[MBF] Re: Abuse & Postmaster

[Andy Schmidt]

Hi Martin,

 

There is no way at all for any external party (a black list, DNSSTUFF or a
recipient SMTP server) to determine whether inside your Imail or SmarterMail
configuration you defined a particular email address (such as
Postmaster@..., Abuse@... or Root@...) as a separate mailbox or as a
forwarding alias. All that's visible to the outside is whether your server
accepts an email address as valid - or not.

 

So - a few things are possible:

 

a)   A bug in the testing tool you are using, or

b)  Your mail server having rejected an email from the testing tools
SMTP relay because it fails some OTHER rule, or

c)   Your mail server's IP address currently being listed in one of the
"non-compliant servers" black list, and your testing tool is reporting THAT.

 

Outside of those most likely scenarios, there are also some servers that
don't care much about the "abuse" contact for your DOMAIN name, because the
assumption is that spammers will register new (or hack reputable) domain
names all the time. Instead, they use the "WHOIS" information of your
provider's IP block to ee if IT contains an abuse contact - since that would
be a much more likely "legitimate" abuse contact.

 

The problem comes in with SWIPing. When providers have various WHOIS entries
for countless delegated segments of their huge IP blocks, they don't always
bother to populate all those fields down the stream. While a human would
have the sense to follow the chain up to the ultimate parent organization
and readily find their official abuse contacts - it's not unusual for
attempted spam filters to fail miserably and consider the individual IP
block as missing an abuse contact.

Best Regards
Andy Schmidt


  600 East Crescent Avenue, Suite 203
  Upper Saddle River, NJ 07458-1846

Phone:  +1 201 934-3414 x20 (Business)
Fax:+1 201 934-9206

 <http://www.hm-software.com/> http://www.HM-Software.com/  

Von: community@mailsbestfriend.com <mailto:community@mailsbestfriend.com>
[mailto:community@mailsbestfriend.com] Im Auftrag von Martin Margheim
Gesendet: Montag, 21. November 2016 15:11
An: community@mailsbestfriend.com <mailto:community@mailsbestfriend.com> 
Betreff: [MBF] Abuse & Postmaster

 

I have been working with the premise that postmaster and abuse email
accounts could be operated as alias email addresses. However, for whatever
reason, a check this morning using DNSTUFF's Professional Toolset results in
reporting no abuse or postmaster email exists.

 

Perhaps this is result of how the toolset checks for email addresses.
Afterall, it is a rather dated toolset and perhaps never been updated,
particularly since acquired by SolarWinds no longer a subscription DNS Tool.

 

Thoughts?

 

Martin

[MBF] Re: Help with PCRE

[Andy Schmidt]

Uh - okay. The problem is NOT the order (or the fact that the last item 
wouldn't have a whitespace character, which could be handled easily).

The real problem is that a match will ONLY be made if every single "token" in 
your string  is actually included in your list of alternatives. The problem is 
that I see now that you have OTHER tokens in your string that are NOT in your 
list - which your RegEx does not permit. 

The following works with all your examples:

(((\S*\s)*(LASHBACK|PSKY|NEWERDOMAIN|HEADERS|ROUTING|MAILSPIKE-L|HELO|SORBS|SPAMCOP|DNS)\s?){4,})

This is NOT matched, because there are not four of them:
PSKY IPNOTINMX MSGSIZE-0KB MSGSIZE-3KB ALLIGATETESTS SYMBOLSWORDSSUB  

This IS matching PSKY, NEWERDOMAIN, ROUTING, SORBS:
PSKY NEWERDOMAIN ROUTING REVDNS IPNOTINMX MSGSIZE-0KB MSGSIZE-3KB ALLIGATETESTS 
SYMBOLSWORDSSUB BADHEADERS SORBS BADHELO

This is NOT matched, because it only matches PSKY, ROUTING and SORBS:
PSKY ROUTING REVDNS IPNOTINMX MSGSIZE-0KB MSGSIZE-3KB ALLIGATETESTS 
SYMBOLSWORDSSUB BADHEADERS SORBS BADHELO

Please note, that at present it will only match FULL words - so " BADHELO " is 
NOT a match for " HELO ", " BADHEADERS " is NOT a match for " HEADERS ", etc.

-Original Message-
From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On 
Behalf Of John Tolmachoff
Sent: Friday, August 26, 2016 7:25 PM
To: community@mailsbestfriend.com
Subject: [MBF] Re: Help with PCRE

OK this is working now, sort of:

(?:LASHBACK\s|PSKY\s|NEWERDOMAIN\s|HEADERS\s|ROUTING\s|MAILSPIKE-L[1-5\s|HELO\s|SORBS\s|SPAMCOP\s|DNS\s){4,})

Here are examples
PSKY IPNOTINMX MSGSIZE-0KB MSGSIZE-3KB ALLIGATETESTS SYMBOLSWORDSSUB 

That is in the Delude Logs. BUT it only works if there are no breaks.

SO
PSKY NEWERDOMAIN ROUTING REVDNS IPNOTINMX MSGSIZE-0KB MSGSIZE-3KB ALLIGATETESTS 
SYMBOLSWORDSSUB BADHEADERS SORBS BADHELO Only matches the first 4 but not 
BADHEADERS SORBS BADHELO

PSKY ROUTING REVDNS IPNOTINMX MSGSIZE-0KB MSGSIZE-3KB ALLIGATETESTS 
SYMBOLSWORDSSUB BADHEADERS SORBS BADHELO DOES NOT WORK Finds no matches since 
it does not find 4 in a row of the above choices, even though the entire string 
contains 6 of the above choices.



#
This message is sent to you because you are subscribed to
  the mailing list .
To unsubscribe, E-mail to: 
To switch to the DIGEST mode, E-mail to 
To switch to the INDEX mode, E-mail to 
Send administrative queries to  

[MBF] Re: Help with PCRE

[Andy Schmidt]

What is a sample of the actual string you are searching? Are there any 
separation characters we need to allow for?


-Original Message-
From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On 
Behalf Of John Tolmachoff
Sent: Friday, August 26, 2016 7:02 PM
To: community@mailsbestfriend.com
Subject: [MBF] Re: Help with PCRE

That is not working either. It is wanting them to be consecutive

-Original Message-
From: "David Barker" <david.bar...@mailsbestfriend.com>
Sent: Friday, August 26, 2016 11:32am
To: community@mailsbestfriend.com
Subject: [MBF] Re: Help with PCRE

Oooo, didn't think of doing it that way. Thought it only worked with letters. 
So test to be sure. Just to correct the syntax Declude, you want to use the 
following:

(?:(LASHBACK|PSKY|NEWERDOMAIN|HEADERS|ROUTING|MAILSPIKE-L|HELO|SORBS|SPAMCOP|DNS){4,})

David Barker
Mail’s Best Friend
Email : david.bar...@mailsbestfriend.com
Web  : www.mailsbestfriend.com
Office: 866.919.2075



-Original Message-
From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On 
Behalf Of Andy Schmidt
Sent: Friday, August 26, 2016 1:26 PM
To: community@mailsbestfriend.com
Subject: [MBF] Re: Help with PCRE

(?:LASHBACK|PSKY|NEWERDOMAIN|HEADERS|ROUTING|MAILSPIKE-L|HELO|SORBS|SPAMCOP|DNS){4,}

Move the quantifier OUTSIDE your token list.

-Original Message-
From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On 
Behalf Of John Tolmachoff
Sent: Friday, August 26, 2016 1:47 PM
To: community@mailsbestfriend.com
Subject: [MBF] Help with PCRE

I am trying to create a Regex filter that will only trigger if 4 or more tests 
have failed. This is what I have so far but it is not working:

(?i:LASHBACK|PSKY|NEWERDOMAIN|HEADERS|ROUTING|MAILSPIKE-L|HELO|SORBS|SPAMCOP|DNS{4,10})

It is triggering if only one has failed. I am trying to have it only trigger if 
4 or more have failed.

Any suggestions?

John T
eServices For You


#
This message is sent to you because you are subscribed to
  the mailing list <community@mailsbestfriend.com>.
To unsubscribe, E-mail to: <community-...@mailsbestfriend.com>
To switch to the DIGEST mode, E-mail to <community-dig...@mailsbestfriend.com>
To switch to the INDEX mode, E-mail to <community-in...@mailsbestfriend.com>
Send administrative queries to  <community-requ...@mailsbestfriend.com>



#
This message is sent to you because you are subscribed to
  the mailing list <community@mailsbestfriend.com>.
To unsubscribe, E-mail to: <community-...@mailsbestfriend.com>
To switch to the DIGEST mode, E-mail to <community-dig...@mailsbestfriend.com>
To switch to the INDEX mode, E-mail to <community-in...@mailsbestfriend.com>
Send administrative queries to  <community-requ...@mailsbestfriend.com>




#
This message is sent to you because you are subscribed to
  the mailing list <community@mailsbestfriend.com>.
To unsubscribe, E-mail to: <community-...@mailsbestfriend.com>
To switch to the DIGEST mode, E-mail to <community-dig...@mailsbestfriend.com>
To switch to the INDEX mode, E-mail to <community-in...@mailsbestfriend.com>
Send administrative queries to  <community-requ...@mailsbestfriend.com>



#
This message is sent to you because you are subscribed to
  the mailing list <community@mailsbestfriend.com>.
To unsubscribe, E-mail to: <community-...@mailsbestfriend.com>
To switch to the DIGEST mode, E-mail to <community-dig...@mailsbestfriend.com>
To switch to the INDEX mode, E-mail to <community-in...@mailsbestfriend.com>
Send administrative queries to  <community-requ...@mailsbestfriend.com>

[MBF] Re: Odd attachment header for an Excel file

[Andy Schmidt]

Hi John,

Actually - the "filename" parameter is assigned to the "Content-Disposition" 
headers - and that's where I'm used to see it (however, I admit to seldomly 
having reason to look for it):
http://www.iana.org/assignments/cont-disp/cont-disp.xhtml

I never noticed that parameter being added to the Content-Type header - and 
haven't been able to find any reference that this is where an application 
should expect a file name.

