Hi Andy, Look at the example, again and note the %IP4R%. That tests ONLY the 1st HOP (or for clarity, the IP which delivered the mail to your server).
"Change this: NJABL-DUL ip4r dnsbl.njabl.org 127.0.0.3 10 0 To this: NJABL-HOP1 dnsbl %IP4R%.dnsbl.njabl.org 127.0.0.3 10 0" Saturday, May 15, 2004, 5:01:47 PM, Andy Schmidt <[EMAIL PROTECTED]> wrote: >>> Then, in either cases, scanning the first hop is a simple matter of AS> changing the test name to eliminate the reserved string of DUL, DYNA or DUHL AS> and using the hack which Matt found. << AS> NO - removing DUL/DYNA/DUHL is NOT an option. Because MUCH of the private AS> emails originate from some address that is on that list - but only on the AS> FIRST hope. Thus, the DUL/DYNA/DUHL skip tests on the FIRST hop! AS> They can't be omitted - otherwise we'd block most private mail relayed AS> through other providers SMTP servers. AS> Best Regards AS> Andy Schmidt AS> Phone: +1 201 934-3414 x20 (Business) AS> Fax: +1 201 934-9206 AS> -----Original Message----- AS> From: [EMAIL PROTECTED] AS> [mailto:[EMAIL PROTECTED] On Behalf Of Don Brown AS> Sent: Saturday, May 15, 2004 04:19 PM AS> To: Matt AS> Cc: [EMAIL PROTECTED] AS> Subject: Re: [Declude.JunkMail] DUL skipping was ISBLANK is blank AS> This wasn't a bug or a larger issue of Declude trust based upon the 'from AS> Address.' There was no choice but to skip DUL/DYNA/DUHL tests (which were AS> the only ones skipped) when the 'from address' was spoofed as a local AS> address. Imail 8 and WHITELIST AUTH help, but they don't solve this issue, AS> either. AS> Imail 8 can still be configured where the Client is NOT required to Auth in AS> order to send. One example of that is 'Relay for Addresses.' AS> So, if we have IPs on a DUL/DYNA/DUHL list, are using anything but 'No Mail AS> Relay' in Imail 8 and we run a DYNA/DUL/DUHL test on the first hop, we will AS> definitely tag our own customers. AS> So, the way I see it, running DYNA/DUL/DUHL tests on the first hop of ALL AS> mail, is only safe for those folks who: (1) are sure that none of their IP AS> addresses are on any DYNA/DUL/DUHL list (and will never be on AS> one) -OR- (2) run Imail 8, have it configured for 'No Mail Relay' and have AS> WHITELIST AUTH specified in the Declude's Global.cfg. Then, in either cases, AS> scanning the first hop is a simple matter of changing the test name to AS> eliminate the reserved string of DUL, DYNA or DUHL and using the hack which AS> Matt found. For instance: AS> Change this: AS> NJABL-DUL ip4r dnsbl.njabl.org 127.0.0.3 10 0 AS> To this: AS> NJABL-HOP1 dnsbl %IP4R%.dnsbl.njabl.org 127.0.0.3 10 0 AS> I don't think a switch in Declude is really needed. AS> Thanks, AS> Saturday, May 15, 2004, 10:01:11 AM, Matt <[EMAIL PROTECTED]> wrote: M>> Andy, M>> It's only been a matter of months since a realistic work around M>> wasavailable for most users (using WHITELIST AUTH).� To the best of M>> myknowledge, I'm the only one of us that has said anything about it M>> onthis list (first time in March, but of course I could be wrong). M>> LikeI indicated though, there is a way to fix the problem using the M>> dnsbltrick, and it works immediately.� I would however like to see a M>> switchgiven also, but this seems more like a convenience if you M>> useDUL/DYNA/DUHL the way that they were meant to be used in the M>> firstplace (which I was not), but still, it only means some extra M>> lookups. M>> Matt M>> Andy Schmidt wrote: M>> Thanks - ouch. M>> � M>> I'd say that's a bug in design. M>> � M>> Since AUTH is supported in Imail 8 and sinceothers may not allow M>> local users to send through their Imail server (myoutbound is going M>> through IIS SMTP with SMTP AUTH), there should be ATLEAST a config M>> option to turn this "spam me by faking sender" featureoff! M>> Best Regards M>> Andy Schmidt M>> Phone:� +1 201 934-3414 x20(Business) M>> Fax:��� +1 201 934-9206 M>> -----Original Message----- M>> M>> From:[EMAIL PROTECTED]:Declude.JunkMail-owner M>> @declude.com] M>> On Behalf Of Matt M>> Sent: Saturday, May 15, 2004 01:49 AM M>> To:[EMAIL PROTECTED] M>> Subject: Re: [Declude.JunkMail] DUL skipping was ISBLANK isblank M>> In absentia... M>> ��� M>> http://www.mail-archive.com/[EMAIL PROTECTED]/msg17162.htm M>> l M>> This made a lot of sense before, and it was the only way to disable M>> DULtests for local users prior to IMail 8 and JunkMail ~1.76.� M>> Decludewon't disable the tests for gatewayed domains, only where an M>> addressmatches a local account.� You can also work around this by M>> using thednsbl trick like so: M>> DNSRBL-DYN �� ��� dnsbl��� %IP4R%.dun.dnsrbl.net��� ��� ���127.0.0.3��� M>> 0��� 0 NJABL-DYN-A��� ��� dnsbl��� %IP4R%.dnsbl.njabl.org��� ��� ��� M>> 127.0.0.3��� 0��� 0 NJABL-DYN-B��� ��� dnsbl��� M>> %IP4R%.dynablock.njabl.org��� ���127.0.0.3��� 0��� 0 SORBS-DYN��� ��� M>> dnsbl��� %IP4R%.dnsbl.sorbs.net��� ��� ���127.0.0.10��� 0��� 0 M>> Note that I changed the names of the tests to exclude the M>> stringsDUL/DYNA/DUHL.� This took me a long time to figure out, so the M>> trickisn't that common, however I started using these strings to M>> limit somenon-DUL tests to just the last hop with higher scoring, and M>> did impactmy ability to block spam on local accounts, however it took M>> me quite awhile to notice that it was going on (several months). M>> Matt M>> Andy Schmidt wrote: M>> Scott (in case you're not gone yet): M>> � M>> >> At this moment, Declude will not apply scoresfrom any dnsbl, M>> ip4r or rhsbl tests if they have either DUL, DYNA orDUHL in the name M>> AND the Mail From matches a local user.�<< M>> � M>> Does Declude REALLY trust the mail from andwill bypass M>> DUL/DYNA/DUHL test just by someone forging the mail from? M>> � M>> Never heard about that "bug"/behavior before? M>> Best Regards M>> Andy Schmidt M>> Phone:� +1 201 934-3414 x20(Business) M>> Fax:��� +1 201 934-9206 M>> -- M>> ===================================================== M>> MailPure custom filters for Declude JunkMail M>> AS> Pro.http://www.mailpure.com/software/======================================= AS> ============== AS> ---- AS> Don Brown - Dallas, Texas USA Internet Concepts, Inc. AS> [EMAIL PROTECTED] http://www.inetconcepts.net AS> (972) 788-2364 Fax: (972) 788-5049 AS> ---- AS> --- AS> [This E-mail was scanned for viruses by Declude Virus AS> (http://www.declude.com)] AS> --- AS> This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, AS> just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe AS> Declude.JunkMail". The archives can be found at AS> http://www.mail-archive.com. AS> --- AS> [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] AS> --- AS> This E-mail came from the Declude.JunkMail mailing list. To AS> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and AS> type "unsubscribe Declude.JunkMail". The archives can be found AS> at http://www.mail-archive.com. ---- Don Brown - Dallas, Texas USA Internet Concepts, Inc. [EMAIL PROTECTED] http://www.inetconcepts.net (972) 788-2364 Fax: (972) 788-5049 ---- --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
