RE: [Declude.JunkMail] country chain
I believe the routing test looks for emails hopping back and forth across major regions. So, if the email was sent from the U.S. to China and then back to the U.S., it should trigger. But, if a multinational company has I/T resources (or registered IP addresses) south or north of the border, or if European consumers have ISP accounts in a neighboring country and use their SMTP servers, it probably should not trigger. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Harry vanderzand Sent: Wednesday, October 08, 2008 7:03 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] country chain Anybody have any idea why the ROUTING test is not adding to my weight. Here is another sample of where the ROUTING test should have added to the score X-Country-Chain: UNITED STATES-EL SALVADOR-CANADA-destination X-Spam-Tests-Failed: UCEPROTECT-LEVEL2-, NOABUSE, NOPOSTMASTER, FILTER-COUNTRY [6] Harry Vanderzand NEW ADDRESS Effective Jan 24, 2008 Intown Internet 117 Ruskview Road Kitchener, ON, N2M 4S1 519-741-1222 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Harry vanderzand Sent: Monday, October 06, 2008 11:24 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] country chain I am still trying to figure this out I have the following command in my global.cfg: ROUTING spamrouting x x 6 0 Yet the following sample did not trigger it: X-Country-Chain: NIGERIA-UNITED STATES-CANADA-destination X-Spam-Tests-Failed: FILTER-COUNTRY, WEIGHT10, WEIGHT11 [11] Should there not have been another 6 points added for the path the mail took? Thank you Harry Vanderzand NEW ADDRESS Effective Jan 24, 2008 Intown Internet 117 Ruskview Road Kitchener, ON, N2M 4S1 519-741-1222 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gary Steiner Sent: Thursday, October 02, 2008 11:21 AM To: declude.junkmail@declude.com Subject: re: [Declude.JunkMail] country chain The ROUTING test was meant for this. It checks for spam that was sent through multiple countries. Another way is to add weight to individual countries using a filter and the COUNTRIES test which will fail based on a country code: COUNTRIES 10 CONTAINS CN If you wanted to get really complicated, you could create an IP4R test for each country using the blacklist at http://countries.nerd.dk/ Original Message From: Harry vanderzand [EMAIL PROTECTED] Sent: Wednesday, October 01, 2008 11:35 AM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] country chain When spam goes through several countries as in: X-Country-Chain: UNITED ARAB EMIRATES-POLAND-CANADA-destination Is there a way to add weight to mail that would have travelled this way? Harry Vanderzand NEW ADDRESS Effective Jan 24, 2008 Intown Internet 117 Ruskview Road Kitchener, ON, N2M 4S1 519-741-1222 --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] country chain
Anybody have any idea why the ROUTING test is not adding to my weight. Here is another sample of where the ROUTING test should have added to the score X-Country-Chain: UNITED STATES-EL SALVADOR-CANADA-destination X-Spam-Tests-Failed: UCEPROTECT-LEVEL2-, NOABUSE, NOPOSTMASTER, FILTER-COUNTRY [6] Harry Vanderzand NEW ADDRESS Effective Jan 24, 2008 Intown Internet 117 Ruskview Road Kitchener, ON, N2M 4S1 519-741-1222 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Harry vanderzand Sent: Monday, October 06, 2008 11:24 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] country chain I am still trying to figure this out I have the following command in my global.cfg: ROUTING spamrouting x x 6 0 Yet the following sample did not trigger it: X-Country-Chain: NIGERIA-UNITED STATES-CANADA-destination X-Spam-Tests-Failed: FILTER-COUNTRY, WEIGHT10, WEIGHT11 [11] Should there not have been another 6 points added for the path the mail took? Thank you Harry Vanderzand NEW ADDRESS Effective Jan 24, 2008 Intown Internet 117 Ruskview Road Kitchener, ON, N2M 4S1 519-741-1222 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gary Steiner Sent: Thursday, October 02, 2008 11:21 AM To: declude.junkmail@declude.com Subject: re: [Declude.JunkMail] country chain The ROUTING test was meant for this. It checks for spam that was sent through multiple countries. Another way is to add weight to individual countries using a filter and the COUNTRIES test which will fail based on a country code: COUNTRIES 10 CONTAINS CN If you wanted to get really complicated, you could create an IP4R test for each country using the blacklist at http://countries.nerd.dk/ Original Message From: Harry vanderzand [EMAIL PROTECTED] Sent: Wednesday, October 01, 2008 11:35 AM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] country chain When spam goes through several countries as in: X-Country-Chain: UNITED ARAB EMIRATES-POLAND-CANADA-destination Is there a way to add weight to mail that would have travelled this way? Harry Vanderzand NEW ADDRESS Effective Jan 24, 2008 Intown Internet 117 Ruskview Road Kitchener, ON, N2M 4S1 519-741-1222 --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] country chain
