Title: Message
I have some other numbers. For example
SORBS-HTTP
Yesterday it has had the correct result for 7% of the
processed messages (776 of 11161 messages)
But it has also had a positive (wrong) result for 17 legit
messages. (so one of this messages was slightly above our hold
Title: RE: Syntax for spf
---
To use the new SPF test, you can add lines such as:
SPFPASS spf pass x -5 0
SPFFAIL spf fail x 8 0
to your global.cfg file. SPF returns PASS for E-mail that passes SPF (that comes from an IP that is acceptable to the owner of the domani that it claims to
Markus,
Their open relay tests, SORBS-HTTP, SORBS-SOCKS and SORBS-SMTP can all
hit on the same message for the same exploit causing a triple hit and
therefore it is best to combo these tests with a custom filter.
Throwing in SORBS-MISC into this mix might also be a good idea.
The problem
sigh
This is legit, coming from my own mailserver, and it failed the SPF test.
Obviously something is not correct here.
Any suggestions?
I have used the wizard on the pobox site and pasted the text string into a
text record in my DNS.
I've had to disable the test for now as all my legit mail
SPFPASS spf passx -5 0 SPFFAIL
spf failx 8 0
I've just added the above lines to my global config. After checking the
Declude log, I see no indication that Declude is performing this test.
What am I missing?
You'll only see E-mails pass or fail if they
This is legit, coming from my own mailserver, and it failed the SPF test.
Obviously something is not correct here.
Any suggestions?
I have used the wizard on the pobox site and pasted the text string into a
text record in my DNS.
The problem is that your SPF record (v=spf1 a mx ptr -all) doesn't
Title: Message
Hi,
Using
a filter, I combinethe different blacklists from various sources into
distinct groups:
Proxies
Open-Relay
DUL/DUHL
Each
group has a weight assigned. This way, I can use the combined know-how of
multiple sources whether an IP is a Proxy and/or an open-relay and/or
I believe that both CMDSPACE and SPF are inappropriate tests to score
unless you can whitelist your own local users that connect directly to
your server to send E-mail. If you have IMail 7 and your users are on
IP space that you don't control, you are out of luck, but if you have
either IMail
The problem is that your SPF record (v=spf1 a mx ptr -all) doesn't list
IPs that your users may be connecting to your mailserver from.
The problem may also be that ID 10 T error and I never listed the IP of my
firewall, which uses an SMTP proxy. (Len is laughing if he is reading this)
In
Ok..
Does this mean things are working now?
I just ran the test on Scott's website...
SPF lookup of sender [EMAIL PROTECTED] from IP 24.73.160.162:
SPF string used: v=spf1 ip4:24.73.160.162 a mx ptr -all.
Processing SPF string: v=spf1 ip4:24.73.160.162 a mx ptr -all.
Testing
I lowered the weight of the spf fail weight to 1 (warn in headers) to test
this internally.
My internal IPs are still failing the spf test.
How do I go about whitelisting 5 subnets of internal IP addresses with IMAIL
7.15?
It's probably not a bad idea anyway, if it's possible, as everything
Sharyn Schmidt wrote:
I control all the IPS my users are on, it's a local LAN...192.168.x.x (there
are 5 different subnets) but my mail server is on a DMZ off the firewall,
and I have an smtp proxy enabled. This would indicate that in reality, it's
the IP address of the firewall that is actually
John,
Thanks for the email this helped to find the problem. Your emails were
being zapped because it was failing a mailfrom test (which right now I
have no idea why it failed the mailfrom test because your address is not
even listed in the file.)
06/29/2004 15:17:09 Qc01a098 SPammers:100
Any chance of getting an option to run an external test last after the filters?
I have some tests that I want to run first.
Maybe externallast?
I was brainstorming that if I had an external test to run the troublemaker e-mails
that don't score high or low (4% of total e-mail) through the
Any chance of getting an option to run an external test last after the
filters?
I have some tests that I want to run first.
Maybe externallast?
It's something we will look into, but I'm guessing that we won't be able to
add such a feature in the near future.
I use sorbs-http with a last hop and a all hop configuartion.
For June, the -ALL hit on 48 non-spam e-mails
the -LAST hit on 27 non-spam e-mails.
SORBS-HTTP-LAST dnsbl %IP4R%.dnsbl.sorbs.net 127.0.0.2 0
0
SORBS-HTTP-ALL ip4rdnsbl.sorbs.net
To put numbers behind Scott's statement.
For June 1% of all e-mail triggered SPFPASS
and 1.4% of all e-mail triggered SPFFAIL
To confuse the issue somewhat:
26% of the e-mail that triggered SPFPASS was classified as SPAM
3% of the e-mail that triggered SPFFAIL was classified as SPAM
Scott Fisher
Chances are that you need to IPBYPASS the firewall's IP in your
global.cfg and then whitelist your LAN by it's IP space.
