Subj : Re: wcSAP (logs) To : All From : HECTOR SANTOS Date : Thu Jan 31 2019 19:18:36 Date: Fri, 07 Apr 2006 00:34:47 -0400 From: HECTOR SANTOS To: CHRIS ROSS Subject: Re: wcSAP (logs) Newsgroups: win.server.smtp.&.avs Message-ID: <1144384581.46.1144372623@winserver.com> References: <1144372623.46.0@winserver.com> X-WcMsg-Attr: Rcvd X-Mailer: Wildcat! Interactive Net Server v7.0.454.5 Lines: 130 There are two parts to the "SPAM Stuff" in WCSMTP: First the SENDER sends these commands in sequence: 1) EHLO or HELO client.domain.name 2) MAIL FROM: 3) RCTP TO: 4) DATA 4.1) sender sends email 5) QUIT The First 3 pieces of information is called the ENVELOPE: Client Domain Name Return Path Address Recipient Address wcSMTP will call WCSAP.WCX after step 3 done to validate the ENVELOPE. if WCSAP passes the envelope information, then WCSMTP allows the sender to go to the next step #3 to begin the DATA email transfer where the actual EMAIL body is transferred. After step 4.1, WCSMTP will call SMTPFILTER.WCX which is designed to give you rules for analyzing the MAIL BODY (Inside the Envelope). What you are seeing is SMTPFILTER.WCX returning FALSE and WCSMTP rejects the transactions: 20060405 00:15:08 (0868) smtp filter result false, message discarded So you can either turn off SMTPFITLER or check out the reason why it was rejected by looking in the SMTPFILTER*.LOG log. SMTPFILTER is really for you guys (Sysops) to defined because it is based on mail content analysis and WCSMTP is not in the business of rejection based on mail content. But SMTPFILTER comes with and example SMTPFILTER-CHECKWORDS.WCX module which allows you to do simple WORDS checking as defined in DATA\SPAMWORDS.TXT. See the WCSAP/SMTPFILTER description at the web site. http://www.winserver.com/public/Security --- Hector wrote in message news:1144372623.46.0@winserver.com... > I stand corrected, I just looked at another log. > > At 00:15 on the 5th of April, wcSMTP shows 2 messages coming in from > bbs@xanadubbs.ca -- one is accepted, one is refused by the filter according > to wcSMTP: > > 20060405 00:15:06 (0744) HELO: Incoming connection: rd1.dynip.com > [204.225.44.16] > 20060405 00:15:06 (0744) MAIL FROM: ... Sender > validation pending. Continue. > 20060405 00:15:06 (0868) HELO: Incoming connection: rd1.dynip.com > [204.225.44.16] > 20060405 00:15:06 (0868) MAIL FROM: ... Sender > validation pending. Continue. > 20060405 00:15:07 (0744) RCPT: Recipient Accepted: > 20060405 00:15:07 (0868) RCPT: Recipient Accepted: > 20060405 00:15:08 (0868) smtp filter result false, message discarded > 20060405 00:15:08 (0744) Accepted message from [] > to [] .