Priority: Normal
    X-Mailer: Microsoft Outlook Express 6.00.2900.2180
    X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
    Return-Path: oscillateggx84@silk.net
    X-OriginalArrivalTime: 26 Oct 2009 21:50:31.0953 (UTC) FILETIME=[570C9810:01CA5686]

    ------=_NextPart_000_0007_01CA5686.53174200
    Content-Type: text/plain;
    charset="iso-8859-1"
    Content-Transfer-Encoding: quoted-printable

    ------=_NextPart_000_0007_01CA5686.53174200
    Content-Type: text/html;
    charset="iso-8859-1"
    Content-Transfer-Encoding: quoted-printable


    ------=_NextPart_000_0007_01CA5686.53174200--
    X-EsetId: D9D0D226D2F424398B9C

    It would also be helpful to see if mailserver has a valid http://www.openspf.org/ SPF record most
    of these rouge viruses that send e-mails from infected home computers do not have a valid SPD
    record seems to me it would be helpful if smart security spam filter would look for this most postmaster's
    ensure this is in DNS record if not it is easy enough to do. Again a simple check for DNS PTR record
    for host name would be helpfull as well. The spam that Smart Security lets throught could have been blocked if it were to look for this information.
     
    Last edited by a moderator: Oct 26, 2009
  8. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Reasons:
    X-Spam-Report: HTML_IMAGE_ONLY_16=2.498,HTML_MESSAGE=0.001,RCVD_IN_BL_SPAMCOP_NET=2.188,
    RCVD_IN_PBL=0.509,RCVD_IN_XBL=2.896,RDNS_NONE=0.1,URIBL_PH_SURBL=2.035,URIBL_SBL=2.468,URIBL_WS_SURBL=2.1

    See: http://www.spamcop.net/w3m?action=checkblock&ip=189.63.70.186
    Plus the email seems to contain only an HTML image which increaes the spam score.

    If you want to receive such messages, add the sender to the Whitelist and remove him from the Exclusion list.
     
Thread Status:
Not open for further replies.