Tommy,

I am going to answer both of your posts in one message.

Post 1 - Answer 1: Agreed. We will change the logic in the next build. Let us know if you need the binaries before they are released to general public. Having said that, Xeams does not rely on one filter. By default, Xeams should assign a negative score to the message if the user is authenticated. Once the score goes below a certain negative value, no other rule will matter.

Post 1 - Answer 2: I am not sure if I understand this correctly. Is this a question? Could you please elaborate.

Post 1 - Answer 3: Done

Post 1 - Answer 4: You should be able to add multiple entries in your DNS server if 2048 is not supported. A DNS server will stitch the two entries together and return one big string. 

Post 1 - Feature request: Xeams already takes few measures if it detects someone is trying to crack passwords. For example, it will block an IP address if too many attempts are detected. You can configure the exact number of attempts under Server Configuration/Manage Alerts. An email will be sent to the administrator when an IP is put on the blocked list.

It will also log entries into InvalidPasswordAttempts.log for every attempt.

Post 2 - Does not contain filter - We are able to reproduce this but don't know if this falls in a bug category. The "Does not contain" filter will not work for Sender Filter. This is because the sender filter is the only filter that gets split into two tokens: Sender's Name and Sender's Email. The filters runs independently on both tokens and a score is assigned if both fails. In this case, an @ sign is found in the email but not the name part. Since it is missing from the Name, score is assigned. Filters other than Sender filter (Body, Header) will work because they are not broken into multiple tokens.

I would not recommend writing a filter that looks for an @ sign. That is because Xeams will check for this condition using a Custom Filter called RFC 822 Verifier.