[Declude.JunkMail] SPF - Altavista
Title: Message I'm impressed who is already on board: http://www.dnsstuff.com/tools/lookup.ch?name=altavista.nettype=TXT http://www.dnsstuff.com/tools/lookup.ch?name=softhome.nettype=TXT It's been catching a few spammers already. Best RegardsAndy SchmidtPhone: +1 201 934-3414 x20 (Business)Fax: +1 201 934-9206
[Declude.JunkMail] Why SPF UNKNOWN?
Title: Message
Hi:
I have lots of SPF
"unknown" in the SPF.log file - most look as if they should have
FAILED:
12.219.157.132 [EMAIL PROTECTED] [family]: UNKNOWN
Here the Imail
log:
12:18 23:10
SMTPD(16C9012A) [63.107.174.78] connect 12.219.157.132 port 449312:18 23:10
SMTPD(16C9012A) [12.219.157.132] EHLO family12:18
23:10 SMTPD(16C9012A) [12.219.157.132] MAIL FROM:[EMAIL PROTECTED]12:18 23:10
SMTPD(16C9012A) [12.219.157.132] RCPT TO:[EMAIL PROTECTED]12:18 23:10
SMTPD(16C9012A) [12.219.157.132] D:\IMAIL\spool\D7a4f16c9012af4a4.SMD
2744
Here the declude
log:
12/18/2003 23:10:59
Q7a4f16c9012af4a4 CBL:7 nNOLEGITCONTENT:-3 SPAMDOMAINS:4 WEIGHTFILTER:-2 .
Total weight = 6.12/18/2003 23:10:59 Q7a4f16c9012af4a4 NOT bypassing
whitelisting of E-mail with weight =20 (6) and at least 1 recipients
(1).12/18/2003 23:10:59 Q7a4f16c9012af4a4 NOT bypassing whitelisting of
E-mail with weight =15 (6) and at least 4 recipients (1).12/18/2003
23:10:59 Q7a4f16c9012af4a4 Msg failed SORBS ("Dynamic IP Address See: http://www.dnsbl.sorbs.net/cgi-bin/lookup?IP=12.219.157.132").
Action="">12/18/2003 23:10:59 Q7a4f16c9012af4a4 Msg failed CBL ("Blocked -
see http://cbl.abuseat.org/lookup.cgi?ip=12.219.157.132").
Action="">12/18/2003 23:10:59 Q7a4f16c9012af4a4 Msg failed SPAMDOMAINS
(Spamdomain 'hm-software.com' found: Address of [EMAIL PROTECTED] sent from invalid
12-219-157-132.client.mchsi.com.). Action="">12/18/2003 23:10:59
Q7a4f16c9012af4a4 Msg failed WEIGHTFILTER (Message failed WEIGHTFILTER test
(line 6, weight 0)). Action="">12/18/2003 23:10:59 Q7a4f16c9012af4a4 Msg
failed WEIGHTHDR (Total weight between 6 and 7.). Action="">12/18/2003
23:10:59 Q7a4f16c9012af4a4 Subject: your wife will NEVER know!12/18/2003
23:10:59 Q7a4f16c9012af4a4 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] IP:
12.219.157.132 ID:
Best
RegardsAndy SchmidtPhone: +1 201 934-3414 x20
(Business)Fax: +1 201 934-9206
[Declude.JunkMail] Reverse dns help
I asked Ameritech - oops SBC to add a reverse dns entry for me, instead it appears they have delegated rdns to me. I tried http://www.dnsstuff.com/tools/ptr.ch?ip=65.42.199.3 to see what is happening. I don't quite understand the Got CNAME referral to ns2.ostgaard.com (zone 3.0.199.42.65.in-addr.arpa) should this not return (zone 3.199.42.65.in-addr.arpa) ? Is this the correct response, or have they not quite done the delegation correctly? How I am searching: Asking e.root-servers.net for 3.199.42.65.in-addr.arpa PTR record: e.root-servers.net says to go to ginseng.arin.net. (zone: 65.in-addr.arpa.) Asking ginseng.arin.net. for 3.199.42.65.in-addr.arpa PTR record: ginseng.arin.net says to go to NS2.AMERITECH.NET. (zone: 42.65.in-addr.arpa.) Asking NS2.AMERITECH.NET. for 3.199.42.65.in-addr.arpa PTR record: Got CNAME referral to ns2.ostgaard.com. (zone 3.0.199.42.65.in-addr.arpa.) Asking ns2.ostgaard.com. for 3.0.199.42.65.in-addr.arpa. PTR record: Reports that no PTR records exist. Answer: No PTR records exist for 65.42.199.3. [Neg TTL=86400 seconds] Any assistance would be appreciated. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] SPF vs. Form Mail
I think whitelisting E-mail based on an SPF PASS probably isn't a wise idea, but I'm sure that spammers that do use SPF will be much easier to catch (they are providing a list of IPs that they may be spamming from G). If I was a spammer, I would use this to my advantage. These guys collect 2,000 IP's at a time, and move around their blocks in order to avoid being perma-listed in the RBL's already, and turning on and off some SPF listings can't be that much more difficult. But, they then have to register domains to publish the SPF records with. That leaves a new area for exploration -- finding the registrars they are using, checking WHOIS information, NS records, etc. If SPF E-mail was being whitelisted, it would be very useful for the spammer. But if it subtracts 10 points from the weight of the E-mail, it isn't going to be enough to make it worth the while for spammers to do this. Normally, it uses the return address of the E-mail (MAILFROM, from the X-Declude-Sender: header). However, if there is a NULL return address, or the address isn't valid (postmaster, for example), then the domain in the HELO/EHLO will be used. I'm not sure if this is in the RFC, but it would be a lot more accurate if you could compare the HELO to the SPF data. Some scripts to also falsify the HELO, but no where near the number of forged domains in MAILFROM. The original design for SPF allowed for that, but the current one does not. I'm not sure why that was changed. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] HOTMAIL ?
These lines are not long enough to wrap, so they are correct as listed below. Bill - Original Message - From: Glenn Brooks [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, December 18, 2003 3:16 PM Subject: RE: [Declude.JunkMail] HOTMAIL ? I would like to try the file listed below for the spamdomains...but I am nto sure if wrapping has taken place in the mail client. Could someone send me a attachement of the text file that has been working for them...thanks in advance...At 04:31 PM 12/18/2003 -0500, you wrote: altavista. .av.com amazon.com .forevermail.com ameritech.net .sbc.com .aol.com @aol.com .aol.com .apple.com @apple.com .apple.com .att. .cdpd.airdata.com @att. .att. attbi.com .comcast. bellatlantic.net .verizon.net .bellsouth.net @bellsouth.net .bellsouth.net .btinternet. @btinternet. .btinternet. .buy.com .dartmail.com @buy.com .buy.com .charter.net @charter.net .charter.net .cisco.com @cisco.com .cisco.com .comcast. @comcast. .comcast. .compaq.com @compaq.com .compaq.com compuserve.com .aol.com concentric.com .cnchost.com concentric.net .cnc.net .cox. @cox. .cox. @cs.com .aol.com .dell.com @dell.com .dell.com earthlink. .mindspring. .ebay.com .emailebay.com @ebay.com .ebay.com excite.com .excitenetwork.com .gateway.com .dartmail.net @gateway.com .gateway.com geocities.com .yahoo.com gte. .verizon. .hotmail.com @hotmail.com .hotmail.com hp.com .compaq.com juno.com .untd.com .lycos.com @lycos.com .lycos.com .microsoft.com @microsoft.com .microsoft.com mindspring. .earthlink. msn.com .hotmail.com netscape. .aol.com netzero. .untd.com .paypal.com @paypal.com .paypal.com prodigy.net .yahoo. psi. .cogentco.com qwest. .uswest. .rr.com @rr.com .rr.com .sbc.com @sbc.com .sbc.com sprint. .sprintlink.net swbell.net .prodigy.net uswest. .qwest. verio. .veriomail.com verizon.com .gte.com verizon.net .bellatlantic. .yahoo. @yahoo. .yahoo. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] SPF support to be added to next beta
Scott, I've been looking over this trying to figure out how to best implement it for my domains. It seems that since they are all on one class C, I should do the following: v=spf1 +a/24 +mx/24 -all Now three very important questions... 1) If I implement this, will intra-server E-mail fail this test? i.e. local mail customer at client IP 123.123.123.123 E-mail's me, where 123.123.123.123 is not a local address, but the address of the border router at the client's location. 2) When my clients who are SMTP blocked by their ISP (port 25), and forced to use their ISP's mail server, am I correct in assuming that this will fail? 3) If the answer is yes to either one of these, does this make more sense to implement against HELO instead of MAILFROM? This would seem to be more problematic than SPAMDOMAINS if it operates on MAILFROM, even if local domains could be excluded. Naturally, I might not be understanding this fully. If I changed the test to +all in order to prevent these issues (if real), then it seems that it would only be useful as a negative weight test when my data is used. Thanks, Matt R. Scott Perry wrote: We will be adding support for SPF (Sender Permitted From, at http://spf.pobox.com ) to the next beta of Declude JunkMail. This is a system that lets owners of domains publish information on what mailservers people can use to send mail from the domain. We expect that this can be very useful in blocking spam (similar to the SPAMDOMAINS test), as well as helping ensure that legitimate mail gets through. http://spf.pobox.com/dns.html covers how to add an SPF record for your own domain. At its simplest, if all your E-mail is coming from your mailserver, and your mailserver is listed in your MX record, you would add a TXT record of v=spf1 +mx -all for your domain. The SPF records always start with v=spf1; the +mx means that any E-mail from an IP listed in your MX records is good, and the -all is a default so that any other E-mail is bad. The SPF system is much, much more flexible than the SPAMDOMAINS test, and it lets domain owners control the settings (which allows them to be much more accurate). If widely implemented, it will make it much more difficult for spammers to get their spam delivered. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] SPF support to be added to next beta
Matt: That is the conclusion that I have reached .. Our employees who check messages at home with ISP's blocking SMTP - will naturally fail this. Also I am still trying to figure out web responses. Based on all that I have seen and read it appears a slight negative weight to reduce FP's is all the use I see for this test... I think a positive test will only increase our FP rate. Regards, Kami -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matthew Bramble Sent: Friday, December 19, 2003 12:14 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] SPF support to be added to next beta Scott, I've been looking over this trying to figure out how to best implement it for my domains. It seems that since they are all on one class C, I should do the following: v=spf1 +a/24 +mx/24 -all Now three very important questions... 1) If I implement this, will intra-server E-mail fail this test? i.e. local mail customer at client IP 123.123.123.123 E-mail's me, where 123.123.123.123 is not a local address, but the address of the border router at the client's location. 2) When my clients who are SMTP blocked by their ISP (port 25), and forced to use their ISP's mail server, am I correct in assuming that this will fail? 3) If the answer is yes to either one of these, does this make more sense to implement against HELO instead of MAILFROM? This would seem to be more problematic than SPAMDOMAINS if it operates on MAILFROM, even if local domains could be excluded. Naturally, I might not be understanding this fully. If I changed the test to +all in order to prevent these issues (if real), then it seems that it would only be useful as a negative weight test when my data is used. Thanks, Matt R. Scott Perry wrote: We will be adding support for SPF (Sender Permitted From, at http://spf.pobox.com ) to the next beta of Declude JunkMail. This is a system that lets owners of domains publish information on what mailservers people can use to send mail from the domain. We expect that this can be very useful in blocking spam (similar to the SPAMDOMAINS test), as well as helping ensure that legitimate mail gets through. http://spf.pobox.com/dns.html covers how to add an SPF record for your own domain. At its simplest, if all your E-mail is coming from your mailserver, and your mailserver is listed in your MX record, you would add a TXT record of v=spf1 +mx -all for your domain. The SPF records always start with v=spf1; the +mx means that any E-mail from an IP listed in your MX records is good, and the -all is a default so that any other E-mail is bad. The SPF system is much, much more flexible than the SPAMDOMAINS test, and it lets domain owners control the settings (which allows them to be much more accurate). If widely implemented, it will make it much more difficult for spammers to get their spam delivered. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Reverse dns help
I asked Ameritech - oops SBC to add a reverse dns entry for me, instead it appears they have delegated rdns to me. I tried http://www.dnsstuff.com/tools/ptr.ch?ip=65.42.199.3 to see what is happening. I don't quite understand the Got CNAME referral to ns2.ostgaard.com (zone 3.0.199.42.65.in-addr.arpa) should this not return (zone 3.199.42.65.in-addr.arpa) ? What is happening here is that Ameritech/SBC is using CNAMEs to delegate on other than Class A/B/C boundaries. Is this the correct response, or have they not quite done the delegation correctly? They actually have done it correctly. In this case, you would set up a PTR record for 3.0.199.42.65.in-addr.arpa, which would be the reverse DNS entry for 65.42.199.3. It's a bit confusing, but works. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] SPF support to be added to next beta