If we look at the definition of the ROUTING Test. This test will analyze the route that an E-mail takes, and look for highly inefficient routing that is very common in spam. For example, an E-mail might get caught if it is sent from a dialup in the U.S. to another account in the U.S., but is routed through a server in China, but not if it goes from a mail server in China directly to a U.S. mail server. This may occasionally produce false positives, especially if a mailing list is hosted outside of the United States. This test will probably not work well if your mail server is located outside of the United States. In other words the test is triggered if the following routing occurs: US -- CN -- US Or CN -- US -- NG -- US The other issue faced is that CANADA is part of the US IP block and this too may include EL SALVADOR which in effect is US -- US -- US which would not trigger the test. We may want to create a new test which would trigger if multiple countries are in the routing. Any thoughts would be welcome. David Barker VP Operations Declude Your Email security is our business 978.499.2933 x 7007 office 978.988.1311 fax [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Harry vanderzand Sent: Wednesday, October 08, 2008 7:03 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] country chain Anybody have any idea why the ROUTING test is not adding to my weight. Here is another sample of where the ROUTING test should have added to the score X-Country-Chain: UNITED STATES-EL SALVADOR-CANADA-destination X-Spam-Tests-Failed: UCEPROTECT-LEVEL2-, NOABUSE, NOPOSTMASTER, FILTER-COUNTRY [6] Harry Vanderzand NEW ADDRESS Effective Jan 24, 2008 Intown Internet 117 Ruskview Road Kitchener, ON, N2M 4S1 519-741-1222 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Harry vanderzand Sent: Monday, October 06, 2008 11:24 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] country chain I am still trying to figure this out I have the following command in my global.cfg: ROUTING spamrouting x x 6 0 Yet the following sample did not trigger it: X-Country-Chain: NIGERIA-UNITED STATES-CANADA-destination X-Spam-Tests-Failed: FILTER-COUNTRY, WEIGHT10, WEIGHT11 [11] Should there not have been another 6 points added for the path the mail took? Thank you Harry Vanderzand NEW ADDRESS Effective Jan 24, 2008 Intown Internet 117 Ruskview Road Kitchener, ON, N2M 4S1 519-741-1222 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gary Steiner Sent: Thursday, October 02, 2008 11:21 AM To: declude.junkmail@declude.com Subject: re: [Declude.JunkMail] country chain The ROUTING test was meant for this. It checks for spam that was sent through multiple countries. Another way is to add weight to individual countries using a filter and the COUNTRIES test which will fail based on a country code: COUNTRIES 10 CONTAINS CN If you wanted to get really complicated, you could create an IP4R test for each country using the blacklist at http://countries.nerd.dk/ Original Message From: Harry vanderzand [EMAIL PROTECTED] Sent: Wednesday, October 01, 2008 11:35 AM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] country chain When spam goes through several countries as in: X-Country-Chain: UNITED ARAB EMIRATES-POLAND-CANADA-destination Is there a way to add weight to mail that would have travelled this way? Harry Vanderzand NEW ADDRESS Effective Jan 24, 2008 Intown Internet 117 Ruskview Road Kitchener, ON, N2M 4S1 519-741-1222 --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] country chain
Hi, I think that counting countries is not necessarily helpful - specially if you think of other continents. In Europe, many AOL IP blocks are registered to the U.K. Knowing that an email went through two or three countries before reaching you does not really imply anything, specially for corporate emails. I also would think that, by now, spammers don't need to bother to relay through many hops any more. With zombies they have the benefit of sending mails from through just 1 or two relays. So, counting countries is likely to trap more legitimate corporate mail than today's spam. The old ROUTING test is the correct approach, in my opinion. If we're looking to add more tests, then I'm sure there are better candidates to be discussed to see if they are worth the investment in time: DomainKeys, Sniffer-API (to avoid command line calls and heap limitations), OCR, ... Best Regards, Andy -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Wednesday, October 08, 2008 9:47 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] country chain If we look