Country Filter

Junior Member
Posts: 118
Joined: Thu Nov 15, 2007 12:02 pm
Location: Townsville, Australia

Country Filter

Postby Stuart » Fri Jan 24, 2014 5:44 am

Hi

I am getting an identical email from the same sender (known sender) to two different internal email users within the organisation. The senders IP is the same for both emails but one shows the originating country as being Australia and the other being China.

Do not seem to be able to attach a attachment showing the History but part of the logs are listed below. This seems to be happening and the country identification does not seem to be consistent all of the time. Not sure if it is something that I am contributing to or not so your thoughts would be appreciated.

Stuart :confused:


2014-01-24 14:46:21 4659 16 ------ Requested connection from 203.18.39.161, Country: Australia, SID:1401241446210000
2014-01-24 14:46:21 4659 31 Connected to 127.0.0.1:2525
2014-01-24 14:46:21 4659 31 <-- 220 mail.xxxxxxxxx.com.au
2014-01-24 14:46:21 4659 78 --> EHLO gw-syd-2.cch.com.au
2014-01-24 14:46:21 4659 94 <-- 250-mail.xxxxxxxxx.com.au
2014-01-24 14:46:21 4659 94 <-- 250-SIZE 204800000
2014-01-24 14:46:21 4659 94 <-- 250 AUTH LOGIN PLAIN
2014-01-24 14:46:21 4659 141 --> MAIL From:<emailalert@cch.com.au> SIZE=10062

******************************************************************************************************

2014-01-24 14:46:21 4660 0 ------ Requested connection from 203.18.39.161, Country: China, SID:1401241446210001
2014-01-24 14:46:21 4660 15 Connected to 127.0.0.1:2525
2014-01-24 14:46:21 4660 15 <-- 220 mail.xxxxxxxxx.com.au
2014-01-24 14:46:21 4660 62 --> EHLO gw-syd-2.cch.com.au
2014-01-24 14:46:21 4660 78 <-- 250-mail.xxxxxxxxx.com.au
2014-01-24 14:46:21 4660 78 <-- 250-SIZE 204800000
2014-01-24 14:46:21 4660 78 <-- 250 AUTH LOGIN PLAIN
2014-01-24 14:46:21 4660 125 --> MAIL From:<emailalert@cch.com.au> SIZE=10068

Developer
User avatar
Posts: 4431
Joined: Tue Apr 20, 2004 3:43 pm

Re: Country Filter

Postby Alexander Telegin » Fri Jan 24, 2014 11:16 am

Hm... that's odd. Could it be that geoip database was updated between these calls. Could you please pack and send me log for that day. Also, please check if PHP log has any errors.

Developer
User avatar
Posts: 4431
Joined: Tue Apr 20, 2004 3:43 pm

Re: Country Filter

Postby Alexander Telegin » Tue Jan 28, 2014 4:52 pm

Hi Stuart,

I tried to email you directly, but your eWall charset filter rejects my email.

eWall has PHP log in %COMMON APPDATA%\Server Side Solutions\eWall 4.0\logs
folder.

I made some changes in eWall, please try this version:
https://www.dropbox.com/s/31c9xj3zlci6r ... .2.35a.exe

Regards,
Alex

Junior Member
Posts: 118
Joined: Thu Nov 15, 2007 12:02 pm
Location: Townsville, Australia

Re: Country Filter

Postby Stuart » Wed Jan 29, 2014 7:31 am

Hi Alex

I think that the country filter is working better now but it still is not 100%. I have attached a log of an email from one of the blocked countries that is being delivered to the recipient rather than being deleted. The country filter is set to delete email from selected countries and I don't think that it should be delivered to the recipient. It would seem that in about 20% of the cases the blocked country emails are not deleted by eWall.

My filter is as follows

OnMessage

if sender not in good list
and country is xxxxxxxxx,xxxxxxxx,xxxxxxx
then set reply '550 Access from your country is not permitted without prior arangements. ........
and delete message

There was nothing in the php logs, the system log is below.