I've been looking over this trying to figure out how to best implement it for my domains. It seems that since they are all on one class C, I should do the following: v=spf1 +a/24 +mx/24 -all Now three very important questions... 1) If I implement this, will intra-server E-mail fail this test? i.e. local mail customer at client IP 123.123.123.123 E-mail's me, where 123.123.123.123 is not a local address, but the address of the border router at the client's location. Yes. Think of it this way -- is there any way to know that 123.123.123.123 belongs to your client and not a spammer? OTOH, you could use WHITELIST AUTH to whitelist their E-mail. 2) When my clients who are SMTP blocked by their ISP (port 25), and forced to use their ISP's mail server, am I correct in assuming that this will fail? Correct. In this case, it sounds like you would instead want to use: v=spf1 +a/24 +mx/24 ?all That way, you are saying that legitimate E-mail might come from IPs other than the ones that you list. This way, neither #1 nor #2 will fail. If I changed the test to +all in order to prevent these issues (if real), then it seems that it would only be useful as a negative weight test when my data is used. +all is a very bad thing -- it says Spammers, you are welcome to forge my domain from any IP. While -all wouldn't work for you (it says that nobody from IPs you do not list can send mail from your domain), ?all would work (it says that anybody trying to send mail from your domain using an IP you do not list *may* be legitimate). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Reverse dns help
Thanks! got it working. Just never saw that before. -Original Message- From: R. Scott Perry [mailto:[EMAIL PROTECTED] Sent: Friday, December 19, 2003 6:49 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Reverse dns help I asked Ameritech - oops SBC to add a reverse dns entry for me, instead it appears they have delegated rdns to me. I tried http://www.dnsstuff.com/tools/ptr.ch?ip=65.42.199.3 to see what is happening. I don't quite understand the Got CNAME referral to ns2.ostgaard.com (zone 3.0.199.42.65.in-addr.arpa) should this not return (zone 3.199.42.65.in-addr.arpa) ? What is happening here is that Ameritech/SBC is using CNAMEs to delegate on other than Class A/B/C boundaries. Is this the correct response, or have they not quite done the delegation correctly? They actually have done it correctly. In this case, you would set up a PTR record for 3.0.199.42.65.in-addr.arpa, which would be the reverse DNS entry for 65.42.199.3. It's a bit confusing, but works. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. *** appended by declude *** To: [EMAIL PROTECTED] FROM: [EMAIL PROTECTED] WEIGHT: -3 HEADERCODE: e REMOTEHOST: declude.com REMOTEIP: 24.107.232.14 SENDERHOST declude.com REVDNS: cpe-24-107-232-14.ma.charter.com QUEUENAME: Df7fd033700fa8e02.SMD TESTSFAILED: WEIGHTCOPY --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] messagescreen.com
Does anyone have any info on this service. messagescreen.com Fred --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Using SUBJECT
I think SUBJECT added Spam ## where ## is the Declude weight. Is there a way to add a space between my message and the Spam ##? Burzin At 05:49 PM 12/18/2003, you wrote: Silly question. I've entered the following action in response to test: SUBJECT Message Contains Unsafe URL However, messages get tagged as Message Contains Unsafe URLSpam ##: test How do (or can) I prevent the Spam ## from showing up? Unfortunately, there isn't a way to do that -- the SUBJECT action will add text to the beginning of the subject, but cannot replace the subject. -Scott -- Burzin Sumariwalla Phone: (314) 994-9411 x291 [EMAIL PROTECTED] Fax: (314) 997-7615 Pager: (314) 407-3345 Networking and Telecommunications Manager Information Technology Services St. Louis County Library District 1640 S. Lindbergh Blvd. St. Louis, MO 63131 --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] False Positives v. Uncaught Spam for Various Tests Various Tests
Thanks for pointing me to the right place. Burzin At 05:51 PM 12/18/2003, you wrote: 1. Does anyone have stats. on false positives v. uncaught spam for various tests. Am I correct in understanding that tests with ratios closer to zero are more accurate? Right now, I believe the best source is: 2. Can someone point me to Scott's November Spam Statistics post. I couldn't find it in the Declude archive. this. It doesn't have information on false positives, however (we're working on that, but it's a lot more work). You can find the latest spam stats post at http://www.mail-archive.com/[EMAIL PROTECTED]/msg76305.html . -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] -- Burzin Sumariwalla Phone: (314) 994-9411 x291 [EMAIL PROTECTED] Fax: (314) 997-7615 Pager: (314) 407-3345 Networking and Telecommunications Manager Information Technology Services St. Louis County Library District 1640 S. Lindbergh Blvd. St. Louis, MO 63131 --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] SPF Question
Scott, I have setup an SPF record for pointshare.com as follows: TXT v=spf1 ipv4:206.114.136.0/23 ipv4:206.114.143.240/28 a:psmail02.pointshare.com ptr mx/24 -all I then sent out a test message from at yahoo account with a pointshare.com e-mail address. Here is a snippet of the log entries for this message: BLARSBL:2 FORGED-DOMAINS:5 SNIFFER-WHITERULE:-3 REDUCTION-FILTER:-10 VERP-FILTER:5 . Total weight = -1. NOT bypassing whitelisting of E-mail with weight =16 (-1) and at least 2 recipients (1). Using [outgoing] CFG file global.cfg. Msg failed BLARSBL (This E-mail came from 66.163.169.226, a potential spam source listed in BLARSBL.). Action=WARN. Msg failed IPNOTINMX (). Action=WARN. Msg failed NOLEGITCONTENT (No content unique to legitimate E-mail detected.). Action=WARN. Msg failed FORGED-DOMAINS (Spamdomain '@pointshare.com' found: Address of [EMAIL PROTECTED] sent from invalid smtp106.mail.sc5.yahoo.com.). Action=WARN. Msg failed SNIFFER-WHITERULE (Message failed SNIFFER-WHITERULE: 0.). Action=WARN. Msg failed REDUCTION-FILTER (Message failed REDUCTION-FILTER test (line 545, weight 0)). Action=WARN. Msg failed VERP-FILTER (Message failed VERP-FILTER test (line 64, weight 5)). Action=WARN. R1 Message OK Subject: test 3 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] IP: 66.163.169.226 ID: C4812ADA13 Last action = IGNORE. I would have thought that this message should have failed the SPF test, however, here is what was entered in the spf.log: 66.163.169.226 [EMAIL PROTECTED] [smtp106.mail.sc5.yahoo.com]: UNKNOWN Any idea why this did not get a fail instead of unknown? Bill --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Using SUBJECT
I think SUBJECT added Spam ## where ## is the Declude weight. Is there a way to add a space between my message and the Spam ##? It shouldn't, unless you had TESTNAME SUBJECT Spam %WEIGHT% in one of your config files. I would recommend checking all your Declude JunkMail config files to see if you have the phrase Spam %WEIGHT% in any of them. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] SPF Question
Scott, I have setup an SPF record for pointshare.com as follows: TXT v=spf1 ipv4:206.114.136.0/23 ipv4:206.114.143.240/28 a:psmail02.pointshare.com ptr mx/24 -all At first, I thought that was fine -- but it isn't. After checking it at http://www.dnsstuff.com/pages/spf.htm , it seems that the TXT record should be: TXT v=spf1 ip4:206.114.136.0/23 ip4:206.114.143.240/28 a:psmail02.pointshare.com ptr mx/24 -all with the ipv4:'s being changed to ip4:. Since ipv4: isn't a defined mechanism, a result of UNKNOWN is returned. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] SPF vs. Form Mail
R. Scott Perry wrote: I'm not sure if this is in the RFC, but it would be a lot more accurate if you could compare the HELO to the SPF data. Some scripts to also falsify the HELO, but no where near the number of forged domains in MAILFROM. The original design for SPF allowed for that, but the current one does not. I'm not sure why that was changed. This is kind of a response to all the follow ups this morning. I can't afford to use this test on the majority of my domains because I can't currently make use of WHITELIST AUTH, and I have enough customers that use third-party outgoing mail servers for one reason or another that this would cause issues there as well. I was already debating what to do with a spamdomains variant that was coded for local domains, and I was only scoring that at 20% of my fail weight. I could remove that test and replace it with SPF scored at 20%, however the effects of the SPF would carry over to other sources that would potentially have problems and over which I would have no control over. There is some potential with this as a negative weight test, however once the spammers catch on, the value would be diminished greatly, and of course legit mail servers are sources of spam, just not as often as the illegitimate ones, and I don't see the need to credit senders based only on the fact that they matched their SPF records. IPNOTINMX already does most of this as a dumb test, and I only give that 1 point of credit anyway. Considering these issues, I don't see why I should push something forward with such a flaw. I would however reevaluate the idea if it was modified to work on HELO instead of MAILFROM, though that would require some monitoring as there are always unexpected results. I hope that this can become a tool, and I'm all for the idea of supporting innovation by adding my own records to the mix, but I'm not convinced that this will help in it's current format. I don't believe you can verify the sender any more reliably than we already are with SMTP, and efforts should instead be focused on verifying the server. I'm very sorry to have not liked either this effort or the Web-O-Trust thing, and I don't want to sound like I'm just being critical for the sake of it (though sometimes I am overly critical), but I feel that it is constructive for me to say this if for no other reason than to warn others about the potential of issues, but hopefully rather to influence the process for the better. I'm sure there are others around here that feel the same way, but choose not to voice their opinions out of fear of insulting someone else...or maybe I'm just whacked :) Matt --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] SPF vs. Form Mail
This is kind of a response to all the follow ups this morning. I can't afford to use this test on the majority of my domains because I can't currently make use of WHITELIST AUTH, and I have enough customers that use third-party outgoing mail servers for one reason or another that this would cause issues there as well. It seems that a lot of people don't really understand the full power of SPF. Most people assume it is pass/fail, but it is actuall pass/fail/unknown. What this means is that you can set up an SPF record that instead of saying E-mail from @example.com that comes from 192.0.2.25 is definitely legitimate, but everything else is bogus (v=spf1 +ip4:192.0.2.25 -all), you can say E-mail from @example.com that comes from 192.0.2.25 is definitely legitimate, but any E-mail from @example.com from other IPs may or may not be bogus (v=spf1 +ip4:192.0.2.25 ?all). This is *guaranteed* to give you better results than no SPF record, even if many of your users do not send mail directly through your mailserver. I was already debating what to do with a spamdomains variant that was coded for local domains, and I was only scoring that at 20% of my fail weight. I could remove that test and replace it with SPF scored at 20%, however the effects of the SPF would carry over to other sources that would potentially have problems and over which I would have no control over. But that's exactly the point -- you have no control over it! If we set up declude.com as v=spf1 +mx -all, and I send an E-mail from another IP and it gets caught on your server, that is *my* fault (or the fault of whoever authorized the SPF record for declude.com). In this case, if one of your users says But my friend with a competing ISP can get mail from Scott!, you can tell him But, the company Scott works for does not allow mail to be sent except from their servers. Often, you get stuck telling a customer That company has serious problems (open relay, no reverse DNS, etc.). But with SPF, it is company policy, which you are honoring. There is some potential with this as a negative weight test, however once the spammers catch on, the value would be diminished greatly, and of course legit mail servers are sources of spam, just not as often as the illegitimate ones, and I don't see the need to credit senders based only on the fact that they matched their SPF records. ... Considering these issues, I don't see why I should push something forward with such a flaw. This might be best discussed on the SPF mailing list, where the creator of SPF and others can better comment on how SPF will deal with this. Only time will tell if spammers will be able to successfully abuse SPF, but at the very least it will give them more work to do, costing them more money. I'm very sorry to have not liked either this effort or the Web-O-Trust thing, and I don't want to sound like I'm just being critical for the sake of it (though sometimes I am overly critical), but I feel that it is constructive for me to say this if for no other reason than to warn others about the potential of issues, but hopefully rather to influence the process for the better. I'm sure there are others around here that feel the same way, but choose not to voice their opinions out of fear of insulting someone else...or maybe I'm just whacked :) That's fine -- if there are flaws with an idea and nobody comes out and says it, everybody loses. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Problem with 1.77i3
