Couple of questions
1. When you say not working are you sure declude is not whitelisting the email and Imail anti-spam is catching it ? 2. Have you got DEBUG log entries - these provide a lot of information as to where Declude is looking for your .mdb (assuming it is in the correct place) David Barker Director of Product Management Your Email security is our business 978.499.2933 office 978.988.1311 fax [EMAIL PROTECTED] From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Howard Smith (N.O.R.A.D.) Sent: Tuesday, May 29, 2007 3:36 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] More accidental whitelisting I have a client that is using declude 4.3.46 with Imail premier 2006.2 with collaboration, Imail premium spam filtering , and he fails to get autowhite listing working. Does any one else have problems with auto whitelisting with this combination ? _____ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Tuesday, May 29, 2007 9:31 AM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] More accidental whitelisting Hi Ben, I agree that Declude should detect the IMail version, but I can imagine an argument for continuing to process the aliases.txt, where a recent conversion has taken place, and address book conversion has not fully been completed. So, I guess I see this as more of an IMail conversion issue, which should have a thorough process to convert and removed the aliases.txt file, than a Declude issue. Darin. ----- Original Message ----- From: Imail <mailto:[EMAIL PROTECTED]> Admin To: declude.junkmail@declude.com Sent: Tuesday, May 29, 2007 9:16 AM Subject: Re: [Declude.JunkMail] More accidental whitelisting Hi John, You sound grumpy. Yes, it was stupid of me to talk about controlling the feature that uses the web address book for whitelisting when AUTOWHITELIST already does that. I knew about that, since I talked about it in the original thread on this subject. It was late and I was just thinking (or, perhaps, not thinking) that more control over this feature would have been nice. Obviously, the best improvement is the same one everyone else has asked for: don't auto-whitelist your own address. I do disagree with your first statement. I expect Declude to know what version of IMail is running, which would tell it whether to bother processing certain files, such as aliases.txt. Anyway, thanks again to both you and Matt for your help. Ben ----- Original Message ----- From: John <mailto:[EMAIL PROTECTED]> T (lists) To: declude.junkmail@declude.com Sent: Monday, May 28, 2007 11:11 PM Subject: RE: [Declude.JunkMail] More accidental whitelisting The point you have missed is that just because YOU are using Imail 2006.2 does not mean every one else is. Declude is doing exactly as it should, checking to see if an aliases.txt file exists and if so use it. As for the option of turning whitelisting based on the address book on or off, uh, ah, golly gee, that is what AUTOWHITELIST is for. As for not knowing that 2006.2 no longer uses the aliases.txt files. John T From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Imail Admin Sent: Monday, May 28, 2007 10:22 PM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] More accidental whitelisting Hi Matt, I understood the discussion about AUTOWHITELIST ON and the web address book issue. Where I got caught was that this server doesn't use aliases.txt, but the file is just there by accidental legacy. We're in the process of replacing our old 7.15 server with a new 2006.2 server by moving to a new machine. So far, the only domain we've moved over (until we get the bugs like this worked out) is our own domain. As part of that process, I copied over our old user folders (just for our domain) to the new server. The aliases.txt file must have been in the old users folder on the old server. Where I got fooled was because apparently 2006.2 doesn't use that file any more, so when I logged into the web interface, it told me the address book was empty. And, truthfully, I (and most of our users) used IMAP access via Outlook or something similar, rather than the web interface, so I wasn't even familiar with the file. I do agree with the discussion on this point: first, the whitelisting should never apply to your own address, and, I think the whole idea of whitelisting the address book should be an option that can be turned on/off from the config file. Anyway, thank you very much for clearing up this mystery for me. Thanks! Ben ----- Original Message ----- From: Matt <mailto:[EMAIL PROTECTED]> To: declude.junkmail@declude.com Sent: Monday, May 28, 2007 8:50 PM Subject: Re: [Declude.JunkMail] More accidental whitelisting Ben, This was covered early in the thread. You have "AUTOWHITELIST ON" in your global.cfg, and that causes Declude to whitelist whatever is in the recipient's address book (aliases.txt in all IMail versions prior to 2006). You have your own E-mail address listed in your address book, and a spammer forged your address as the Mail From. This is commonly seen by those that use AUTOWHITELIST. There is no way to stop this unless you remove your address from your address book, and this is also likely happening to your other users where they have themselves listed in their address book, as well as others on your hosted domains in the event