SpamFilter for ISP Changelog

What's new in SpamFilter for ISP 4.7.6.276

Jul 24, 2020
  • {TODO -cFix : When added feature in 4.7.6.283 to log the matched keyword in the WL_AutoWhiteListForceDelivery.txt, we were also adding the logging of that keyword in the X-SF headers which is not desireable. We are now only logging the keyword to the logfile}

New in SpamFilter for ISP 4.7.6.264 (Jan 26, 2019)

  • {TODO -cFix : SpamFilter attempted to scan for viruses emails being forced-delivered out of the quarantine even if the antivirus plugin was not activated, and this would cause an exception preventing delivery if the optional antivirus plugin was not installed}

New in SpamFilter for ISP 4.7.6.263 (Jan 26, 2019)

  • {TODO -cFix : SPF lookups fail to find a match if the TXT record consisted of two or more string contatenated together - ex. "v=spf1 ip4:10.11.12.1" "3 ip4:10.14.15.16 ~all"}
  • {TODO -cFix : The AutoWhiteListForceDelivery check using the "From:" header fails to find a match if there are multiple recipients in the email}

New in SpamFilter for ISP 4.7.4 Build 262 (Jan 10, 2019)

  • TODO -cNew : Replaced the GeoIP.dat country lookup with a new database format - geoip.sqlite. This should improve misdetected Countries when perfoming lookups under heavy inbound loads. Requires the inclusion of the appropriate x32/x64 sqlite3.dll file included in both the binary-only and the full installer distributions}
  • {TODO -cFix : The Blacklist Country blacklist was showing a "0" instead of the correct, real-time number of email blocked for each country}
  • {TODO -cFix : Disabled the reporting of log events from the external AV updater SpamFilterAVUpdate.exe to SpamFilter as they were causing Access Violations. Logs from SpamFilterAVUpdate.exe are still being logged in their own logfiles}

New in SpamFilter for ISP 4.7.4 Build 254 (Sep 24, 2018)

  • {TODO -cNew : Added header in emails tracking the country of the IP connecting to SpamFilter: X-SF-OriginatingCountry}

New in SpamFilter for ISP 4.7.4 Build 246 (Jun 13, 2018)

  • {TODO -cNew : Fixed a typo in the settings GUI for the Keyword ::NULL option}

New in SpamFilter for ISP 4.7.4.214 (Nov 1, 2017)

  • {TODO -cNew : Added entries in activity logfiles to indicate when SpamFilter starts the routine process of removing old emamils from quarantine database (Starting TDeleteExpiredQuarantineThread) }
  • {TODO -cFix : Added support for BIGINT data type for the fields tblQuarantine.QuarID, tblQuarantine.MsgID, and tblMsgs.MsgID. This is needed if admins experience would experience an overflow when using the default INT data type for those fields}
  • {TODO -cFix : If the Blacklist Cache IP blocking filter is enabled, disabling it would still cause SpamFilter to check new inbound connection against the IPs present in the cache until they eventually age out a few minutes later (IPs for new connections will however not cause the IPs to be blacklisted in the cache - there was no bug in this behavior) }

New in SpamFilter for ISP 4.7.3.218 (Feb 7, 2017)

  • Fixed issue with Bayesian filter introduced in 4.7.3.217
  • Exception occurred during GetMessageTokens
  • Error in regular expression at offset 2: unrecognized character after (? or (?- 00b2da8e SpamFilterSvc.exe System.RegularExpressionsCore}

New in SpamFilter for ISP 4.7.2.206 (Nov 7, 2016)

  • {TODO -cNew : Added new option in SpamFilter.ini - ForwardAllPostmasterEmailsTo. If an email address is specified for that key, then SpamFilter will accept all emails adddressed to to comply with RFC5321/2821, and will forward them, unfiltered, to the email address specified there}

New in SpamFilter for ISP 4.7.2.205 (Nov 7, 2016)

  • {TODO -cFix : SpamFilter was not able to download antivirus definition updates if using the newer OpenSSL libraries 1.0.2g or higher}

New in SpamFilter for ISP 4.7.2.204 (Nov 7, 2016)

