> You said "At the moment I'm already over this limit" -- > because you have 21 IPBYPASS entries. My comment was that > because you have more than 20 entries, some of them will not > be used by Declude JunkMail. It will only use 20 of them.
And if I discover other MTAs in this two IP blocks I would need much more then 21 entries...
Remember, though, that those MTAs aren't your mailservers. The IPBYPASS option was created for IPs of your own gateway/backup mailservers. The HOPHIGH option was designed for scanning IPs on multiple hops.
What you are doing here goes beyond the scope of what Declude JunkMail features were designed to do. Declude is very flexible, but does have limitations. We aren't yet aware of anyone with a total of 20 or more backup/gateway mailservers. :)
> >But if I whitelist an IP or IP-range wouldn't this whitelist the > >message generally and avoid that other spam-tests are able > to catch the spam? > > Correct.
It's tecnical so difficult to change this IPBYPASS handling from fixed 20 to something else?
It is not very difficult. But it is difficult (costly, to be more precise, in terms of making very careful changes to the code and determining performance changes) to change it to an unlimited number of entries. So we need to decide how important such a change is, the maximum value we can see our customers using in the near future, and the effect of any extra memory allocation.
What happens here is that if we say "OK, this is a good use of the IPBYPASS feature", there are going to be people who use it like whitelisting, and want to enter hundreds or thousands of IPs.
> One other option might be to use "HOPHIGH 1", which will scan > an extra hop for all E-mail. Then, the negative weighting > for their IP will help the E-mail, but if the next IP is > "bad", then the E-mail will be more likely to get caught.
I use already a hophigh=1
Then if you do not use the IPBYPASS option, and an E-mail comes from one of those IPs, Declude JunkMail will still scan the next hop (which is what you are getting with IPBYPASS).
So I am not sure what IPBYPASS is accomplishing here. In this case, with HOPHIGH 1, it will scan an extra hop -- but that probably will not accomplish much. That would only have an effect if the ISP gets an E-mail from a "good" IP, which got the E-mail from a "bad" IP. That should be quite rare.
It's simple to whitelist all messages from this IPs but an intelligent solution that allows to bypass entire IP ranges would by much better.
Perhaps a filter that checks the reverse DNS entry, such as "REVDNS -10 CONTAINS .example.com"?
-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection.
Find out what you've been missing: Ask about our free 30-day evaluation.
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