at the definition of the ROUTING Test. This test will analyze the route that an E-mail takes, and look for highly inefficient routing that is very common in spam. For example, an E-mail might get caught if it is sent from a dialup in the U.S. to another account in the U.S., but is routed through a server in China, but not if it goes from a mail server in China directly to a U.S. mail server. This may occasionally produce false positives, especially if a mailing list is hosted outside of the United States. This test will probably not work well if your mail server is located outside of the United States. In other words the test is triggered if the following routing occurs: US -- CN -- US Or CN -- US -- NG -- US The other issue faced is that CANADA is part of the US IP block and this too may include EL SALVADOR which in effect is US -- US -- US which would not trigger the test. We may want to create a new test which would trigger if multiple countries are in the routing. Any thoughts would be welcome. David Barker VP Operations Declude Your Email security is our business 978.499.2933 x 7007 office 978.988.1311 fax [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Harry vanderzand Sent: Wednesday, October 08, 2008 7:03 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] country chain Anybody have any idea why the ROUTING test is not adding to my weight. Here is another sample of where the ROUTING test should have added to the score X-Country-Chain: UNITED STATES-EL SALVADOR-CANADA-destination X-Spam-Tests-Failed: UCEPROTECT-LEVEL2-, NOABUSE, NOPOSTMASTER, FILTER-COUNTRY [6] Harry Vanderzand NEW ADDRESS Effective Jan 24, 2008 Intown Internet 117 Ruskview Road Kitchener, ON, N2M 4S1 519-741-1222 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Harry vanderzand Sent: Monday, October 06, 2008 11:24 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] country chain I am still trying to figure this out I have the following command in my global.cfg: ROUTING spamrouting x x 6 0 Yet the following sample did not trigger it: X-Country-Chain: NIGERIA-UNITED STATES-CANADA-destination X-Spam-Tests-Failed: FILTER-COUNTRY, WEIGHT10, WEIGHT11 [11] Should there not have been another 6 points added for the path the mail took? Thank you Harry Vanderzand NEW ADDRESS Effective Jan 24, 2008 Intown Internet 117 Ruskview Road Kitchener, ON, N2M 4S1 519-741-1222 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gary Steiner Sent: Thursday, October 02, 2008 11:21 AM To: declude.junkmail@declude.com Subject: re: [Declude.JunkMail] country chain The ROUTING test was meant for this. It checks for spam that was sent through multiple countries. Another way is to add weight to individual countries using a filter and the COUNTRIES test which will fail based on a country code: COUNTRIES 10 CONTAINS CN If you wanted to get really complicated, you could create an IP4R test for each country using the blacklist at http://countries.nerd.dk/ Original Message From: Harry vanderzand [EMAIL PROTECTED] Sent: Wednesday, October 01, 2008 11:35 AM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] country chain When spam goes through several countries as in: X-Country-Chain: UNITED ARAB EMIRATES-POLAND-CANADA-destination Is there a way to add weight to mail that would have travelled this way? Harry Vanderzand NEW ADDRESS Effective Jan 24, 2008 Intown Internet 117 Ruskview Road Kitchener, ON, N2M 4S1 519-741-1222 --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an
RE: [Declude.JunkMail] country chain
Yup I tend to agree. Although just a quick comment. We have currently decided against domain keys as it is CPU intensive and we do not believe it adds that much value. Besides, SM supports domain keys. Sniffer API is on the development schedule right now. OCR is CPU intensive. Our main focus currently has been ensuring stability with IMail and the IMail 10 release. David Barker VP Operations Declude Your Email security is our business 978.499.2933 x 7007 office 978.988.1311 fax [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy Schmidt Sent: Wednesday, October 08, 2008 10:27 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] country chain Hi, I think that counting countries is not necessarily helpful - specially if you think of other continents. In Europe, many AOL IP blocks are registered to the U.K. Knowing that an email went through two or three countries before reaching you does not really imply anything, specially for corporate emails. I also would think that, by now, spammers don't need to bother to relay through many hops any more. With zombies they have the benefit of sending mails from through just 1 or two relays. So, counting countries is likely to trap more legitimate corporate mail than today's spam. The old ROUTING test is the correct