[Declude.JunkMail] orbzout test
I am curious how everyone is treating the orbzout test nowadays. I seem to get way to many false positives from this test from domains like earthlink.net and bellatlantic.net. I have it weighted at 5 now, but the combination of orbzout, nopostmaster and noabuse (like from earthlink) trips my tests to take action. Should I be disregarding orbzout all together? Thanks- Steve --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
[Declude.JunkMail] More wounderful SWBell.net
I know there was a discussion a few days ago about SWBells wounderfull DNS service. Well thought I give a true sad story. About a year ago we ran MailMax and McAfee Webshield SMTP. We did an update of mailmax to latest version less then a week later our server got hijacked and used as a spamrelay server. Mailmax was configured to avoid relaying but something was obviously broke and SmartMax people just keep saying nothing wrong with mailmax even though I could show them rbl listings with our mailmax servers tag in the passed messages. After 5 days we gave up and started looking for new software and our eyes fell on Ipswitch Imail and Declude antivirus and junkmail. Said and done we bought 2 days delivery same day we ordered it we got a call from SWBell Policy department telling us to shutdown our mailserver or we would find our upstream bandwidth shutdown by 5pm that same day (which BTW is big nono according to our contract we are required 14day written notice). I managed to buy ourselves 24hrs more since we had ordered the software and fixup so that swbell relay tests wouldn't go through so I got enough time to get our new mailserver software and install it without further threats (dirty done by me but hey)... Either way.. Today I found this after gotten a complaint from a customer that couldn't receive mail from a customers of theirs. #nslookup smtp-relay.swbell.net Name:smtp-relay.swbell.net Address: 151.164.30.54 http://www.orbz.org/b.php?151.164.30.54 Now... What is wrong with this picture If I do it they can violate our contract and threaten to terminate me but they can run a relay server for over 3 weeks Besides I'm STILL waiting four our letter of apology from SWBell for this incident. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
[Declude.JunkMail] Inbound and outbound domain restriction
I would like to restrict certain users to only be able to send and receive email within the domain they reside. I would need a per-user filter that would bounce everything coming in from other domains, and block outbound email to anything but the senders domain. How would this be set up with Junkmail Pro? --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
[Declude.JunkMail] REVDNS test
Can I get more info on how the REVDNS test is done? We have half a class C so our upstream provider does our reverse DNS. Apparently somewhere along the line they dropped the config for us and we didn't have reverse dns set up for mail.sirc.ca. After much email back and forth, yesterday they told me that they'd fixed it. I can't tell if they have and I'm still getting all of our internal mail coming in with the REVDNS message. Are you checking with specific servers and the info just hasn't propagated yet or is there something else? -- Susan Duncan ([EMAIL PROTECTED]) TEL:(613) 231-SIRC x225 Director of Computer Operations, SIRC FAX:(613) 231-3739 http://www.sportquest.com/ http://www.canadiansport.com/ --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
[Declude.JunkMail] Problem with new long Imail file name
I have just found a problem. (Well any way, I just noticed it.) I was trying to watch a message go through. The user has reported problems. Imail assigned a long file name to it. However, Declude deccon only shows an 8 character length file name. How can we find the file in the deccon log when it shows a different file name? John Tolmachoff IT Manager, Network Engineer 211 E. Imperial Hwy., Suite 106 Fullerton, CA 92835 714-578-7999, ext. 104 [EMAIL PROTECTED] www.reliancesoft.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
RE: [Declude.JunkMail] REVDNS test
Yep, it's there. http://www.dnsstuff.com/tools/ptr.ch?ip=206.191.24.151 http://www.dnsstuff.com/tools/dnsreport.ch?domain=sirc.ca John Tolmachoff IT Manager, Network Engineer 211 E. Imperial Hwy., Suite 106 Fullerton, CA 92835 714-578-7999, ext. 104 [EMAIL PROTECTED] www.reliancesoft.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Susan Duncan Sent: Tuesday, March 12, 2002 9:30 AM To: Declude List Subject: [Declude.JunkMail] REVDNS test Can I get more info on how the REVDNS test is done? We have half a class C so our upstream provider does our reverse DNS. Apparently somewhere along the line they dropped the config for us and we didn't have reverse dns set up for mail.sirc.ca. After much email back and forth, yesterday they told me that they'd fixed it. I can't tell if they have and I'm still getting all of our internal mail coming in with the REVDNS message. Are you checking with specific servers and the info just hasn't propagated yet or is there something else? -- Susan Duncan ([EMAIL PROTECTED]) TEL:(613) 231-SIRC x225 Director of Computer Operations, SIRC FAX:(613) 231-3739 http://www.sportquest.com/ http://www.canadiansport.com/ --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
Re: [Declude.JunkMail] REVDNS test
