One other very important note. You need to be using IMail 8, WHITELIST AUTH with Declude 1.76b and make sure that all the mail clients are configured to use SMTP AUTH, otherwise intra-server E-mail is going to get tagged. I can't use this in it's present form because I'm using IMail 7 :(
Am I missing something?
Matt
Bill Landry wrote:
This test is very effective at flagging or blocking spam from mail hosts that attempt to connect to your mail server and announce your own hostnames or IP addresses to it in their HELO string, especially if your IMail/Declude server is directly sending and receiving mail from the Internet (less functional, but still works if relaying via mail gateway to IMail/Declude). This filter looks for the bogus HELO info in the headers. In my testing, 100% of the messages delivered by these mail hosts is spam.
Think about it, why would any other legitimate mail server out there attempt to connect to your mail server announcing your own hostname or IP address in its HELO string? The answer is, it wouldn't. Anyway, here is the test I use to detect these.
In global.cfg: FORGEDHELO-FILTER filter M:\IMail\Declude\ForgedHelo-Filter.txt x 7 0
In ForgedHelo-Filter.txt file: ===== # In case you have mail gateways, deduct equal weight for these hosts HELO -7 ENDSWITH gw1.yourdomain.com HELO -7 ENDSWITH gw2.yourdomain.com
# Remote mail hosts connecting and announcing your IP addresses HELO 0 CONTAINS xxx.xxx.xxx. HELO 0 CONTAINS xxx.xxx.xxx.
# Remote mail hosts connection and announcing your hostnames HELO 0 ENDSWITH your-host.com HELO 0 ENDSWITH your-host.net HELO 0 ENDSWITH cust-host.com HELO 0 ENDSWITH cust-host.net =====
If you are not already running a test like this, try it out. I think you will find that it will flag lots of spam.
Bill
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
