Re: [Declude.JunkMail] Proper Usage of Reverse DNS PTR Records
Does anyone have some good documents on the proper usage of reverse DNS PTR records? There really aren't, as far as I know. I am trying to reconcile the class C which is allocated to us but I don't know which hostname I am supposed to use in the PTR record. The best advice that I have seen is to use the primary name, or whichever is most appropriate for that IP. For example say I have an IP address 199.218.9.5. If all of these hostnames... acme.com ftp.acme.com mail.acme.com ns1.acme.com www.acme.com point to that same IP address, which one of them do use in the Reverse DNS? In this case, you could pick whichever you wanted to use. Is there some sort of order of precedence, e.g. 1. NS - If an IP is being used by a Name Server always use this as the hostname. 2. MAIL - If an IP is NOT being used by a Name Server but it is being used by a Mail Server use this hostname. 3. WWW - If an IP is NOT being used by a Name Server or Mail Server use this as the hostname. etc. Is there a correct way of doing this? Or at least a standard convention? There really isn't any convention, and is up to you to decide. Most reverse DNS entry lookups would likely be from mailservers, so mail.acme.com might be the best option (since if an end user sees www.acme.com, they might be confused). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] RBL's
You still have the monkeys.com entries in your default global.cfg. Didn't they go dark a few weeks ago? Thanks for pointing this out -- those tests did indeed go away, and they were still in the default config files. The default config files have been updated to reflect this. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] RBL's
> -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of R. > Scott Perry > Sent: Monday, October 20, 2003 2:15 PM > To: [EMAIL PROTECTED] > Subject: RE: [Declude.JunkMail] RBL's > > The updated global.cfg file defines the tests, which will run > them and use > them towards the weighting system. If you also want to take > an action > based on those tests (such as WARN or HOLD), you would also > need to update > your $default$.JunkMail file. > > -Scott Scott, You still have the monkeys.com entries in your default global.cfg. Didn't they go dark a few weeks ago? Rick Rountree Dundee.Net --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Proper Usage of Reverse DNS PTR Records
Hello, All, Does anyone have some good documents on the proper usage of reverse DNS PTR records? I am trying to reconcile the class C which is allocated to us but I don't know which hostname I am supposed to use in the PTR record. For example say I have an IP address 199.218.9.5. If all of these hostnames... acme.com ftp.acme.com mail.acme.com ns1.acme.com www.acme.com point to that same IP address, which one of them do use in the Reverse DNS? Is there some sort of order of precedence, e.g. 1. NS - If an IP is being used by a Name Server always use this as the hostname. 2. MAIL - If an IP is NOT being used by a Name Server but it is being used by a Mail Server use this hostname. 3. WWW - If an IP is NOT being used by a Name Server or Mail Server use this as the hostname. etc. Is there a correct way of doing this? Or at least a standard convention? Thanks, Much! Dan Geiser <[EMAIL PROTECTED]> --- Sign up for virus-free and spam-free e-mail with Nexus Technology Group http://www.nexustechgroup.com/mailscan --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] spam domains
Does anyone have a current file of domains for the spamdomains test that they would like to share? Thanks Jeffrey Di Gregorio Systems Administrator Pacific School of Religion [EMAIL PROTECTED] 510-849-8283
RE: [Declude.JunkMail] RBL's
Yeah I meant the DNS based ones sorry, so in order to get an updated list of them I just need global.cfg right? not the $defualt.Junkmail$ file?? The updated global.cfg file defines the tests, which will run them and use them towards the weighting system. If you also want to take an action based on those tests (such as WARN or HOLD), you would also need to update your $default$.JunkMail file. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] RBL's
Yeah I meant the DNS based ones sorry, so in order to get an updated list of them I just need global.cfg right? not the $defualt.Junkmail$ file?? Timothy C. Bohen CMSInter.Net LLC / Crystal MicroSystems LLC === web : www.cmsinter.net email: [EMAIL PROTECTED] phone: 989.235.5100 x222 fax : 989.235.5151 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of R. Scott Perry Sent: Monday, October 20, 2003 9:32 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] RBL's >What RBL's currently work? Only one -- see http://www.mail-abuse.org . If you are talking about DNS-based spam databases, there are lots -- see http://www.declude.com/junkmail/support/ip4r.htm . >Is the global.cfg on the declude website up to date with the working ones? We constantly update the one of the website. We do not list all spam databases in there, but have the most popular ones enabled, and have definitions for most of the others that people are using. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Missing Declude headers & incorrect weights
If you don't mind me asking, what interim release or full release did the above weighting issue affect? The weighting issue was introduced in one of the v1.76 interim releases (1.76i5, I believe), so it affected very few people. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Missing Declude headers & incorrect weights
> >Okay, I'll buy that--although I not sure how you determined it, since the > >message displays properly in Outlook Express. > > That's probably because the CR or LF will get translated to a CRLF when > IMail and Declude process the E-mail. Okay, if that's the case, shouldn't Declude also add it's headers to the message then? :-) Yes. But so should IMail -- note that the "Status:" and "X-UIDL:" headers are missing, too. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Missing Declude headers & incorrect weights
> > >I have also noticed today that it appears Declude JunkMail is no > > >longer calculating weights correctly. > > > > If you upgrade to the latest interim release at > > http://www.declude.com/release/176i/declude.exe , it takes care of > > this >issue. > >Wasn't actually expecting a response until tomorrow (Monday). Weights >look accurate now. Thanks for the Sunday response and resolve! Scott, If you don't mind me asking, what interim release or full release did the above weighting issue affect? Thanks... Keith --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Missing Declude headers & incorrect weights
