RE: [Declude.JunkMail] DUL skipping was ISBLANK is blank

[Darrell LaRock]

Matt,   But if you rename the tests to DYN – than how you are configuring non-DUL tests twice?   Darrell   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Sent: Saturday, May 15, 2004 6:42 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] DUL skipping was ISBLANK is blank   Andy, I think there might be some confusion here.  If you change the test names and use the %IP4R%/dnsbl trick, it will always test the first hop regardless of what the Mail From is, unless of course you are whitelisting the sender. You don't have to remove the tests, you just have to rename them.  I renamed mine with DYN, that way Declude doesn't see them as matching DUL/DYNA/DUHL and therefore will not skip them when the Mail From matches a local address. The only drawback that I have found with this work around is when you try configuring non-DUL tests twice, once only for the first hop, and once for all hops, in which case the work around will cause some extra lookups, but that's minor, and I'm only aware of a few people besides myself that are doing this.  Nothing else appears to be a problem in anyway whatsoever. Matt Andy Schmidt wrote: Then, in either cases, scanning the first hop is a simple matter of       changing the test name to eliminate the reserved string of DUL, DYNA or DUHL and using the hack which Matt found. <<   NO - removing DUL/DYNA/DUHL is NOT an option.  Because MUCH of the private emails originate from some address that is on that list - but only on the FIRST hope. Thus, the DUL/DYNA/DUHL skip tests on the FIRST hop!    They can't be omitted - otherwise we'd block most private mail relayed through other providers SMTP servers.     Best Regards Andy Schmidt   Phone:  +1 201 934-3414 x20 (Business) Fax:    +1 201 934-9206       -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Don Brown Sent: Saturday, May 15, 2004 04:19 PM To: Matt Cc: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] DUL skipping was ISBLANK is blank     This wasn't a bug or a larger issue of Declude trust based upon the 'from Address.' There was no choice but to skip DUL/DYNA/DUHL tests (which were the only ones skipped) when the 'from address' was spoofed as a local address. Imail 8 and WHITELIST AUTH help, but they don't solve this issue, either.   Imail 8 can still be configured where the Client is NOT required to Auth in order to send. One example of that is 'Relay for Addresses.'   So, if we have IPs on a DUL/DYNA/DUHL list, are using anything but 'No Mail Relay' in Imail 8 and we run a DYNA/DUL/DUHL test on the first hop, we will definitely tag our own customers.   So, the way I see it, running DYNA/DUL/DUHL tests on the first hop of ALL mail, is only safe for those folks who: (1) are sure that none of their IP addresses are on any DYNA/DUL/DUHL list (and will never be on one) -OR- (2) run Imail 8, have it configured for 'No Mail Relay' and have WHITELIST AUTH specified in the Declude's Global.cfg. Then, in either cases, scanning the first hop is a simple matter of changing the test name to eliminate the reserved string of DUL, DYNA or DUHL and using the hack which Matt found. For instance:   Change this:   NJABL-DUL  ip4r  dnsbl.njabl.org  127.0.0.3  10  0   To this:   NJABL-HOP1  dnsbl %IP4R%.dnsbl.njabl.org  127.0.0.3  10  0   I don't think a switch in Declude is really needed.   Thanks,     Saturday, May 15, 2004, 10:01:11 AM, Matt <[EMAIL PROTECTED]> wrote: M> Andy,   M> It's only been a matter of months since a realistic work around M> wasavailable for most users (using WHITELIST AUTH).  To the best of M> myknowledge, I'm the only one of us that has said anything about it M> onthis list (first time in March, but of course I could be wrong). M> LikeI indicated though, there is a way to fix the problem using the M> dnsbltrick, and it works immediately.  I would however like to see a M> switchgiven also, but this seems more like a convenience if you M> useDUL/DYNA/DUHL the way that they were meant to be used in the M> firstplace (which I was not), but still, it only means some extra M> lookups.   M> Matt       M> Andy Schmidt wrote:         M>       Thanks - ouch. M>     M>   I'd say that's a bug in design. M>     M>   Since AUTH is supported in Imail 8 and sinceothers may not allow M> local users to send through their Imail server (myoutbound is going M> through IIS SMTP with SMTP AUTH), there should be ATLEAST a config M> option to turn this "spam me by faking sender" featureoff!   M>   Best Regards M>   Andy Schmidt   M>   Phone:  +1 201 934-3414 x20(Business) M> Fax:    +1 201 934-9206       M> -----Original Message----- M>  M> From:[EMAIL PROTECTED]:Declude.JunkMail-owner M> @declude.com] M> On Behalf Of Matt M>   Sent: Saturday, May 15, 2004 01:49 AM M>   To:[EMAIL PROTECTED] M>   Subject: Re: [Declude.JunkMail] DUL skipping was ISBLANK isblank      M> In absentia...   M>     M> http://www.mail-archive.com/[EMAIL PROTECTED]/msg17162.htm M> l   M> This made a lot of sense before, and it was the only way to disable M> DULtests for local users prior to IMail 8 and JunkMail ~1.76.  M> Decludewon't disable the tests for gatewayed domains, only where an M> addressmatches a local account.  You can also work around this by M> using thednsbl trick like so:   M> DNSRBL-DYN        dnsbl    %IP4R%.dun.dnsrbl.net           127.0.0.3    M> 0    0 NJABL-DYN-A        dnsbl    %IP4R%.dnsbl.njabl.org            M> 127.0.0.3    0    0 NJABL-DYN-B        dnsbl    M> %IP4R%.dynablock.njabl.org       127.0.0.3    0    0 SORBS-DYN        M> dnsbl    %IP4R%.dnsbl.sorbs.net           127.0.0.10    0    0   M> Note that I changed the names of the tests to exclude the M> stringsDUL/DYNA/DUHL.  This took me a long time to figure out, so the M> trickisn't that common, however I started using these strings to M> limit somenon-DUL tests to just the last hop with higher scoring, and M> did impactmy ability to block spam on local accounts, however it took M> me quite awhile to notice that it was going on (several months).   M> Matt         M> Andy Schmidt wrote:            M>   Scott (in case you're not gone yet): M>     M>   >> At this moment, Declude will not apply scoresfrom any dnsbl, M> ip4r or rhsbl tests if they have either DUL, DYNA orDUHL in the name M> AND the Mail From matches a local user. << M>     M>   Does Declude REALLY trust the mail from andwill bypass M> DUL/DYNA/DUHL test just by someone forging the mail from? M>     M>   Never heard about that "bug"/behavior before?   M>   Best Regards M>   Andy Schmidt   M>   Phone:  +1 201 934-3414 x20(Business) M> Fax:    +1 201 934-9206       M>   -- M> ===================================================== M> MailPure custom filters for Declude JunkMail M> Pro.http://www.mailpure.com/software/======================================= ==============           ---- Don Brown - Dallas, Texas USA     Internet Concepts, Inc. [EMAIL PROTECTED]       http://www.inetconcepts.net (972) 788-2364                    Fax: (972) 788-5049 ----   --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]   --- This E-mail came from the Declude.JunkMail mailing list.  To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail".  The archives can be found at http://www.mail-archive.com.   --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]   --- This E-mail came from the Declude.JunkMail mailing list.  To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail".  The archives can be found at http://www.mail-archive.com.       -- ===================================================== MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =====================================================