Do I have to list each individual address separately (will put it at over
200 addresses so this won't work) or can I use a /24 notation for each
subnet block?
Sharyn
We
This brings up a good point, if I client is located in another part of the
US and we have no way to know what IP Address they might be using. How can
this be setup? For example, our server has around 16 IP's, 12.177.8.48 to
12.177.8.63, but we have clients that will not be connected within this
This brings up a good point, if I client is located in another part of the
US and we have no way to know what IP Address they might be using. How can
this be setup? For example, our server has around 16 IP's, 12.177.8.48 to
12.177.8.63, but we have clients that will not be connected within this
Figures we would have to upgrade. We are at 7.1x as it has been very
stable. Not sure we want to upgrade to problems.
If someone sends an email and it shows up on our server as a 64. address.
What about when the message is delivered to someone at AOL? Will it also
see the 64. address,
CIDR ranges do work. I believe the manual contains examples of this.
For example:
IPBYPASS24.73.160.162
WHITELISTIP 192.168.0.1/24
Just to be clear on the conditions present, the whitelisting won't work
if you have users that connect directly (or through your
http://www.msnbc.msn.com/id/5326107/
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail. The archives can
If someone sends an email and it shows up on our server as a 64. address.
What about when the message is delivered to someone at AOL? Will it also
see the 64. address, therefore fail the SPF test on their end also?
No. AOL will only see the IP address of your server, and use that for
We are pleased to announce that DLAnalyzer 3.0 is now available. With
version 3.0 we are introducing a Lite version that is FREE.
To download DLAnalyzer 3.0, please visit:
http://www.invariantsystems.com/
New Features In DLAnalyzer 3.0
* Last Action Summary Report
* Test Breakdown Summary
Sorry to butt in on this one...Yes, SPF would fail on other systems as
well in that situation.
If the client connects directly to AOL, SPF would fail. But if it is sent
through the mailserver, it should not fail.
As far as I can tell, SPF-PASS is not useful because there is nothing
stopping
I'm Sorry if this is a question that's already been answered (I couldn't
find anything in the archives). If an email is tagged as SPAM in Declude
Junkmail, is it still entered in IMail's log file (log.txt)as being
received? Does IMail get the email and pass it to Declude, or does Declude
R. Scott Perry wrote:
In this case, what you should do is use v=spf1 mx ?all. That says
If the E-mail is coming from an IP in our MX record, we authorize
it. If it is coming from any other IP, we can't say whether or not it
is legitimate -- treat it the same as if we have no SPF record.
In
I agree that SPF is not very useful in the situation Matt outlined. We're
in the same boat with users that may use their ISP or us to send mail from
their domain. While SPF attempts to handle it through a switch that
references other providers' SPF records, It's just not practical to list all
I'm Sorry if this is a question that's already been answered (I couldn't
find anything in the archives). If an email is tagged as SPAM in Declude
Junkmail, is it still entered in IMail's log file (log.txt)as being
received? Does IMail get the email and pass it to Declude, or does Declude
The docs say a in the filename used with LOGFILE will be replaced
with the month and day. Is there a way to get the year -- four
(preferred) or two digit -- included?
TIA,
Rod
--
Roderick A. Anderson
Technology Services Management Group
http://www.technologyservicesmanagementgroup.com/
The docs say a in the filename used with LOGFILE will be replaced
with the month and day. Is there a way to get the year -- four
(preferred) or two digit -- included?
You could use something like:
LOGFILE spool\dec2004.log
That way, you'd only have to remember to change
The docs say a in the filename used with LOGFILE will be replaced
with the month and day. Is there a way to get the year -- four
(preferred) or two digit -- included?
Unfortunately, there is no way to get the year in there. Although if you
are creative, it might be possible to use a batch
The docs say a in the filename used with LOGFILE will be replaced
with the month and day. Is there a way to get the year -- four
(preferred) or two digit -- included?
You could use something like:
LOGFILE spool\dec2004.log
But then he would have to remember to
You could use something like:
LOGFILE spool\dec2004.log
I was hoping to avoid a kludge like this. Coming from a UNIX background
I don't like to manually do tasks that should be automatic (or
automagical :-) and easy.
I'm getting pretty good at writing scripts that run from
Having done this (rename, move, zip) the Declude logfiles the tricky part is
dealing with the rollover of the logfile at midnight and at the end each month.
Stu
At 04:10 PM 06/30/2004 -0700, you wrote:
You could use something like:
LOGFILE spool\dec2004.log
I was hoping to
36 matches
Mail list logo
