Re: [Declude.JunkMail] whitelisting based on rev dns
How about negative weighting instead of whitelisting. If you want to do it selectively, you can create a quick Declude filter that you give a high negative weight to, and only include the domains that you want to pass through based on having REVDNS entries. Darin. - Original Message - From: Craig Edmonds To: declude.junkmail@declude.com Sent: Wednesday, November 08, 2006 1:24 PM Subject: [Declude.JunkMail] whitelisting based on rev dns How can I whitelist based on Reverse DNS? Kindest RegardsCraig Edmonds123 Marbella InternetW: www.123marbella.com ---This E-mail came from the Declude.JunkMail mailing list. Tounsubscribe, just send an E-mail to [EMAIL PROTECTED], andtype "unsubscribe Declude.JunkMail". The archives can be foundat http://www.mail-archive.com. ---This E-mail came from the Declude.JunkMail mailing list. Tounsubscribe, just send an E-mail to [EMAIL PROTECTED], andtype "unsubscribe Declude.JunkMail". The archives can be foundat http://www.mail-archive.com.
RE: [Declude.JunkMail] whitelisting based on rev dns
Craig, I don't use any of the Declude WHITELIST features due to the potential for giving the sender carte blanche access; if a known good sender is sending crap, I still want to have a chance to block the crap. What I do is counterweight. I create a filter file called, say, CounterWeight.txt and in the global.cfg I give it zero weight for passing or failing. Inside the filter file, I put in lines like this: #Feb-01-2006 AC SurveyMonkey.com MAILFROM spoofs the email address of whomever is sending out the survey invitationsREMOTEIP -10 CIDR 66.179.50.160/27REVDNS -5 ENDSWITH .surveymonkey.com My preference is to use REMOTEIP tests, then REVDNS, then HELO, then HEADERS, then MAILFROM for reliablityand antispoofedness. Likewise, they get decending amounts of negative weight. Another tip: I put a test at the top of my CounterWeight file(s) that aborts processing if I don't want to reward a message with negative weight, such as if a prior filter test (according to the top-down order in global.cfg) of mine detected a known virus or junk email that I know I want to block regardless of whom it came from, e.g. TESTSFAILED END CONTAINS VIRUSBOUNCE TESTSFAILED END CONTAINS COMBOSNIFFER Andrew 8) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Craig EdmondsSent: Wednesday, November 08, 2006 10:25 AMTo: declude.junkmail@declude.comSubject: [Declude.JunkMail] whitelisting based on rev dnsImportance: HighSensitivity: Confidential How can I whitelist based on Reverse DNS? Kindest RegardsCraig Edmonds123 Marbella InternetW: www.123marbella.com ---This E-mail came from the Declude.JunkMail mailing list. Tounsubscribe, just send an E-mail to [EMAIL PROTECTED], andtype "unsubscribe Declude.JunkMail". The archives can be foundat http://www.mail-archive.com. ---This E-mail came from the Declude.JunkMail mailing list. Tounsubscribe, just send an E-mail to [EMAIL PROTECTED], andtype "unsubscribe Declude.JunkMail". The archives can be foundat http://www.mail-archive.com.
Re: [Declude.JunkMail] whitelisting based on rev dns
On Nov 8, 2006, at 1:24 PM, Craig Edmonds wrote: How can I whitelist based on Reverse DNS? Create a filter with lines like REVDNS xxx ENDSWITH .abcdefghi.com where xxx is weight to apply. Xxx could be a very high number to cause the message to be deleted or it could be a negative number. In my revdns spam filter I also have the following lines at the top to save processor usage SKIPIFWEIGHT xx STOPATFIRSTHIT If the message's weight already exceeds xx the filter will be skipped. Later, Greg --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] whitelisting based on rev dns
Craig Edmonds wrote: How can I whitelist based on Reverse DNS? REMOTEIP WHITELIST CIDR 64.4.240.0/20 REVDNS WHITELIST ENDSWITH .paypal.com etc... -Nick Kindest Regards Craig Edmonds 123 Marbella Internet W: www.123marbella.com --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. ---This E-mail came from the Declude.JunkMail mailing list. Tounsubscribe, just send an E-mail to [EMAIL PROTECTED], andtype "unsubscribe Declude.JunkMail". The archives can be foundat http://www.mail-archive.com.
