All three tests are not shown in the log. Here's an example: DUL+RSS 08/02/2002 23:11:32 Q57e0136 DSBLLIST:5 DSBLUNCONF:1 NJABL:5 OSRELAY:5 DSN:3 NOPOSTMASTER:1 NOABUSE:2 HEUR10:5 REVDNS:4 . Total weight = 31 08/02/2002 23:11:32 Q57e0136 Msg failed DUL+RSS (This E-mail came from 211.230.139.2, a potential spam source listed in DUL+RSS.). 08/02/2002 23:11:32 Q57e0136 Msg failed DSBLLIST (http://dsbl.org/listing.php?211.230.139.2). 08/02/2002 23:11:32 Q57e0136 Msg failed DSBLUNCONF (http://dsbl.org/listing.php?211.230.139.2). 08/02/2002 23:11:32 Q57e0136 Msg failed NJABL (relay tested -- 1009026061). 08/02/2002 23:11:32 Q57e0136 Msg failed ORDB (This mail was handled by an open relay - please visit <http://ORDB.org/lookup/?host=211.230.139.2>). 08/02/2002 23:11:32 Q57e0136 Msg failed OSRELAY (This entry was last confirmed open on 12/25/2001). 08/02/2002 23:11:32 Q57e0136 Msg failed RSL (Mail from 211.230.139.2 refused -- see http://relays.visi.com/nph-l?211.230.139.2). 08/02/2002 23:11:32 Q57e0136 Msg failed SPAMCOP (Blocked - see http://spamcop.net/bl.shtml?211.90.149.26). 08/02/2002 23:11:32 Q57e0136 Msg failed DSN (Not supporting null originator (DSN)). 08/02/2002 23:11:32 Q57e0136 Msg failed NOPOSTMASTER (Not supporting postmaster@domain). 08/02/2002 23:11:32 Q57e0136 Msg failed NOABUSE (Not supporting abuse@domain). 08/02/2002 23:11:32 Q57e0136 Msg failed HEUR10 (Heuristic spam detection level 10 [0.999999]). 08/02/2002 23:11:32 Q57e0136 Msg failed REVDNS (This E-mail was sent from a MUA/MTA 211.230.139.2 with no reverse DNS entry.). 08/02/2002 23:11:32 Q57e0136 Msg failed WEIGHT10 (Weight of 31 reaches or exceeds the limit of 10.). 08/02/2002 23:11:32 Q57e0136 Msg failed BLACKIP ( # CN 211.80.0.0/12 ). 08/02/2002 23:11:32 Q57e0136 Msg failed BLACKSENDER (). 08/02/2002 23:11:32 Q57e0136 Subject: Save 80% off inkjet cartridges 08/02/2002 23:11:32 Q57e0136 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED]
I guess Deculde nailed that SPAM sucker pretty good :-) I searched Declude logs from 7/1 - today and did NOT find failed tests for: RBL+DUL, RBL+RSS and MAPSALL. There were failed tests for: RBL, DUL, RSS & DUL+RSS. The reason I'm going down this path is that the MAPSALL (RBL+ Service) test is suppose to include all three databases, so that only one (as opposed to 7) lookups is required. However, since there is no log entry for MAPSALL, I am hesitant to Remark out all of the other tests. Below is the most current info I can find on the MAPS site, with respect to what is returned. It is an excerpt from their contract: "1. Direct inquiry via DNS The most simple and commonly used method for accessing databases such as RBL+SM is via DNS inquiry. DNS inquiry support is built into a growing number of e-mail server applications. For those who wish to develop their own DNS inquiry process, the methodology is as follows: Given a known host IP address in "dotted quad" form, subscriber should reverse the octets and check for the existence of an "A" record at that node within the rbl-plus.mail-abuse.org zone. For example, if the IP address was 192.5.5.1, subscriber would look up 1.5.5.192.rbl-plus.mail-abuse. org. If the IP address in question is on the RBL+SM list, there will be a response in the 127/8 range. If an "A" record is found, there will also be a corresponding "TXT" record containing a URL with more information explaining why that specific IP address has been listed. (MAPS SM suggests, but does not require, that the contents of this "TXT" record be included in e-mail non-delivery or error messages, should such be generated by SUBSCRIBER." All contracts say essentially the same thing, with the exception of what is queried: RBL - blackholes.mail-abuse.org DUL - dialups.mail-abuse.org RSS - relays.mail-abuse.org. RBL+ - rbl-plus.mail-abuse.org It looks like the Declude config file only queries rbl-plus.mail-abuse.org, but does it seven times in order to repor exactly why it failed. How can I test to make sure MAPSALL will work, so I can remark out the other six tests? Thanks, Saturday, August 3, 2002, 12:21:21 PM, R. Scott Perry <[EMAIL PROTECTED]> wrote: >>I have the log set to Mid and all of the RBL+ tests configured the >>same as your sample congif file, i.e. >>RBL >>DUL >>RBL+DUL >>etc. >> >>The tests run in order of appearance (RBL, then DUL, etc.) right? RSP> Correct. >>If an e-mail fails RBL, DUL and RBL+DUL, would all three of them >>appear in the log as failed tests? RSP> Yes. >>Looking at the MAPS site (actually at the contracts) it says that if >>the IP is on the list, they will respond in the 127/8 raange. Is it >>possible to configure for this range instead of an explicit IP like >>127.1.0.0.2? RSP> Well, it sounds like MAPS is trying to be prepared in case they make RSP> changes later. Declude doesn't allow for IP ranges in the return codes, RSP> but there is a "catchall" of "*" that would work with any return code. RSP> Is MAPS saying what would cause a result in the 127/8 range? I'm not sure RSP> you would even want to test on 127/8 if you don't know what they will be RSP> doing with those IPs. That's similar to just using one of the free spam RSP> tests without checking to see what is does; if you are not careful, you'll RSP> get a lot of E-mail blocked. RSP> -Scott RSP> --- RSP> [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] RSP> --- RSP> This E-mail came from the Declude.JunkMail mailing list. To RSP> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and RSP> type "unsubscribe Declude.JunkMail". The archives can be found RSP> at http://www.mail-archive.com. ---- Don Brown - Dallas, Texas USA Internet Concepts, Inc. [EMAIL PROTECTED] http://www.inetconcepts.net PGP Key ID: 04C99A55 (972) 788-2364 Fax: (972) 788-5049 Providing Internet Solutions Worldwide - An eDataWeb Affiliate ---- --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
