>> Then, in either cases, scanning the first hop is a simple matter of changing the test name to eliminate the reserved string of DUL, DYNA or DUHL and using the hack which Matt found. <<
NO - removing DUL/DYNA/DUHL is NOT an option. Because MUCH of the private emails originate from some address that is on that list - but only on the FIRST hope. Thus, the DUL/DYNA/DUHL skip tests on the FIRST hop! They can't be omitted - otherwise we'd block most private mail relayed through other providers SMTP servers. Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax: +1 201 934-9206 -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Don Brown Sent: Saturday, May 15, 2004 04:19 PM To: Matt Cc: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] DUL skipping was ISBLANK is blank This wasn't a bug or a larger issue of Declude trust based upon the 'from Address.' There was no choice but to skip DUL/DYNA/DUHL tests (which were the only ones skipped) when the 'from address' was spoofed as a local address. Imail 8 and WHITELIST AUTH help, but they don't solve this issue, either. Imail 8 can still be configured where the Client is NOT required to Auth in order to send. One example of that is 'Relay for Addresses.' So, if we have IPs on a DUL/DYNA/DUHL list, are using anything but 'No Mail Relay' in Imail 8 and we run a DYNA/DUL/DUHL test on the first hop, we will definitely tag our own customers. So, the way I see it, running DYNA/DUL/DUHL tests on the first hop of ALL mail, is only safe for those folks who: (1) are sure that none of their IP addresses are on any DYNA/DUL/DUHL list (and will never be on one) -OR- (2) run Imail 8, have it configured for 'No Mail Relay' and have WHITELIST AUTH specified in the Declude's Global.cfg. Then, in either cases, scanning the first hop is a simple matter of changing the test name to eliminate the reserved string of DUL, DYNA or DUHL and using the hack which Matt found. For instance: Change this: NJABL-DUL ip4r dnsbl.njabl.org 127.0.0.3 10 0 To this: NJABL-HOP1 dnsbl %IP4R%.dnsbl.njabl.org 127.0.0.3 10 0 I don't think a switch in Declude is really needed. Thanks, Saturday, May 15, 2004, 10:01:11 AM, Matt <[EMAIL PROTECTED]> wrote: M> Andy, M> It's only been a matter of months since a realistic work around M> wasavailable for most users (using WHITELIST AUTH). To the best of M> myknowledge, I'm the only one of us that has said anything about it M> onthis list (first time in March, but of course I could be wrong). M> LikeI indicated though, there is a way to fix the problem using the M> dnsbltrick, and it works immediately. I would however like to see a M> switchgiven also, but this seems more like a convenience if you M> useDUL/DYNA/DUHL the way that they were meant to be used in the M> firstplace (which I was not), but still, it only means some extra M> lookups. M> Matt M> Andy Schmidt wrote: M> Thanks - ouch. M> M> I'd say that's a bug in design. M> M> Since AUTH is supported in Imail 8 and sinceothers may not allow M> local users to send through their Imail server (myoutbound is going M> through IIS SMTP with SMTP AUTH), there should be ATLEAST a config M> option to turn this "spam me by faking sender" featureoff! M> Best Regards M> Andy Schmidt M> Phone: +1 201 934-3414 x20(Business) M> Fax: +1 201 934-9206 M> -----Original Message----- M> M> From:[EMAIL PROTECTED]:Declude.JunkMail-owner M> @declude.com] M> On Behalf Of Matt M> Sent: Saturday, May 15, 2004 01:49 AM M> To:[EMAIL PROTECTED] M> Subject: Re: [Declude.JunkMail] DUL skipping was ISBLANK isblank M> In absentia... M> M> http://www.mail-archive.com/[EMAIL PROTECTED]/msg17162.htm M> l M> This made a lot of sense before, and it was the only way to disable M> DULtests for local users prior to IMail 8 and JunkMail ~1.76. M> Decludewon't disable the tests for gatewayed domains, only where an M> addressmatches a local account. You can also work around this by M> using thednsbl trick like so: M> DNSRBL-DYN dnsbl %IP4R%.dun.dnsrbl.net 127.0.0.3 M> 0 0 NJABL-DYN-A dnsbl %IP4R%.dnsbl.njabl.org M> 127.0.0.3 0 0 NJABL-DYN-B dnsbl M> %IP4R%.dynablock.njabl.org 127.0.0.3 0 0 SORBS-DYN M> dnsbl %IP4R%.dnsbl.sorbs.net 127.0.0.10 0 0 M> Note that I changed the names of the tests to exclude the M> stringsDUL/DYNA/DUHL. This took me a long time to figure out, so the M> trickisn't that common, however I started using these strings to M> limit somenon-DUL tests to just the last hop with higher scoring, and M> did impactmy ability to block spam on local accounts, however it took M> me quite awhile to notice that it was going on (several months). M> Matt M> Andy Schmidt wrote: M> Scott (in case you're not gone yet): M> M> >> At this moment, Declude will not apply scoresfrom any dnsbl, M> ip4r or rhsbl tests if they have either DUL, DYNA orDUHL in the name M> AND the Mail From matches a local user. << M> M> Does Declude REALLY trust the mail from andwill bypass M> DUL/DYNA/DUHL test just by someone forging the mail from? M> M> Never heard about that "bug"/behavior before? M> Best Regards M> Andy Schmidt M> Phone: +1 201 934-3414 x20(Business) M> Fax: +1 201 934-9206 M> -- M> ===================================================== M> MailPure custom filters for Declude JunkMail M> Pro.http://www.mailpure.com/software/======================================= ============== ---- Don Brown - Dallas, Texas USA Internet Concepts, Inc. [EMAIL PROTECTED] http://www.inetconcepts.net (972) 788-2364 Fax: (972) 788-5049 ---- --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.