Hi All,
Last week I was struggling with this mysterious "accidental whitelisting."
Emails addressed to me were whitelisted, even though I had (to the best of my
knowledge) no whitelisting turned on for my own address. After setting the JM
logging to high, I came up with the following lines:
05/28/2007 17:39:47.568 q764101a6000064c1.smd Past whitelisting
05/28/2007 17:39:47.568 q764101a6000064c1.smd Looping #0 [flags=1]
05/28/2007 17:39:47.568 q764101a6000064c1.smd [EMAIL PROTECTED] [EMAIL
PROTECTED]@mail2.bcwebhost.net] *local*
05/28/2007 17:39:47.568 q764101a6000064c1.smd Opening
HKEY_LOCAL_MACHINE\software\Ipswitch\IMail\Domains for [EMAIL PROTECTED] [0]
05/28/2007 17:39:47.568 q764101a6000064c1.smd D:\IMail\Users\ben\aliases.txt
05/28/2007 17:39:47.568 q764101a6000064c1.smd Doing whitelist file
D:\IMail\Users\ben\aliases.txt
05/28/2007 17:39:47.568 q764101a6000064c1.smd Using whitelist file
D:\IMail\Users\ben\aliases.txt.
05/28/2007 17:39:47.568 q764101a6000064c1.smd Skipping4 E-mail from [EMAIL
PROTECTED] ; whitelisted [EMAIL PROTECTED] ].
05/28/2007 17:39:47.568 q764101a6000064c1.smd Domain name =
mail2.bcwebhost.net, User name = ben.
So, for reasons I don't understand, Declude is looking at my aliases.txt file
for whitelisting. I couldn't find anywhere in the configuration files for this
to happen, but there it is. I don't even know how aliases.txt is created, but
when I looked inside it, I found the email addresses for various random people,
and also my own address.
My question is: why is Declude using this file for whitelisting? And why do I
have this file anyway?
Thanks,
Ben
----- Original Message -----
From: Imail Admin
To: declude.junkmail@declude.com
Sent: Friday, May 25, 2007 6:01 AM
Subject: Re: [Declude.JunkMail] accidental whitelisting
Hi David,
Yup, that was my first check. The address book in question is the web
address book, which you access from the web interface, right? I checked it and
it was empty -- not surprising because I mainly use Outlook Express in IMAP
mode. I did try turning it off briefly anyway, but then decided it couldn't be
the cause of the problem and turned it back on.
Someone else suggested putting Declude in Debug mode, and I could try that
next. Thing is, I'm not getting a lot of these types of spam, just a handful
in the last couple of days. So I'm concerned about how big the log files will
grow while I wait for another occurrence.
Thanks,
Ben
----- Original Message -----
From: David Barker
To: declude.junkmail@declude.com
Sent: Friday, May 25, 2007 5:46 AM
Subject: RE: [Declude.JunkMail] accidental whitelisting
AUTOWHITELIST ON checks your user address book make sure you don’t have
your own address in your address book.
David Barker
Director of Product Management
Your Email security is our business
978.499.2933 office
978.988.1311 fax
[EMAIL PROTECTED]
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Imail Admin
Sent: Thursday, May 24, 2007 8:42 PM
To: declude.junkmail@declude.com
Subject: [Declude.JunkMail] accidental whitelisting
Hi All,
We're in the process of tesing JM 4.x as an upgrade and I ran into what I
am sure is a minor mis-configuration.
I find that I occassionally get messages that are clearly spam, but are
whitelisted. The common characteristic is that they are sent with a from line
that is my own email address, such as the following:
X-Declude-Sender: [EMAIL PROTECTED] [77.85.117.187]
X-Declude-Spoolname: D29db019e00002105.smd
X-Declude-Note: Scanned by Declude 4.2.20 for spam.
"http://www.declude.com/x-note.htm";
X-Declude-Scan: Incoming Score [0] at 17:12:28 on 24 May 2007
X-Declude-Fail: Whitelisted, ZEROHOUR [0]
Now, I checked and I don't see why this is being whitelisted. We only
whitelist a handful of IP addresses, and this isn't one of them. The whitelist
settings in the global.cfg file are:
#========================================= WHITELISTS
=======================================
#WHITELIST HABEAS
#DOMAINWHITELISTS OFF
PREWHITELIST ON
WHITELIST AUTH
AUTOWHITELIST ON
# ----- Domain Example -----
#WHITELIST FROM @declude.com
# ----- User Example -----
#WHITELIST FROM [EMAIL PROTECTED]
# ----- IP Example -----
WHITELIST IP 63.246.31.248
# ----- REVDNS Example -----
WHITELIST REVDNS .declude.com
These are pretty much the defaults. The Autowhitelist ON command uses
addresses in the web address book, so I checked those and found nothing (no
addresses at all). I'm sure this is something really obvious, but could
someone point it out to me?
Thanks,
Ben
BC Web
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