>> either a LF, CR, TAB or Space <<

It should NEVER be EITHER a "LF" or "CR". The only valid character sequence in 
a header MUST be a CRLF combination - they MUST NOT appear individually. If 
they do, this email structure is NOT MIME compliant which typically means it 
was created by some application programmer who knows his programming language, 
but is ignorant about the environment he is targeting.

-Original Message-
From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On 
Behalf Of John Tolmachoff
Sent: Thursday, August 18, 2016 5:02 PM
To: community@mailsbestfriend.com
Subject: [MBF] Odd attachment header for an Excel file

I have captured a valid email message with the following for an Excel 
attachment:

--_42177162-4ccf-48c3-8dd6-dfe95c8acffa_
Content-Type: application/vnd.ms-excel
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="INV OFFER 081816.xls"

What is ODD is that I have all ways seen after the Content-Type: 
Application/vnd.ms-excel immediately followed by a : (colon) then either a LF, 
CR, TAB or Space and then "name=filenamehere"

Has any one else seen this? It is from an MSN email address and came properly 
through Hotmail.com servers.

John T
eServices For You



#
This message is sent to you because you are subscribed to
  the mailing list .
To unsubscribe, E-mail to: 
To switch to the DIGEST mode, E-mail to 
To switch to the INDEX mode, E-mail to 
Send administrative queries to  

[MBF] Re: Call external batch file from Declude

['Andy Schmidt']

Hm - just consider the possibility that the problem is an INVALID "EOL"
sequence.

SMTP requires a CR/LF combination at the end of a line.

But, some operating systems (like UNIX) just use a "LF", some just a "CR"
(at some time MACs), and sometimes programmers accidentally code "LF/CR". 

There have been cases, where a software tries to "fix" invalid EOF
sequences, by replacing a single "CR" (not followed by a LF) or a single
"LF" (not preceded by a "CR"), with a CR/LF - and the fails in the case of a
LF/CR sequence becoming a LF/CR/LF or a CR/LF/CR - which another application
might interpret as two EOLs.

My point - make sure you inspect the original file using a HEX editor for
single CR or single LF characters - THIS might be the ultimate source of the
problem and the trigger of all subsequent issues.

-Original Message-
From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com]
On Behalf Of Don Winsauer
Sent: Wednesday, May 11, 2016 1:22 AM
To: community@mailsbestfriend.com
Subject: [MBF] Re: Call external batch file from Declude

Ok, Here ya go...

For this customer of mine, I am scanning all their email for spam and
viruses and then forwarding the email to their Exchange server.

It appears when Microsoft's Office 365 Exchange servers find an attachment
in the email, they are adding a header:

x-microsoft-exchange-diagnostics:
1;CO1PR04MB554;5:uIPmx3dm3PK/UJjiWJfcZKKgooCYjfXMN/RlsoZaA9l50T3ppyfEZL7hV
0/b9lb2ameTAtuhrpdbSvHbPrOz6rkwXwybtN0NfVio9xbvrCXGemr4ElqtHO7qnlQgSVNFfs7
pQvr3Ik3TWCeV433olw==;24:8DgC4bge5fDd2sgE3gKjyQSudpsCI2J68HI5XChAq6H/evgOT
mn6pKnNx0FQS6aorGkRqORLzQaFVhM43MyWtb0BfiaV29+KboF8dNmBWRE=;7:FH8DkU9P/vAA
2cZf0DCaqz5AJcXiy0ygl+Y8/LrpsGe5MAcP4A/EFx9j+hYJmORCaEjCtA/JWl80qdNRjjvo0h
L4LnEt++q1KirBBcD5K1ervta5qLh42AsICnwR2hakHCxbOjf6EdMQtgxf/6M0Vj8JMmSuW08/
X0mL49SuD3kM8YHnljh4K8dAvOo+bCu3


It is being added by several of his vendors (different domains).  All from
*.outlook.com servers.

The SMTP32.exe process of my IMail (v8.15) sees the data in this header
and for some reason is adding a blank line after the header.  This server
has been in production since v8.15 was current.  It has processed millions
of emails and this is the first time I've had a problem like this.

I grabbed the raw email in the D*.smd file and all looks good.  In my
email client, it looks good.  When that file is processed and forwarded to
my customer's Exchange server, it shows headers in the body of the email.
It took me quite awhile removing headers until I figured out which one it
was.  With the help of a colleague, I had IMail send the email to their
email server (non-Exchange).  He grabbed the raw email file from their end
and we saw the extra blank line that was throwing everything off.
SMTP32.EXE is inserting a blank line after this header.  While it is a
long header, it is not the longest header in the email.

I find that when I remove this header, all works fine.  So that is what I
am trying to do.

I have been working on this issue for two weeks.  It took me until tonight
to determine that SMTP32.exe was at fault.  During my research, I even
removed Declude from the chain and things still failed.  I am trying to
fix the problem with the tools I have at hand.

Don

-- Original Message --
From: "David Barker | Mail's Best Friend | 1-866-919-2075"

Reply-To: 
Date:  Tue, 10 May 2016 17:34:23 -0500

>Lets start at the end and work backwards what is the reason for 
>removing the header line and secondly which headerline do you want to
remove ?
>
>-Original Message-
>From: community@mailsbestfriend.com 
>[mailto:community@mailsbestfriend.com]
>On Behalf Of Don Winsauer
>Sent: Tuesday, May 10, 2016 3:56 PM
>To: community@mailsbestfriend.com
>Subject: [MBF] Call external batch file from Declude
>
>I need to remove a header line from a set of emails.
>
>Can I use Declude to call an external batch file to modify the D*.smd
file?
>Possibly either as a Junkmail test or possibly a emulating a virus
scanner?
>
>Anyone doing anything like this?
>
>Don
> 
>
>
>
>
>
>Sent via the WebMail system at net1media.com
>
>
> 
>   
>
>#
>This message is sent to you because you are subscribed to
>  the mailing list .
>To unsubscribe, E-mail to: 
>To switch to the DIGEST mode, E-mail to 
>
>To switch to the INDEX mode, E-mail to 
>
>Send administrative queries to  
>
>
>
>#
>This message is sent to you because you are subscribed to
>  the mailing list .
>To unsubscribe, E-mail to: 

[MBF] Re: MAILFROM detects no MX/A, even though it exists?

['Andy Schmidt']

Hi Dave,

If you scroll down, I had included the local DNS's response in my message,
to show how it responded to an MXLOOKUP.
I am able to reproduce it ( for that domain ) at will.

Best Regards,
Andy

-Original Message-
From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com]
On Behalf Of David Barker
Sent: Friday, October 23, 2015 11:48 PM
To: community@mailsbestfriend.com
Subject: [MBF] Re: MAILFROM detects no MX/A, even though it exists?

Hi Andy,

Could it be that your local DNS was reporting incorrectly ? Are you able to
replicate this or was it just random ?

David Barker
Mail’s Best Friend
Email : david.bar...@mailsbestfriend.com Web  :
www.mailsbestfriend.com Office    : 866.919.2075



-Original Message-
From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com]
On Behalf Of Andy Schmidt
Sent: Thursday, October 22, 2015 7:52 AM
To: community@mailsbestfriend.com
Subject: [MBF] MAILFROM detects no MX/A, even though it exists?

Hi,

I'm baffled. Have been using this test for years without problems.

Yesterday I encountered the following for this one domain:

10/15/2015 22:35:22.515 q76f2000826a3f7e4.smd Doing envfrom type test on
mardee.com.
10/15/2015 22:35:22.515 q76f2000826a3f7e4.smd Looking up MX/A record for
mardee.com at 127.0.0.1.
10/15/2015 22:35:22.515 q76f2000826a3f7e4.smd Looking for Mx Record
10/15/2015 22:35:22.719 q76f2000826a3f7e4.smd DNS Report:  [ex=0 rcode=3
ancnt=0 suc=1].
10/15/2015 22:35:22.719 q76f2000826a3f7e4.smd Looking for A Record
10/15/2015 22:35:22.922 q76f2000826a3f7e4.smd Msg failed MX; testing A
(MAILFROM mardee.com) [0 1 3 ]
10/15/2015 22:35:22.922 q76f2000826a3f7e4.smd There were no MX/A records.
10/15/2015 22:35:22.922 q76f2000826a3f7e4.smd DNS Report:  [ex=0 rcode=3
ancnt=0 suc=1].
10/15/2015 22:35:22.922 q76f2000826a3f7e4.smd Done with MX or A record

What is the meaning of:
[ex=0 rcode=3 ancnt=0 suc=1]
(I know that ancnt is the number of answer records returned)

When I log into the mail server, use nslookup on 127.0.0.1 (a local caching
name server), the domain has both an MX and an A record (see below). I even
went as far as clearing the NS cache, restarting DNS (and later the entire
server) to eliminate any "odd" transient data somewhere.
I then repeated the test with the same Declude failure - while nslookup is
successful?

C:\WINDOWS>nslookup
> server 127.0.0.1
> set type=mx
> mardee.com.
Address:  127.0.0.1

Non-authoritative answer:
mardee.com  MX preference = 10, mail exchanger = mx.mardee.com
mx.mardee.com   internet address = 64.26.60.153

> set type=a
> mardee.com.
Address:  127.0.0.1

Non-authoritative answer:
Name:mardee.com
Address:  64.71.33.133





#
This message is sent to you because you are subscribed to
  the mailing list <community@mailsbestfriend.com>.
To unsubscribe, E-mail to: <community-...@mailsbestfriend.com>
To switch to the DIGEST mode, E-mail to <community-dig...@mailsbestfriend.com>
To switch to the INDEX mode, E-mail to <community-in...@mailsbestfriend.com>
Send administrative queries to  <community-requ...@mailsbestfriend.com>

[MBF] MAILFROM detects no MX/A, even though it exists?

