Gary,
Also, I noticed from the NSLOOKUP below you are using Sprint's DNS? Is this
the case for Declude / SmarterMail?
Darrell
-------------------------------------------
DLAnalyzer - Comprehensive reporting on Declude Junkmail and Virus. Download
it today - http://www.invariantsystems.com
----- Original Message -----
From: "Gary Steiner" <[EMAIL PROTECTED]>
To: <Declude.JunkMail@declude.com>
Sent: Saturday, September 03, 2005 6:45 PM
Subject: Re: [Declude.JunkMail] ip4r blacklists
1. I have a "HOP 0" line in my global.cfg file.
2. Here's what I get:
nslookup 2.0.0.127.bl.spamcop.net
Server: ns1.sprintlink.net
Address: 204.117.214.10
Non-authoritative answer:
Name: 2.0.0.127.bl.spamcop.net
Address: 127.0.0.2
3. I had been running on debug, but this problem has been going on for at
least a month, and I gave up on finding an answer, so I turned off my debug
because my log files were chewing up disk space. Following are some lines
for an email from Aug. 19 that SmarterMail caught with CBL and Spamhaus SBL:
08/19/2005 12:48:53.796 36110955 [3996] Got IP 204.9.244.26
08/19/2005 12:48:53.796 36110955 [3996] Setting remote IP address to
204.9.244.26
08/19/2005 12:48:53.796 36110955 [3996] 26.244.9.204.in-addr.arpa
08/19/2005 12:48:54.734 36110955 [3996] Done with reverse DNS lookup;
processing it.
08/19/2005 12:48:54.734 36110955 [3996] revdns: ip-244-26.incyour.com.
08/19/2005 12:48:54.734 36110955 [3996] Hop 0: Checking IP Address
204.9.244.26.
08/19/2005 12:48:54.734 36110955 [3996] iptext=204.9.244.26 myip1=cc09f41a
i=4
08/19/2005 12:48:56.046 36110955 [3996] Test #5 [AHBL] is same as Test #5
[AHBL=*]. Answer=admins.sosdg.org.?
08/19/2005 12:48:56.046 36110955 [3996] Test #6 [BLITZEDALL] is same as Test
#6 [BLITZEDALL=*]. Answer=hostmaster.blitzed.org.?
08/19/2005 12:48:56.046 36110955 [3996] Test #7 [CBL] is same as Test #7
[CBL=127.0.0.2]. Answer=cbl.cbl.abuseat.org.?
08/19/2005 12:48:56.046 36110955 [3996] Test #8 [DSBL] is same as Test #8
[DSBL=*]. Answer=admin.dsbl.org.?
08/19/2005 12:48:56.046 36110955 [3996] Test #11 [ORDB] is same as Test #11
[ORDB=*]. Answer=hostmaster.ordb.org.?
08/19/2005 12:48:56.265 36110955 [3996] Test #9 [MXRATE-BLOCK] is same as
Test #9 [MXRATE-BLOCK=127.0.0.2]. Answer=127.0.0.4?
08/19/2005 12:48:56.265 36110955 [3996] Test #9 [MXRATE-BLOCK] is same as
Test #9 [MXRATE-BLOCK]. Answer=127.0.0.4
08/19/2005 12:48:56.265 36110955 [3996] Test #9 [MXRATE-BLOCK] is same as
Test #10 [MXRATE-SUSPICIOUS=127.0.0.4]. Answer=127.0.0.4?
08/19/2005 12:48:56.265 36110955 [3996] Test #9 [MXRATE-BLOCK] is same as
Test #10 [MXRATE-SUSPICIOUS]. Answer=127.0.0.4
08/19/2005 12:48:56.265 36110955 [3996] 204.9.244.26 IS listed in
MXRATE-SUSPICIOUS.
08/19/2005 12:48:58.015 36110955 [3996] Test #9 [MXRATE-BLOCK] is same as
Test #24 [MXRATE-ALLOW=127.0.0.3]. Answer=127.0.0.4?
08/19/2005 12:48:58.015 36110955 [3996] Test #9 [MXRATE-BLOCK] is same as
Test #24 [MXRATE-ALLOW]. Answer=127.0.0.4
08/19/2005 12:48:59.765 36110955 [3996] Test 12-SBL didn't get a response.
08/19/2005 12:48:59.765 36110955 [3996] Test 13-SORBS-HTTP didn't get a
response.
08/19/2005 12:48:59.765 36110955 [3996] Test 22-SPAMCOP didn't get a
response.
08/19/2005 12:48:59.765 36110955 [3996] Test 23-BONDEDSENDER didn't get a
response.
08/19/2005 12:48:59.765 36110955 [3996] Test 25-INTERSIL didn't get a
response.
08/19/2005 12:48:59.765 36110955 [3996] Test 26-CSMA-SBL didn't get a
response.
08/19/2005 12:48:59.765 36110955 [3996] Test 27-SPAMBAG didn't get a
response.
08/19/2005 12:48:59.765 36110955 [3996] Test 28-FIVETENSRC didn't get a
response.
08/19/2005 12:48:59.765 36110955 [3996] Test 29-JAMMDNSBL didn't get a
response.
-------- Original Message --------
From: "Darrell \([EMAIL PROTECTED])" <[EMAIL PROTECTED]>
Sent: Saturday, September 03, 2005 11:21 AM
To: Declude.JunkMail@declude.com
Subject: Re: [Declude.JunkMail] ip4r blacklists
Gary,
Someone recently posted that they did not have the "HOP x" setting in
their
global.cfg and what was happening is that the ip4r tests were being
skipped.
Can you check on that? Also, if you drop down to a command prompt and
type
this what happens.
nslookup 2.0.0.127.bl.spamcop.net
Also, I would switch Declude's logging mode to "Debug" and post a snippet
of
the debug output for a message that smartermail tags on a ip4r list that
declude did not.
Darrell
-------------------------------------------
Check out http://www.invariantsystems.com for utilities for Declude And
Imail. IMail Queue Monitoring, Declude Overflow Queue Monitoring,
SURBL/URI
integration, MRTG Integration, and Log Parsers.
----- Original Message -----
From: "Gary Steiner" <[EMAIL PROTECTED]>
To: <Declude.JunkMail@declude.com>
Sent: Saturday, September 03, 2005 11:09 AM
Subject: [Declude.JunkMail] ip4r blacklists
I continue to run into a problem where Declude fails to get any response
from the ip4r blacklists, then SmarterMail catches the exact same spam
using
the ip4r blacklists(spamcop, cbl, spamhaus, etc.). Declude support
implied
that there was a problem with my DNS server. But both Declude and
SmarterMail are using the same DNS server. Why would Declude have a
problem
with it and SmarterMail not? I'm using Declude 2.0.6.16 and SmarterMail
2.6. It's very intermittent, happening on probably less than 5% of the
total spams, but enough that it's noticeable.
---
[This E-mail scanned for viruses by Declude Virus]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