Title: Problem with 1.77i3 Hi Scott: I think there is an issue with i3. We are seeing a lot of tests being triggered but no weight is recorded. Several emails have been delivered where in fact they were supposed to be deleted had the weights been added. X-RBL-Warning: HEUR: Heuristic spam detection level 9 [0.999304] X-RBL-Warning: IPNOTINMX: X-RBL-Warning: NOLEGITCONTENT: No content unique to legitimate E-mail detected. X-RBL-Warning: IP-BLACKLIST: X-RBL-Warning: WORDFILTERMx: Message failed WORDFILTERMx test (line 1, weight 0) X-RBL-Warning: FILTER-SPAM-HTML: Message failed FILTER-SPAM-HTML test (line 79, weight 5) X-RBL-Warning: FILTER-PORN: Message failed FILTER-PORN test (line 365, weight 0) Or X-IMAIL-SPAM-DNSBL: (SPAMCOP,42860696,127.0.0.2) X-IMAIL-SPAM-DNSBL: (NJABL,42860696,127.0.0.9) X-IMAIL-SPAM-DNSBL: (BLARS,42860696,127.1.0.17) X-IMAIL-SPAM-DNSBL: (DSBL,42860696,127.0.0.2) X-IMAIL-SPAM-DNSBL: (DSBLALL,42860696,127.0.0.2) X-IMAIL-SPAM-DNSBL: (SORBS-DUL,42860696,127.0.0.10) X-IMAIL-SPAM-DNSBL: (AHBL,42860696,127.0.0.3) X-RBL-Warning: NOABUSE: Not supporting [EMAIL PROTECTED] X-RBL-Warning: NOPOSTMASTER: Not supporting [EMAIL PROTECTED] X-RBL-Warning: IPNOTINMX: X-RBL-Warning: NOLEGITCONTENT: No content unique to legitimate E-mail detected. X-RBL-Warning: FILTER-BODY-CREDIT: Message failed FILTER-BODY-CREDIT test (line 259, weight 0) X-RBL-Warning: COUNTRY: Message failed COUNTRY test (line 43, weight 0) X-RBL-Warning: FILTER-SPAM-HTML: Message failed FILTER-SPAM-HTML test (line 80, weight 0) X-Declude-Sender: [EMAIL PROTECTED] [200.86.95.6] A lot of Weight 0. None of our filters have changed.. I will do more checking but just wanted to see if others are seeing this. Regards, Kami
RE: [Declude.JunkMail] SPF vs. Form Mail
Scott, I just wanted to post and let you know that I started a website www.adminforums.com and have added a Declude and Imail section, so that this community can post their configurations without wasting list bandwidth. I for one am interested in seeing what is working for people. I would really like to see some of the test configurations that Declude runs itself...hint ...hint -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Friday, December 19, 2003 9:16 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] SPF vs. Form Mail This is kind of a response to all the follow ups this morning. I can't afford to use this test on the majority of my domains because I can't currently make use of WHITELIST AUTH, and I have enough customers that use third-party outgoing mail servers for one reason or another that this would cause issues there as well. It seems that a lot of people don't really understand the full power of SPF. Most people assume it is pass/fail, but it is actuall pass/fail/unknown. What this means is that you can set up an SPF record that instead of saying E-mail from @example.com that comes from 192.0.2.25 is definitely legitimate, but everything else is bogus (v=spf1 +ip4:192.0.2.25 -all), you can say E-mail from @example.com that +comes from 192.0.2.25 is definitely legitimate, but any E-mail from @example.com from other IPs may or may not be bogus (v=spf1 +ip4:192.0.2.25 ?all). This is *guaranteed* to give you better results than no SPF record, even if many of your users do not send mail directly through your mailserver. I was already debating what to do with a spamdomains variant that was coded for local domains, and I was only scoring that at 20% of my fail weight. I could remove that test and replace it with SPF scored at 20%, however the effects of the SPF would carry over to other sources that would potentially have problems and over which I would have no control over. But that's exactly the point -- you have no control over it! If we set up declude.com as v=spf1 +mx -all, and I send an E-mail from another IP and it gets caught on your server, that is *my* fault (or the fault of whoever authorized the SPF record for declude.com). In this case, if one of your users says But my friend with a competing ISP can get mail from Scott!, you can tell him But, the company Scott works for does not allow mail to be sent except from their servers. Often, you get stuck telling a customer That company has serious problems (open relay, no reverse DNS, etc.). But with SPF, it is company policy, which you are honoring. There is some potential with this as a negative weight test, however once the spammers catch on, the value would be diminished greatly, and of course legit mail servers are sources of spam, just not as often as the illegitimate ones, and I don't see the need to credit senders based only on the fact that they matched their SPF records. ... Considering these issues, I don't see why I should push something forward with such a flaw. This might be best discussed on the SPF mailing list, where the creator of SPF and others can better comment on how SPF will deal with this. Only time will tell if spammers will be able to successfully abuse SPF, but at the very least it will give them more work to do, costing them more money. I'm very sorry to have not liked either this effort or the Web-O-Trust thing, and I don't want to sound like I'm just being critical for the sake of it (though sometimes I am overly critical), but I feel that it is constructive for me to say this if for no other reason than to warn others about the potential of issues, but hopefully rather to influence the process for the better. I'm sure there are others around here that feel the same way, but choose not to voice their opinions out of fear of insulting someone else...or maybe I'm just whacked :) That's fine -- if there are flaws with an idea and nobody comes out and says it, everybody loses. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Windows Server 2003
So I haven't heard anything else back on this .. are you guys all staying away from Windows 2003 and Imail? I'm having a hard time trying to justify the risk of running new servers on 2k3 when 2k works just fine .. but then again, 2k3 seems more stable over time but not if Imail doesn't support it well yet. g Thoughts? Jonathan At 05:04 PM 12/4/2003, you wrote: The issues seem to appear at high volumes. Besides, I am more than willing to use those licenses for you. ;) John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Jonathan Sent: Thursday, December 04, 2003 2:43 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Windows Server 2003 So, what's the scoop with current Imail 8, declude, sniffer, etc on Windows 2003 Server? We're thinking about moving it to some new iron internally, and Ive got some 2k3 licenses just burning a hole in my pocket. :) I heard some stability issues, saw some imail patches/etc .. things stable (and *robust*) now? Relatively high volumes of email .. Jonathan --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Using SUBJECT
Oopps. My apologies. Thanks, Burzin At 09:13 AM 12/19/2003, you wrote: I think SUBJECT added Spam ## where ## is the Declude weight. Is there a way to add a space between my message and the Spam ##? It shouldn't, unless you had TESTNAME SUBJECT Spam %WEIGHT% in one of your config files. I would recommend checking all your Declude JunkMail config files to see if you have the phrase Spam %WEIGHT% in any of them. -Scott --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Windows Server 2003
For the majority, W2K3 is the way to go if you are able to. Ipswitch does support running Imail on W2K3. There are some possible issues. 1. Running MS DSN service on W2K3 WITH Imail Anti-Spam DNS tests is a problem. 2. Some issues have been reported on the Imail list when the server processes a high volume of messages per day. Nothing seems to be conclusive as far as I know to date, and from the posts, I have not seen a definite pattern. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Jonathan Sent: Thursday, December 18, 2003 10:44 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Windows Server 2003 So I haven't heard anything else back on this .. are you guys all staying away from Windows 2003 and Imail? I'm having a hard time trying to justify the risk of running new servers on 2k3 when 2k works just fine .. but then again, 2k3 seems more stable over time but not if Imail doesn't support it well yet. g Thoughts? Jonathan At 05:04 PM 12/4/2003, you wrote: The issues seem to appear at high volumes. Besides, I am more than willing to use those licenses for you. ;) John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Jonathan Sent: Thursday, December 04, 2003 2:43 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Windows Server 2003 So, what's the scoop with current Imail 8, declude, sniffer, etc on Windows 2003 Server? We're thinking about moving it to some new iron internally, and Ive got some 2k3 licenses just burning a hole in my pocket. :) I heard some stability issues, saw some imail patches/etc .. things stable (and *robust*) now? Relatively high volumes of email .. Jonathan --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] SPAMCOP Question
I was looking at the headers and saw SPAMCOP : Blocked Is that how it should be - what it's returning? If not, ideas on what could be wrong? X-RBL-Warning: SORBS-SPAM: Spam Received See: http://www.dnsbl.sorbs.net/cgi-bin/lookup?IP=66.111.254.21X-RBL-Warning: SPAMCOP: Blocked - see http://www.spamcop.net/bl.shtml?66.111.254.21X-RBL-Warning: SPAMHEADERS: This E-mail has headers consistent with spam [4000120e].X-RBL-Warning: GIBBERISH: Message failed GIBBERISH test (line 303, weight 0)X-RBL-Warning: ANTI-GIBBERISH: Message failed ANTI-GIBBERISH test (line 283, weight 0)X-RBL-Warning: BLASTER: Message failed BLASTER test (line 3, weight 0)X-Declude-Sender: [EMAIL PROTECTED] [66.111.254.21]X-Declude-Spoolname: D25320b0a00f84423.SMDX-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam.X-Spam-Tests-Failed: SORBS-SPAM, SPAMCOP, SPAMHEADERS, GIBBERISH, ANTI-GIBBERISH, BLASTER, WEIGHT10, WEIGHT20 [22]X-Note: This E-mail was sent from net21.netholdem.com ([66.111.254.21]).X-RCPT-TO: [EMAIL PROTECTED]Status: UX-UIDL: 367795725
Re: [Declude.JunkMail] SPAMCOP Question
I was looking at the headers and saw SPAMCOP : Blocked Is that how it should be - what it's returning? If not, ideas on what could be wrong? That is what it is returning: X-RBL-Warning: SPAMCOP: Blocked - see http://www.spamcop.net/bl.shtml?66.111.254.21http://www.spamcop.net/bl.shtml?66.111.254.21 Spamcop is returning a TXT record of Blocked - see http://www.spamcop.net/bl.shtml?66.111.254.21http://www.spamcop.net/bl.shtml?66.111.254.21;, which is what Declude JunkMail uses by default in the X-RBL-Warning: header. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Outbound Port 25, was - Virginia Indicts Indicts
Hm No sir, I don't like it! In the end where this is headed is that if you belong to their group then they will legitimize any messages that you send... then they will use their combined resources to loby and otherwise make it a bad thing for you to do any kind of filtering to their messages. The problem I see with this is that the receiver eventually loses control and power over that decision migrates toward those who have the money to pay for access. In my view it is another form of the sender-pays line of thinking - but worse because the paying part is downplayed. A tip-off is that the counter to this argument is up-front in their proposal. Specifically that they will create and manage a mechanism that tracks the end-user's subscrbe/unsubscribe requests... I think this is a lot like putting the foxes in charge of the hen house. My $0.02. _M |-Original Message- |From: [EMAIL PROTECTED] |[mailto:[EMAIL PROTECTED] On Behalf Of |Burzin Sumariwalla |Sent: Thursday, December 18, 2003 2:12 PM |To: [EMAIL PROTECTED] |Subject: Re: [Declude.JunkMail] Outbound Port 25, was - |Virginia Indicts Indicts | | |Does any one have comments on any of the following: | |http://www.computerworld.com/softwaretopics/software/groupware/ |story/0,10801,80626,00.html | |Project Lumos | |http://www.camram.org | |CANRAM | |Burzin | | |At 09:01 PM 12/15/2003, you wrote: | |How about some new suggestions for methods to combat the spammers? | |- | |--- |[This E-mail scanned for viruses by Declude Virus] | |--- |[This E-mail was scanned for viruses by Declude Virus |(http://www.declude.com)] | |--- |This E-mail came from the Declude.JunkMail mailing list. To |unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type |unsubscribe Declude.JunkMail. The archives can be found at |http://www.mail-archive.com. | |_ |[This E-mail virus scanned by 4C Web] | | |--- |[This E-mail was scanned for viruses by Declude Virus |(http://www.declude.com)] | |--- |This E-mail came from the Declude.JunkMail mailing list. To |unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type |unsubscribe Declude.JunkMail. The archives can be found at |http://www.mail-archive.com. |--- |[This E-mail scanned for viruses by Declude Virus] | |-- |Burzin Sumariwalla Phone: (314) 994-9411 x291 |[EMAIL PROTECTED] Fax: (314) 997-7615 | Pager: (314) 407-3345 | |Networking and Telecommunications Manager |Information Technology Services |St. Louis County Library District |1640 S. Lindbergh Blvd. |St. Louis, MO 63131 | |--- |[This E-mail scanned for viruses by Declude Virus] | |--- |[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] SPF support to be added to next beta