  • {TODO -cFix : Due to a bug in the CYREN SDK which caused SpamFilter to crash/freeze a few seconds after attempting to update the antivirus definition files and logging the message "AV engine - Reloading dat files", we moved the CYREN antivirus definition file update process to an external application (SpamFilterAVUpdate.exe) launched by SpamFilter}

New in SpamFilter for ISP 4.7.2.197 (Nov 7, 2016)

  • {TODO -cNew : Improved the speed with which SpamFilter every minute checks the updates to whitelist/blacklists by 300%}
  • {TODO -cFix : Wait for all antivirus scans to finish before updating the antivirus definitions on disk and in memory in an attempt to prevent rare application freezes}

New in SpamFilter for ISP 4.7.2.196 (Nov 7, 2016)

  • {TODO -cNew : Added the attachment filename to the message parts that SpamFilter scans for keywords, allowing the blacklisting/whitelisting of attachment filenames using keywords as well}

New in SpamFilter for ISP 4.7.2.195 (Apr 16, 2016)

  • {TODO -cFix : The demo version of SpamFilter would fail to start if Windows was configured for certain non-US date/time formats}

New in SpamFilter for ISP 4.7.2.184 (Feb 8, 2016)

  • {TODO -cNew : Added a new filter - the 0-Day domain filter. If a domain has been registered within the last nn days (30 by default), any emails containing that domain name will be heavily weighed as spam.}
  • {TODO -cNew : SpamFilter Enterprise only - added two new fields in the tbl_FilterSettings table for 0-Day filter and for a new upcoming option - DNSWLBypassForMX_RevDNS_SPF}
  • {TODO -cFix : In some cases depending on the internet provider DNS lookups could result in several timeouts (logged as DNS Error:TimedOut). This was due a different DNS library that was used starting from v4.7.1.145. Issue is now resolved.}
  • {TODO -cFix : If the antivirus plugin experienced a problem when updating the virus definitions, a deadlock condition could occurr in SpamFilter causing it to stop processing further emails as they were all waiting to be scanned by the malfunctioning antivirus plugin}

New in SpamFilter for ISP 4.7.1.174 (Feb 8, 2016)

  • {TODO -cNew : Added a new filter - the 0-Day domain filter. If a domain has been registered within the last nn days (30 by default), any emails containing that domain name will be heavily weighed as spam.}
  • {TODO -cNew : SpamFilter Enterprise only - added two new fields in the tbl_FilterSettings table for 0-Day filter and for a new upcoming option - DNSWLBypassForMX_RevDNS_SPF}
  • {TODO -cFix : In some cases depending on the internet provider DNS lookups could result in several timeouts (logged as DNS Error:TimedOut). This was due a different DNS library that was used starting from v4.7.1.145. Issue is now resolved.}
  • {TODO -cFix : If the antivirus plugin experienced a problem when updating the virus definitions, a deadlock condition could occurr in SpamFilter causing it to stop processing further emails as they were all waiting to be scanned by the malfunctioning antivirus plugin}

New in SpamFilter for ISP 4.7.1.173 (Feb 8, 2016)

  • {TODO -cFix : We are now automatically checking for updated versions of the GeoIP.dat file and download it automatically if a newer version is available}
  • {TODO -cFix : If a keyword line consists of multiple keywords separated by commans, and one of the keywords contained the ::NEGATE option, instead of applying to that specific individual keywords, the ::NEGATE option was incorrectly beeing carried over to all the remaining keywords on that same line}
  • {TODO -cFix : In SpamFilter Enterprise, the grid of local domains can now be sorted again by ID or domain name}
  • {TODO -cFix : Changed some locking parameters during the update of the antivirus definitions to avoid possible problems during the reloading of the AV definitions}

New in SpamFilter for ISP 4.7.1.172 (Sep 19, 2015)

  • {TODO -cFix : Attempted to remove a 164byte memory leak that may occur when scanning an email with the antivirus plugin}
  • {TODO -cFix : Removed memory leaks that occurred every time the Settings dialog was used to save settings in SpamFilter via the GUI}
  • {TODO -cNew : Added option MemoryEmptyWorkingSetEveryNhours=24 in SpamFilter.ini file to routinely force Windows to empty SpamFilter's RAM working set to reduce memory usage}
  • {TODO -cNew : SpamFilter now logs the Subject of emails being received in the logfile}
  • {TODO -cFix : Upgraded compiler used to build SpamFilter in order to try eliminating compiler-induced bugs that affected the stability of the 64bit version of SpamFilter}