approach, in my opinion. If we're looking to add more tests, then I'm sure there are better candidates to be discussed to see if they are worth the investment in time: DomainKeys, Sniffer-API (to avoid command line calls and heap limitations), OCR, ... Best Regards, Andy -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Wednesday, October 08, 2008 9:47 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] country chain If we look at the definition of the ROUTING Test. This test will analyze the route that an E-mail takes, and look for highly inefficient routing that is very common in spam. For example, an E-mail might get caught if it is sent from a dialup in the U.S. to another account in the U.S., but is routed through a server in China, but not if it goes from a mail server in China directly to a U.S. mail server. This may occasionally produce false positives, especially if a mailing list is hosted outside of the United States. This test will probably not work well if your mail server is located outside of the United States. In other words the test is triggered if the following routing occurs: US -- CN -- US Or CN -- US -- NG -- US The other issue faced is that CANADA is part of the US IP block and this too may include EL SALVADOR which in effect is US -- US -- US which would not trigger the test. We may want to create a new test which would trigger if multiple countries are in the routing. Any thoughts would be welcome. David Barker VP Operations Declude Your Email security is our business 978.499.2933 x 7007 office 978.988.1311 fax [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Harry vanderzand Sent: Wednesday, October 08, 2008 7:03 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] country chain Anybody have any idea why the ROUTING test is not adding to my weight. Here is another sample of where the ROUTING test should have added to the score X-Country-Chain: UNITED STATES-EL SALVADOR-CANADA-destination X-Spam-Tests-Failed: UCEPROTECT-LEVEL2-, NOABUSE, NOPOSTMASTER, FILTER-COUNTRY [6] Harry Vanderzand NEW ADDRESS Effective Jan 24, 2008 Intown Internet 117 Ruskview Road Kitchener, ON, N2M 4S1 519-741-1222 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Harry vanderzand Sent: Monday, October 06, 2008 11:24 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] country chain I am still trying to figure this out I have the following command in my global.cfg: ROUTING spamrouting x x 6 0 Yet the following sample did not trigger it: X-Country-Chain: NIGERIA-UNITED STATES-CANADA-destination X-Spam-Tests-Failed: FILTER-COUNTRY, WEIGHT10, WEIGHT11 [11] Should there not have been another 6 points added for the path the mail took? Thank you Harry Vanderzand NEW ADDRESS Effective Jan 24, 2008 Intown Internet 117 Ruskview Road Kitchener, ON, N2M 4S1 519-741-1222 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gary Steiner Sent: Thursday, October 02, 2008 11:21 AM To: declude.junkmail@declude.com Subject: re: [Declude.JunkMail] country chain The ROUTING test was meant for this. It checks for spam that was sent through multiple countries. Another way is to add weight to individual countries using a filter and the COUNTRIES test which will fail based on a country code: COUNTRIES 10 CONTAINS CN If you wanted to get really complicated, you could create an IP4R
Re: [Declude.JunkMail] country chain
Hi David, David Barker wrote: We may want to create a new test which would trigger if multiple countries are in the routing. Any thoughts would be welcome. I do not think it would add much value For example I have a Russian company that send all their email via Hong Kong. I suspect there are many other instances where it is normal for email to pass through multiple countries.. -Nick David Barker VP Operations Declude Your Email security is our business 978.499.2933 x 7007 office 978.988.1311 fax [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Harry vanderzand Sent: Wednesday, October 08, 2008 7:03 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] country chain Anybody have any idea why the ROUTING test is not adding to my weight. Here is another sample of where the ROUTING test should have added to the score X-Country-Chain: UNITED STATES-EL SALVADOR-CANADA-destination X-Spam-Tests-Failed: UCEPROTECT-LEVEL2-, NOABUSE, NOPOSTMASTER, FILTER-COUNTRY [6] Harry Vanderzand NEW ADDRESS Effective Jan 24, 2008 Intown Internet 117 Ruskview Road Kitchener, ON, N2M 4S1 519-741-1222 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Harry vanderzand Sent: Monday, October 06, 2008 11:24 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] country chain I am still trying to figure this out I have the following command in my global.cfg: ROUTING spamrouting x x 6 0 Yet the following sample did not trigger it: X-Country-Chain: NIGERIA-UNITED STATES-CANADA-destination X-Spam-Tests-Failed: FILTER-COUNTRY, WEIGHT10, WEIGHT11 [11] Should there not have been another 6 points added for the path the mail took? Thank you Harry Vanderzand NEW ADDRESS Effective Jan 24, 2008 Intown Internet 117 Ruskview Road Kitchener, ON, N2M 4S1 519-741-1222 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gary Steiner Sent: Thursday, October 02, 2008 11:21 AM To: declude.junkmail@declude.com Subject: re: [Declude.JunkMail] country chain The ROUTING test was meant for this. It checks for spam that was sent through multiple countries. Another way is to add weight to individual countries using a filter and the COUNTRIES test which will fail based on a country code: COUNTRIES 10 CONTAINS CN If you wanted to get really complicated, you could create an IP4R test for each country using the blacklist at http://countries.nerd.dk/ Original Message From: Harry vanderzand [EMAIL PROTECTED] Sent: Wednesday, October 01, 2008 11:35 AM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] country chain When spam goes through several countries as in: X-Country-Chain: UNITED ARAB EMIRATES-POLAND-CANADA-destination Is there a way to add weight to mail that would have travelled this way? Harry Vanderzand NEW ADDRESS Effective Jan 24, 2008 Intown Internet 117 Ruskview Road Kitchener, ON, N2M 4S1 519-741-1222 --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] DNS Changes
The diags.txt file is created as infomation whent he declude proc service is restarted. One thign you need to check is do you have a DNSOVERRIDE set in your declude.cfg file? Declude by default (as long as there is no DNSOVERRIDE) will use the IP of the DNS server in Imail Admin interface. Darrell -- Check out http://www.invariantsystems.com for utilities for Declude, Imail, mxGuard, and ORF. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. Todd Richards wrote: Hi everyone - I moved my primary internal DNS server to a new location last night (seeing up another site in the WAN), and had planned on using the other DNS servers. However, since moving it my spam has been high. I changed the DNS to the other server in the diags.txt, and the invURIBL.exe.config (for invURIBL). That helped, but am still getting some more that I don't normally get. I just realized that there was a setting in IMail Admin too, so that just got changed. Anything else that you can think of that I need to check/change? Also, regarding the diags.txt and the invURIBL config files, is it possible to set more than one DNS server? Thanks! Todd --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. -- --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] DNS Changes
Hi Darrell - I do not have a DNSOVERRIDE in my declude.cfg file. I did change the DNS in the IMail Admin panel (under SMTP) to reflect my two new local DNS servers. Again, this will change as soon as I move my mail server to its new home. So at that point, I will need to make DNS changes again. Knowing this - what really is best practice? And with invURIBL, I modified its config file to use the local primary DNS server. Is that best? Todd -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darrell ([EMAIL PROTECTED]) Sent: Wednesday, October 08, 2008 9:32 AM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] DNS Changes The diags.txt file is created as infomation whent he declude proc service is restarted. One thign you need to check is do you have a DNSOVERRIDE set in your declude.cfg file? Declude by default (as long as there is no DNSOVERRIDE) will use the IP of the DNS server in Imail Admin interface. Darrell -- Check out http://www.invariantsystems.com for utilities for Declude, Imail, mxGuard, and ORF. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. Todd Richards wrote: Hi everyone - I moved my primary internal DNS server to a new location last night (seeing up another site in the WAN), and had planned on using the other DNS servers. However, since moving it my spam has been high. I changed the DNS to the other server in the diags.txt, and the invURIBL.exe.config (for invURIBL). That helped, but am still getting some more that I don't normally get. I just realized that there was a setting in IMail Admin too, so that just got changed. Anything else that you can think of that I need to check/change? Also, regarding the diags.txt and the invURIBL config files, is it possible to set more than one DNS server? Thanks! Todd --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. -- --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] DNS Changes