Is there a way that I can setup this test to only check incoming messages? I set up the DNS record and it will work fine except when one of my dial-up users sends an outgoing message. The test does exactly what I would like it to do. When one of my dial-up users bypasses my SMTP server, the message could be flagged as spam at the receiving end using an SPF test. However, if the user is sending mail correctly, through my SMTP server, the test flags there dial-up IP as an invalid SMTP server! I would like to turn off this test for outgoing messages while still doing other spam testing on outgoing messages. Is there some way to do this? Here is an example: Received: from wamgfk19jmdhqi [63.252.12.191] by wamusa.com with ESMTP (SMTPD32-8.04) id A5ECDE20074; Fri, 19 Dec 2003 12:39:40 -0600 From: Bill Morgan [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: test Date: Fri, 19 Dec 2003 12:39:40 -0600 Message-ID: [EMAIL PROTECTED] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2627 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Importance: Normal X-Declude-Sender: [EMAIL PROTECTED] [63.252.12.191] X-Spam-Tests-Failed: SPFFAIL [1] X-Note: This E-mail was sent from 63-252-12-191.ip.mcleodusa.net ([63.252.12.191]). X-Declude-Date: 12/19/2003 18:39:40 [0] X-RCPT-TO: [EMAIL PROTECTED] Status: U X-UIDL: 367544318 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Monday, December 15, 2003 5:54 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] SPF support to be added to next beta We will be adding support for SPF (Sender Permitted From, at http://spf.pobox.com ) to the next beta of Declude JunkMail. This is a system that lets owners of domains publish information on what mailservers people can use to send mail from the domain. We expect that this can be very useful in blocking spam (similar to the SPAMDOMAINS test), as well as helping ensure that legitimate mail gets through. http://spf.pobox.com/dns.html covers how to add an SPF record for your own domain. At its simplest, if all your E-mail is coming from your mailserver, and your mailserver is listed in your MX record, you would add a TXT record of v=spf1 +mx -all for your domain. The SPF records always start with v=spf1; the +mx means that any E-mail from an IP listed in your MX records is good, and the -all is a default so that any other E-mail is bad. The SPF system is much, much more flexible than the SPAMDOMAINS test, and it lets domain owners control the settings (which allows them to be much more accurate). If widely implemented, it will make it much more difficult for spammers to get their spam delivered. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] SPAMCOP Question
Doug, I don't think anything is wrong. SpamC. is returning a TXT record with that information. The link says that's experimental. Burzin At 12:22 PM 12/19/2003, you wrote: I was looking at the headers and saw SPAMCOP : Blocked Is that how it should be - what it's returning? If not, ideas on what could be wrong? X-RBL-Warning: SORBS-SPAM: Spam Received See: http://www.dnsbl.sorbs.net/cgi-bin/lookup?IP=66.111.254.21http://www.dnsbl.sorbs.net/cgi-bin/lookup?IP=66.111.254.21 X-RBL-Warning: SPAMCOP: Blocked - see http://www.spamcop.net/bl.shtml?66.111.254.21http://www.spamcop.net/bl.shtml?66.111.254.21 X-RBL-Warning: SPAMHEADERS: This E-mail has headers consistent with spam [4000120e]. X-RBL-Warning: GIBBERISH: Message failed GIBBERISH test (line 303, weight 0) X-RBL-Warning: ANTI-GIBBERISH: Message failed ANTI-GIBBERISH test (line 283, weight 0) X-RBL-Warning: BLASTER: Message failed BLASTER test (line 3, weight 0) X-Declude-Sender: mailto:[EMAIL PROTECTED][EMAIL PROTECTED] [66.111.254.21] X-Declude-Spoolname: D25320b0a00f84423.SMD X-Note: This E-mail was scanned by Declude JunkMail (http://www.declude.comwww.declude.com) for spam. X-Spam-Tests-Failed: SORBS-SPAM, SPAMCOP, SPAMHEADERS, GIBBERISH, ANTI-GIBBERISH, BLASTER, WEIGHT10, WEIGHT20 [22] X-Note: This E-mail was sent from net21.netholdem.com ([66.111.254.21]). X-RCPT-TO: mailto:[EMAIL PROTECTED][EMAIL PROTECTED] Status: U X-UIDL: 367795725 -- Burzin Sumariwalla Phone: (314) 994-9411 x291 [EMAIL PROTECTED] Fax: (314) 997-7615 Pager: (314) 407-3345 Networking and Telecommunications Manager Information Technology Services St. Louis County Library District 1640 S. Lindbergh Blvd. St. Louis, MO 63131 --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Outbound Port 25, was - Virginia Indicts Indicts
Pete McNeil wrote: A tip-off is that the counter to this argument is up-front in their proposal. Specifically that they will create and manage a mechanism that tracks the end-user's subscrbe/unsubscribe requests... I think this is a lot like putting the foxes in charge of the hen house. I thought the tip-off was where they claimed that 15% of legitimate commercial E-mail was being blocked :) The good thing is that this will go no where because there are too many of us, and if it's unwanted and we block it, it only makes them look all the worse. As things stand, they have a lot of catching up to do. You don't create a monopoly out of anarchy. Matt --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] SPF support to be added to next beta
Is there a way that I can setup this test to only check incoming messages? No (although you can set it up so that no action would be taken for outgoing mail, the weight would still be applied). In this case, WHITELIST AUTH (with works with Declude JunkMail v1.75 and higher, and IMail v8 and higher) might be the best option. Alternatively, you could use WHITELIST IP 192.0.2.0/24 to whitelist the dialup IPs, or set up a filter that would subtract weight for E-mails coming from those IPs. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Whitelist Auth?
I have been looking for the syntax for this entry. Can you publish it? My understanding is that this will whitelist anyone that has authenticated for SMTP. Is that correct? Also, what is the entry to stop performing tests if the weight reaches a certain level? Thanks, Todd Holt Xidix Technologies, Inc Las Vegas, NV USA www.xidix.com 702.319.4349 --- [This E-mail scanned for viruses by Declude Virus (http://www.declude.com)] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] OT SPF and Windows 2000 DNS
Hello, I used the SPF wizard to create the SPF entries. Am I correct in understanding that I can place the (corrected) Bind version of these entries into the .domain file on my Windows 2000 DNS server. Does it matter where the lines go? Any advice? I tried posting to the SPF forum, but that didn't work. Thanks, Burzin -- Burzin Sumariwalla Phone: (314) 994-9411 x291 [EMAIL PROTECTED] Fax: (314) 997-7615 Pager: (314) 407-3345 Networking and Telecommunications Manager Information Technology Services St. Louis County Library District 1640 S. Lindbergh Blvd. St. Louis, MO 63131 --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Whitelist Auth?
I found the whitelist auth in the archives. Sorry. I still want to know how to stop performing tests after a certain weight level. Thanks, Todd Holt Xidix Technologies, Inc Las Vegas, NV USA www.xidix.com 702.319.4349 -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Todd Holt Sent: Friday, December 19, 2003 11:13 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Whitelist Auth? I have been looking for the syntax for this entry. Can you publish it? My understanding is that this will whitelist anyone that has authenticated for SMTP. Is that correct? Also, what is the entry to stop performing tests if the weight reaches a certain level? Thanks, Todd Holt Xidix Technologies, Inc Las Vegas, NV USA www.xidix.com 702.319.4349 --- [This E-mail scanned for viruses by Declude Virus (http://www.declude.com)] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus (http://www.declude.com)] --- [This E-mail scanned for viruses by Declude Virus (http://www.declude.com)] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Host Alias Question
I can not find this in the archive . . . I have a mail domain with three different domain names: Official Host Name: TripleBDomain.com Host Aliases: 3BDomain.com, 3BD.com Do I need to set up Decule Virus and Junk Mail for each domain name? [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Outbound Port 25, was - Virginia Indicts Indicts
|Pete McNeil wrote: | |A tip-off is that the counter to this argument is up-front in their |proposal. Specifically that they will create and manage a mechanism |that tracks the end-user's subscrbe/unsubscribe requests... I think |this is a lot like putting the foxes in charge of the hen house. | | |I thought the tip-off was where they claimed that 15% of legitimate |commercial E-mail was being blocked :) Just like me to miss the obvious first time around %^b _M --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Test order
Are the tests performed in the order listed in the global.cfg? Todd Holt Xidix Technologies, Inc Las Vegas, NV USA www.xidix.com 702.319.4349 --- [This E-mail scanned for viruses by Declude Virus (http://www.declude.com)] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] SPF vs. Form Mail
There is some potential with this as a negative weight test, however once
the spammers catch on, the value would be diminished greatly, and of
course legit mail servers are sources of spam, just not as often as the
illegitimate ones, and I don't see the need to credit senders based only
on the fact that they matched their SPF records. ... Considering these
issues, I don't see why I should push something forward with such a flaw.
One other thing that I forgot about here is that you can do some creative
things with SPF, such as:
v=spf1 +mx -exists:%{ir4}.bl.spamcop.net ?all
which would still give a PASS for users using your mailserver and an
UNKNOWN for your roaming users, but also would give a FAIL to people listed
in SPAMCOP. Another interesting technique someone is already using
something like is:
v=spf1 +mx -exists:%{ir4}.test.example.com +all
With this, the DNS server for test.example.com is running software that
allows this first X hits per day, and none after that. It could also have
extra logic, such as denying E-mail from certain return addresses (or
perhaps only allowing E-mail from addresses of users who may be on the road).
-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
Declude Virus: Catches known viruses and is the leader in mailserver
vulnerability detection.
Find out what you've been missing: Ask about our free 30-day evaluation.
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail. The archives can be found
at http://www.mail-archive.com.
[Declude.JunkMail] declude/Imail as a gateway - question
Hello, We have Declude/Imail setup as a gateway and I have a couple customers using the ROUTETO action. The problem is email that is sent to bogus addresses at the domain and are marked as SPAM automatically go to the specified ROUTETO mailbox. Is it possible to setup a test that queries a text file or actually talks the mail server the email is relayed to, to check to see if the email address is real? I am not sure if anybody else has this problem... Thoughts?? Adam --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Test order
Are the tests performed in the order listed in the global.cfg? No. Declude JunkMail has a hard-coded for the test types. However, for each test type, the tests will be run in the order that they are listed in the global.cfg file. So if you have an ip4r test and a filter test, the order they are listed in will not matter. However, if you have 2 filter tests, they will be run in the order they are listed in the global.cfg file. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Whitelist Auth?