RE: [Declude.JunkMail] whitelisting based on rev dns
Absolutely, WHITELIST REVDNS .declude.com You can alsocan create your own RDNSBL zone in your DNS server (that's what I did) and create one for SPF domains that spammers set up to reliably reject mail based on reverse DNS (thank you for them adhering to SPF!). Then you set up a WhiteList zone for known "good" reverse DNS, which you use to subtract weight or combine with a filter to whitelist outright. Best RegardsAndy SchmidtPhone: +1 201 934-3414 x20 (Business)Fax: +1 201 934-9206 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Craig EdmondsSent: Wednesday, November 08, 2006 01:25 PMTo: declude.junkmail@declude.comSubject: [Declude.JunkMail] whitelisting based on rev dnsImportance: HighSensitivity: Confidential How can I whitelist based on Reverse DNS? Kindest RegardsCraig Edmonds123 Marbella InternetW: www.123marbella.com ---This E-mail came from the Declude.JunkMail mailing list. Tounsubscribe, just send an E-mail to [EMAIL PROTECTED], andtype "unsubscribe Declude.JunkMail". The archives can be foundat http://www.mail-archive.com. ---This E-mail came from the Declude.JunkMail mailing list. Tounsubscribe, just send an E-mail to [EMAIL PROTECTED], andtype "unsubscribe Declude.JunkMail". The archives can be foundat http://www.mail-archive.com.
RE: [Declude.JunkMail] whitelisting based on rev dns
Is the Reverse DNS in the headers anywhere? I've just been going out to DNSReports.com and pulling it for the ones I want to add. Easier way? Todd -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Greg Evanitsky Sent: Wednesday, November 08, 2006 12:56 PM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] whitelisting based on rev dns Importance: High On Nov 8, 2006, at 1:24 PM, Craig Edmonds wrote: How can I whitelist based on Reverse DNS? Create a filter with lines like REVDNS xxx ENDSWITH .abcdefghi.com where xxx is weight to apply. Xxx could be a very high number to cause the message to be deleted or it could be a negative number. In my revdns spam filter I also have the following lines at the top to save processor usage SKIPIFWEIGHT xx STOPATFIRSTHIT If the message's weight already exceeds xx the filter will be skipped. Later, Greg --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] whitelisting based on rev dns
Todd, As you know headers can be forged so its always best to manually look-up the IP. As you said earlier you are using fpReview. In the headers view you can right click and select resolve ip's to hostnames to get the reverse dns. Than after that you can highlight any of the text and automatically create a revdns entry in a filter. We have a quick overview video showing the basic features at http://www.invariantsystems.com/fpreview/screencaptures.htm under video. Darrell Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. - Original Message - From: Todd Richards [EMAIL PROTECTED] To: declude.junkmail@declude.com Sent: Wednesday, November 08, 2006 4:13 PM Subject: RE: [Declude.JunkMail] whitelisting based on rev dns Is the Reverse DNS in the headers anywhere? I've just been going out to DNSReports.com and pulling it for the ones I want to add. Easier way? Todd -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Greg Evanitsky Sent: Wednesday, November 08, 2006 12:56 PM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] whitelisting based on rev dns Importance: High On Nov 8, 2006, at 1:24 PM, Craig Edmonds wrote: How can I whitelist based on Reverse DNS? Create a filter with lines like REVDNS xxx ENDSWITH .abcdefghi.com where xxx is weight to apply. Xxx could be a very high number to cause the message to be deleted or it could be a negative number. In my revdns spam filter I also have the following lines at the top to save processor usage SKIPIFWEIGHT xx STOPATFIRSTHIT If the message's weight already exceeds xx the filter will be skipped. Later, Greg --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] whitelisting based on rev dns
Hi Todd, You can configure Declude to add its own header with diagnostic information, including the Reverse DNS, e.g.: XINHEADER X-Declude: Version %VERSION%; Code 0x%HEADERCODE% from %REVDNS% [%REMOTEIP%] XINHEADER X-Declude: Triggered [%WEIGHT%] %TESTSFAILED% XINHEADER X-Countries: %COUNTRYCHAIN% XINHEADER Return-Path: %MAILFROM% Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Todd Richards Sent: Wednesday, November 08, 2006 04:13 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] whitelisting based on rev dns Is the Reverse DNS in the headers anywhere? I've just been going out to DNSReports.com and pulling it for the ones I want to add. Easier way? Todd -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Greg Evanitsky Sent: Wednesday, November 08, 2006 12:56 PM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] whitelisting based on rev dns Importance: High On Nov 8, 2006, at 1:24 PM, Craig Edmonds wrote: How can I whitelist based on Reverse DNS? Create a filter with lines like REVDNS xxx ENDSWITH .abcdefghi.com where xxx is weight to apply. Xxx could be a very high number to cause the message to be deleted or it could be a negative number. In my revdns spam filter I also have the following lines at the top to save processor usage SKIPIFWEIGHT xx STOPATFIRSTHIT If the message's weight already exceeds xx the filter will be skipped. Later, Greg --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] whitelisting based on rev dns