- Original Message - From: "R. Scott Perry" <[EMAIL PROTECTED]> > > > My best guess as to what happened was that the E-mail was incorrectly being > > > sent with a CR or LF character instead of the proper CRLF sequence, as both > > > IMail and Declude were adding the headers to the body of the E-mail > > > (indicating that both saw the end of the headers after the E-mail body). > > > >Okay, I'll buy that--although I not sure how you determined it, since the > >message displays properly in Outlook Express. > > That's probably because the CR or LF will get translated to a CRLF when > IMail and Declude process the E-mail. Okay, if that's the case, shouldn't Declude also add it's headers to the message then? :-) Bill --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] RBL's
What RBL's currently work? Only one -- see http://www.mail-abuse.org . If you are talking about DNS-based spam databases, there are lots -- see http://www.declude.com/junkmail/support/ip4r.htm . Is the global.cfg on the declude website up to date with the working ones? We constantly update the one of the website. We do not list all spam databases in there, but have the most popular ones enabled, and have definitions for most of the others that people are using. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] RBL's
What RBL's currently work? Is the global.cfg on the declude website up to date with the working ones? Thanks Timothy C. Bohen CMSInter.Net LLC / Crystal MicroSystems LLC === web : www.cmsinter.net email: [EMAIL PROTECTED] phone: 989.235.5100 x222 fax : 989.235.5151 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Countries test
With the countries test, can it fail more that one country? Yes. With any filter, if you have multiple lines, any line that matches will cause the test to fail, and will affect the weight of the E-mail. If so, can you change it so that it lists every line it failed? For example, I have the following: COUNTRIES 1 CONTAINS*A COUNTRIES 1 CONTAINS*B COUNTRIES 1 CONTAINS*E COUNTRIES 5 CONTAINS*I COUNTRIES 10 CONTAINS*L COUNTRIES 10 CONTAINS*M COUNTRIES 1 CONTAINS*P COUNTRIES 10 CONTAINS*R COUNTRIES 10 CONTAINSCH So it would fail IANA reserved and then fail china and only list china in the headers warning? That is correct. That is to prevent problems with multiple hits. For example, a spam that contains 20 different terms that you have in your filter would have a very long and confusing X-RBL-Warning: header if they were all included in there. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Countries test
Scott, With the countries test, can it fail more that one country? If so, can you change it so that it lists every line it failed? For example, I have the following: COUNTRIES 1 CONTAINS*A COUNTRIES 1 CONTAINS*B COUNTRIES 1 CONTAINS*E COUNTRIES 5 CONTAINS*I COUNTRIES 10 CONTAINS*L COUNTRIES 10 CONTAINS*M COUNTRIES 1 CONTAINS*P COUNTRIES 10 CONTAINS*R COUNTRIES 10 CONTAINSCH So it would fail IANA reserved and then fail china and only list china in the headers warning? X-RBL-Warning: COUNTRIES: Message failed COUNTRIES test (234) shouldn't it go (8,234) ? Craig. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Failed whitelist
> Are you running two IMail/Declude servers? It looks like the E-mail went > to your MX3.NetWood.net (Postfix), which sent to it to centurymedia.com > (IMail) which sent it to MX4.NetWood.net (Postfix) which sent it to > netwood.net (IMail). This is correct. For some reason the email should not have been received originally by mx3 because that's the backup Imgate but that shouldn't matter anyhow. On the Imail server that host centurymedia.com I have WHITELIST the IP of the original sender but I'm sending WEIGHT12 to a separate mailbox on a different Imail server via mx4. However the message should never be sent there because the IP is WHITELIST'd. Strange. Here are the headers that were sent to the first IMail server (centurymedia.com): Received: from k1s3k2 (68-173-225-12.nyc.rr.com [68.173.225.12]) by MX3.NetWood.net (Postfix) with SMTP id ECDAE40E61 for <[EMAIL PROTECTED]>; Sun, 19 Oct 2003 04:03:48 -0700 (PDT) (envelope-from [EMAIL PROTECTED]) From: "goregiasticrecords.com" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Subject: POSSIBLE SPAM:Pre-Order NOW: New PUSTULATED, SAPROFFAGO, IMPURE & CAEDERE! Sender: "goregiasticrecords.com" <[EMAIL PROTECTED]> Mime-Version: 1.0 Content-Type: text/html; charset="iso-8859-1" Date: Sun, 19 Oct 2003 07:02:05 -0400 Message-Id: <[EMAIL PROTECTED]> IMail added a Received: header (with the IP 209.247.184.13), and Declude JunkMail added a number of headers. Declude JunkMail saw the IP as 68.173.225.12 (due to an IPBYPASS that included 209.247.184.13). What is the WHITELIST entry on centurymedia.com that should have whitelisted this E-mail? Do you have more than 200 WHITELIST entries on that server? Are there any spaces/tabs at the end of the WHITELIST line? -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Missing Declude headers & incorrect weights
> My best guess as to what happened was that the E-mail was incorrectly being > sent with a CR or LF character instead of the proper CRLF sequence, as both > IMail and Declude were adding the headers to the body of the E-mail > (indicating that both saw the end of the headers after the E-mail body). Okay, I'll buy that--although I not sure how you determined it, since the message displays properly in Outlook Express. That's probably because the CR or LF will get translated to a CRLF when IMail and Declude process the E-mail. > >I have also noticed today that it appears Declude JunkMail is no longer > >calculating weights correctly. > > If you upgrade to the latest interim release at > http://www.declude.com/release/176i/declude.exe , it takes care of this issue. Wasn't actually expecting a response until tomorrow (Monday). Weights look accurate now. Thanks for the Sunday response and resolve! :) That's one of the reasons why we started using the interim releases -- we can't get a beta out on the weekends, but the interim releases allow us to come out with quick fixes anytime. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.