I still want to know how to stop performing tests after a certain weight level. Unfortunately, that isn't possible. There are a number of problems with this (negative weights that would have been added after processing stops, the order of tests, etc.). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Host Alias Question
I have a mail domain with three different domain names: Official Host Name: TripleBDomain.com Host Aliases: 3BDomain.com, 3BD.com Do I need to set up Decule Virus and Junk Mail for each domain name? That depends on what you are doing. For a default installation, you don't need to do anything -- all mail to/from those domains will be scanned. However, if you are setting up per-user or per-domain settings in Declude JunkMail, you should use the official name (unless the address is a user alias, in which case the domain used in the user alias will be used, but that *should* be the same as the official name). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] OT SPF and Windows 2000 DNS
Burzin, it doesn't matter where in the zone file the txt record goes. You could simply added it via the GUI, as well, since txt records are supported by W2K DNS. Bill - Original Message - From: Burzin Sumariwalla [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, December 19, 2003 11:26 AM Subject: [Declude.JunkMail] OT SPF and Windows 2000 DNS Hello, I used the SPF wizard to create the SPF entries. Am I correct in understanding that I can place the (corrected) Bind version of these entries into the .domain file on my Windows 2000 DNS server. Does it matter where the lines go? Any advice? I tried posting to the SPF forum, but that didn't work. Thanks, Burzin -- Burzin Sumariwalla Phone: (314) 994-9411 x291 [EMAIL PROTECTED] Fax: (314) 997-7615 Pager: (314) 407-3345 Networking and Telecommunications Manager Information Technology Services St. Louis County Library District 1640 S. Lindbergh Blvd. St. Louis, MO 63131 --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Imail 8.05 Release
Scott, It looks as if IpSwitch may have fixed the issue in 8.05 that keeps Declude from being called. Taken from 8.05 Release Notes... o Queuemgr: Decreased the possibility that during a queue run the queuemgr might process files before a third party process locks the message. Keith --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Test order
This could be a very useful feature. I could define my negative weight tests first, then the high probability/high weight tests next. Then if the weight exceeds my delete weight quickly, Declude could stop spending cycles/bandwidth on the other tests. Admittedly, I would require the admin to correctly configure the order of the tests. Todd Holt Xidix Technologies, Inc Las Vegas, NV USA www.xidix.com 702.319.4349 -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Friday, December 19, 2003 11:55 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Test order Are the tests performed in the order listed in the global.cfg? No. Declude JunkMail has a hard-coded for the test types. However, for each test type, the tests will be run in the order that they are listed in the global.cfg file. So if you have an ip4r test and a filter test, the order they are listed in will not matter. However, if you have 2 filter tests, they will be run in the order they are listed in the global.cfg file. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus (http://www.declude.com)] --- [This E-mail scanned for viruses by Declude Virus (http://www.declude.com)] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Imail 8.05 Release
It looks as if IpSwitch may have fixed the issue in 8.05 that keeps Declude from being called. You beat me to it -- I was just about to post about that, but saw yours first. :) I quick thank you to Ipswitch for taking care of this so quickly. This was a big concern for many of our customers. For those that are not aware of the issue, there is a very short period of time between the time IMail receives an E-mail and Declude is started where it can be usurped by a queue run, causing it to be delivered before Declude can see it. This problem became much more noticeable recently, as E-mail volumes have risen due to spam, and for people using IMail v8's anti-spam (which would apparently increase the delay, increasing the chances that this problem would occur). This has been fixed for IMail v8.05. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Why SPF UNKNOWN?
I have lots of SPF unknown in the SPF.log file - most look as if they should have FAILED: 12.219.157.132 mailto:[EMAIL PROTECTED][EMAIL PROTECTED] [family]: UNKNOWN This definitely should have been a fail. I haven't been able to reproduce this, however, There is a new interim release (http://www.declude.com/interim) that will log the reason for an UNKNOWN in most cases, which should help determine why this is happening. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Whitelist Auth?
Todd, You can control this to some degree in your filters with SKIPIFWEIGHT and MAXWEIGHT Also I believe the filters run in order of listing in global config. I suggest you list your neg filters first and your largest filters last. Hope this helps -Nick Hayer -- Original Message -- From: Todd Holt [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Fri, 19 Dec 2003 11:28:05 -0800 I found the whitelist auth in the archives. Sorry. I still want to know how to stop performing tests after a certain weight level. Thanks, Todd Holt Xidix Technologies, Inc Las Vegas, NV USA www.xidix.com 702.319.4349 -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Todd Holt Sent: Friday, December 19, 2003 11:13 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Whitelist Auth? I have been looking for the syntax for this entry. Can you publish it? My understanding is that this will whitelist anyone that has authenticated for SMTP. Is that correct? Also, what is the entry to stop performing tests if the weight reaches a certain level? Thanks, Todd Holt Xidix Technologies, Inc Las Vegas, NV USA www.xidix.com 702.319.4349 --- [This E-mail scanned for viruses by Declude Virus (http://www.declude.com)] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus (http://www.declude.com)] --- [This E-mail scanned for viruses by Declude Virus (http://www.declude.com)] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Host Alias Question
I'm confused. I have : Official Host Name: TripleBDomain.com Host Aliases: 3BDomain.com, 3BD.com Some users use the TripleBDomain.com domain name for their email ([EMAIL PROTECTED] and [EMAIL PROTECTED]) Other users use the 3BD.com domain name: ([EMAIL PROTECTED]) Yet another uses [EMAIL PROTECTED] All on the same virtual server using Host Aliases. Do I need to set up Decule for each domain name or does setting Declude up on the Official Host Name cover them all? [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Friday, December 19, 2003 1:57 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Host Alias Question I have a mail domain with three different domain names: Official Host Name: TripleBDomain.com Host Aliases: 3BDomain.com, 3BD.com Do I need to set up Decule Virus and Junk Mail for each domain name? That depends on what you are doing. For a default installation, you don't need to do anything -- all mail to/from those domains will be scanned. However, if you are setting up per-user or per-domain settings in Declude JunkMail, you should use the official name (unless the address is a user alias, in which case the domain used in the user alias will be used, but that *should* be the same as the official name). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Host Alias Question
Do I need to set up Decule for each domain name or does setting Declude up on the Official Host Name cover them all? You do not need to do anything -- Declude JunkMail (and Declude Virus) will scan all the mail. You will only need to do something special if you set up per-user or per-domain settings. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] OT SPF and Windows 2000 DNS
Thanks Bill! B At 02:08 PM 12/19/2003, you wrote: Burzin, it doesn't matter where in the zone file the txt record goes. You could simply added it via the GUI, as well, since txt records are supported by W2K DNS. Bill - Original Message - From: Burzin Sumariwalla [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, December 19, 2003 11:26 AM Subject: [Declude.JunkMail] OT SPF and Windows 2000 DNS Hello, I used the SPF wizard to create the SPF entries. Am I correct in understanding that I can place the (corrected) Bind version of these entries into the .domain file on my Windows 2000 DNS server. Does it matter where the lines go? Any advice? I tried posting to the SPF forum, but that didn't work. Thanks, Burzin -- Burzin Sumariwalla Phone: (314) 994-9411 x291 [EMAIL PROTECTED] Fax: (314) 997-7615 Pager: (314) 407-3345 Networking and Telecommunications Manager Information Technology Services St. Louis County Library District 1640 S. Lindbergh Blvd. St. Louis, MO 63131 --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] -- Burzin Sumariwalla Phone: (314) 994-9411 x291 [EMAIL PROTECTED] Fax: (314) 997-7615 Pager: (314) 407-3345 Networking and Telecommunications Manager Information Technology Services St. Louis County Library District 1640 S. Lindbergh Blvd. St. Louis, MO 63131 --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Windows Server 2003
Unfortunately, there were only 176 responses, mostly from small to mid size setups. Therefore, the results were not reliable. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Omar K. Sent: Friday, December 19, 2003 2:15 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Windows Server 2003 Yeah, whatever happened to that, I poured my heart out there :) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of DLAnalyzer Support Sent: Friday, December 19, 2003 11:52 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Windows Server 2003 John, I remember you did a survey awhile back on problems with Imail/etc. Were the results of that ever posted? Darrell Check Out DLAnalyzer a comprehensive reporting tool for Declude Junkmail Logs - http://www.dlanalyzer.com John Tolmachoff (Lists) writes: For the majority, W2K3 is the way to go if you are able to. Ipswitch does support running Imail on W2K3. There are some possible issues. 1. Running MS DSN service on W2K3 WITH Imail Anti-Spam DNS tests is a problem. 2. Some issues have been reported on the Imail list when the server processes a high volume of messages per day. Nothing seems to be conclusive as far as I know to date, and from the posts, I have not seen a definite pattern. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Jonathan Sent: Thursday, December 18, 2003 10:44 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Windows Server 2003 So I haven't heard anything else back on this .. are you guys all staying away from Windows 2003 and Imail? I'm having a hard time trying to justify the risk of running new servers on 2k3 when 2k works just fine .. but then again, 2k3 seems more stable over time but not if Imail doesn't support it well yet. g Thoughts? Jonathan At 05:04 PM 12/4/2003, you wrote: The issues seem to appear at high volumes. Besides, I am more than willing to use those licenses for you. ;) John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Jonathan Sent: Thursday, December 04, 2003 2:43 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Windows Server 2003 So, what's the scoop with current Imail 8, declude, sniffer, etc on Windows 2003 Server? We're thinking about moving it to some new iron internally, and Ive got some 2k3 licenses just burning a hole in my pocket. :) I heard some stability issues, saw some imail patches/etc .. things stable (and *robust*) now? Relatively high volumes of email .. Jonathan --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at
RE: [Declude.JunkMail] messages not being delivered
Scott, Thanks for the quick reply. The message I'm concerned with is process E9380148 and it just appears to stop with no more entries right at the point of those mx failure entries. But, like you pointed out these mx failure entries are for a different process. I do have a ROUTETO action in Declude Junkmail, but it is only for routing messages to a special mailbox in the PSR domain that fail my weight40 test (it did not appear in this mailbox), and besides I could not find any entries for this message in my dec or vir log files, which I think it would have, had it failed any these tests. Any ideas? Thanks for any help Jeffrey -Original Message- From: R. Scott Perry [mailto:[EMAIL PROTECTED] Sent: Friday, December 19, 2003 2:58 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] messages not being delivered I seem to be having messages disappearing from one particular sender. I have tested this by having them send a message to me which appears in the log file at my gateway mail server then nothing happens after that and there are no entries in the vir or dec log files. It does show a failure in MX connect... I had them send another message to me from another user at the same domain and it arrives without any issues. I have attached a txt file of the log entries. I do not understand what is going on here, and what I can do about it. Any advice or help in my understanding of this would be much appreciated. You may want to try going to http://www.declude.com/info/logs.htm for some information on reading IMail log files. The MX connect fails shown in the log are for E-mails to an IP for t-online.com. However, since the log file entries related to those E-mails weren't included, I can't say what E-mail address they belong to (and whether or not IMail used the correct IP). Are you by chance using the ROUTETO action in Declude JunkMail (which would explain why an E-mail addressed to psr.edu was instead sent to another domain)? -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] messages not being delivered
Thanks for the quick reply. The message I'm concerned with is process E9380148 and it just appears to stop with no more entries right at the point of those mx failure entries. The catch here is that you are just looking at the SMTPD entries (the process identifier changes for the SMTP or SMTP- entries), which won't show the E-mail being delivered. What you need to do is look at the last SMTPD entry, the one with the filename (d:\IMAIL\spool\D5ec1e938014870fd.SMD). Then, you need to search for the filename minus the path, first character, and extension. So in this case, you would use 5ec1e938014870fd (you can use this to search the IMail and/or Declude log files to find references to the E-mail). There should be SMTP or SMTP- entries in the IMail SMTP log file (unless it was blocked by Declude JunkMail -- in that case, 5ec1e938014870fd should appear in the Declude JunkMail log file, explaining what happened). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Host Alias Question
Yes, I have per-domain settings. I do not scan their mail for spam unless they pay for it. So, I turn the domains on individually. I assume I need to set up each individual domain in Declude. [EMAIL PROTECTED] You will only need to do something special if you set up per-user or per-domain settings. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Host Alias Question
Yes, I have per-domain settings. I do not scan their mail for spam unless they pay for it. So, I turn the domains on individually. I assume I need to set up each individual domain in Declude. With per-domain settings, you'll need to either list all the domains that you want enabled (and have the \IMail\Declude\$default$.JunkMail file set to use the IGNORE action on all tests), or list all the domains that you do not want enabled (and have the \IMail\Declude\$default$.JunkMail file used to block mail). Another option is to use the REDIRECT command, which may make administration a bit easier. For the per-domain settings, you'll need to use the official name of the domain (not one of the host aliases). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Windows Server 2003
John, Are you saying that small servers are not reliable?? :)) Todd Holt Xidix Technologies, Inc Las Vegas, NV USA www.xidix.com 702.319.4349 -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Friday, December 19, 2003 3:05 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Windows Server 2003 Unfortunately, there were only 176 responses, mostly from small to mid size setups. Therefore, the results were not reliable. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Omar K. Sent: Friday, December 19, 2003 2:15 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Windows Server 2003 Yeah, whatever happened to that, I poured my heart out there :) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of DLAnalyzer Support Sent: Friday, December 19, 2003 11:52 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Windows Server 2003 John, I remember you did a survey awhile back on problems with Imail/etc. Were the results of that ever posted? Darrell Check Out DLAnalyzer a comprehensive reporting tool for Declude Junkmail Logs - http://www.dlanalyzer.com John Tolmachoff (Lists) writes: For the majority, W2K3 is the way to go if you are able to. Ipswitch does support running Imail on W2K3. There are some possible issues. 1. Running MS DSN service on W2K3 WITH Imail Anti-Spam DNS tests is a problem. 2. Some issues have been reported on the Imail list when the server processes a high volume of messages per day. Nothing seems to be conclusive as far as I know to date, and from the posts, I have not seen a definite pattern. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Jonathan Sent: Thursday, December 18, 2003 10:44 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Windows Server 2003 So I haven't heard anything else back on this .. are you guys all staying away from Windows 2003 and Imail? I'm having a hard time trying to justify the risk of running new servers on 2k3 when 2k works just fine .. but then again, 2k3 seems more stable over time but not if Imail doesn't support it well yet. g Thoughts? Jonathan At 05:04 PM 12/4/2003, you wrote: The issues seem to appear at high volumes. Besides, I am more than willing to use those licenses for you. ;) John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Jonathan Sent: Thursday, December 04, 2003 2:43 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Windows Server 2003 So, what's the scoop with current Imail 8, declude, sniffer, etc on Windows 2003 Server? We're thinking about moving it to some new iron internally, and Ive got some 2k3 licenses just burning a hole in my pocket. :) I heard some stability issues, saw some imail patches/etc .. things stable (and *robust*) now? Relatively high volumes of email .. Jonathan --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by
[Declude.JunkMail] SPF broken with v1.77i4?