[Andy Schmidt]

Hi,

I'm baffled. Have been using this test for years without problems.

Yesterday I encountered the following for this one domain:

10/15/2015 22:35:22.515 q76f2000826a3f7e4.smd Doing envfrom type test on
mardee.com.
10/15/2015 22:35:22.515 q76f2000826a3f7e4.smd Looking up MX/A record for
mardee.com at 127.0.0.1.
10/15/2015 22:35:22.515 q76f2000826a3f7e4.smd Looking for Mx Record
10/15/2015 22:35:22.719 q76f2000826a3f7e4.smd DNS Report:  [ex=0 rcode=3
ancnt=0 suc=1].
10/15/2015 22:35:22.719 q76f2000826a3f7e4.smd Looking for A Record
10/15/2015 22:35:22.922 q76f2000826a3f7e4.smd Msg failed MX; testing A
(MAILFROM mardee.com) [0 1 3 ]
10/15/2015 22:35:22.922 q76f2000826a3f7e4.smd There were no MX/A records.
10/15/2015 22:35:22.922 q76f2000826a3f7e4.smd DNS Report:  [ex=0 rcode=3
ancnt=0 suc=1].
10/15/2015 22:35:22.922 q76f2000826a3f7e4.smd Done with MX or A record

What is the meaning of: 
[ex=0 rcode=3 ancnt=0 suc=1]
(I know that ancnt is the number of answer records returned)

When I log into the mail server, use nslookup on 127.0.0.1 (a local caching
name server), the domain has both an MX and an A record (see below). I even
went as far as clearing the NS cache, restarting DNS (and later the entire
server) to eliminate any "odd" transient data somewhere.
I then repeated the test with the same Declude failure - while nslookup is
successful?

C:\WINDOWS>nslookup
> server 127.0.0.1
> set type=mx
> mardee.com.
Address:  127.0.0.1

Non-authoritative answer:
mardee.com  MX preference = 10, mail exchanger = mx.mardee.com
mx.mardee.com   internet address = 64.26.60.153

> set type=a
> mardee.com.
Address:  127.0.0.1

Non-authoritative answer:
Name:mardee.com
Address:  64.71.33.133





#
This message is sent to you because you are subscribed to
  the mailing list .
To unsubscribe, E-mail to: 
To switch to the DIGEST mode, E-mail to 
To switch to the INDEX mode, E-mail to 
Send administrative queries to  

[MBF] Re: Outlook Virus

[Andy Schmidt]

This vulnerability occurs when it appears as though a MIME segment is
occurring after the end of the MIME body (specifically, a MIME segment with
a boundary other than the one specified appears in the MIME postamble). 

Outlook may see this as an attachment. 

Although technically valid, there is no legitimate reason for an E-mail to
be sent like this.

 

In other words, it's a flaw in Outlook how it handles the case when a MIME
segment is not terminated with the same string as in the postamble. A virus
scanner might decode the MIME structure correctly - while Outlook will treat
this as a separate attachment.

 

This allows a potential virus author to sneak a hidden attachment to
Outlook, past any well-behaved virus scanner.

 

So you're currently blocking (likely valid) emails, because they are
formatted in a way that COULD be used by someone to send a virus.

 

From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com]
On Behalf Of Scott Fosseen - Prairie Lakes AEA
Sent: Monday, August 24, 2015 2:51 PM
To: community@mailsbestfriend.com
Subject: [MBF] Outlook Virus

 

Declude Virus v4.12.05 caught the [Outlook 'MIME segment in MIME Postamble'
Vulnerability] virus in [No attachment]

from notif...@sender.rschooltoday.net
mailto:notif...@sender.rschooltoday.net  to:
usermailto:user...@domain.org.

 

I am getting this error from this specific domain.  Any suggestions.

[MBF] Re: winmail.dat but Outlook opened it as an Excel spreadsheet XLSX correctly

[Andy Schmidt]

Winmail.dat is attached by Outlook when you choose Microsoft's legacy RICH 
TEXT as the message format, instead of HTML (or Plain Text.)   It predates 
SMTP, when there was a pre-Windows 2000 Microsoft Mail system for LANs...

If I remember correctly, there is even a setting buried inside the Outlook 
Contacts, where you can specify a preferred Email format for individual 
contacts. It's possible that (unknown to the user), some of his contacts have 
rich text... causing the same email to be formatted in different ways, 
yielding different results, for different recipients (but I'm vague on that 
one).

-Original Message-
From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On 
Behalf Of John Tolmachoff
Sent: Friday, August 21, 2015 2:43 PM
To: community@mailsbestfriend.com
Subject: [MBF] winmail.dat but Outlook opened it as an Excel spreadsheet XLSX 
correctly

OK, here is one I do not understand. This has happened at least 6 times that I 
know of in the last 2 days. An email was received and processed by Declude. It 
contained an attachment winmail.dat. BUT the sender had attached an XLSX file. 
After talking to the intended recipient (who also talked to the sender) the 
sender has stated that when he attached the XLSX file to the email, the file 
appeared as an EXCEL ICON in the body of the email not where you would normally 
see it under the subject line. This is in Outlook. The version he is using is 
Outlook 2013. (15.0) What caught the attachment was ESET AV had a result code 
of 10 which is some files could not be scanned (may be threats) which I then 
treat as infected.




#
This message is sent to you because you are subscribed to
  the mailing list community@mailsbestfriend.com.
To unsubscribe, E-mail to: community-...@mailsbestfriend.com
To switch to the DIGEST mode, E-mail to community-dig...@mailsbestfriend.com
To switch to the INDEX mode, E-mail to community-in...@mailsbestfriend.com
Send administrative queries to  community-requ...@mailsbestfriend.com

[MBF] Re: receiving issue

[Andy Schmidt]

As you probably expected, this email apparently was SENT FROM
mailto:it1...@abc.com it1...@abc.com TO  mailto:di...@xyz.com
di...@xyz.com - but the previous entries for 3b4d08cb6087 would confirm
that.

 

My first guess would be that you have Imail connection filters or spam
filters turned on for your abc.com domain that prevent accepting emails from
abc.com (per example, because of SPF or other rules). You can turn on debug
mode for Imail SMTP logging and turn on the SPAM logging then scan for any
lines with the first 3 octets of the web server's IP range.

 

If there are no log entries at all in Imail for emails to abc.com, then it's
likely an IP block. Imail has a list of blocked IP addresses you can clear,
BUT that would have effected ANY recipient domain.

 

Most importantly, what does the outgoing mail server/app log show on the WEB
server. It will tell you instantly, if a connection HAD been made, if any
SMTP conversation DID take place etc etc. THAT is the place to hunt for
missing emails. For all I know you have a hosts file or a rogue DNS issue
that prevents your web server from actually REACHING your Imail server.

 

From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com]
On Behalf Of Daniel Ivey
Sent: Wednesday, August 19, 2015 12:01 PM
To: community@mailsbestfriend.com
Subject: [MBF] Re: receiving issue

 

08:18 10:03 SMTP-(3b4d08cb6087) processing
m:\IMail\spool\q3b4d08cb6087.smd

08:18 10:03 SMTP-(3b4d08cb6087) ldeliver xyz.com divey-main (1)
it1...@abc.com mailto:it1...@abc.com  43717

08:18 10:03 SMTP-(3b4d08cb6087) finished
m:\IMail\spool\q3b4d08cb6087.smd status=1

 

-Original Message-
From: Randy Armbrecht [mailto:ra...@globalweb.us]
Sent: Wednesday, August 19, 2015 11:55 AM
To: community@mailsbestfriend.com mailto:community@mailsbestfriend.com 
Subject: [MBF] Re: receiving issue

 

Can you provide a snippet of those logs?  Be sure to redact any sensitive
info

 

 

 

Sincerely,

 

Randy A.

 

From: community@mailsbestfriend.com mailto:community@mailsbestfriend.com
[mailto:community@mailsbestfriend.com] On Behalf Of Daniel Ivey
Sent: Wednesday, August 19, 2015 9:53 AM
To: community@mailsbestfriend.com mailto:community@mailsbestfriend.com 
Subject: [MBF] Re: receiving issue

 

When I check the imail sys log, I see where the message is accepted to one
domain (xyz.com) but not the other domain (abc.com).  The messages are then
delivered to xyz.com but not abc.com.  The messages are coming from a third
party server but do have an abc.com from address.

 

Daniel

 

-Original Message-
From: Randy Armbrecht [mailto:ra...@globalweb.us]
Sent: Monday, August 17, 2015 5:27 PM
To: community@mailsbestfriend.com mailto:community@mailsbestfriend.com 
Subject: [MBF] Re: receiving issue

 

Look at the imail sys logfile. And it won't hurt to have both running

 

 

 

Randy A.

 

Sent from my mobile device.

Please excuse any brevity or misspellings



 Original message 
From: Daniel Ivey d...@gcrcompany.com mailto:d...@gcrcompany.com  
Date: 08/17/2015 4:53 PM (GMT-05:00) 
To: community@mailsbestfriend.com mailto:community@mailsbestfriend.com  
Subject: [MBF] Re: receiving issue 



Which IMAIL log do I need to turn on, POP3 or SMTP or will it hurt to have
them both on?

-Original Message-
From: Randy Armbrecht [mailto:ra...@globalweb.us]
Sent: Monday, August 17, 2015 3:39 PM
To: community@mailsbestfriend.com mailto:community@mailsbestfriend.com 
Subject: [MBF] Re: receiving issue

What do the IMAIL logs (not delude logs) show as far as the
movement/processing of the message thru the system?  Normally the IMAIL logs
will show message coming in, then going to declude, then coming back to
IMAIL for delivery completion

Randy A.