New in SpamFilter for ISP 4.7.1.154 (Sep 19, 2015)

  • {TODO -cFix : Attempted to resolve SpamFilter stopping processing emails when reloading antivirus definition files having the last line in the logs containing the entry "AV engine - Reloading dat files"}

New in SpamFilter for ISP 4.7.1.151 (Sep 19, 2015)

  • {TODO -cFix : The new SpamFilter_Service_GUI would freeze if it was used to manually start SpamFilter's service}
  • {TODO -cNew : Modified the SpamFilter.exe and SpamFilter_Service_GUI.exe manifests to automatically startup with elevated administrative privileges on Windows 2008 and higher}

New in SpamFilter for ISP 4.7.1.150 (Sep 19, 2015)

  • {TODO -cFix : If a DNS server is offline, SpamFilter will not cause a timeout and switch to a backup DNS server if one was specified}
  • {TODO -cFix : The AuthIPsForXforwardCommand parameter only took a single IP, now it takes a list of IPs that can contain wildcards and/or CIDRs}
  • {TODO -cFix : Resolved a one-time error Exception occurred during GetCurrDNSServer that occurred when removing a DNS server while SpamFilter was running}
  • {TODO -cFix : Removed a memory leak (size depended on the original email size) that occurred every time an NDR was sent}
  • {TODO -cFix : Removed a memory leak (36 bytes) that occurred every time an SMTP AUTH attempt was made}
  • {TODO -cFix : Attempt to resolve sudden, unlogged crashes of the 64bit version of SpamFilter}

New in SpamFilter for ISP 4.7.1.144 (Sep 19, 2015)

  • {TODO -cFix : Removed a memory leak occurring every 5 seconds during ChecktblReloadTableInfo}
  • {TODO -cNew : Added support for the either the CIDR notation or wildcard entries using a final .0 (ex. 192.198.255.0) in the DoNotAddIPToHoneypot SpamFilter.ini option}
  • {TODO -cFix : A specific malformed image file could cause SpamFilter to crash if the image filter is enabled}

New in SpamFilter for ISP 4.7.1.142 (Sep 19, 2015)

  • {TODO -cFix : In SpamFilter Enterprise the new GUI (SpamFilter_Service_GUI) would not see blacklist/whitelist changes if they were made directly to the database or by using the service's own GUI or from the standalone SpamFilter.exe application. The changes were only seen when re-launching the GUI}

New in SpamFilter for ISP 4.7.1.141 (Jul 27, 2015)

  • Improved support for the XFORWARD extension by not advertising XFORWARD in EHLO response unless IP is listed in AuthIPsForXforwardCommand}

New in SpamFilter for ISP 4.7.1.139 (Jul 27, 2015)

  • Added support for the XFORWARD extension - this allows the placement of a server/appliance that processes inbound emails *before* they reach SpamFilter, and thru the use of XFORWARD the appliance/server can provide SpamFilter with the original IP address of the sender, allowing SpamFilter to perform all the IP-based tests on that original IP}
  • Added the parameter AuthIPsForXforwardCommand=aaa.bbb.ccc.ddd in the SpamFilter.ini file to restrict the use of XFORWARD only to the IPs listed in AuthIPsForXforwardCommand}
  • Bug introduced starting from 4.6.1.119 - After outputting the 667 SMTP error code when rejecting an email due to one of the content filters, SpamFilter was also outputting the extra line "554 4.2.0 Transaction failed"}
  • To reduce lingering connections SpamFilter is now forcing the disconnect of the remote server when an email is rejected to one of the content-based filters}
  • Added the logging of the "From" header also indicating whether it matches or mismatches the email specified in the MAIL FROM command}
  • Added the parameter ProcessListEvenIfAutoWhiteListForceDeliveryDisabled==0 in the SpamFilter.ini to allow SpamFilter to still allow SpamFilter to process the entries in the WL_AutoWhiteListForceDelivery even if AutoWhiteListForceDeliveryEnabled=0}

New in SpamFilter for ISP 4.7.0.136 (Jun 16, 2015)

