Re: [Declude.JunkMail] US Treasury cannot do it right?
OK if I am right the US Treasury Department needs help! Very much so: They identified themselves as 10.0.7.238 instead of a host.domain !!?? This is very bad. There are actually 3 problems with this: [1] They did not identify themselves using a host name, which is the standard method. [2] They technically *did* identify themselves as a host name (10.0.7.238 in that context is a host name, not an IP). The host name 10.0.7.238 doesn't exist. If you use an IP rather than a hostname, you need to have it in brackets. [3] The IP they tried but failed to identify themselves as is a private IP, and therefore would be invalid anyway. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] US Treasury cannot do it right?
Yeah, I got sick of modifying my setups for others mistakes.. I've just ended up forwarding them the message with the internet headers telling them what the problem is, how to fix it, and that messages from them will be blocked/reviewed until the problems are fixed.. Haven't gotten any respsonses though.. Goes with the normal IT mentality.. It's not our problem, its yours.. Your setup is wrong.. Ours is perfect.. UGH! I hate hearing that.. Right there I know they don't even want to look at their logs, etc to try and resolve the problem.. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kevin Bilbee Sent: Tuesday, April 20, 2004 11:30 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] US Treasury cannot do it right? My personal oppioion is that ISP's, government agencies, Technology companies should be held to a higher standard than the average business. If they are not following standards then they should be held for review. They can be comprimized by zombies just like everyone else. After reviwing the held messages then notify the admin of the problem. I think part of the problem with false positives are the people finding the misconfigurations are modifying their rule sets to accomidate the failure of other mail admins to configure their systems correctly. When they should be notifying them of their problems so they can fix them. Kevin Bilbee -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Goran Jovanovic Sent: Tuesday, April 20, 2004 8:11 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] US Treasury cannot do it right? OK if I am right the US Treasury Department needs help! They identified themselves as 10.0.7.238 instead of a host.domain !!?? This is very bad. There is a REVDNS for the sending IP 66.77.65.238 PTR record: lists.qai.irs.gov What am I asking here? Perhaps it is just amazement that the e-mail got out like this. I suppose there is nothing that we can do from this end except build enough room in our tests to prevent legit stuff from getting caught. The more I look into this SPAM stuff the scarier it gets. - Received: from 10.0.7.238 [66.77.65.238] by tlsonline.com (SMTPD32-8.10 ) id A63E11DB00DA; Tue, 20 Apr 2004 12:56:30 -0400 Date: Tue, 20 Apr 2004 12:55:42 -0400 (EDT) Message-Id: [EMAIL PROTECTED] ts.treas.g ov From: US Treasury Release: News [EMAIL PROTECTED] To: US Treasury Release: News [EMAIL PROTECTED] Subject: [US Treasury] Treasury and IRS Address Foreign Tax Credit, Partnership Transactions List-Unsubscribe: mailto:[EMAIL PROTECTED] List-Subscribe: mailto:[EMAIL PROTECTED] Reply-To: US Treasury Release: News [EMAIL PROTECTED] X-Message-Id: [EMAIL PROTECTED] Sender: [EMAIL PROTECTED] X-RBL-Warning: NOABUSE: Not supporting [EMAIL PROTECTED] X-RBL-Warning: HELOBOGUS: Domain 10.0.7.238 has no MX or A records [0301]. X-RBL-Warning: IPNOTINMX: X-RBL-Warning: NOLEGITCONTENT: No content unique to legitimate E-mail detected. X-Declude-Sender: [EMAIL PROTECTED] [66.77.65.238] X-Declude-Spoolname: D563e11db00dae005.SMD X-Note: This E-mail was sent from lists.qai.irs.gov ([66.77.65.238]). X-Spam-Tests-Failed: NOABUSE, HELOBOGUS, IPNOTINMX, NOLEGITCONTENT, HELOISIP, HELOISIPX [7] X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. X-Note: Total spam weight of this E-mail is 7. X-Country-Chain: Organization: The LAN Shoppe Goran Jovanovic The LAN Shoppe --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] US Treasury cannot do it right?
Well, I well mention his first name, blast shields up first. (He has a way of irritating people.) Len Conrad, most often seen on the Imail list. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Goran Jovanovic Sent: Wednesday, April 21, 2004 6:01 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] US Treasury cannot do it right? John, Took getting Len involved to set him straight. Who is Len? Goran Jovanovic --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] US Treasury cannot do it right?
