Hi All, Last week I was struggling with this mysterious "accidental whitelisting." Emails addressed to me were whitelisted, even though I had (to the best of my knowledge) no whitelisting turned on for my own address. After setting the JM logging to high, I came up with the following lines:
05/28/2007 17:39:47.568 q764101a6000064c1.smd Past whitelisting 05/28/2007 17:39:47.568 q764101a6000064c1.smd Looping #0 [flags=1] 05/28/2007 17:39:47.568 q764101a6000064c1.smd [EMAIL PROTECTED] [EMAIL PROTECTED]@mail2.bcwebhost.net] *local* 05/28/2007 17:39:47.568 q764101a6000064c1.smd Opening HKEY_LOCAL_MACHINE\software\Ipswitch\IMail\Domains for [EMAIL PROTECTED] [0] 05/28/2007 17:39:47.568 q764101a6000064c1.smd D:\IMail\Users\ben\aliases.txt 05/28/2007 17:39:47.568 q764101a6000064c1.smd Doing whitelist file D:\IMail\Users\ben\aliases.txt 05/28/2007 17:39:47.568 q764101a6000064c1.smd Using whitelist file D:\IMail\Users\ben\aliases.txt. 05/28/2007 17:39:47.568 q764101a6000064c1.smd Skipping4 E-mail from [EMAIL PROTECTED] ; whitelisted [EMAIL PROTECTED] ]. 05/28/2007 17:39:47.568 q764101a6000064c1.smd Domain name = mail2.bcwebhost.net, User name = ben. So, for reasons I don't understand, Declude is looking at my aliases.txt file for whitelisting. I couldn't find anywhere in the configuration files for this to happen, but there it is. I don't even know how aliases.txt is created, but when I looked inside it, I found the email addresses for various random people, and also my own address. My question is: why is Declude using this file for whitelisting? And why do I have this file anyway? Thanks, Ben ----- Original Message ----- From: Imail Admin To: declude.junkmail@declude.com Sent: Friday, May 25, 2007 6:01 AM Subject: Re: [Declude.JunkMail] accidental whitelisting Hi David, Yup, that was my first check. The address book in question is the web address book, which you access from the web interface, right? I checked it and it was empty -- not surprising because I mainly use Outlook Express in IMAP mode. I did try turning it off briefly anyway, but then decided it couldn't be the cause of the problem and turned it back on. Someone else suggested putting Declude in Debug mode, and I could try that next. Thing is, I'm not getting a lot of these types of spam, just a handful in the last couple of days. So I'm concerned about how big the log files will grow while I wait for another occurrence. Thanks, Ben ----- Original Message ----- From: David Barker To: declude.junkmail@declude.com Sent: Friday, May 25, 2007 5:46 AM Subject: RE: [Declude.JunkMail] accidental whitelisting AUTOWHITELIST ON checks your user address book make sure you don’t have your own address in your address book. David Barker Director of Product Management Your Email security is our business 978.499.2933 office 978.988.1311 fax [EMAIL PROTECTED] From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Imail Admin Sent: Thursday, May 24, 2007 8:42 PM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] accidental whitelisting Hi All, We're in the process of tesing JM 4.x as an upgrade and I ran into what I am sure is a minor mis-configuration. I find that I occassionally get messages that are clearly spam, but are whitelisted. The common characteristic is that they are sent with a from line that is my own email address, such as the following: X-Declude-Sender: [EMAIL PROTECTED] [77.85.117.187] X-Declude-Spoolname: D29db019e00002105.smd X-Declude-Note: Scanned by Declude 4.2.20 for spam. "http://www.declude.com/x-note.htm" X-Declude-Scan: Incoming Score [0] at 17:12:28 on 24 May 2007 X-Declude-Fail: Whitelisted, ZEROHOUR [0] Now, I checked and I don't see why this is being whitelisted. We only whitelist a handful of IP addresses, and this isn't one of them. The whitelist settings in the global.cfg file are: #========================================= WHITELISTS ======================================= #WHITELIST HABEAS #DOMAINWHITELISTS OFF PREWHITELIST ON WHITELIST AUTH AUTOWHITELIST ON # ----- Domain Example ----- #WHITELIST FROM @declude.com # ----- User Example ----- #WHITELIST FROM [EMAIL PROTECTED] # ----- IP Example ----- WHITELIST IP 63.246.31.248 # ----- REVDNS Example ----- WHITELIST REVDNS .declude.com These are pretty much the defaults. The Autowhitelist ON command uses addresses in the web address book, so I checked those and found nothing (no addresses at all). I'm sure this is something really obvious, but could someone point it out to me? Thanks, Ben BC Web --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.