  • {TODO -cFix : Attempted to fix SpamFilter freezes that seem to occurr after several of these errors have been logged: Listen Exception occurred: Socket Error # 10054 -- Connection reset by peer}

New in SpamFilter for ISP 4.7.0.135 (Jun 16, 2015)

  • {TODO -cFix : SpamFilter could crash under a DDOS attack with malformed packet sequences during the initial TCP handshake process}
  • {TODO -cFix : In cases of high numbers of concurrent SMTP connections, we significantly lowered the CPU usage by SpamFilter's service when the separate new GUI was running as well}
  • {TODO -cNew : Added support for PFS (Perfect Forward Security) ciphers in SSL/TLS}
  • {TODO -cNew : Added the new SSLCipherList parameter in the SpamFilter.ini file to allow customization of the TLS/SSL ciphers that SpamFilter will support}
  • {TODO -cNew : Added the new DisableSSLv3=1 parameter in the SpamFilter.ini to specifically disable SSLv3 support.}
  • {TODO -cNew : The existing parameter DisableTLSv1_0=0 now only disables TLS v1.0, it does not disable SSLv3 as well like it did in previous versions }

New in SpamFilter for ISP 4.7.0.133 (Jun 16, 2015)

  • {TODO -cNew : Added to the logfile the filename and threadID for each email that will be processed in the re-delivery queue"}

New in SpamFilter for ISP 4.7.0.132 (Jun 16, 2015)

  • {TODO -cNew : Added more details when exceptions are logged in the activity logfile}
  • {TODO -cFix : Changed the way stagnant/lingering SMTP connections are disconnected making it more reliable, and removed the now unneeded IdleDisconnectMinutesTimeout and TerminateIdleThreadsFrequency parameters in the SpamFilter.ini file}
  • {TODO -cNew : Added to the logfile the email address causing the rejection for "EmailTO is not in AuthorizedTOEmail list"}

New in SpamFilter for ISP 4.7.0.130 (Jun 16, 2015)

  • {TODO -cNew : Re-added external madExcept exception handling to automate creation of reports for crashes}
  • {TODO -cNew : Added the logging of full stack traces during Exceptions to help determine location of the errors}

New in SpamFilter for ISP 4.7.0.129 (Jun 16, 2015)

  • {TODO -cFix : Improved the reliability of the delivery of the NDR (non-delivery receipts) in case the destination SMTP server is experiencing temporary issues and is either offline or replies with SMTP error codes in the 400 range}
  • {TODO -cFix : Removed these items from the SpamFilter.ini files: QueueIfDestinationError400, QueueIfDestinationError500, DoNotQueueIfReadTimeout and replaced them with similar entries with slightly different names and these default values: QueueIfDestinationError4xy=1, QueueIfDestinationError5xy=0, DoQueueIfReadTimeout=1 as a bug in a previous version may have caused the value for QueueIfDestinationError400 to get inverted, so we're replacing them all just in case}

New in SpamFilter for ISP 4.7.0.126 (May 2, 2015)

  • Fix : Issue introduced when added unicode support in 4.6.1.119 - The domain filter matrix file AllowedDomainFilterMatrix.txt was being encoded in UTF16, but SpamFilter expected it in UTF8. This affected the GUI only - the filter matrix was still being used correctly by SpamFilter. The file is now back to UTF8

New in SpamFilter for ISP 4.7.0.125 (Feb 18, 2015)

  • TODO -cFix : No changes in SpamFilter since 4.7.0.124, but added a database patch to add missing cascading constraints that prevented records from tbl_Filtersettings & tblBL_Countries to be deleted when their corresponding domain from deleted from the list of local domain names

New in SpamFilter for ISP 4.7.0.124 (Feb 18, 2015)

  • TODO -cNew : It is now possible to launch a separate SpamFilter's GUI (SpamFilter_Service_GUI.exe) on a standard user's desktop to view and control SpamFilter's service that is running in the background

New in SpamFilter for ISP 4.6.1.121 (Feb 18, 2015)

  • TODO -cFix : Resolved an bug introduced in build 4.6.1.119 that would no disconnect a client after they issued the QUIT command at the end of the SMTP session

New in SpamFilter for ISP 4.6.1.120 (Feb 18, 2015)