Is there any documentation for DNSOVERRIDE? It doesn't seem to be mentioned on the Declude web site. The only reference I could find to it is http://www.mail-archive.com/declude.junkmail@declude.com/msg24658.html Gary Original Message From: Darrell ([EMAIL PROTECTED]) [EMAIL PROTECTED] Sent: Wednesday, October 08, 2008 8:14 AM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] DNS Changes The diags.txt file is created as infomation whent he declude proc service is restarted. One thign you need to check is do you have a DNSOVERRIDE set in your declude.cfg file? Declude by default (as long as there is no DNSOVERRIDE) will use the IP of the DNS server in Imail Admin interface. Darrell -- Check out http://www.invariantsystems.com for utilities for Declude, Imail, mxGuard, and ORF. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. Todd Richards wrote: Hi everyone - I moved my primary internal DNS server to a new location last night (seeing up another site in the WAN), and had planned on using the other DNS servers. However, since moving it my spam has been high. I changed the DNS to the other server in the diags.txt, and the invURIBL.exe.config (for invURIBL). That helped, but am still getting some more that I don't normally get. I just realized that there was a setting in IMail Admin too, so that just got changed. Anything else that you can think of that I need to check/change? Also, regarding the diags.txt and the invURIBL config files, is it possible to set more than one DNS server? Thanks! Todd --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. -- --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] DNS Changes
DNSSOVERIDE was only really applicable to Declude version 2.0 David B -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gary Steiner Sent: Wednesday, October 08, 2008 11:26 AM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] DNS Changes Is there any documentation for DNSOVERRIDE? It doesn't seem to be mentioned on the Declude web site. The only reference I could find to it is http://www.mail-archive.com/declude.junkmail@declude.com/msg24658.html Gary Original Message From: Darrell ([EMAIL PROTECTED]) [EMAIL PROTECTED] Sent: Wednesday, October 08, 2008 8:14 AM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] DNS Changes The diags.txt file is created as infomation whent he declude proc service is restarted. One thign you need to check is do you have a DNSOVERRIDE set in your declude.cfg file? Declude by default (as long as there is no DNSOVERRIDE) will use the IP of the DNS server in Imail Admin interface. Darrell -- Check out http://www.invariantsystems.com for utilities for Declude, Imail, mxGuard, and ORF. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. Todd Richards wrote: Hi everyone - I moved my primary internal DNS server to a new location last night (seeing up another site in the WAN), and had planned on using the other DNS servers. However, since moving it my spam has been high. I changed the DNS to the other server in the diags.txt, and the invURIBL.exe.config (for invURIBL). That helped, but am still getting some more that I don't normally get. I just realized that there was a setting in IMail Admin too, so that just got changed. Anything else that you can think of that I need to check/change? Also, regarding the diags.txt and the invURIBL config files, is it possible to set more than one DNS server? Thanks! Todd --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. -- --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[2]: [Declude.JunkMail] DNS Changes
Also, we suggest that you use the following DNS server with Declude 208.67.220.220. This is an OpenDNS server and it is extremely reliable. Sorry to be meddlesome, but recommending that a single, remote, uncontrolled DNS server always be used for Declude's RBL lookups kinda flies in the face of best practices. The very reason people run their own recursive DNS servers is to increase performance, and in 2008, if you can't install and support one of the several high-performance DNS servers out there (Simple DNS, PowerDNS, BIND, MS DNS) for recursive use only, chances are you should be outsourcing your anti-spam measures as well. From experience, I'm sure Todd has the skills to support his own DNS, so it seems defeatist to suggest he do otherwise after this migration period. --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/ --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
re: Re[2]: [Declude.JunkMail] DNS Changes