Scott, I updated to v1.77i4 for the added logging, however, now SPF appears not to be working at all. Logging shows up in spf.none, but no logging shows up in spf.log any longer. I sent a test message through that failed SPF on v1.77i3, but passed right through without notice with v1.77i4. Bill --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Windows Server 2003
No. I am saying that only 176 responses to the survey does not give a reliable survey result when there are clearly at least 10 times that many out there, if not way more. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Todd Holt Sent: Friday, December 19, 2003 4:13 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Windows Server 2003 John, Are you saying that small servers are not reliable?? :)) Todd Holt Xidix Technologies, Inc Las Vegas, NV USA www.xidix.com 702.319.4349 -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Friday, December 19, 2003 3:05 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Windows Server 2003 Unfortunately, there were only 176 responses, mostly from small to mid size setups. Therefore, the results were not reliable. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Omar K. Sent: Friday, December 19, 2003 2:15 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Windows Server 2003 Yeah, whatever happened to that, I poured my heart out there :) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of DLAnalyzer Support Sent: Friday, December 19, 2003 11:52 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Windows Server 2003 John, I remember you did a survey awhile back on problems with Imail/etc. Were the results of that ever posted? Darrell Check Out DLAnalyzer a comprehensive reporting tool for Declude Junkmail Logs - http://www.dlanalyzer.com John Tolmachoff (Lists) writes: For the majority, W2K3 is the way to go if you are able to. Ipswitch does support running Imail on W2K3. There are some possible issues. 1. Running MS DSN service on W2K3 WITH Imail Anti-Spam DNS tests is a problem. 2. Some issues have been reported on the Imail list when the server processes a high volume of messages per day. Nothing seems to be conclusive as far as I know to date, and from the posts, I have not seen a definite pattern. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Jonathan Sent: Thursday, December 18, 2003 10:44 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Windows Server 2003 So I haven't heard anything else back on this .. are you guys all staying away from Windows 2003 and Imail? I'm having a hard time trying to justify the risk of running new servers on 2k3 when 2k works just fine .. but then again, 2k3 seems more stable over time but not if Imail doesn't support it well yet. g Thoughts? Jonathan At 05:04 PM 12/4/2003, you wrote: The issues seem to appear at high volumes. Besides, I am more than willing to use those licenses for you. ;) John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Jonathan Sent: Thursday, December 04, 2003 2:43 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Windows Server 2003 So, what's the scoop with current Imail 8, declude, sniffer, etc on Windows 2003 Server? We're thinking about moving it to some new iron internally, and Ive got some 2k3 licenses just burning a hole in my pocket. :) I heard some stability issues, saw some imail patches/etc .. things stable (and *robust*) now? Relatively high volumes of email .. Jonathan --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus
RE: [Declude.JunkMail] Windows Server 2003
I'm just giving you a hard time, John. I appreciate your effort to collate some data on the subject. Todd Holt Xidix Technologies, Inc Las Vegas, NV USA www.xidix.com 702.319.4349 -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Friday, December 19, 2003 4:29 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Windows Server 2003 No. I am saying that only 176 responses to the survey does not give a reliable survey result when there are clearly at least 10 times that many out there, if not way more. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Todd Holt Sent: Friday, December 19, 2003 4:13 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Windows Server 2003 John, Are you saying that small servers are not reliable?? :)) Todd Holt Xidix Technologies, Inc Las Vegas, NV USA www.xidix.com 702.319.4349 -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Friday, December 19, 2003 3:05 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Windows Server 2003 Unfortunately, there were only 176 responses, mostly from small to mid size setups. Therefore, the results were not reliable. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Omar K. Sent: Friday, December 19, 2003 2:15 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Windows Server 2003 Yeah, whatever happened to that, I poured my heart out there :) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of DLAnalyzer Support Sent: Friday, December 19, 2003 11:52 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Windows Server 2003 John, I remember you did a survey awhile back on problems with Imail/etc. Were the results of that ever posted? Darrell Check Out DLAnalyzer a comprehensive reporting tool for Declude Junkmail Logs - http://www.dlanalyzer.com John Tolmachoff (Lists) writes: For the majority, W2K3 is the way to go if you are able to. Ipswitch does support running Imail on W2K3. There are some possible issues. 1. Running MS DSN service on W2K3 WITH Imail Anti-Spam DNS tests is a problem. 2. Some issues have been reported on the Imail list when the server processes a high volume of messages per day. Nothing seems to be conclusive as far as I know to date, and from the posts, I have not seen a definite pattern. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Jonathan Sent: Thursday, December 18, 2003 10:44 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Windows Server 2003 So I haven't heard anything else back on this .. are you guys all staying away from Windows 2003 and Imail? I'm having a hard time trying to justify the risk of running new servers on 2k3 when 2k works just fine .. but then again, 2k3 seems more stable over time but not if Imail doesn't support it well yet. g Thoughts? Jonathan At 05:04 PM 12/4/2003, you wrote: The issues seem to appear at high volumes. Besides, I am more than willing to use those licenses for you. ;) John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Jonathan Sent: Thursday, December 04, 2003 2:43 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Windows Server 2003 So, what's the scoop with current Imail 8, declude, sniffer, etc on Windows 2003 Server? We're thinking about moving it to some new iron internally, and Ive got some 2k3 licenses just burning a hole in my pocket. :) I heard some stability issues, saw some imail patches/etc .. things stable (and *robust*) now? Relatively high volumes of email .. Jonathan --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list.