In the header of the message, look at the last IP address in square brackets, this is the IP address of the sending email server. The text just before it is the HELO sent by it, and is often unreliable with legitimate mail, and practically a work of fiction with spam.To get the REVDNS that you can put in your filter files, go to a command prompt and use the name server lookup program with the IP address as the only parameter, e.g.C:\Tempnslookup 63.246.31.248Server: myinternal.DNS.serverAddress: 192.168.0.1Name: smtp.declude.comAddress: 63.246.31.248C:\TempSome admins don't mind the extra overhead, and use the XINHEADERand/or XOUTHEADER feature in their global.cfg to insertvarious lines into the header of every message that contain Declude variables like REVDNS. One common thing that comes up when doing this is that if you use the ALLRECIPS to document in the header who all the recipients are, you've just "blown the cover" on someone who sent a legitimate email with a BCC list of recipients in your domain(s). Don't do that. Andrew 8) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Todd Richards Sent: Wednesday, November 08, 2006 1:13 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] whitelisting based on rev dns Is the Reverse DNS in the headers anywhere? I've just been going out to DNSReports.com and pulling it for the ones I want to add. Easier way? Todd -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Greg Evanitsky Sent: Wednesday, November 08, 2006 12:56 PM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] whitelisting based on rev dns Importance: High On Nov 8, 2006, at 1:24 PM, Craig Edmonds wrote: How can I whitelist based on Reverse DNS? Create a filter with lines like REVDNS xxx ENDSWITH .abcdefghi.com where xxx is weight to apply. Xxx could be a very high number to cause the message to be deleted or it could be a negative number. In my revdns spam filter I also have the following lines at the top to save processor usage SKIPIFWEIGHT xx STOPATFIRSTHIT If the message's weight already exceeds xx the filter will be skipped. Later, Greg --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. ---This E-mail came from the Declude.JunkMail mailing list. Tounsubscribe, just send an E-mail to [EMAIL PROTECTED], andtype "unsubscribe Declude.JunkMail". The archives can be foundat http://www.mail-archive.com.
RE: [Declude.JunkMail] whitelisting based on rev dns
Thanks Darrell. That's a great feature (and I just purchased an fpReview license)! Todd -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darrell ([EMAIL PROTECTED]) Sent: Wednesday, November 08, 2006 3:52 PM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] whitelisting based on rev dns Todd, As you know headers can be forged so its always best to manually look-up the IP. As you said earlier you are using fpReview. In the headers view you can right click and select resolve ip's to hostnames to get the reverse dns. Than after that you can highlight any of the text and automatically create a revdns entry in a filter. We have a quick overview video showing the basic features at http://www.invariantsystems.com/fpreview/screencaptures.htm under video. Darrell Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. - Original Message - From: Todd Richards [EMAIL PROTECTED] To: declude.junkmail@declude.com Sent: Wednesday, November 08, 2006 4:13 PM Subject: RE: [Declude.JunkMail] whitelisting based on rev dns Is the Reverse DNS in the headers anywhere? I've just been going out to DNSReports.com and pulling it for the ones I want to add. Easier way? Todd -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Greg Evanitsky Sent: Wednesday, November 08, 2006 12:56 PM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] whitelisting based on rev dns Importance: High On Nov 8, 2006, at 1:24 PM, Craig Edmonds wrote: How can I whitelist based on Reverse DNS? Create a filter with lines like REVDNS xxx ENDSWITH .abcdefghi.com where xxx is weight to apply. Xxx could be a very high number to cause the message to be deleted or it could be a negative number. In my revdns spam filter I also have the following lines at the top to save processor usage SKIPIFWEIGHT xx STOPATFIRSTHIT If the message's weight already exceeds xx the filter will be skipped. Later, Greg --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