Sent from my mobile device.

Please excuse any brevity or misspellings



 Original message 
From: Daniel Ivey d...@gcrcompany.com mailto:d...@gcrcompany.com  
Date: 08/17/2015 3:27 PM (GMT-05:00) 
To: community@mailsbestfriend.com mailto:community@mailsbestfriend.com  
Subject: [MBF] Re: receiving issue 



When I turn on DEBUG for the Declude logs, I see where the message is
scanned by Declude for one domain, but not the domain that needs to receive
the email.

Daniel

-Original Message-
From: Randy Armbrecht [mailto:ra...@globalweb.us]
Sent: Monday, August 17, 2015 11:18 AM
To: community@mailsbestfriend.com mailto:community@mailsbestfriend.com 
Subject: [MBF] Re: receiving issue

What do the imail logs say?

Randy A.

Sent from my mobile device.

Please excuse any brevity or misspellings



 Original message 
From: Daniel Ivey d...@gcrcompany.com mailto:d...@gcrcompany.com  
Date: 08/17/2015 10:50 AM (GMT-05:00) 
To: community@mailsbestfriend.com mailto:community@mailsbestfriend.com  
Subject: [MBF] receiving issue 

Greetings,

I have an odd issue with one domain on my Imail server. We are running
Declude with integrated Message Sniffer 

[MBF] Re: What new features would you like to see in Declude?

[Andy Schmidt]

Send BOUNCE(IFYOUMUST), virus notifications, and other messages from null 
sender to avoid bounce loops.

 

Test sender alignment: MAIL FROM different than From: mail header

 

Address book whitelisting that does NOT rely on Registry Keys

HLM\software\softalk\WorkgroupShare\setup\DBType

HLM\software\softalk\WorkgroupShare\setup\dataFolder

It should use (or at least fall back on) an ODBC DSN.

 

Test for to indicate the width of IP4 mask in a SPF records, +all would be
31,  +IP4:./2 would be 29, +IP4:./24 would be 7. No use of masks would be 0.

 

At minimal a test to check existence of DMARC policy (possibly even honor
policy as much as applicable to Declude)

 

[MBF] Re: SPF Records

[Andy Schmidt]

SPAM with good SPF records are actually helpful too.

Since the spammer has now tied a certain IP address to a certain domain name, 
both the domain name and the IP address can now be added to blacklists which 
can be used in connection-level checks to refuse future emails outright. 

-Original Message-
From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On 
Behalf Of Darin Cox
Sent: Wednesday, April 01, 2015 3:11 PM
To: community@mailsbestfriend.com
Subject: [MBF] Re: SPF Records

Soft fail can still be useful to prevent forged spam sent to your users where 
the from address is also the user's address.

Darin.



#
This message is sent to you because you are subscribed to
  the mailing list community@mailsbestfriend.com.
To unsubscribe, E-mail to: community-...@mailsbestfriend.com
To switch to the DIGEST mode, E-mail to community-dig...@mailsbestfriend.com
To switch to the INDEX mode, E-mail to community-in...@mailsbestfriend.com
Send administrative queries to  community-requ...@mailsbestfriend.com

[MBF] Re: SPF Records

[Andy Schmidt]

Hi Dave, 

 

We absolutely block on -all before we check anything else. And almost
daily I encounter some third party mail server that rejects a registration
email or a mailing list email form one of our clients, because the recipient
is forwarding email between two email services. So there are countless
servers like ours that are standards compliant.

 

I have to assume that you've been extraordinary lucky with your
circumstances until today. It's possible that until now your end users
haven't been connecting through hotel room WiFi networks, or haven't used
greeting card sites etc etc. - or they always set up SMTP AUTH to connect to
your MX while travelling.

 

The whole IDEA behind SPF is that the domain owner can CHOOSE to add an SPF
records, but if one exists, that it is the ultimate authority on how email
should be handled. If you wanted your emails to be permitted from ANY
server, then you have the option to forego an SPF record, or use the proper
rule of:

 

v=spf1 mx ~all  

 

Flame onWhy on earth would anyone set up a rule that explicitly states
that all email absolutely must come from their own MX and NEVER-EVER-EVER
from another mail server, if they really don't want the recipient to respect
those very explicit instructions?/Flame Off

 

Best Regards,

Andy



 

From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com]
On Behalf Of Dave Beckstrom
Sent: Tuesday, March 31, 2015 6:54 PM
To: community@mailsbestfriend.com
Subject: [MBF] SPF Records

 

I received an email from a customer because an email he sent to someone in
Canada was rejected due to SPF checking.   Our DNS server automatically sets
an SPF record for each domain with the value v=spf1 mx -all   Been that way
since SPF first became available and I've never had a problem.

I'm curious if anyone here rejects (bounces) email strictly off of an SPF
check?  I think that's ridiculous.  Moreover, I'm pretty certain our SPF
record is correct. 

I'm thinking the yahoo's in Canada are the ones who don't know what they are
doing.  Thoughts? 

[MBF] Sender Whitelist

[Andy Schmidt]

Hi,

 

I have started to assign higher points to several tests, and then use some
sender whitelists to offset the negative increase to hopefully prevent
catching legitimate IP blocks who just happen to suffer abuse because of the
nature of their business (including aol, google, hotmail and many others):

 

BONDEDSENDERip4rquery.bondedsender.org   127.0.0.10
-40

IADB  ip4riadb.isipp.com
127.0.0.1  -20

HULip4rhul.habeas.com
* -20

SWL-DYNA  ip4rswl.spamhaus.org*
-20

MAILSPIKE-WL  ip4rwl.mailspike.net   *
-30

 

DNSWL ip4rlist.dnswl.org *
0  0

DNSWL30ip4rlist.dnswl.org 127.0.3.0
-10

DNSWL31ip4rlist.dnswl.org 127.0.3.1
-20

DNSWL32ip4rlist.dnswl.org 127.0.3.2
-30

DNSWL33ip4rlist.dnswl.org 127.0.3.3
-40

DNSWL50ip4rlist.dnswl.org 127.0.5.0
-10

DNSWL51ip4rlist.dnswl.org 127.0.5.1
-20

DNSWL52ip4rlist.dnswl.org 127.0.5.2
-30

DNSWL53ip4rlist.dnswl.org 127.0.5.3
-40

DNSWL80ip4rlist.dnswl.org 127.0.8.0
-10

DNSWL81ip4rlist.dnswl.org 127.0.8.1
-20

DNSWL82ip4rlist.dnswl.org 127.0.8.2
-30

DNSWL83ip4rlist.dnswl.org 127.0.8.3
-40

DNSWLB0ip4rlist.dnswl.org 127.0.11.0
-10

DNSWLB1ip4rlist.dnswl.org 127.0.11.1
-20

DNSWLB2ip4rlist.dnswl.org 127.0.11.2
-30

DNSWLB3ip4rlist.dnswl.org 127.0.11.3
-40

 

DNSWL-ACLip4rlist.dnswl.org 127.0.0.255
0  0

 

SPAMHAUS-DWL rhsbl  _vouch.dwl.spamhaus.org
* -20

 

 

From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com]
On Behalf Of Carl Wagar
Sent: Saturday, January 03, 2015 11:38 PM
To: community@mailsbestfriend.com
Subject: [MBF] Re: whitelist FROM address

 

Oops sorry you are right.

I was thinking

REVDNSREVDNSEXISTS   x  x  10
0

 

Now I remember.

I did comment out all the 3rd party mailer entries in GOOD_REVDNS.txt 

because frankly as soon as this was put in place for me (by Linda attempting
to 

help me at the end of October), things got worse. Despite what you might

think, much of what comes from these 3rd party mailers is considered spam

by my customers. Complaints about too much spam slowed down after I edited
GOOD_REVDNS.

 

I guess you'd be right in telling me that if I want your help with this
issue I shouldn't

be messing with it but I was desperate.

 

Don't get me wrong. Things are working fairly well after this kind of
tuning.

Except for this issue of FROM not being FROM and whitelisting not 'working'.

 

Most of the problem here is that I've allowed certain IT-knowledgeable
customers to 

configure their own WHITELISTFILE and they are now complaining that 

it doesn't work.  It doesn't work because of 3rd party mailers and
Declude-Sender

being accurate but unhelpful.

 

It's a pain.

 

But based on what you are telling me, 

I will just continue to put in manual entries when problems are encountered.


Thanks.

Carl

 

 

 

J. Carl Wagar

EntreNet Communications Inc
www.entrenet.com  www.thehostingservice.com 

24 Swain Ave, Ottawa, ON, K1G 4T1, Canada

Email: jcwa...@entrenet.com, skype: jcwagar

Tel: +1 613-737-7327, Fax: +1 613-737-5801

Cel: +1 613-818-8898

 

From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com]
On Behalf Of David Barker
Sent: Saturday, January 3, 2015 10:55 PM
To: community@mailsbestfriend.com
Subject: [MBF] Re: whitelist FROM address

 

Not sure what you mean by lower the weight of GOOD-REVDNS ??

The GOOD-REVDNS provides credit for good senders, I am not sure I understand
how people would be losing their email because of it. If anything it should
allow good senders to get to the users inbox.

The other option you have is to add the domain/email address to the trusted
sender list (or online address book) in SM. Anything located there will be
whitelisted by Declude.

David

On 1/3/2015 10:04 PM, Carl Wagar wrote:

Ok 

[MBF] Re: Gaunlet - using MS Resource Kit SRVANY tool

[Andy Schmidt]

Hi John,

 

 We are running this on a 32bit box and now I'm wondering if we need to
wait until David gets the 32 bit version out 

 

Oh - yes, absolutely. Until they compile the little, but functionally
crucial, DRGoutflow under 32-bit, there is nothing those of us can do.