RE: [Declude.JunkMail] Windows Server 2003
Hey John they do samples in surveys of less that of your sample as compared to the number of Imail servers. If you consider the number of people that watch TV and the small sample of people that NEILSON users to rate a shows popularity. I bet you have a better sampling than they do. Kevin Bilbee -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of John Tolmachoff (Lists) Sent: Friday, December 19, 2003 4:29 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Windows Server 2003 No. I am saying that only 176 responses to the survey does not give a reliable survey result when there are clearly at least 10 times that many out there, if not way more. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Todd Holt Sent: Friday, December 19, 2003 4:13 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Windows Server 2003 John, Are you saying that small servers are not reliable?? :)) Todd Holt Xidix Technologies, Inc Las Vegas, NV USA www.xidix.com 702.319.4349 -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Friday, December 19, 2003 3:05 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Windows Server 2003 Unfortunately, there were only 176 responses, mostly from small to mid size setups. Therefore, the results were not reliable. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Omar K. Sent: Friday, December 19, 2003 2:15 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Windows Server 2003 Yeah, whatever happened to that, I poured my heart out there :) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of DLAnalyzer Support Sent: Friday, December 19, 2003 11:52 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Windows Server 2003 John, I remember you did a survey awhile back on problems with Imail/etc. Were the results of that ever posted? Darrell Check Out DLAnalyzer a comprehensive reporting tool for Declude Junkmail Logs - http://www.dlanalyzer.com John Tolmachoff (Lists) writes: For the majority, W2K3 is the way to go if you are able to. Ipswitch does support running Imail on W2K3. There are some possible issues. 1. Running MS DSN service on W2K3 WITH Imail Anti-Spam DNS tests is a problem. 2. Some issues have been reported on the Imail list when the server processes a high volume of messages per day. Nothing seems to be conclusive as far as I know to date, and from the posts, I have not seen a definite pattern. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Jonathan Sent: Thursday, December 18, 2003 10:44 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Windows Server 2003 So I haven't heard anything else back on this .. are you guys all staying away from Windows 2003 and Imail? I'm having a hard time trying to justify the risk of running new servers on 2k3 when 2k works just fine .. but then again, 2k3 seems more stable over time but not if Imail doesn't support it well yet. g Thoughts? Jonathan At 05:04 PM 12/4/2003, you wrote: The issues seem to appear at high volumes. Besides, I am more than willing to use those licenses for you. ;) John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Jonathan Sent: Thursday, December 04, 2003 2:43 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Windows Server 2003 So, what's the scoop with current Imail 8, declude, sniffer, etc on Windows 2003 Server? We're thinking about moving it to some new iron internally, and Ive got some 2k3 licenses just burning a hole in my pocket. :) I heard some stability issues, saw some imail patches/etc .. things stable (and *robust*) now? Relatively high volumes of email .. Jonathan --- [This E-mail was scanned for viruses by Declude Virus
RE: [Declude.JunkMail] Windows Server 2003
Statistically, a random 10% sample is sufficient on a lot of things. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kevin Bilbee Sent: Saturday, December 20, 2003 2:50 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Windows Server 2003 Hey John they do samples in surveys of less that of your sample as compared to the number of Imail servers. If you consider the number of people that watch TV and the small sample of people that NEILSON users to rate a shows popularity. I bet you have a better sampling than they do. Kevin Bilbee -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of John Tolmachoff (Lists) Sent: Friday, December 19, 2003 4:29 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Windows Server 2003 No. I am saying that only 176 responses to the survey does not give a reliable survey result when there are clearly at least 10 times that many out there, if not way more. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Todd Holt Sent: Friday, December 19, 2003 4:13 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Windows Server 2003 John, Are you saying that small servers are not reliable?? :)) Todd Holt Xidix Technologies, Inc Las Vegas, NV USA www.xidix.com 702.319.4349 -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Friday, December 19, 2003 3:05 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Windows Server 2003 Unfortunately, there were only 176 responses, mostly from small to mid size setups. Therefore, the results were not reliable. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Omar K. Sent: Friday, December 19, 2003 2:15 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Windows Server 2003 Yeah, whatever happened to that, I poured my heart out there :) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of DLAnalyzer Support Sent: Friday, December 19, 2003 11:52 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Windows Server 2003 John, I remember you did a survey awhile back on problems with Imail/etc. Were the results of that ever posted? Darrell Check Out DLAnalyzer a comprehensive reporting tool for Declude Junkmail Logs - http://www.dlanalyzer.com John Tolmachoff (Lists) writes: For the majority, W2K3 is the way to go if you are able to. Ipswitch does support running Imail on W2K3. There are some possible issues. 1. Running MS DSN service on W2K3 WITH Imail Anti-Spam DNS tests is a problem. 2. Some issues have been reported on the Imail list when the server processes a high volume of messages per day. Nothing seems to be conclusive as far as I know to date, and from the posts, I have not seen a definite pattern. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Jonathan Sent: Thursday, December 18, 2003 10:44 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Windows Server 2003 So I haven't heard anything else back on this .. are you guys all staying away from Windows 2003 and Imail? I'm having a hard time trying to justify the risk of running new servers on 2k3 when 2k works just fine .. but then again, 2k3 seems more stable over time but not if Imail doesn't support it well yet. g Thoughts? Jonathan At 05:04 PM 12/4/2003, you wrote: The issues seem to appear at high volumes. Besides, I am more than willing to use those licenses for you. ;) John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Jonathan Sent: Thursday, December 04, 2003 2:43 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Windows Server 2003 So, what's the scoop with current Imail 8, declude, sniffer, etc on Windows 2003 Server? We're thinking about moving it to some new iron internally, and Ive got some 2k3 licenses just burning a hole in my
RE: [Declude.JunkMail] Windows Server 2003
Here is a couple of quick stats from the responses: Of those using Windows Server 2003 at the time; 0-5K messages per day 4 5K-10K messages per day 2 10K-20K messages per day2 20K-30K messages per day1 30K-50K messages per day0 50K-75K messages per day1 75K-100K messages per day 0 100K or more per day1 Now, how can you see a pattern with those amounts of respondes with problems on W2K3 compared to W2K? John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Omar K. Sent: Friday, December 19, 2003 5:06 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Windows Server 2003 Statistically, a random 10% sample is sufficient on a lot of things. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kevin Bilbee Sent: Saturday, December 20, 2003 2:50 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Windows Server 2003 Hey John they do samples in surveys of less that of your sample as compared to the number of Imail servers. If you consider the number of people that watch TV and the small sample of people that NEILSON users to rate a shows popularity. I bet you have a better sampling than they do. Kevin Bilbee -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of John Tolmachoff (Lists) Sent: Friday, December 19, 2003 4:29 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Windows Server 2003 No. I am saying that only 176 responses to the survey does not give a reliable survey result when there are clearly at least 10 times that many out there, if not way more. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Todd Holt Sent: Friday, December 19, 2003 4:13 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Windows Server 2003 John, Are you saying that small servers are not reliable?? :)) Todd Holt Xidix Technologies, Inc Las Vegas, NV USA www.xidix.com 702.319.4349 -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Friday, December 19, 2003 3:05 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Windows Server 2003 Unfortunately, there were only 176 responses, mostly from small to mid size setups. Therefore, the results were not reliable. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Omar K. Sent: Friday, December 19, 2003 2:15 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Windows Server 2003 Yeah, whatever happened to that, I poured my heart out there :) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of DLAnalyzer Support Sent: Friday, December 19, 2003 11:52 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Windows Server 2003 John, I remember you did a survey awhile back on problems with Imail/etc. Were the results of that ever posted? Darrell Check Out DLAnalyzer a comprehensive reporting tool for Declude Junkmail Logs - http://www.dlanalyzer.com John Tolmachoff (Lists) writes: For the majority, W2K3 is the way to go if you are able to. Ipswitch does support running Imail on W2K3. There are some possible issues. 1. Running MS DSN service on W2K3 WITH Imail Anti-Spam DNS tests is a problem. 2. Some issues have been reported on the Imail list when the server processes a high volume of messages per day. Nothing seems to be conclusive as far as I know to date, and from the posts, I have not seen a definite pattern. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Jonathan Sent: Thursday, December 18, 2003 10:44 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Windows Server 2003 So I haven't heard anything else back on this .. are you guys all staying away from Windows 2003 and Imail? I'm having a hard time trying to justify the risk of running new servers on 2k3 when 2k works just fine .. but then again, 2k3 seems
[Declude.JunkMail] OT: DNS Issue (HELP)
This is off topic, but I need some help in a bad way to figure out a DNS problem I am having that is preventing one of our sites from receiving mail and thier web site from loading. We recently (this week) switched the name servers from our current provider to another provider. The zone files are duplicate between providers. However, something is seriously wrong as the major ISP's can't resolve it (Earthlink, Charter, Some AOL Users, Road Runner). This occured right after the whois info was updated to the new authoratative servers. Now the crazy thing is I can resolve the site using the auth. servers, but not off one of Earthlink's or charters. The site is wltx.com. Can you resolve it? How can I verify that the site did not fall out of the root servers? Anyone else have any input? Darrell --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] OT: DNS Issue (HELP)
I was able to resolve wltx.com just fine. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darrell LaRock Sent: Saturday, December 20, 2003 3:59 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] OT: DNS Issue (HELP) This is off topic, but I need some help in a bad way to figure out a DNS problem I am having that is preventing one of our sites from receiving mail and thier web site from loading. We recently (this week) switched the name servers from our current provider to another provider. The zone files are duplicate between providers. However, something is seriously wrong as the major ISP's can't resolve it (Earthlink, Charter, Some AOL Users, Road Runner). This occured right after the whois info was updated to the new authoratative servers. Now the crazy thing is I can resolve the site using the auth. servers, but not off one of Earthlink's or charters. The site is wltx.com. Can you resolve it? How can I verify that the site did not fall out of the root servers? Anyone else have any input? Darrell --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] OT: DNS Issue (HELP)
Hello Darrell, Working from here. Denver, CO area. Scott Friday, December 19, 2003, 6:59:06 PM, you wrote: Darrell This is off topic, but I need some help in a bad way to figure out a DNS problem I am having that is preventing one of our sites from receiving mail and thier web site from loading. Darrell We recently (this week) switched the name servers from our current provider to another provider. The zone files are duplicate between providers. Darrell However, something is seriously wrong as the major ISP's can't resolve it (Earthlink, Charter, Some AOL Users, Road Runner). This occured right after the whois info was updated to the new Darrell authoratative servers. Darrell Now the crazy thing is I can resolve the site using the auth. servers, but not off one of Earthlink's or charters. Darrell The site is wltx.com. Darrell Can you resolve it? Darrell How can I verify that the site did not fall out of the root servers? Anyone else have any input? Darrell Darrell Darrell --- Darrell [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] Darrell --- Darrell This E-mail came from the Declude.JunkMail mailing list. To Darrell unsubscribe, just send an E-mail to [EMAIL PROTECTED], and Darrell type unsubscribe Declude.JunkMail. The archives can be found Darrell at http://www.mail-archive.com. -- Scottmailto:[EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] OT: DNS Issue (HELP)