Sandy, we suggest that you use the one that we recommend because 95% of issues with declude are related to in-house DNS servers not working to do recursive lookups correctly causing problems for our customers. I'm sure Todd has the skills to support his own DNS server as well, but that has nothing to do with why we suggest to use ours. We have seen the problem with in-house DNS servers so many times that we thought it would be a good idea to provide a suggestion to our customers. From: Sanford Whiteman [EMAIL PROTECTED] Sent: Wednesday, October 08, 2008 5:06 PM To: Linda Pagillo declude.junkmail@declude.com Subject: Re[2]: [Declude.JunkMail] DNS Changes Also, we suggest that you use the following DNS server with Declude 208.67.220.220. This is an OpenDNS server and it is extremely reliable. Sorry to be meddlesome, but recommending that a single, remote, uncontrolled DNS server always be used for Declude's RBL lookups kinda flies in the face of best practices. The very reason people run their own recursive DNS servers is to increase performance, and in 2008, if you can't install and support one of the several high-performance DNS servers out there (Simple DNS, PowerDNS, BIND, MS DNS) for recursive use only, chances are you should be outsourcing your anti-spam measures as well. From experience, I'm sure Todd has the skills to support his own DNS, so it seems defeatist to suggest he do otherwise after this migration period. --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/ --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: Re[2]: [Declude.JunkMail] DNS Changes
I would have to agree with sandy. I use Open DNS at home as an extra step to keep my kids off of unwanted web site, I also use other measures. Two week ago we had no DNS services for an hour from OpenDNS. This would definitely cause issues with a mail server. I would place a CACHIND DNS software on the local machine. We use BIND and do not have a single problem with it. It runs solid. We are on W2k SmarterMail. Kevin Bilbee From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Linda Pagillo Sent: Wednesday, October 08, 2008 2:30 PM To: declude.junkmail@declude.com Subject: re: Re[2]: [Declude.JunkMail] DNS Changes Sandy, we suggest that you use the one that we recommend because 95% of issues with declude are related to in-house DNS servers not working to do recursive lookups correctly causing problems for our customers. I'm sure Todd has the skills to support his own DNS server as well, but that has nothing to do with why we suggest to use ours. We have seen the problem with in-house DNS servers so many times that we thought it would be a good idea to provide a suggestion to our customers. _ From: Sanford Whiteman [EMAIL PROTECTED] Sent: Wednesday, October 08, 2008 5:06 PM To: Linda Pagillo declude.junkmail@declude.com Subject: Re[2]: [Declude.JunkMail] DNS Changes Also, we suggest that you use the following DNS server with Declude 208.67.220.220. This is an OpenDNS server and it is extremely reliable. Sorry to be meddlesome, but recommending that a single, remote, uncontrolled DNS server always be used for Declude's RBL lookups kinda flies in the face of best practices. The very reason people run their own recursive DNS servers is to increase performance, and in 2008, if you can't install and support one of the several high-performance DNS servers out there (Simple DNS, PowerDNS, BIND, MS DNS) for recursive use only, chances are you should be outsourcing your anti-spam measures as well. From experience, I'm sure Todd has the skills to support his own DNS, so it seems defeatist to suggest he do otherwise after this migration period. --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release / Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/downloa d/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/re lease/ --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: Re[2]: [Declude.JunkMail] DNS Changes
Kevin, in our experience, the two OpenDNS servers (208.67.220.220 and 208.67.222.222) that we suggest be used with Declude, work wonderfully and the uptime is excellent. Like i said earlier, we here in support see a lot of problems from our customer's in-house DNS servers failing to do recursive lookups. Giving our customers the suggestion and the option to use the OpenDNS server(s) is exactly that, a suggestion and an option. You can use any DNS server that does recursive lookups. The problem is, most of the people we come across on a daily basis do not have recursive lookup option set up on their local DNS servers. From: Kevin Bilbee [EMAIL PROTECTED] Sent: Wednesday, October 08, 2008 7:06 PM To: declude.junkmail@declude.com Subject: RE: Re[2]: [Declude.JunkMail] DNS Changes I would have to agree with sandy. I use Open DNS at home as an extra step to keep my kids off of unwanted web site, I also use other measures. Two week ago we had no DNS services for an hour from OpenDNS. This would definitely cause issues with a mail server. I would place a CACHIND DNS software on the local machine. We use BIND and do not have a single problem with it. It runs solid. We are on W2k SmarterMail. Kevin Bilbee From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Linda Pagillo Sent: Wednesday, October 08, 2008 2:30 PM To: declude.junkmail@declude.com Subject: re: Re[2]: [Declude.JunkMail] DNS Changes Sandy, we suggest that you use the one that we recommend because 95% of issues with declude are related to in-house DNS servers not working to do recursive lookups correctly causing problems for our customers. I'm sure Todd has the skills to support his own DNS server as well, but that has nothing to do with why we suggest to use ours. We have seen the problem with in-house DNS servers so many times that we thought it would be a good idea to provide a suggestion to our customers. From: Sanford Whiteman [EMAIL PROTECTED] Sent: Wednesday, October 08, 2008 5:06 PM To: Linda Pagillo declude.junkmail@declude.com Subject: Re[2]: [Declude.JunkMail] DNS Changes Also, we suggest that you use the following DNS server with Declude 208.67.220.220. This is an OpenDNS server and it is extremely reliable. Sorry to be meddlesome, but recommending that a single, remote, uncontrolled DNS server always be used for Declude's RBL lookups kinda flies in the face of best practices. The very reason people run their own recursive DNS servers is to increase performance, and in 2008, if you can't install and support one of the several high-performance DNS servers out there (Simple DNS, PowerDNS, BIND, MS DNS) for recursive use only, chances are you should be outsourcing your anti-spam measures as well. From experience, I'm sure Todd has the skills to support his own DNS, so it seems defeatist to suggest he do otherwise after this migration period. --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/ --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[4]: [Declude.JunkMail] DNS Changes
Kevin, in our experience, the two OpenDNS servers (208.67.220.220 and 208.67.222.222) that we suggest be used with Declude, work wonderfully and the uptime is excellent. Uptime should be 100% on DNS servers. It's 2008! This should not even be a consideration. No matter how wonderfully they work, a high-traffic mail server will _always_ be slowed down by using DNS servers over a WAN. Like i said earlier, we here in support see a lot of problems from our customer's in-house DNS servers failing to do recursive lookups. Well... anyone running a help desk for an otherwise stable product/environment sees the majority of questions for stupid stuff that is not your fault. Does that mean that corporate help desks, which are constantly saddled with password resets and access requests, should just tell users to share the same user account + password? (Some do: bad ones.) Giving our customers the suggestion and the option to use the OpenDNS server(s) is exactly that, a suggestion and an option. Actually, what you said was I suggest always using 208.67.220.220 because you will never have to rely on your internal DNS -- that is not an idle option but a pretty firm prescription from the company. Guess it depends on whether suggest beats always or vice versa. You can use any DNS server that does recursive lookups. The problem is, most of the people we come across on a daily basis do not have recursive lookup option set up on their local DNS servers. All companies either have an internal recursive DNS server (maybe they don't know its IP?) or already use their ISPs DNS or some other remote DNS service like OpenDNS. Are you talking about people who have a DNS server running on localhost, but not a recursive server, and have deliberately set Declude to use this server instead of the fully functioning one they must have in order to send mail? G-d help us if these people are blithely switching to OpenDNS instead of taking their DNS illiteracy seriously! I would submit that you are both (a) doing your own product a disservice by hampering its performance AND (b) doing your client a disservice by treating their management like It's okay that your IT person doesn't know how to configure/locate the simplest possible DNS setup, he/she can still be a responsible mail admin. This may be a good way to grab more Declude users who would otherwise outsource all of their anti-spam, but it is unethical to suggest that anyone so unqualified should be in charge of their company's anti-spam defenses. Sorry if anyone's feelings are hurt by that. You may have lots of other skills we mail people don't. But if you don't know DNS, you don't know SMTP. And if you don't know SMTP, you don't know e-mail. Why not just post/reprint some articles on your site about setting up recursion (presumably in MS DNS) and point them there? Or put together a HOWTO for PowerDNS or BIND, both free? It is so ridiculously easy that I shudder to imagine are people trying to make use of such a techies' product as Declude (sorry, it is, I've been using it since 1.x) who can't handle this. --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/ --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.