Can I get more info on how the REVDNS test is done? It's a standard reverse DNS lookup -- for more details, you'll need to go to the RFCs. We have half a class C so our upstream provider does our reverse DNS. That's fine. They can either handle it, or delegate your half of the class C to your DNS servers. I can't tell if they have and I'm still getting all of our internal mail coming in with the REVDNS message. A lot of people seem to think that the REVDNS checks to see if *your* mail server has a reverse DNS entry -- but if that were the case, either all mail would fail the REVDNS test, or none would. It checks the IP address of the remote computer (the one connecting to your mail server), not the IP address of your mail server. Although it's very important to have the reverse DNS entry for your mailserver, you also need reverse DNS entries for your other hosts. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
Re: [Declude.JunkMail] Inbound and outbound domain restriction
I would like to restrict certain users to only be able to send and receive email within the domain they reside. I would need a per-user filter that would bounce everything coming in from other domains, and block outbound email to anything but the senders domain. Unfortunately, I can't think of a way that you would be able to accomplish this, either with Declude or IMail. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
Re: [Declude.JunkMail] Problem with new long Imail file name
However, Declude deccon only shows an 8 character length file name. How can we find the file in the deccon log when it shows a different file name? That is something that we are going to need to find a way to work around. Unfortunately, IMail's new 17-character file name length is going to cause lots of problems. For example, instead of searching for a 7-character string in log files, you're going to have to type in a 16-character string. And, that's going to take up more space in the log files, making them harder to read. Right now, the only known issues with the new 17-character file name length that was added to 7.06HF1 is the truncated entries in the log files. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
Re: [Declude.JunkMail] Hijack question
Since I am sure it is the same for JunkMail, how do you whitelist a subnet? For Declude JunkMail, you would use something like this: WHITELIST IP 192.168.0. Declude Hijack doesn't have a method for whitelisting a subnet. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
Re: [Declude.JunkMail] REVDNS test
Ok, now I'm confused. Are you saying then that even though all the machines in my network are assigned IP addresses via DHCP, that I have to have each of those address resolve to something in the reverse DNS? I think most people would only list servers, not workstations in DNS. I don't even have them listed in the primary. We are getting the error on every piece of internal mail that originates from a user on our network. R. Scott Perry wrote: A lot of people seem to think that the REVDNS checks to see if *your* mail server has a reverse DNS entry -- but if that were the case, either all mail would fail the REVDNS test, or none would. It checks the IP address of the remote computer (the one connecting to your mail server), not the IP address of your mail server. Although it's very important to have the reverse DNS entry for your mailserver, you also need reverse DNS entries for your other hosts. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . -- Susan Duncan ([EMAIL PROTECTED]) TEL:(613) 231-SIRC x225 Director of Computer Operations, SIRC FAX:(613) 231-3739 http://www.sportquest.com/ http://www.canadiansport.com/ --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
Re: [Declude.JunkMail] REVDNS test
Ok, now I'm confused. Are you saying then that even though all the machines in my network are assigned IP addresses via DHCP, that I have to have each of those address resolve to something in the reverse DNS? I think most people would only list servers, not workstations in DNS. I don't even have them listed in the primary. If the IPs are Internet-reachable, they are required to have a reverse DNS entry. If the IPs are internal only (IE 10.x.x.x or 192.168.x.x), they are not required to have a reverse DNS entry. If they are external IPs, and you don't want reverse DNS entries, you can disable the REVDNS test. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
RE: [Declude.JunkMail] Hijack question
So, if I have to whitelist a subnet of 240, I would have to put each of the 16 addresses on a separate line? John Tolmachoff IT Manager, Network Engineer 211 E. Imperial Hwy., Suite 106 Fullerton, CA 92835 714-578-7999, ext. 104 [EMAIL PROTECTED] www.reliancesoft.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of R. Scott Perry Sent: Tuesday, March 12, 2002 10:21 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Hijack question Since I am sure it is the same for JunkMail, how do you whitelist a subnet? For Declude JunkMail, you would use something like this: WHITELIST IP 192.168.0. Declude Hijack doesn't have a method for whitelisting a subnet. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
RE: [Declude.JunkMail] Hijack question
So, if I have to whitelist a subnet of 240, I would have to put each of the 16 addresses on a separate line? That is correct. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .