Re: [Declude.JunkMail] What Header does Whitelist file use?

[Darin Cox]

Title: What Header does Whitelist file use?

Hi Corby,   The best way to determine explicitly what it's using is to add custom header to the email.  There are several you may find useful, but the one I'm referring to can be added by adding a line like   XINHEADER X-Note: FROM: %MAILFROM% to your Global.cfg file.  We add several headers for diagnostic purposes...   XINHEADER X-Note: Total spam weight of this E-mail is %WEIGHT%. XINHEADER X-Note: Spam Tests Failed: %TESTSFAILEDWITHWEIGHTS% XINHEADER X-Note: REMOTEIP: %REMOTEIP% XINHEADER X-Note: REVDNS: %REVDNS% XINHEADER X-Note: FROM: %MAILFROM% XINHEADER X-Note: TO: %RECIPHOST% The FROM address that will be reported there is exactly what Declude would use when checking against your whitelists.   REVDNS is almost always a different domain than the sending address, since most email domains are hosted on common servers.  While you may have reason to block or whitelist on REVDNS, which would be a different test completely, the FROM whitelist would only need the two entries you specify.   BTW, though we've been calling it whitelisting, it is generally recommended to use the "whitelists" as negative weights instead of true whitelists.  That way if something is really bad (i.e. bad enough that your negative weight doesn't keep it from being tagged, held, or deleted), then it is still detected.  True whitelisting would let it through no matter how bad it was.   We hold on a weight of 100 and delete on 300, and have three FROM "whitelists" defined like   FROMWHITELIST_LOW fromfile C:\IMail\Declude\fromwhitelist_low.txt x -100 0 FROMWHITELIST_MED fromfile C:\IMail\Declude\fromwhitelist_med.txt x -200 0 FROMWHITELIST_HIGH fromfile C:\IMail\Declude\fromwhitelist_high.txt x -500 0 We also have FROM blacklists, IP white and black lists, content-based white and black lists, and test-specific counterweights that match against MAILFROM and/or REVDNS.  We favor adding to the counterweight tests first, then FROM whitelists, and finally IP whitelists, though you could argue the order of the last two.   Just another list member..been using IMail for 5 years or so, and Declude for about 3.5 years now.   Thanks, man. Darin.     ----- Original Message ----- From: Agid, Corby To: Declude.JunkMail@declude.com Sent: Friday, September 02, 2005 3:03 PM Subject: RE: [Declude.JunkMail] What Header does Whitelist file use? Darin,   I'm still confused on what part of the message converstation would be compared to the whitelist entry.   A message often has a different values for  the From Header and the envelope (not sure if I'm using the correct terms).  The Reverse DNS is also different from the other two.   Using the format of .sub.domain.com and @sub.domain.com, I would have to make six entries to cover all the bases, when probably the correct two would take care of it.   Suggestions?   BTW, are you with Declude or a helpful bystander?   Thanks again for your help and hope you are feeling better.   Corby From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Thursday, September 01, 2005 7:49 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] What Header does Whitelist file use? Sorry, you're right... Sometimes when I'm under the weather I switch things around...   Have you checked the other suggestion... making sure the last line has a carriage return afterwards? Darin.     ----- Original Message ----- From: Agid, Corby To: Declude.JunkMail@declude.com Sent: Thursday, September 01, 2005 6:26 PM Subject: RE: [Declude.JunkMail] What Header does Whitelist file use? Hi Darin,   I just checked the manual regarding the  SWITCHRECIP ON.   The description sounds like it affects who the message is addressed to rather than where it comes from.  Am I missing something?   Corby From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Thursday, September 01, 2005 1:02 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] What Header does Whitelist file use? This may be an issue where the FROM listed in the email is different from the MAILFROM address found in the envelope.   If so, putting SWITCHRECIP ON in your Declude Global.cfg should fix it.  You can read more about this config option in the Declude Junkmail manual. Darin.     ----- Original Message ----- From: Agid, Corby To: Declude.JunkMail@declude.com Sent: Thursday, September 01, 2005 12:09 PM Subject: [Declude.JunkMail] What Header does Whitelist file use? Hello, I'm still having trouble whitelisting a few incoming messages.   Can you tell me, what part of incoming mail does the whitelist trigger on?   Should the reverse DNS" domain or the mail header, or the address listed in the To: list be used, or perhaps the helo information. Below is an example of diagnostic from a message recently received along with my whitelist entry.   Do I need to whitelist the reverse DNS (lunarpages.com) instead? My current whitelist entry: @tempager.com HeaderCode:     c020020c ReverseDNS:     draco.lunarpages.com RemoteIP:       216.193.215.150 Testname:       WEIGHT10-29B MessageID:      <[EMAIL PROTECTED]> Quename:        D5b4810be01c401ae.SMD Sniffer:        Headers: Received: from draco.lunarpages.com [216.193.215.150] by msx.renoairport.com with ESMTP   (SMTPD32-8.15) id AB4810BE01C4; Mon, 29 Aug 2005 12:00:24 -0700 Received: from localhost.int.lunarpages.com ([127.0.0.1] helo=draco.lunarpages.com)         by draco.lunarpages.com with esmtp (Exim 4.50)         id 1E9orj-00075B-Vq; Mon, 29 Aug 2005 12:00:19 -0700 From: [EMAIL PROTECTED] Subject: TemPageR_Users Digest, Vol 7, Issue 5 To: [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-BeenThere: [EMAIL PROTECTED] X-Mailman-Version: 2.1.5p1 Precedence: list List-Id: TemPageR User Group <tempager_users_tempager.com.tempager.com> List-Unsubscribe: <http://tempager.com/mailman/listinfo/tempager_users_tempager.com>,         <mailto:[EMAIL PROTECTED]> List-Archive: </pipermail/tempager_users_tempager.com> List-Post: <mailto:[EMAIL PROTECTED]> List-Help: <mailto:[EMAIL PROTECTED]> List-Subscribe: <http://tempager.com/mailman/listinfo/tempager_users_tempager.com>,         <mailto:[EMAIL PROTECTED]> Sender: [EMAIL PROTECTED] Errors-To: [EMAIL PROTECTED] X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - draco.lunarpages.com X-AntiAbuse: Original Domain - renoairport.com X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - tempager.com X-Source: X-Source-Args: X-Source-Dir: Message-Id: <[EMAIL PROTECTED]>