Being able to whitelist "all" users is important. This can be done
with Imail 8 and by using WHITELISTED AUTH in Declude's Global.cfg.
However, whether or not "all" users do actually AUTH, still depends
upon the SMTP SECURITY setting in Imail 8. For instance, if SMTP
SECURITY is set to relay for addresses, then some users may not AUTH
and, therefore, not get whitelisted with WHITELIST AUTH.
Thanks,
Monday, May 17, 2004, 10:48:27 AM, Matt <[EMAIL PROTECTED]> wrote:
M> Andy,
M> I think there is some confusion here on your part.
M> What was discovered and initially discussed in this thread
M> though isthat Declude will not test the last hot with such tests
M> when the Mail>From matches a local address. That was also good
M> design, but if youcan whitelist all local senders, it is best to
M> turn this off. Asuitable work around for this issue has been
M> provided. The work aroundthat was discussed will only test the
M> last hop. When Decludeuses the %IP4R% variable, this comes from
M> the connecting IP (unlessIPBYPASSed), and there is only one value
M> tested.
M> Matt
M> Andy Schmidt wrote:
M> >> You don't haveto remove the tests, you just have to
M> rename them. I renamed mine withDYN, that way Declude doesn't see
M> them as matching DUL/DYNA/DUHL andtherefore will not skip them when
M> the Mail From matches a local address. <<
M>
M> But Matt - please correct me if I'm wrong. Ibelieve we manage
M> to talk about two different things. You are focusedon the LAST hop
M> - but I believe, you have lost sight of the purpose ofDUL/DYNA/DUHL
M> - which is the FIRST hop.
M>
M> Let's look at a sample to make sure thatwe're talking apples and apples:
M>
M> Sender: [EMAIL PROTECTED]
M> 2nd hop:
M> smtp.cable.com -> mymailserver.andy.com
M> 1st hop:
M> some-dynamic-ip-host.cable.com ->smtp.cable.com
M>
M> The "some-dynamic-ip-host.cable.com" islisted in the
M> "DYNA/DUHL" lists - and it should be.
M>
M> As long as I have "DYNA/DUHL" in the name,Declude will NOT
M> test the first hop - e.g., it will correctlypermit the rest of the
M> world to reach me through their providers' SMTPservers. The
M> DYNA/DUHL tests only test the 2nd and subsequent hops- because
M> THOSE should not be on a blacklist. Most importantly, theytest the
M> LAST hop (the one to my mail server) - because a DYNA/DUHL IPshould
M> never try to relay off me (unless it's using SMTP AUTH).
M>
M> Now, if I were to follow your example andremove DYNA/DUHL
M> from the name, then these tests will also test theFIRST hop - and
M> thus I'd be swamped with false positives for anydialup/broadband
M> user who CORRECTLY uses his/her provider's smtp server.
M>
M>
M> It seems that you are focused only on theLAST hop - but by
M> removing DYNA/DUHL from the name, you end up hurtingthe FIRST hop.
M>
M> The "conditional" check at the lasthop was NOT the reason to
M> introduce DYNA/DUHL, that's just a quirky"quick-fix" which should
M> be optional for those who don't need thisbackdoor open. The reason
M> for DYNA/DUHL was proper handling of the first hop - and that's why
M> it can't be removed.
M> Best Regards
M> Andy Schmidt
M> H M Systems Software, Inc.
M> 600 East Crescent Avenue, Suite 203
M> Upper Saddle River, NJ 07458-1846
M> Phone: +1 201 934-3414x20 (Business)
M> Fax: +1 201 934-9206
M> http://www.HM-Software.com/
----
Don Brown - Dallas, Texas USA Internet Concepts, Inc.
[EMAIL PROTECTED] http://www.inetconcepts.net
(972) 788-2364 Fax: (972) 788-5049
----
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