Stuart Hunter

System Log
2014-01-28 09:22:19 DB engine started
2014-01-28 09:22:20 eWall engine started
2014-01-29 13:00:39 !DBError: Query failed: INSERT INTO email_list ("email", "domain", "user", is_good, reason, expire)VALUES('bounce-mc.us5_113395
2014-01-29 14:12:28 !DBError: Query failed: INSERT INTO email_list ("email", "domain", "user", is_good, reason, expire)VALUES('bounce-mc.us5_113395
2014-01-29 14:12:36 !DBError: Query failed: INSERT INTO email_list ("email", "domain", "user", is_good, reason, expire)VALUES('b49qw86-m9q7dd-5mnqv



2014-01-29 17:11:33 322 1562 +Filter: "Block harvesters"
2014-01-29 17:11:33 322 1562 +Filter: "Open relay prevention"
2014-01-29 17:11:33 322 1562 +Filter: "Max recipient count"
2014-01-29 17:11:33 322 1562 <-- 250 OK
2014-01-29 17:11:34 322 2000 --> DATA
2014-01-29 17:11:34 322 2000 <-- 354 OK, send.
2014-01-29 17:11:36 322 4406 Message size: 86.10 KB
2014-01-29 17:11:36 322 4406 Subject: Notice to appear in court FG#9670
2014-01-29 17:11:36 322 4406 +Filter: "Archive filter"
2014-01-29 17:11:36 322 4406 Found executable 'Court_Notice_29012014.exe' inside archive 'Court_Notice_29012014.zip', size: 96 KB
2014-01-29 17:11:36 322 4406 Delete file: Court_Notice_29012014.zip
2014-01-29 17:11:36 322 4406 +Filter: "Sophos Antivirus 9.5"
2014-01-29 17:11:46 322 14343 +Filter: "ClamAV"
2014-01-29 17:11:46 322 14375 +Filter: "Backup Incoming Mail"
2014-01-29 17:11:46 322 14375 +Filter: "Block Countries Traffic"
2014-01-29 17:11:46 322 14375 +Filter: "Block specific charset"
2014-01-29 17:11:46 322 14375 Found charset: iso-8859-1
2014-01-29 17:11:46 322 14375 +Filter: "Backup Outgoing Email"
2014-01-29 17:11:46 322 14375 +Filter: "Phishing links"
2014-01-29 17:11:46 322 14375 +Filter: "SURBL Test"
2014-01-29 17:11:46 322 14375 +Filter: "Spam Assassin (SpamD)"
2014-01-29 17:11:51 322 19312 SpamD score: -0.0 / 5.0
2014-01-29 17:11:51 322 19312 +Filter: "Delete Spam Score more than 9"
2014-01-29 17:11:57 322 25125 SpamD score: -0.0 / 5.0
2014-01-29 17:11:57 322 25125 +Filter: "Block Subject Matter"
2014-01-29 17:11:57 322 25140 Mail server accepted data transfer
2014-01-29 17:11:57 322 25312 <-- 554 Rejecting due to security policy (CHARSET:1401291711320000)
2014-01-29 17:11:57 322 25781 Disconnect

Developer
User avatar
Posts: 4431
Joined: Tue Apr 20, 2004 3:43 pm

Re: Country Filter

Postby Alexander Telegin » Wed Jan 29, 2014 3:10 pm

It seems like message was deleted by charset filter. Could you please send me that daily log at alex@sssolutions.net?

Junior Member
Posts: 118
Joined: Thu Nov 15, 2007 12:02 pm
Location: Townsville, Australia

Re: Country Filter

Postby Stuart » Sun Feb 16, 2014 7:55 am

Hi Alex

I sent the daily log, did you receive it? The Country Block seems to be missing up to around 15% of the email from blocked countries and this is becoming a real problem.

Thanks
Stuart

Developer
User avatar
Posts: 4431
Joined: Tue Apr 20, 2004 3:43 pm

Re: Country Filter

Postby Alexander Telegin » Sun Feb 16, 2014 2:05 pm

Hi Stuart,

I replied to you with new version. If you didn't receive email, please try the version below:
https://www.dropbox.com/s/31c9xj3zlci6r ... .2.35a.exe

Regards,
Alex

Return to Filters and scripts

Who is online

Users browsing this forum: No registered users and 2 guests