 

Best Regards,

Andy

 

From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com]
On Behalf Of John
Sent: Wednesday, November 19, 2014 12:27 AM
To: community@mailsbestfriend.com
Subject: [MBF] Re: Gaunlet - using MS Resource Kit SRVANY tool

 

Andy
Thanks for this.
It helps to see this example
I saw your post on the 32bit question.
We are running this on a 32bit box and now I'm wondering if we need to wait
until David gets the 32 bit version out.
thanks again

john




On 11/18/2014 11:07 AM, Andy Schmidt wrote:

Hi John,

 

Here the steps to set up the Gauntlet service without the XYNTservice
third party software.

 

Download DRGOutflow.exe, e.g. to:

\IMail\declude\Tools\DRGOutflow.exe

 

Windows Command Line:

. MkDir \IMail\Spool\Gauntlet

. C:\Program Files\Windows Resource Kits\Tools\InstSrv.exe
Gauntlet C:\Program Files\Windows Resource Kits\Tools\SrvAny.exe

 

Start RegEdit

. Open
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Gauntlet

. Add Key: Parameters

. Add Value: Application

. Data Type : REG_SZ

. String : C:\Imail\Declude\Tools\DRGOutflow.exe
i=C:\Imail\Spool\Gauntlet o=C:\Imail\Spool\Proc d=60

 



 

Or, you can import those same settings from a text file:

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Gauntlet\Parameters]

Application=C:\\Imail\\Declude\\Tools\\DRGOutflow.exe
i=C:\\Imail\\Spool\\Gauntlet o=C:\\Imail\\Spool\\Proc d=60

 

Start the Services management console

. Start the Gauntlet service

. Make sure Gauntlet service starts up and stays started.

 

Set up the Gauntlet filter, global.cfg and $junkmail$.default files (see the
original instructions for suggestions).

 

Best Regards,

Andy

 

[MBF] Re: DRGoutflow - system requirements?

[Andy Schmidt]

Hi Dave,

What type of minimum processor and/or operating system is required? Is it a 
64-bit application?

D:\IMail\declude\Tools\drgoutflow.exe 

Results in:

The image file D:\IMail\declude\Tools\DRGOutflow.exe is valid, but is 
for a machine type other than the current machine.

I would have thought it's the most basic file system application that doesn't 
need to be bound to any particular minimum Windows or processor capabilities? 
It certainly doesn't have any memory requirements that would demand a 64-bit 
app?

Best Regards,
Andy




#
This message is sent to you because you are subscribed to
  the mailing list community@mailsbestfriend.com.
To unsubscribe, E-mail to: community-...@mailsbestfriend.com
To switch to the DIGEST mode, E-mail to community-dig...@mailsbestfriend.com
To switch to the INDEX mode, E-mail to community-in...@mailsbestfriend.com
Send administrative queries to  community-requ...@mailsbestfriend.com

[MBF] Re: Declude Host Name Variables

[Andy Schmidt]

Hi David,

 

Let me make sure I understand correctly how these values are determined.

 

Given:

 

Connecting from: 100.1.2.3

3.2.1.100.in-addr.arpa = rdnshost.subdomain.rndsdom.com

 

HELO helohost.subdomain.helodom.com

MAIL FROM: mail...@mailhost.maildom.com

 

What precisely would then be:

 

%REVDNS% = rdnshost.subdomain.rndsdom.com

%HELO%   = helohost.subdomain.helodom.com

%MAILFROM% = mail...@mailhost.maildom.com

 

%REMOTEHOST% = mailhost.maildom.com   ?

%SENDERHOST% = ?

 

 

[MBF] Re: Thoughts on how to deal with the current SPAM campaigns

[Andy Schmidt]

Dito!

-Original Message-
From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On 
Behalf Of Michael Cummins
Sent: Tuesday, November 04, 2014 8:29 AM
To: community@mailsbestfriend.com
Subject: [MBF] Re: Thoughts on how to deal with the current SPAM campaigns

That all being said, I have some clients that have been using Sendio Appliances 
(it uses C/R) for years and to them the thing walks on water and makes cotton 
candy, too.  For the right price, it would be an instant sell to many of my 
customers who primarily use mobile devices.  The Sendio appliance isn't cheap, 
I hear (from them).

Hence the line of questioning.

If it makes my customers happy and they're eager to pay for it, then hey.  My 
opinion doesn't necessarily need to override theirs.  :)

Michael Cummins




#
This message is sent to you because you are subscribed to
  the mailing list community@mailsbestfriend.com.
To unsubscribe, E-mail to: community-...@mailsbestfriend.com
To switch to the DIGEST mode, E-mail to community-dig...@mailsbestfriend.com
To switch to the INDEX mode, E-mail to community-in...@mailsbestfriend.com
Send administrative queries to  community-requ...@mailsbestfriend.com

[MBF] Re: DECLUDE vs. Address Book WhiteListing - Two bugs

[Andy Schmidt]

Hi David,

 

No difference, even in latest verison. Since the early days of Declude, alia
have ALWAYS been stored as REG_SZ items here:

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Ipswitch\IMail\Domains\TheDomainName.com\Users\
_aliases]

 

postmaster=some@email.address

hostmaster=another@email.address

etc.

 

However, I THOUGHT Imail was resolving aliases and storing them in the Q
file?

 

Best Regards,

Andy

 

From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com]
On Behalf Of David Barker
Sent: Wednesday, September 24, 2014 12:17 PM
To: community@mailsbestfriend.com
Subject: [MBF] Re: DECLUDE vs. Address Book WhiteListing - Two bugs

 

Hi Andy,

 

Declude only checks on user email address.  With the changes in IMail the
alias seems not to be stored in the database as previously or even stored in
the database at all. We are working to confirm where the latest version of
IMail stores aliases.  

 

As for Address whitelist for  mailto:a...@sender.com a...@sender.com,
originally  the implementation used the txt file which was accessible by the
user to add this option. However since IMail moved to a database in later
versions we are unclear as to where IMail is now storing this information.
Obviously using the Declude whitelist options is a way to circumvent this.

 

If anyone has insight into the storing of the alias information within IMail
latest versions this would be helpful.

David Barker
Mail's Best Friend

Email : david.bar...@mailsbestfriend.com
Web  : www.mailsbestfriend.com http://www.mailsbestfriend.com/ 
Office: 866.919.2075

cid:image001.png@01CE2B2E.8B3E9EF0

 

From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com]
On Behalf Of David Barker
Sent: Wednesday, August 27, 2014 6:49 PM
To: community@mailsbestfriend.com
Subject: [MBF] Re: DECLUDE vs. Address Book WhiteListing - Two bugs

 

Hi Andy,

Got it. Will have dev look at it and give you some feedback based on
findings.

David

On 8/26/2014 11:06 AM, Andy Schmidt wrote:

Hi,

 

Address-book whitelisting is a crucial feature, as it puts the user in
control to decide which individual senders or which domains they want to
trust.

 

After spending a lot of time with customers and THEIR clients, them
insisting that the whitelisting is not working no matter WHAT they tried,
I've confirmed the following two bugs:

 

1.   Addressbook Whitelisting attempts to find address book under the
IMAIL ALIAS name, instead of resolving aliases to the proper IMAIL USER
name!

Example: 
a...@userdomain.com is configured as an ALIAS for
anthony_cu...@userdomain.com

Emails addressed to aec@... will NOT be whitelisted, but emails addressed to
Anthony_Cuomo will be whitelisted:


Did not find [ liup...@sender.com ] in [ a...@userdomain.com ] address book

Finish Address Book WhiteList

 

Vs.


Skipping4 E-mail from liup...@sender.com; whitelisted
[liup...@css-group.net].

Finish Address Book WhiteList


Obviously, Declude must NOT use the ALIAS name to attempt finding
(non-existing) Address Books, it must use the Q file to learn the final
delivery USER name, and use THAT for Addressbook validation!

 

2.   The original implementation of the Addressbook Whitelist (by Scott)
had allowed for a generic domain whitelist, by using:

a...@sender.com

to whitelist ANY email addresses ending with @sender.com.

When the addressbook lookup was converted to the current Imail Contact
Database, someone forgot to implement the proper SQL query that checks the
recipient's address book for the FULL match of EITHER, 

  individual_senderl
mailto:individual_send...@sender.com @sender.com OR a...@sender.com



Since whitelisting is so critical in any blacklisting solution (like
Declude), I would ask that both these bugs be addressed - and certainly am
willing to put my money where my mouth is - whether through purchasing
additional support tickets or whatever other requirements you have.

 

Best Regards,

Andy

[MBF] Re: DECLUDE vs. Address Book WhiteListing - Two bugs

[Andy Schmidt]

Hi David,

 

Actually, THAT only comes into play if an alias exceeds a certain number of
ENTRIES (I forgot how many). That has ALSO always been this way.

 

If an alias points to MULTIPLE email addresses, and it's more than x
number of addresses, then it's automatically converted to a list (with the
corresponding .LST file).

 

Best Regards,

Andy

 

From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com]
On Behalf Of David Barker
Sent: Wednesday, September 24, 2014 12:44 PM
To: community@mailsbestfriend.com
Subject: [MBF] Re: DECLUDE vs. Address Book WhiteListing - Two bugs

 

Version 12.4.0.66 seems to be storing the alias in the root domain folders
aliasname.lst  - there could be legacy structures that are involved with
IMail upgrades as opposed to IMail new installs. I will pass along the
information to our engineer. Thanks for the feedback. 

 

From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com]
On Behalf Of Andy Schmidt
Sent: Wednesday, September 24, 2014 12:30 PM
To: community@mailsbestfriend.com
Subject: [MBF] Re: DECLUDE vs. Address Book WhiteListing - Two bugs

 

Hi David,

 

No difference, even in latest verison. Since the early days of Declude, alia
have ALWAYS been stored as REG_SZ items here:

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Ipswitch\IMail\Domains\TheDomainName.com\Users\
_aliases]

 

postmaster=some@email.address

hostmaster=another@email.address

etc.