  • TODO -cFix : The SPF filter would incorrectly block an email if the SPF record in DNS for the sender's domain has an include directive, and in turn the domain being included does not publish an SPF record in their DNS

New in SpamFilter for ISP 4.6.1.119 (Feb 18, 2015)

  • TODO -cNew : Added an X-SF-AuthUser header to indicate the authenticated user who sent the email. Option is customizeable via SpamFilter.ini using parameters XAuthUserString and AddHeaderForAuthUsers
  • TODO -cFix : When added in 4.5.0.62 the ability to search for keywords in the decoded subject, SpamFilter stopped matching for keywords against the raw, undecoded subject. We now search for keyword in both the decoded and the raw Subject lines
  • TODO -cFix : Rare issue could cause an entry in the greylistallowed.txt to be removed if the line above it contained a manually entered entry whicih contains a wildcard *and* the line below it contains a subsctring which matches the above wildcard
  • TODO -cNew : Added support for unicode characters in the blacklist/whitelists, also changing some database fields to utf8 charset
  • TODO -cNew : Upgraded compiler to improve the internal memory manager and the TCP components

New in SpamFilter for ISP 4.6.0.117 (Feb 18, 2015)

  • TODO -cNew : Added logging of the numeric SMTP error code when the destination SMTP server rejects forwarded emails
  • TODO -cNew : Added logging of the port (e.x. 25) for inbound connections
  • TODO -cFix : If the private key for the SSL certificate used by SpamFilter has a password, the SSL listener would be unable to use the certificate. The TLS functionality was not being affected.

New in SpamFilter for ISP 4.6.0.116 (Feb 18, 2015)

  • TODO -cNew : In addition to the username, SpamFilter will add to the logfile the password and the IP used for an unsuccessful AUTH LOGIN attempt to help determine intentional password guessing attempts or user error
  • TODO -cNew : Added parameter LogInvalidPasswords to SpamFilter.ini file to prevent logging of password during failed AUTH LOGIN attempts

New in SpamFilter for ISP 4.6.0.113 (Jun 27, 2014)

  • TODO -cFix : If a domain has multiple destination SMTP servers (for failover), and the first destination server is online but rejects the email with a 400 or 500 error, SpamFilter would not be able to forward the email to the failover server and would log an event "EMail from: user1@.... to: user2@.... -- was returned to sender - server error - Already connected.". This issue does not happen if the primary destination SMTP server is completely offline and not accepting SMTP connections

New in SpamFilter for ISP 4.6.0.112 (Jun 27, 2014)

  • TODO -cNew : Added support for x64 bit operating systems
  • TODO -cNew : Replaced the Norman antivirus plugin with one developed in partnership with F-Prot and CYREN
  • TODO -cNew : Added new parameter to customize location of queue directory in SpamFilter.ini - QueuePath
  • TODO -cNew : To more easily identify compromised accounts used in AUTH LOGIN, SpamFilter will add an info warning when the AUTH LOGIN account does not match the MAIL FROM account, ex: User authenticated with AUTH LOGIN - info - MAILFROM AUTHLOGIN - [email protected]
  • TODO -cNew : Added parameters AUTHLOGINEmailsInIntervalMax and AUTHLOGINEmailsInIntervalMinutes in .ini file to limit number of emails during a time interval that can be sent by AUTH LOGIN authenticated users during the same SMTP session
  • TODO -cFix : When adding a prefix in the Subject line for tagged emails, SpamFilter was corrupting subjects that had UTF encodings for foreign charsets
  • TODO -cFix : improperly formatted passwd file for Unix authentication would cause: Exception occurred during AuthUserInPasswd: List index out of bounds (0)
  • TODO -cFix : If TLS is disabled via EnableTLSSupport option in .ini file, but a buggy remote SMTP server like MIcrosoft's hotmail and live.com mailservers will attempt to use the STARTTLS command anyways (violating RFC...), there could be an access violation in the OpenSSL SSLEAY32.DLL which will prevent the email to be delivered.