My personal oppioion is that ISP's, government agencies, Technology companies should be held to a higher standard than the average business. If they are not following standards then they should be held for review. They can be comprimized by zombies just like everyone else. After reviwing the held messages then notify the admin of the problem. I think part of the problem with false positives are the people finding the misconfigurations are modifying their rule sets to accomidate the failure of other mail admins to configure their systems correctly. When they should be notifying them of their problems so they can fix them. Kevin Bilbee -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Goran Jovanovic Sent: Tuesday, April 20, 2004 8:11 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] US Treasury cannot do it right? OK if I am right the US Treasury Department needs help! They identified themselves as 10.0.7.238 instead of a host.domain !!?? This is very bad. There is a REVDNS for the sending IP 66.77.65.238 PTR record: lists.qai.irs.gov What am I asking here? Perhaps it is just amazement that the e-mail got out like this. I suppose there is nothing that we can do from this end except build enough room in our tests to prevent legit stuff from getting caught. The more I look into this SPAM stuff the scarier it gets. - Received: from 10.0.7.238 [66.77.65.238] by tlsonline.com (SMTPD32-8.10 ) id A63E11DB00DA; Tue, 20 Apr 2004 12:56:30 -0400 Date: Tue, 20 Apr 2004 12:55:42 -0400 (EDT) Message-Id: [EMAIL PROTECTED] ts.treas.g ov From: US Treasury Release: News [EMAIL PROTECTED] To: US Treasury Release: News [EMAIL PROTECTED] Subject: [US Treasury] Treasury and IRS Address Foreign Tax Credit, Partnership Transactions List-Unsubscribe: mailto:[EMAIL PROTECTED] List-Subscribe: mailto:[EMAIL PROTECTED] Reply-To: US Treasury Release: News [EMAIL PROTECTED] X-Message-Id: [EMAIL PROTECTED] Sender: [EMAIL PROTECTED] X-RBL-Warning: NOABUSE: Not supporting [EMAIL PROTECTED] X-RBL-Warning: HELOBOGUS: Domain 10.0.7.238 has no MX or A records [0301]. X-RBL-Warning: IPNOTINMX: X-RBL-Warning: NOLEGITCONTENT: No content unique to legitimate E-mail detected. X-Declude-Sender: [EMAIL PROTECTED] [66.77.65.238] X-Declude-Spoolname: D563e11db00dae005.SMD X-Note: This E-mail was sent from lists.qai.irs.gov ([66.77.65.238]). X-Spam-Tests-Failed: NOABUSE, HELOBOGUS, IPNOTINMX, NOLEGITCONTENT, HELOISIP, HELOISIPX [7] X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. X-Note: Total spam weight of this E-mail is 7. X-Country-Chain: Organization: The LAN Shoppe Goran Jovanovic The LAN Shoppe --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] US Treasury cannot do it right?
There is a certain dept in the Navy last year that was failing HELOBOGUS, REVDNS, IPNOTINMX and another test I can not remember. Took 2 months to finally convince them to fix their DNS. Their admin swore up and down that his BIND server could not be at fault and was perfect. Took getting Len involved to set him straight. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Goran Jovanovic Sent: Tuesday, April 20, 2004 8:11 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] US Treasury cannot do it right? OK if I am right the US Treasury Department needs help! They identified themselves as 10.0.7.238 instead of a host.domain !!?? This is very bad. There is a REVDNS for the sending IP 66.77.65.238 PTR record: lists.qai.irs.gov What am I asking here? Perhaps it is just amazement that the e-mail got out like this. I suppose there is nothing that we can do from this end except build enough room in our tests to prevent legit stuff from getting caught. The more I look into this SPAM stuff the scarier it gets. - Received: from 10.0.7.238 [66.77.65.238] by tlsonline.com (SMTPD32-8.10 ) id A63E11DB00DA; Tue, 20 Apr 2004 12:56:30 -0400 Date: Tue, 20 Apr 2004 12:55:42 -0400 (EDT) Message-Id: [EMAIL PROTECTED] ov From: US Treasury Release: News [EMAIL PROTECTED] To: US Treasury Release: News [EMAIL PROTECTED] Subject: [US Treasury] Treasury and IRS Address Foreign Tax Credit, Partnership Transactions List-Unsubscribe: mailto:[EMAIL PROTECTED] List-Subscribe: mailto:[EMAIL PROTECTED] Reply-To: US Treasury Release: News [EMAIL PROTECTED] X-Message-Id: [EMAIL PROTECTED] Sender: [EMAIL PROTECTED] X-RBL-Warning: NOABUSE: Not supporting [EMAIL PROTECTED] X-RBL-Warning: HELOBOGUS: Domain 10.0.7.238 has no MX or A records [0301]. X-RBL-Warning: IPNOTINMX: X-RBL-Warning: NOLEGITCONTENT: No content unique to legitimate E-mail detected. X-Declude-Sender: [EMAIL PROTECTED] [66.77.65.238] X-Declude-Spoolname: D563e11db00dae005.SMD X-Note: This E-mail was sent from lists.qai.irs.gov ([66.77.65.238]). X-Spam-Tests-Failed: NOABUSE, HELOBOGUS, IPNOTINMX, NOLEGITCONTENT, HELOISIP, HELOISIPX [7] X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. X-Note: Total spam weight of this E-mail is 7. X-Country-Chain: Organization: The LAN Shoppe Goran Jovanovic The LAN Shoppe --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.