 

However, I THOUGHT Imail was resolving aliases and storing them in the Q
file?

 

Best Regards,

Andy

 

From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com]
On Behalf Of David Barker
Sent: Wednesday, September 24, 2014 12:17 PM
To: community@mailsbestfriend.com
Subject: [MBF] Re: DECLUDE vs. Address Book WhiteListing - Two bugs

 

Hi Andy,

 

Declude only checks on user email address.  With the changes in IMail the
alias seems not to be stored in the database as previously or even stored in
the database at all. We are working to confirm where the latest version of
IMail stores aliases.  

 

As for Address whitelist for  mailto:a...@sender.com a...@sender.com,
originally  the implementation used the txt file which was accessible by the
user to add this option. However since IMail moved to a database in later
versions we are unclear as to where IMail is now storing this information.
Obviously using the Declude whitelist options is a way to circumvent this.

 

If anyone has insight into the storing of the alias information within IMail
latest versions this would be helpful.

David Barker
Mail's Best Friend

Email : david.bar...@mailsbestfriend.com
Web  : www.mailsbestfriend.com http://www.mailsbestfriend.com/ 
Office: 866.919.2075

cid:image001.png@01CE2B2E.8B3E9EF0

 

From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com]
On Behalf Of David Barker
Sent: Wednesday, August 27, 2014 6:49 PM
To: community@mailsbestfriend.com
Subject: [MBF] Re: DECLUDE vs. Address Book WhiteListing - Two bugs

 

Hi Andy,

Got it. Will have dev look at it and give you some feedback based on
findings.

David

On 8/26/2014 11:06 AM, Andy Schmidt wrote:

Hi,

 

Address-book whitelisting is a crucial feature, as it puts the user in
control to decide which individual senders or which domains they want to
trust.

 

After spending a lot of time with customers and THEIR clients, them
insisting that the whitelisting is not working no matter WHAT they tried,
I've confirmed the following two bugs:

 

1.   Addressbook Whitelisting attempts to find address book under the
IMAIL ALIAS name, instead of resolving aliases to the proper IMAIL USER
name!

Example: 
a...@userdomain.com is configured as an ALIAS for
anthony_cu...@userdomain.com

Emails addressed to aec@... will NOT be whitelisted, but emails addressed to
Anthony_Cuomo will be whitelisted:


Did not find [ liup...@sender.com ] in [ a...@userdomain.com ] address book

Finish Address Book WhiteList

 

Vs.


Skipping4 E-mail from liup...@sender.com; whitelisted
[liup...@css-group.net].

Finish Address Book WhiteList


Obviously, Declude must NOT use the ALIAS name to attempt finding
(non-existing) Address Books, it must use the Q file to learn the final
delivery USER name, and use THAT for Addressbook validation!

 

2.   The original implementation of the Addressbook Whitelist (by Scott)
had allowed for a generic domain whitelist, by using:

a...@sender.com

to whitelist ANY email addresses ending with @sender.com.

When the addressbook lookup was converted to the current Imail Contact
Database, someone forgot to implement the proper SQL query that checks the
recipient's address book for the FULL match of EITHER, 

  individual_senderl
mailto:individual_send...@sender.com @sender.com OR a...@sender.com

Since whitelisting is so critical in any blacklisting solution (like
Declude), I would ask that both these bugs be addressed - and certainly am
willing

[MBF]Reminder: AHBL shut down

[Andy Schmidt]

http://www.ahbl.org/content/changes-ahbl

 

Changes In The AHBL

So, this has been a long time coming, but figured I'd make the announcement.


I'm winding down the public DNSbl services of the AHBL. 

This means the dnsbl.ahbl.org, ircbl.ahbl.org, rhsbl.ahbl.org lists are all
going away, as is the public lookup/removal tool. 

There's a few reasons why this is coming about - one of them being that I
feel that I've accomplished what I set out to do with the AHBL. 

We had an 11 year run - quite good IMHO.  We've been sued (and won), DDoS'd,
Real Life(tm) stalked, had other people in this community turn their backs
on us because we made some hard decisions they didn't agree with...  List
could go on for a while. 

=-=-=-= 

I expect that over the next few days (Sat. at the latest) I'll be clearing
out the three main zones of data, and removing their NS records shortly
after. 

I'm planning Jan 1st, 2015 to wildcard the DNSbl zones for anyone that
doesn't bother to maintain their mail services. 

The website isn't going anywhere, neither is any of our docs and things like
the kook mail. 

We do have some private services that will keep running - and I'm likely
going to be offering invitations to our private DNSbl list at some point in
the near future. 

There is a good chance that I'll be reopening the RHSbl under a new name
down the line as well. 

 

-- Brielle

 

[MBF]Re: New Version of Declude

[Andy Schmidt]

Sorry - running 32 bit. 

Is the problem ONLY when you launch InvURIBL from within Declude - or do you 
have a problem just testing InvURIBL from a the Windows commandline?

-Original Message-
From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On 
Behalf Of johnl...@eservicesforyou.com
Sent: Friday, November 22, 2013 1:41 PM
To: community@mailsbestfriend.com
Subject: [MBF]Re: New Version of Declude

Andy, have you been able to get InvURIBL to work on Windows Server 2008 64 bit?



#
This message is sent to you because you are subscribed to
  the mailing list community@mailsbestfriend.com.
To unsubscribe, E-mail to: community-...@mailsbestfriend.com
To switch to the DIGEST mode, E-mail to community-dig...@mailsbestfriend.com
To switch to the INDEX mode, E-mail to community-in...@mailsbestfriend.com
Send administrative queries to  community-requ...@mailsbestfriend.com

[MBF]Re: CommTouch

[Andy Schmidt]

We just need to get Sniffer back into API mode instead of the costly command 
line mode.

-Original Message-
From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On 
Behalf Of David Barker
Sent: Thursday, November 21, 2013 9:53 AM
To: community@mailsbestfriend.com
Subject: [MBF]Re: CommTouch

Unfortunately not. We can provide Commtouch through SM but that’s it. However I 
have seen that Message Sniffer is a good rival for Commtouch, and in several 
tests done actually performs better.

David Barker
Mail’s Best Friend
Email : david.bar...@mailsbestfriend.com
Web  : www.mailsbestfriend.com
Office: 866.919.2075

-Original Message-
From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On 
Behalf Of Michael Cummins
Sent: Thursday, November 21, 2013 9:42 AM
To: community@mailsbestfriend.com
Subject: [MBF]CommTouch

One of my favorite things about the previous iteration of Declude was 
CommTouch, which I had paid for.

There really isn't an affordable way to add this back into the arsenal, is 
there?

- Michael Cummins



#
This message is sent to you because you are subscribed to
  the mailing list community@mailsbestfriend.com.
To unsubscribe, E-mail to: community-...@mailsbestfriend.com
To switch to the DIGEST mode, E-mail to community-dig...@mailsbestfriend.com
To switch to the INDEX mode, E-mail to community-in...@mailsbestfriend.com
Send administrative queries to  community-requ...@mailsbestfriend.com



#
This message is sent to you because you are subscribed to
  the mailing list community@mailsbestfriend.com.
To unsubscribe, E-mail to: community-...@mailsbestfriend.com
To switch to the DIGEST mode, E-mail to community-dig...@mailsbestfriend.com
To switch to the INDEX mode, E-mail to community-in...@mailsbestfriend.com
Send administrative queries to  community-requ...@mailsbestfriend.com



#
This message is sent to you because you are subscribed to
  the mailing list community@mailsbestfriend.com.
To unsubscribe, E-mail to: community-...@mailsbestfriend.com
To switch to the DIGEST mode, E-mail to community-dig...@mailsbestfriend.com
To switch to the INDEX mode, E-mail to community-in...@mailsbestfriend.com
Send administrative queries to  community-requ...@mailsbestfriend.com

[MBF]8.3 file names not created

[Andy Schmidt]

John – NOT reproducible on 2008 R2!

 

One possible explanation is – someone turned off the 8.3 filename creation for 
performance reasons for THAT partition at some LATER date. That will NOT REMOVE 
any “old” 8.3 filenames created prior, but will not cease to create any NEW 8.3 
filenames for newly added files/folders.

 

Take a look at the directories that DO have 8.3 filenames – when were they 
created? At that time, that feature was still active on THAT partition. 

Now, compare that other directories on the SAME partition that do lack 8.3 
filenames – do they have NEWER creation dates?

 



 

image001.png

[MBF]Re: Working on using NOD32 as a scanner for Declude

[Andy Schmidt]

Hi John,

I know you tried the Dir /X and you saw spaces where the 8.3 should appear.

Can you please elaborate? I just want to make sure you didn't accidentally try:

DIR /X C:\Program Files\ESET NOD32 Antivirus\ecls.exe

Naturally THAT would result in a blank field for ecls.exe, because THAT 
file name is LESS than 8 characters...


Did you actually try ONLY:

DIR /X C:\

In THAT directory list, look up the 8.3 name for program Files.

Then do ONLY:

DIR /X C:\Program Files

In THAT directory list, look up the 8.3 name for ESET NOD32 Antivirus.



#
This message is sent to you because you are subscribed to
  the mailing list community@mailsbestfriend.com.
To unsubscribe, E-mail to: community-...@mailsbestfriend.com
To switch to the DIGEST mode, E-mail to community-dig...@mailsbestfriend.com
To switch to the INDEX mode, E-mail to community-in...@mailsbestfriend.com
Send administrative queries to  community-requ...@mailsbestfriend.com

[MBF]Re: Working on using NOD32 as a scanner for Declude

[Andy Schmidt]

Hi John,

But that's to be expected!?
If you ran DIR /X from within the ESET NOD32 Antivirus directory then it will 
indeed display a blank short name for ecls.exe because THAT name truly is 
LESS than 8+3 characters.

