This wasn't a bug or a larger issue of Declude trust based upon the 'from Address.' There was no choice but to skip DUL/DYNA/DUHL tests (which were the only ones skipped) when the 'from address' was spoofed as a local address. Imail 8 and WHITELIST AUTH help, but they don't solve this issue, either.
Imail 8 can still be configured where the Client is NOT required to Auth in order to send. One example of that is 'Relay for Addresses.' So, if we have IPs on a DUL/DYNA/DUHL list, are using anything but 'No Mail Relay' in Imail 8 and we run a DYNA/DUL/DUHL test on the first hop, we will definitely tag our own customers. So, the way I see it, running DYNA/DUL/DUHL tests on the first hop of ALL mail, is only safe for those folks who: (1) are sure that none of their IP addresses are on any DYNA/DUL/DUHL list (and will never be on one) -OR- (2) run Imail 8, have it configured for 'No Mail Relay' and have WHITELIST AUTH specified in the Declude's Global.cfg. Then, in either cases, scanning the first hop is a simple matter of changing the test name to eliminate the reserved string of DUL, DYNA or DUHL and using the hack which Matt found. For instance: Change this: NJABL-DUL ip4r dnsbl.njabl.org 127.0.0.3 10 0 To this: NJABL-HOP1 dnsbl %IP4R%.dnsbl.njabl.org 127.0.0.3 10 0 I don't think a switch in Declude is really needed. Thanks, Saturday, May 15, 2004, 10:01:11 AM, Matt <[EMAIL PROTECTED]> wrote: M> Andy, M> It's only been a matter of months since a realistic work around M> wasavailable for most users (using WHITELIST AUTH). To the best of M> myknowledge, I'm the only one of us that has said anything about it M> onthis list (first time in March, but of course I could be wrong). M> LikeI indicated though, there is a way to fix the problem using the M> dnsbltrick, and it works immediately. I would however like to see M> a switchgiven also, but this seems more like a convenience if you M> useDUL/DYNA/DUHL the way that they were meant to be used in the M> firstplace (which I was not), but still, it only means some extra M> lookups. M> Matt M> Andy Schmidt wrote: M> Thanks - ouch. M> M> I'd say that's a bug in design. M> M> Since AUTH is supported in Imail 8 and sinceothers may not M> allow local users to send through their Imail server (myoutbound is M> going through IIS SMTP with SMTP AUTH), there should be ATLEAST a M> config option to turn this "spam me by faking sender" featureoff! M> Best Regards M> Andy Schmidt M> Phone: +1 201 934-3414 x20(Business) M> Fax: +1 201 934-9206 M> -----Original Message----- M> M> From:[EMAIL PROTECTED]:[EMAIL PROTECTED] M> On Behalf Of Matt M> Sent: Saturday, May 15, 2004 01:49 AM M> To:[EMAIL PROTECTED] M> Subject: Re: [Declude.JunkMail] DUL skipping was ISBLANK isblank M> In absentia... M> M> http://www.mail-archive.com/[EMAIL PROTECTED]/msg17162.html M> This made a lot of sense before, and it was the only way to M> disable DULtests for local users prior to IMail 8 and JunkMail M> ~1.76. Decludewon't disable the tests for gatewayed domains, only M> where an addressmatches a local account. You can also work around M> this by using thednsbl trick like so: M> DNSRBL-DYN dnsbl %IP4R%.dun.dnsrbl.net 127.0.0.3 0 0 M> NJABL-DYN-A dnsbl %IP4R%.dnsbl.njabl.org 127.0.0.3 0 0 M> NJABL-DYN-B dnsbl %IP4R%.dynablock.njabl.org 127.0.0.3 0 0 M> SORBS-DYN dnsbl %IP4R%.dnsbl.sorbs.net 127.0.0.10 0 0 M> Note that I changed the names of the tests to exclude the M> stringsDUL/DYNA/DUHL. This took me a long time to figure out, so M> the trickisn't that common, however I started using these strings M> to limit somenon-DUL tests to just the last hop with higher M> scoring, and did impactmy ability to block spam on local accounts, M> however it took me quite awhile to notice that it was going on M> (several months). M> Matt M> Andy Schmidt wrote: M> Scott (in case you're not gone yet): M> M> >> At this moment, Declude will not apply scoresfrom any M> dnsbl, ip4r or rhsbl tests if they have either DUL, DYNA orDUHL in M> the name AND the Mail From matches a local user. << M> M> Does Declude REALLY trust the mail from andwill bypass M> DUL/DYNA/DUHL test just by someone forging the mail from? M> M> Never heard about that "bug"/behavior before? M> Best Regards M> Andy Schmidt M> Phone: +1 201 934-3414 x20(Business) M> Fax: +1 201 934-9206 M> -- M> ===================================================== M> MailPure custom filters for Declude JunkMail M> Pro.http://www.mailpure.com/software/===================================================== ---- Don Brown - Dallas, Texas USA Internet Concepts, Inc. [EMAIL PROTECTED] http://www.inetconcepts.net (972) 788-2364 Fax: (972) 788-5049 ---- --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