that there are multiple recipient forging spam. There is a limited workaround for some of this using a test called BYPASSWHITELIST. You can search the archives or manual about this. The best solution if you want to keep the ability to whitelist from the address book would be for Declude to make a change to automatically exclude any recipient of the E-mail from triggering AUTOWHITELIST. This has been requested repeatedly for over 3 years and even came up again in this thread. The fact that people were quick to point out that this was likely the reason for your issue is testament to the fact that it affects a lot of people that use this functionality. Matt Imail Admin wrote: Hi All, Last week I was struggling with this mysterious "accidental whitelisting." Emails addressed to me were whitelisted, even though I had (to the best of my knowledge) no whitelisting turned on for my own address. After setting the JM logging to high, I came up with the following lines: 05/28/2007 17:39:47.568 q764101a6000064c1.smd Past whitelisting 05/28/2007 17:39:47.568 q764101a6000064c1.smd Looping #0 [flags=1] 05/28/2007 17:39:47.568 q764101a6000064c1.smd [EMAIL PROTECTED] [EMAIL PROTECTED]@mail2.bcwebhost.net] *local* 05/28/2007 17:39:47.568 q764101a6000064c1.smd Opening HKEY_LOCAL_MACHINE\software\Ipswitch\IMail\Domains for [EMAIL PROTECTED] [0] 05/28/2007 17:39:47.568 q764101a6000064c1.smd D:\IMail\Users\ben\aliases.txt 05/28/2007 17:39:47.568 q764101a6000064c1.smd Doing whitelist file D:\IMail\Users\ben\aliases.txt 05/28/2007 17:39:47.568 q764101a6000064c1.smd Using whitelist file D:\IMail\Users\ben\aliases.txt. 05/28/2007 17:39:47.568 q764101a6000064c1.smd Skipping4 E-mail from [EMAIL PROTECTED] ; whitelisted [EMAIL PROTECTED] ]. 05/28/2007 17:39:47.568 q764101a6000064c1.smd Domain name = mail2.bcwebhost.net, User name = ben. So, for reasons I don't understand, Declude is looking at my aliases.txt file for whitelisting. I couldn't find anywhere in the configuration files for this to happen, but there it is. I don't even know how aliases.txt is created, but when I looked inside it, I found the email addresses for various random people, and also my own address. My question is: why is Declude using this file for whitelisting? And why do I have this file anyway? Thanks, Ben ----- Original Message ----- From: Imail Admin <mailto:[EMAIL PROTECTED]> To: declude.junkmail@declude.com Sent: Friday, May 25, 2007 6:01 AM Subject: Re: [Declude.JunkMail] accidental whitelisting Hi David, Yup, that was my first check. The address book in question is the web address book, which you access from the web interface, right? I checked it and it was empty -- not surprising because I mainly use Outlook Express in IMAP mode. I did try turning it off briefly anyway, but then decided it couldn't be the cause of the problem and turned it back on. Someone else suggested putting Declude in Debug mode, and I could try that next. Thing is, I'm not getting a lot of these types of spam, just a handful in the last couple of days. So I'm concerned about how big the log files will grow while I wait for another occurrence. Thanks, Ben ----- Original Message ----- From: David Barker <mailto:[EMAIL PROTECTED]> To: declude.junkmail@declude.com Sent: Friday, May 25, 2007 5:46 AM Subject: RE: [Declude.JunkMail] accidental whitelisting AUTOWHITELIST ON checks your user address book make sure you don't have your own address in your address book. David Barker Director of Product Management Your Email security is our business 978.499.2933 office 978.988.1311 fax [EMAIL PROTECTED] From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Imail Admin Sent: Thursday, May 24, 2007 8:42 PM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] accidental whitelisting Hi All, We're in the process of tesing JM 4.x as an upgrade and I ran into what I am sure is a minor mis-configuration. I find that I occassionally get messages that are clearly spam, but are whitelisted. The common characteristic is that they are sent with a from line that is my own email address, such as the following: X-Declude-Sender: [EMAIL PROTECTED] [77.85.117.187] X-Declude-Spoolname: D29db019e00002105.smd X-Declude-Note: Scanned by Declude 4.2.20 for spam. "http://www.declude.com/x-note.htm" X-Declude-Scan: Incoming Score [0] at 17:12:28 on 24 May 2007 X-Declude-Fail: Whitelisted, ZEROHOUR [0] Now, I checked and I don't see why this is being whitelisted. We only whitelist a handful of IP addresses, and this isn't one of them. The whitelist settings in the global.cfg file are: #========================================= WHITELISTS ======================================= #WHITELIST HABEAS #DOMAINWHITELISTS OFF PREWHITELIST ON WHITELIST AUTH AUTOWHITELIST ON # ----- Domain Example ----- #WHITELIST FROM @declude.com # ----- User Example ----- #WHITELIST FROM [EMAIL PROTECTED] # ----- IP Example ----- WHITELIST IP 63.246.31.248 # ----- REVDNS Example ----- WHITELIST REVDNS .declude.com These are pretty much the defaults. The Autowhitelist ON command uses addresses in the web address book, so I checked those and found nothing (no addresses at all). I'm sure this is something really obvious, but could someone point it out to me? Thanks, Ben BC Web --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.