If you are trying to find the short name for \ESET NOD32 Antivirus\, you have 
to run the DIR /X in the PARENT directory of THAT subdirectory.

So,

DIR /X C:\Program Files

will tell you the short name for the ESET NOD32 Antivirus subfolder 
(something like 'ESETNO~1').

Then,

DIR /C C:\

will tell you the short name for the Program Files subfolder (something like 
'Progra~1' or 'Progra~2').

THEN you string those short names together and get something like:

C:\Progra~1\ESETNO~1\ecls.exe

(that's just a for instance, NOT your actual path).

You CANNOT get the full path by looking at a single DIR output of the final 
subdirectory itself.


-Original Message-
From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On 
Behalf Of johnl...@eservicesforyou.com
Sent: Tuesday, November 12, 2013 2:38 PM
To: community@mailsbestfriend.com
Subject: [MBF]Re: Working on using NOD32 as a scanner for Declude

Andy, running DIR /X in the ESET directory (with the only directory within that 
being the one in question) resulted in the BLANK short name.


#
This message is sent to you because you are subscribed to
  the mailing list community@mailsbestfriend.com.
To unsubscribe, E-mail to: community-...@mailsbestfriend.com
To switch to the DIGEST mode, E-mail to community-dig...@mailsbestfriend.com
To switch to the INDEX mode, E-mail to community-in...@mailsbestfriend.com
Send administrative queries to  community-requ...@mailsbestfriend.com

[MBF]Re: Working on using NOD32 as a scanner for Declude

[Andy Schmidt]

Hi John,

I may be asking the obvious:
But given that this is a new 64 bit system, any chance that you or some other 
admin had disabled 8.3 file name creation for that NTFS volume for performance 
reasons? THAT would explain how you could possibly have a LONG directory name 
but NO 8.3 equivalent.

Other than that, I suppose one of your earlier messages left out the ESET 
subdirectory bit.

Here's what you had written:

 I am working on using NOD32 as an additional scanner for Declude Virus but 
 am running into a problem with spaces in the path. 
Setting Scan File 2 to  C:\Program Files\ESET NOD32 Antivirus\ecls.exe ... 

Obviously, the above path would INCORRECT, if the REAL path was NOT:

C:\Program Files\ESET NOD32 Antivirus\ecls.exe

but instead is:

C:\Program Files\ESET\ESET NOD32 Antivirus\ecls.exe

Best Regards,
Andy


#
This message is sent to you because you are subscribed to
  the mailing list community@mailsbestfriend.com.
To unsubscribe, E-mail to: community-...@mailsbestfriend.com
To switch to the DIGEST mode, E-mail to community-dig...@mailsbestfriend.com
To switch to the INDEX mode, E-mail to community-in...@mailsbestfriend.com
Send administrative queries to  community-requ...@mailsbestfriend.com

[MBF]Re: Working on using NOD32 as a scanner for Declude

[Andy Schmidt]

John,

Rather than guessing, just use the command link DIR command with the /X 
option. 
Start at the C: drive and then work your way through the two subfolders.

The /X option will tell you the 8.3 MSDOS style name for each folder/file.

Best Regards,
Andy

-Original Message-
From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On 
Behalf Of johnl...@eservicesforyou.com
Sent: Monday, November 11, 2013 6:45 PM
To: community@mailsbestfriend.com
Subject: [MBF]Re: Working on using NOD32 as a scanner for Declude

Did not work.

Your virus scanner DOES NOT EXIST (at C:\Progra~1\ESETNO~1\ecls.exe


#
This message is sent to you because you are subscribed to
  the mailing list community@mailsbestfriend.com.
To unsubscribe, E-mail to: community-...@mailsbestfriend.com
To switch to the DIGEST mode, E-mail to community-dig...@mailsbestfriend.com
To switch to the INDEX mode, E-mail to community-in...@mailsbestfriend.com
Send administrative queries to  community-requ...@mailsbestfriend.com

[MBF]Re: Caution on using ZEN dnsbl.

[Andy Schmidt]

Yes, you'd have to use the -DYNA in the test name for specific return codes 
to let Declude know NOT to check past the most recent hop, e.g.:

SBL ip4rzen.spamhaus.org127.0.0.2   7   0
CBL-DYNAip4rzen.spamhaus.org127.0.0.4   1   0
PBL-DYNAip4rzen.spamhaus.org127.0.0.10  2   0

SWL-DYNAip4rswl.spamhaus.org*   -2  0

SPAMHAUS-DWL rhsbl  _vouch.dwl.spamhaus.org *   -1  0

The advantage of using ZEN is of course, that a single DNS lookup can be used 
and then evaluated for the different return codes by Declude.

-Original Message-
From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On 
Behalf Of johnl...@eservicesforyou.com
Sent: Tuesday, November 05, 2013 11:40 AM
To: community@mailsbestfriend.com
Subject: [MBF]Caution on using ZEN dnsbl.

If you are checking mulitple hops in Declude, do not use ZEN as that includes 
PBL. PBL is a database of end user IP addresses that you should not be 
receiving email from, but if you are checking multiple hops declude will check 
that user IP and will then fail a ZEN test, even if the email came through a 
correct proper email server.

From Spamhaus: Caution: Because ZEN includes the XBL and PBL lists, do not use 
ZEN on smarthosts or SMTP AUTH outbound servers for your own customers (or you 
risk blocking your own customers). Do not use ZEN in filters that do any ‘deep 
parsing’ of Received headers, or for other than checking IP addresses that 
hand off to your mailservers.

John T
eServices For You



#
This message is sent to you because you are subscribed to
  the mailing list community@mailsbestfriend.com.
To unsubscribe, E-mail to: community-...@mailsbestfriend.com
To switch to the DIGEST mode, E-mail to community-dig...@mailsbestfriend.com
To switch to the INDEX mode, E-mail to community-in...@mailsbestfriend.com
Send administrative queries to  community-requ...@mailsbestfriend.com

[MBF]Re: declude stops working

[Andy Schmidt]

Hi Daniel,

I've had problems in the past - specially when larger mass mailings lead to
thousands of vacation, bounce and delay messages hitting the server in a
short time span. But there had also been times where individual emails
caused crashes in either Imail or Declude. 

I had created a small batch procedures that I would quickly run to move
pending work to a hold folder I had created, similar to this:

 move /Y D:\IMail\spool\q*.gsc D:\IMail\Spool\Hold\
 move /Y D:\IMail\spool\q*.vac D:\IMail\Spool\Hold\
 move /Y D:\IMail\spool\q*.gse D:\IMail\Spool\Hold\
 move /Y D:\IMail\spool\q*.lst D:\IMail\Spool\Hold\
 move /Y D:\IMail\spool\q*.rst D:\IMail\Spool\Hold\

I would have to rerun this a few times over 10 minutes before things quieted
down and then I'd be able to work through the logs to figure out any problem
in Imail, Declude, etc.

Also, I would check for large number of files in:

 \IMail\spool\proc
 \IMail\spool\proc\work

and, if necessary, temporarily move them to a 

 \IMail\spool\proc\hold 

folder.

None of this might apply in your case - but I've always found it helpful to
temporarily set aside any current emails because often the culprit was
amongst those. The I would drag 5% of the files back to spool or proc
and make sure they process successful before moving to the next batch...

Best Regards,
Andy

-Original Message-
From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com]
On Behalf Of Michael Cummins
Sent: Monday, November 04, 2013 2:55 PM
To: community@mailsbestfriend.com
Subject: [MBF]Re: declude stops working

I had to play that game a long time ago.  Declude would get overwhelmed when
we were experiencing a spam wave.  Putting an Alligate in front of the
Declude server pretty much ended it permanently.  Before I did that I played
with balancing my THREADS, and examining what my third party applications
were doing, fine-tuning their config to speed them up, or commenting them
out entirely.

You don't have to reboot.  (or at least, I didn't)  You can just kill the
decludeproc and it will restart.  I vaguely remember something about looking
for mail that was being held during the lock-up and resubmitting it, but
it's been a while.

- Michael Cummins


-Original Message-
From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com]
On Behalf Of Darin Cox
Sent: Monday, November 04, 2013 8:39 AM
To: community@mailsbestfriend.com
Subject: [MBF]Re: declude stops working


Hi Daniel,

Are you certain it is the Declude process that stopped?  We've had issues
with IMail's SMTP and POP server stopping, but not with Declude.

Darin.

-Original Message-
From: Daniel Ivey
Sent: Monday, November 04, 2013 7:55 AM
To: community@mailsbestfriend.com
Subject: [MBF]declude stops working

I have an issue that has been going on for a few weeks.  I have 2 Windows
2003 Imail 8.22 servers running the latest version of Declude with Message
Sniffer.  For some reason, Declude just stops working for no reason.  The
process is still running, but the threads are not changing and no messages
are being processed.  If I reboot the server, the issue is resolved for
about another few days.  Has anyone else had this problem or have any ideas
on what to check?