New in SpamFilter for ISP 4.5.1.99 (Jun 27, 2014)

  • TODO -cNew : Added parameter MaxSPFAllowedLoops in SpamFilter.ini file. This parameter used to be hardcoded to "10" in SpamFilter and it is not customizable. It is used to limit the number of nested include directives allowed in an SPF query. Used to limit the risk of DoS attacks using malicious SPF DNS records

New in SpamFilter for ISP 4.5.1.98 (Jun 27, 2014)

  • TODO -cNew : Added new behavior - if email is blocked due to one of the "FROM Emails", or "TO Emails", or "Domains" blacklists, and that blacklist is configured for "Do not quarantine rejected emails from this blacklist", then the SMTP session is disconnected immediately after the RCPR TO command, without waiting to receive the body of the email yet

New in SpamFilter for ISP 4.5.1.97 (Jun 27, 2014)

  • TODO -cFix : Solved an issue present only in v4.5.1.96 - When receiving emails with multiple recipients, with recipients belonging to multiple domains managed by SpamFilter, and one or more domains had different customized destination SMTP servers, v4.5.1.96 was leaving behind in the queue files named Indy_some_random_GUID_-0.~tmp.rcpt

New in SpamFilter for ISP 4.5.1.96 (Jun 27, 2014)

  • TODO -cFix : Sometimes emails in the process of being delivered where also being caught by the routine process that delivers queued emails that are waiting delivery due to an unavailable destination SMTP server. This would result in "server error - Invalid Message file" errors being logged by SpamFilter, but no other side-effects as the re-delivery attempt by the queue process would fail
  • TODO -cNew : Added a new RejectID (29) when emails are rejected due to: -- The message content is malformed and not RFC compliant (line length too long) - email cannot be processed

New in SpamFilter for ISP 4.5.1.95 (Jun 27, 2014)

  • TODO -cFix : If there is a DNS timeout while checking "Reject if sender domain has invalid MX record" filter, SpamFilter may interpret this timeout as a non-existent MX record, thus possibly incorrectly blocking the email

New in SpamFilter for ISP 4.5.1.94 (Jun 27, 2014)

  • TODO -cFix : Regression error from 4.5.1.92 - Removed errors in the logfile occurring when an antivirus activation has been added to the SpamFilter.ini file, but the antivirus plugin files have not been installed yet

New in SpamFilter for ISP 4.5.1.93 (Jun 27, 2014)

  • TODO -cFix : Regression error from 4.5.1.92 - Removed errors in the logfile occurring when an antivirus activation has been added to the SpamFilter.ini file, but the antivirus plugin files have not been installed yet

New in SpamFilter for ISP 4.5.1.92 (Jun 27, 2014)

  • TODO -cFix : Greatly improved performance of the HTML parser that scans HTML text for keywords. Complex and large ( > 2MB ) HTML emails could spike the CPU of a processor for a few minutes
  • TODO -cFix : SpamFilter could fail to automatically update some of the DLL files used by the antivirus plugin (which are updated very infrequently). Improved the reliability of the AV definition files as well in cae of corrupted downloads

New in SpamFilter for ISP 4.5.1.90 (Jun 27, 2014)

  • TODO -cNew : Modified the behavior when forwarding emails to the destination SMTP server, when the dest server advertises as being able to support TLS, but with the remote server having TLS being misconfigured and outputting a 4xx error. Previously SpamFilter would send a bounce NDR email to the sender in this case, now SpamFilter will continue trying to send the email without TLS in the same session if allowed by the remote SMTP server

New in SpamFilter for ISP 4.2.4.834 (Sep 23, 2010)

  • {TODO -cNew Changed the file path (but not the server name) used by SpamFilter to download updated antiviru definition files}
  • {TODO -cFix In SpamFilter Enterprise, fixed an issue with the MySQL triggers that prevented domains having customized settings from seeing changes made to the default black/white lists, if the domain was configured to have one of its black/whitelists inherit the settings from the "ALL DOMAINS"}

New in SpamFilter for ISP 4.1.2.812 (Jul 6, 2009)

  • Fixed Errors similar to: Exception occurred during DoIPtoCountry (82.112.146.131): Access violation at address 00405514 in module 'SpamFilterSvc.exe'. Read of address 000FFFF8 caused by recent updates in the GeoIP.dat database format

New in SpamFilter for ISP 4.0.0.772 (Mar 27, 2008)

  • "Invalid Header Id nnnn" DNS errors could cause valid MX record lookups to fail - fixed
  • Exception occurred during AddToQuarantineThreadDone: Access violation at address 0042396A - fixed