Daniel

#
This message is sent to you because you are subscribed to
  the mailing list community@mailsbestfriend.com.
To unsubscribe, E-mail to: community-...@mailsbestfriend.com
To switch to the DIGEST mode, E-mail to
community-dig...@mailsbestfriend.com
To switch to the INDEX mode, E-mail to community-in...@mailsbestfriend.com
Send administrative queries to  community-requ...@mailsbestfriend.com


#
This message is sent to you because you are subscribed to
  the mailing list community@mailsbestfriend.com.
To unsubscribe, E-mail to: community-...@mailsbestfriend.com
To switch to the DIGEST mode, E-mail to
community-dig...@mailsbestfriend.com
To switch to the INDEX mode, E-mail to community-in...@mailsbestfriend.com
Send administrative queries to  community-requ...@mailsbestfriend.com



#
This message is sent to you because you are subscribed to
  the mailing list community@mailsbestfriend.com.
To unsubscribe, E-mail to: community-...@mailsbestfriend.com
To switch to the DIGEST mode, E-mail to
community-dig...@mailsbestfriend.com
To switch to the INDEX mode, E-mail to community-in...@mailsbestfriend.com
Send administrative queries to  community-requ...@mailsbestfriend.com



#
This message is sent to you because you are subscribed to
  the mailing list community@mailsbestfriend.com.
To unsubscribe, E-mail to: community-...@mailsbestfriend.com
To switch to the DIGEST mode, E-mail to community-dig...@mailsbestfriend.com
To switch to the INDEX mode, E-mail to 

[MBF]Declude Addressbook Whitelist

[Andy Schmidt]

Hi,

 

I remember others discussing / running into problems with the Imail Addressbook 
Whitelist feature (“AutoWhitelist ON”) of Declude – so I wanted to share the 
final outcome.

 

After we solved the problem of Declude not using the proper ODBC DNS, but 
rather relying on a certain Registry Path to locate the WorkgroupShare MDB file 
we successfully eliminated the SQL errors in the log files. But, eventually we 
realized that the whitelist function still was not working as intended.

 

The end users of our clients had been taught to add a...@domain.tld to their 
Webmail address books/contacts as a “wildcard” to allow any emails from 
“domain.tld” based on how that feature had been implemented by Scott Perry. We 
only NOW learned that THIS particular Declude feature become obsolete, 
supposedly with Imail 9. 

 

Apparently until then, the contacts were kept/searched in each users’s 
“aliases.txt” file. But whoever at Declude added the database query against the 
new MDB file apparently omitted the necessary “ OR email = ‘a...@domain.tld’ “ 
clause – effectively disabling the domain wildcard function.

 

I still find it hard to believe that I had never heard about this previously – 
or that this supposedly had not been working for that many years. But I figured 
I share the “status quo” with those who too might be scratching their heads… 

 

Best Regards,

Andy

 

[MBF]Re: Declude Addressbook Whitelist

[Andy Schmidt]

Hi Todd,

 

So you’re saying the “all@” wildcard DOES work correctly for SmarterMail? (I 
didn’t make this clear before: the whitelist of individual email addresses DOES 
work under Imail – just not using the “all@” domain wildcard).

 

If all@ works for SmarterMail, then that would be an even stronger indication 
that this is truly a BUG in the Imail implementation, rather than a “design” 
decision to remove that function.

 

Best Regards,

Andy

 

From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On 
Behalf Of Todd Hunter
Sent: Friday, November 01, 2013 10:51 AM
To: community@mailsbestfriend.com
Subject: [MBF]Re: Declude Addressbook Whitelist

 

We use SmarterMail 11.6 and the feature works there.  I was looking through the 
logs and couldn’t figure out why so many emails were being whitelisted.   
Traced it to the email address existing in the users contacts.  

 

I know this doesn’t help you Andy, but thought the SM users might want to know. 
 

 

 

Todd 

 

[MBF]DNSBLchile

[Andy Schmidt]

Unfortunately, this is another activist black list that thrives to better
the world against any practical considerations. The rule is that it's more
important for valid emails to reach the intended sender than to block spam.

 

For a list to be useful, we can't simply block Microsoft's servers. Below
their response to a false positive report:

 

#DNSBLCL-ZOMBIE ip4rdnsblchile.org
127.0.0.5  0  

 

-Original Message-

From: DNSBL Chile [mailto:dnsblmas...@dnsblchile.org] 

Sent: Tuesday, October 29, 2013 8:40 AM

Cc: conta...@dnsblchile.org

Subject: Re: 207.46.163.237 - MS Support Case 1221619700

 

Hello,

 

Chilean Microsoft Office 365 users have been using the service to send spam.
This started several months ago and Microsoft has already delisted the IPs
once. The spammers were apparently kept as customers, which prompted a
second round of listings. The Chilean spammers use domains @vidatres.cl and
@forexchile.cl. If you need more information for locating the spammers
please visit http://www.dnsblchile.org/microsoft.html.

 

We will not delist the IPs until the service of these spammers have been
terminated.

 

Greetings,

 

DNSBL Chile Master

 

On Tue, 29 Oct 2013, Tim Johnson wrote:

 

 

 IP address 207.46.163.237 owned by Microsoft is being blacklisted by 

 your site Chile DNSBL http://www.dnsblchile.org/.  This IP address 

 sends mail for Microsoft?s Office 365 users.

 

 What do we need to do to whitelist this IP 207.46.163.237?

 

[MBF]Addressbook Whitelist fails SQLSetConnectAttr

[Andy Schmidt]

Hi Dave,

I just bought two support incidents - so I'd like to use ONE incident to
debug this issue.


Here the problem:

- Declude v4.12.02 for Imail

- Log message recurring through the day:
DataBase Error = [Could not find file '(unknown)'. Driver's
SQLSetConnectAttr failed ]
Finish Address Book WhiteList

- Result: Whitelisted email addresses are no longer recognized by Declude


Here the facts established thus far:

1. The MS Access database with the Address Whitelists is present, can be
opened and accessed and maintained with Imail's 12.2 Webmail.
Consequently, the path/configuration WITHIN Imail is indeed value, as Imail
itself CAN get to the MDB file.

2. The MS Access database CAN be accessed by running a simple command line
Jscript I quickly wrote (using standard MDAC/ADO methods) on the same
server. The script uses the existing DSN=WorkgroupShare, and successfully
opens the contacts table.
Consequently, the ODBC DSN is set up correctly and the database can be
opened from a batch process.

3. There is no SQL Server or SQL Express involved. 
Imail's account information is maintained in the registry.
Imail's Webmail contacts etc are maintained in the same MDB file that's been
in use for many years (when there was much higher load than today).
Imail's collaboration features have been turned off/uninstalled.


The next step might be to use the source code and investigate how/where
Declude is obtaining the connection string information, possibly reporting
someplace what string it is attempting to use - so that we can see where
Declude is out of synch with Imail and ODBC.

Best Regards,
Andy


-Original Message-
From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com]
On Behalf Of David Barker
Sent: Thursday, May 02, 2013 10:53 PM
To: community@mailsbestfriend.com
Subject: Re: Addressbook Whitelist - what MS Access db is used?

The feedback I got from the developer was:

Declude could not find the IMail address book SQL DB

Which means it is not a connection issue but a path or configuration issue
with IMail .

David Barker
Mail’s Best Friend
Email : david.bar...@mailsbestfriend.com Web  :
www.mailsbestfriend.com Office    : 1.866.919.2075





#
This message is sent to you because you are subscribed to
  the mailing list community@mailsbestfriend.com.
To unsubscribe, E-mail to: community-...@mailsbestfriend.com
To switch to the DIGEST mode, E-mail to community-dig...@mailsbestfriend.com
To switch to the INDEX mode, E-mail to community-in...@mailsbestfriend.com
Send administrative queries to  community-requ...@mailsbestfriend.com

[MBF]Re: anti-spam solutions for ms-exchange

[Andy Schmidt]

ORF

 

You can even integrate it with Sniffer!

 

From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com]
On Behalf Of Carl Wagar
Sent: Tuesday, July 02, 2013 11:31 AM
To: community@mailsbestfriend.com
Subject: [MBF]anti-spam solutions for ms-exchange

 

Does anyone have a recommendation for anti-spam with MS Exchange?

 

We are using Declude and Sniffer with iMail due to historical reasons and
price.

 

I have a number of customers though who have enquired about MS-Exchange and 

one customer who has installed it to get outlook integration and can get
MS-Exchange

cheap because he is an MS partner of some kind. I have not used exchange.

 

Can anyone recommend a 'best' lower-cost anti-spam solution for MS-Exchange?

The customer said he was going to use MS-Forefront until explained that that

was firewall and would require a dedicated server for it (or am I wrong?)
and would

normally be quite expensive (though an MS-Partner might get the software
free).

Any insights?

 

If this is not the best place to ask, sorry for the intrusion.

 

Thanks.

Carl

 

J. Carl Wagar

EntreNet Communications Inc
 http://www.entrenet.com www.entrenet.com
http://www.thehostingservice.com www.thehostingservice.com 

24 Swain Ave, Ottawa, ON, K1G 4T1, Canada

Email:  mailto:jcwa...@entrenet.com jcwa...@entrenet.com, skype: jcwagar

Tel: +1 613-737-7327, Fax: +1 613-737-5801

Cel: +1 613-818-8898

[MBF]Re: Great News!!

[Andy Schmidt]

Hi Dave,

 

What a relieve!

 

Let us know about your business plan and how we can pay our share to
facilitate bug fixes and advances.

 

Best Regards,

Andy

 

From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com]
On Behalf Of David Barker
Sent: Tuesday, July 02, 2013 10:22 PM
To: community@mailsbestfriend.com
Subject: [MBF]Great News!!

 

Today is a good day for the Mail's Best Friend community. Thanks to Pete
McNeil of  http://www.microneil.com www.microneil.com and MBF we have
secured the Intellectual property rights and assets of Declude.  What this
means is:

1.   MBF has the rights to distribute all  versions of Declude and users
are free to run Declude versions up to 4.12.02  without restriction

2.   We have the Declude source code and will be able to provide updates
and fixes in the future.

3.   All current  downloads can be found here
http://www.mailsbestfriend.com/downloads/
http://www.mailsbestfriend.com/downloads/

We welcome suggestions from the MBF community as to the future of the
Declude product. If you have any questions please let me know.

David Barker
Mail's Best Friend

Email : david.bar...@mailsbestfriend.com
Web  : www.mailsbestfriend.com http://www.mailsbestfriend.com/ 
Office: 1.866.919.2075
Mobile  : 978.518.6461

cid:image001.png@01CE2B2E.8B3E9EF0

 

 

 

 

image001.png