Hello Darrell, Email works too: 12:19 19:41 SMTP-(07540069) [x] Connecting socket to service SMTP on host wltx.com using protocol tcp 12:19 19:41 SMTP-(07540069) [x] using source IP for arvadafire.com [65.125.147.225] 12:19 19:41 SMTP-(07540069) Info - Found wltx.com in DNS Cache 12:19 19:41 SMTP-(07540069) Connect wltx.com [209.94.11.105:25] (1) 12:19 19:41 SMTP-(07540069) 220 mail1.gannett-tv.com (IMail 7.15 56973-6) NT-ESMTP Server X1 12:19 19:41 SMTP-(07540069) EHLO arvadafire.com 12:19 19:41 SMTP-(07540069) 250-mail1.gannett-tv.com says hello 12:19 19:41 SMTP-(07540069) 250-SIZE 2000 12:19 19:41 SMTP-(07540069) 250-8BITMIME 12:19 19:41 SMTP-(07540069) 250-DSN 12:19 19:41 SMTP-(07540069) 250-ETRN 12:19 19:41 SMTP-(07540069) 250-AUTH LOGIN CRAM-MD5 12:19 19:41 SMTP-(07540069) 250-AUTH=LOGIN 12:19 19:41 SMTP-(07540069) 250 EXPN 12:19 19:41 SMTP-(07540069) MAIL FROM:[EMAIL PROTECTED] 12:19 19:41 SMTP-(07540069) 250 ok 12:19 19:41 SMTP-(07540069) RCPT To:[EMAIL PROTECTED] 12:19 19:41 SMTP-(07540069) 250 ok its for [EMAIL PROTECTED] 12:19 19:41 SMTP-(07540069) DATA 12:19 19:41 SMTP-(07540069) 354 ok, send it; end with CRLF.CRLF 12:19 19:41 SMTP-(07540069) . 12:19 19:41 SMTP-(07540069) 250 Message queued 12:19 19:41 SMTP-(07540069) rdeliver wltx.com [EMAIL PROTECTED] (1) [EMAIL PROTECTED] 827 12:19 19:41 SMTP-(07540069) QUIT 12:19 19:41 SMTP-(07540069) 221 Goodbye Scott Friday, December 19, 2003, 6:59:06 PM, you wrote: Darrell This is off topic, but I need some help in a bad way to figure out a DNS problem I am having that is preventing one of our sites from receiving mail and thier web site from loading. Darrell We recently (this week) switched the name servers from our current provider to another provider. The zone files are duplicate between providers. Darrell However, something is seriously wrong as the major ISP's can't resolve it (Earthlink, Charter, Some AOL Users, Road Runner). This occured right after the whois info was updated to the new Darrell authoratative servers. Darrell Now the crazy thing is I can resolve the site using the auth. servers, but not off one of Earthlink's or charters. Darrell The site is wltx.com. Darrell Can you resolve it? Darrell How can I verify that the site did not fall out of the root servers? Anyone else have any input? Darrell Darrell Darrell --- Darrell [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] Darrell --- Darrell This E-mail came from the Declude.JunkMail mailing list. To Darrell unsubscribe, just send an E-mail to [EMAIL PROTECTED], and Darrell type unsubscribe Declude.JunkMail. The archives can be found Darrell at http://www.mail-archive.com. -- Scottmailto:[EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] OT: DNS Issue (HELP)
I am absolutly baffled. Eathlink Dial-up - Does not work Charter Cable Connection - Does not work ATT T1 using local bind server - Works Roadrunner Cable - Does not work AOL - Intermittent. Several users who replied - Works Darrell -- Original Message -- From: Scott Winberg [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Fri, 19 Dec 2003 19:13:55 -0700 Hello Darrell, Working from here. Denver, CO area. Scott Friday, December 19, 2003, 6:59:06 PM, you wrote: Darrell This is off topic, but I need some help in a bad way to figure out a DNS problem I am having that is preventing one of our sites from receiving mail and thier web site from loading. Darrell We recently (this week) switched the name servers from our current provider to another provider. The zone files are duplicate between providers. Darrell However, something is seriously wrong as the major ISP's can't resolve it (Earthlink, Charter, Some AOL Users, Road Runner). This occured right after the whois info was updated to the new Darrell authoratative servers. Darrell Now the crazy thing is I can resolve the site using the auth. servers, but not off one of Earthlink's or charters. Darrell The site is wltx.com. Darrell Can you resolve it? Darrell How can I verify that the site did not fall out of the root servers? Anyone else have any input? Darrell Darrell Darrell --- Darrell [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] Darrell --- Darrell This E-mail came from the Declude.JunkMail mailing list. To Darrell unsubscribe, just send an E-mail to [EMAIL PROTECTED], and Darrell type unsubscribe Declude.JunkMail. The archives can be found Darrell at http://www.mail-archive.com. -- Scottmailto:[EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] OT: DNS Issue (HELP)
I'd say that the domain is fine at its new home; the question is what was the TTL on the domain before it was moved? I would go very little out on a limb and say that the folks with trouble to wltx.com were cacheing the DNS for longer than the TTL on the domain, or it was really high before the change, and they're respecting that. If you didn't already know it, this site, courtesy of declude.com, is a wonderful resource: http://www.dnsreport.com/ Andrew 8) -Original Message- From: Darrell LaRock [mailto:[EMAIL PROTECTED] Sent: Friday, December 19, 2003 5:59 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] OT: DNS Issue (HELP) This is off topic, but I need some help in a bad way to figure out a DNS problem I am having that is preventing one of our sites from receiving mail and thier web site from loading. We recently (this week) switched the name servers from our current provider to another provider. The zone files are duplicate between providers. However, something is seriously wrong as the major ISP's can't resolve it (Earthlink, Charter, Some AOL Users, Road Runner). This occured right after the whois info was updated to the new authoratative servers. Now the crazy thing is I can resolve the site using the auth. servers, but not off one of Earthlink's or charters. The site is wltx.com. Can you resolve it? How can I verify that the site did not fall out of the root servers? Anyone else have any input? Darrell --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] SPF setup wizard output
I ran the SPF setup wizard from the spf.pobox.com site and it resulted in the following lines to be inserted into DNS: las-DSL224-cust088.mpowercom.net. IN TXT v=spf1 a -all mail.xidix.com. IN TXT v=spf1 a -all mail2.xidix.com. IN TXT v=spf1 a -all wsip-24-234-126-147.lv.lv.cox.net. IN TXT v=spf1 a -all Why does it specify the 1st and 4th lines? The 1st line appears to be the RDNS suffix of our primary inbound server and the 4th line appears to be the RDNS of our backup inbound mail server IP address. In addition, the wizard said that it found 4 MX records for our server. We only have 2 (see http://www.dnsreport.com/tools/dnsreport.ch?domain=xidix.com). Why did it find 4 MX records? Why should it care how many MX records we have? These are to specify incoming mail servers and SPF is to specify outgoing mail servers (that mail for my domain is allowed to be sent from). Or am I missing something here? We only send mail from 1 IP address. Can I just specify that 1 address? I want to specify that all mail for this domain (Xidix.com) is sent from a single IP address (208.57.224.88). What am I missing in this picture? Todd Holt Xidix Technologies, Inc Las Vegas, NV USA www.xidix.com 702.319.4349 --- [This E-mail scanned for viruses by Declude Virus (http://www.declude.com)] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] OT: DNS Issue (HELP)
Andrew, One question that I have is the TTL stuff shouldnt matter since the zone files that were moved over are the same. All we are doing is switching DNS providers right now. Darrell -- Original Message -- From: Colbeck, Andrew [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Fri, 19 Dec 2003 18:45:00 -0800 I'd say that the domain is fine at its new home; the question is what was the TTL on the domain before it was moved? I would go very little out on a limb and say that the folks with trouble to wltx.com were cacheing the DNS for longer than the TTL on the domain, or it was really high before the change, and they're respecting that. If you didn't already know it, this site, courtesy of declude.com, is a wonderful resource: http://www.dnsreport.com/ Andrew 8) -Original Message- From: Darrell LaRock [mailto:[EMAIL PROTECTED] Sent: Friday, December 19, 2003 5:59 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] OT: DNS Issue (HELP) This is off topic, but I need some help in a bad way to figure out a DNS problem I am having that is preventing one of our sites from receiving mail and thier web site from loading. We recently (this week) switched the name servers from our current provider to another provider. The zone files are duplicate between providers. However, something is seriously wrong as the major ISP's can't resolve it (Earthlink, Charter, Some AOL Users, Road Runner). This occured right after the whois info was updated to the new authoratative servers. Now the crazy thing is I can resolve the site using the auth. servers, but not off one of Earthlink's or charters. The site is wltx.com. Can you resolve it? How can I verify that the site did not fall out of the root servers? Anyone else have any input? Darrell --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] SPF setup wizard output
It would appear that I could this single line in the zone file: v=spf1 ip4:208.57.224.88 -all and that would specify that all valid mail from the domain originates from this IP address. Is this correct? Todd Holt Xidix Technologies, Inc Las Vegas, NV USA www.xidix.com 702.319.4349 -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Todd Holt Sent: Friday, December 19, 2003 6:54 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] SPF setup wizard output I ran the SPF setup wizard from the spf.pobox.com site and it resulted in the following lines to be inserted into DNS: las-DSL224-cust088.mpowercom.net. IN TXT v=spf1 a -all mail.xidix.com. IN TXT v=spf1 a -all mail2.xidix.com. IN TXT v=spf1 a -all wsip-24-234-126-147.lv.lv.cox.net. IN TXT v=spf1 a -all Why does it specify the 1st and 4th lines? The 1st line appears to be the RDNS suffix of our primary inbound server and the 4th line appears to be the RDNS of our backup inbound mail server IP address. In addition, the wizard said that it found 4 MX records for our server. We only have 2 (see http://www.dnsreport.com/tools/dnsreport.ch?domain=xidix.com). Why did it find 4 MX records? Why should it care how many MX records we have? These are to specify incoming mail servers and SPF is to specify outgoing mail servers (that mail for my domain is allowed to be sent from). Or am I missing something here? We only send mail from 1 IP address. Can I just specify that 1 address? I want to specify that all mail for this domain (Xidix.com) is sent from a single IP address (208.57.224.88). What am I missing in this picture? Todd Holt Xidix Technologies, Inc Las Vegas, NV USA www.xidix.com 702.319.4349 --- [This E-mail scanned for viruses by Declude Virus (http://www.declude.com)] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus (http://www.declude.com)] --- [This E-mail scanned for viruses by Declude Virus (http://www.declude.com)] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] OT: DNS Issue (HELP)
From an earthlink dsl user Ping test 1 wltx.com 56 60 Success 2 wltx.com 56 60 Success 3 wltx.com 56 60 Success 4 wltx.com 56 60 Success 5 wltx.com 56 60 Success trace rt 1 0 0 172.16.0.254 2 35 35 172.31.255.251 3 30 -5 192.168.5.53 4 30 0 209.247.34.177 ge-8-0-131.ipcolo1.Chicago1.Level3.net 5 30 0 4.68.112.201 so-7-0-0.bbr1.Chicago1.Level3.net 6 70 40 64.159.0.234 so-0-0-0.bbr1.NewYork1.Level3.net 7 60 -10 64.159.17.3 ge-6-0.ipcolo1.NewYork1.Level3.net 8 70 10 209.244.13.198 so-10-0.hsa1.Newark1.Level3.net 9 65 -5 64.156.0.26 unknown.Level3.net 10 Timed out 11 70 5 66.54.32.202 gannetttv.cust.loudcloud.com Official name: wltx.com (stack DNS) IP address: 66.54.32.202 wltx.com. (Earthlink DNS) nameserver = ns1.infi.net. wltx.com. nameserver = ns2.infi.net. wltx.com. 66.54.32.202 Whois Server Version 1.3 Domain names in the .com and .net domains can now be registered with many different competing registrars. Go to http://www.internic.net for detailed information. Domain Name: WLTX.COM Registrar: NETWORK SOLUTIONS, INC. Whois Server: whois.networksolutions.com Referral URL: http://www.networksolutions.com Name Server: NS1.INFI.NET Name Server: NS2.INFI.NET Status: ACTIVE Updated Date: 18-dec-2003 Creation Date: 19-dec-1997 Expiration Date: 18-dec-2007 Scan (DNS,FTP,HTTP,POP3,SMTP,ECHO,GOPHER,NNTP,TIME,IMAP) 066.054.032.202 HTTP gannetttv.cust.loudcloud.com Stupid question, what are you testing with? W2k? Turn of DNS Client Service and Clear DNS Cache...just a thought. - Original Message - From: Darrell LaRock [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, December 19, 2003 8:46 PM Subject: Re: [Declude.JunkMail] OT: DNS Issue (HELP) I am absolutly baffled. Eathlink Dial-up - Does not work Charter Cable Connection - Does not work ATT T1 using local bind server - Works Roadrunner Cable - Does not work AOL - Intermittent. Several users who replied - Works Darrell -- Original Message -- From: Scott Winberg [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Fri, 19 Dec 2003 19:13:55 -0700 Hello Darrell, Working from here. Denver, CO area. Scott Friday, December 19, 2003, 6:59:06 PM, you wrote: Darrell This is off topic, but I need some help in a bad way to figure out a DNS problem I am having that is preventing one of our sites from receiving mail and thier web site from loading. Darrell We recently (this week) switched the name servers from our current provider to another provider. The zone files are duplicate between providers. Darrell However, something is seriously wrong as the major ISP's can't resolve it (Earthlink, Charter, Some AOL Users, Road Runner). This occured right after the whois info was updated to the new Darrell authoratative servers. Darrell Now the crazy thing is I can resolve the site using the auth. servers, but not off one of Earthlink's or charters. Darrell The site is wltx.com. Darrell Can you resolve it? Darrell How can I verify that the site did not fall out of the root servers? Anyone else have any input? Darrell Darrell Darrell --- Darrell [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] Darrell --- Darrell This E-mail came from the Declude.JunkMail mailing list. To Darrell unsubscribe, just send an E-mail to [EMAIL PROTECTED], and Darrell type unsubscribe Declude.JunkMail. The archives can be found Darrell at http://www.mail-archive.com. -- Scottmailto:[EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] SPF setup wizard output
Yes, Todd, that should work just fine. If you would like to test it after implementing, let me know and I will forge your domain and send you an e-mail from a yahoo.com account. Bill - Original Message - From: Todd Holt [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, December 19, 2003 7:17 PM Subject: RE: [Declude.JunkMail] SPF setup wizard output It would appear that I could this single line in the zone file: v=spf1 ip4:208.57.224.88 -all and that would specify that all valid mail from the domain originates from this IP address. Is this correct? Todd Holt Xidix Technologies, Inc Las Vegas, NV USA www.xidix.com 702.319.4349 -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Todd Holt Sent: Friday, December 19, 2003 6:54 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] SPF setup wizard output I ran the SPF setup wizard from the spf.pobox.com site and it resulted in the following lines to be inserted into DNS: las-DSL224-cust088.mpowercom.net. IN TXT v=spf1 a -all mail.xidix.com. IN TXT v=spf1 a -all mail2.xidix.com. IN TXT v=spf1 a -all wsip-24-234-126-147.lv.lv.cox.net. IN TXT v=spf1 a -all Why does it specify the 1st and 4th lines? The 1st line appears to be the RDNS suffix of our primary inbound server and the 4th line appears to be the RDNS of our backup inbound mail server IP address. In addition, the wizard said that it found 4 MX records for our server. We only have 2 (see http://www.dnsreport.com/tools/dnsreport.ch?domain=xidix.com). Why did it find 4 MX records? Why should it care how many MX records we have? These are to specify incoming mail servers and SPF is to specify outgoing mail servers (that mail for my domain is allowed to be sent from). Or am I missing something here? We only send mail from 1 IP address. Can I just specify that 1 address? I want to specify that all mail for this domain (Xidix.com) is sent from a single IP address (208.57.224.88). What am I missing in this picture? Todd Holt Xidix Technologies, Inc Las Vegas, NV USA www.xidix.com 702.319.4349 --- [This E-mail scanned for viruses by Declude Virus (http://www.declude.com)] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus (http://www.declude.com)] --- [This E-mail scanned for viruses by Declude Virus (http://www.declude.com)] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] SPF setup wizard output
OK, thanks. We have a hosted DNS and I'm getting the entries done now. I'll let you know. Todd Holt Xidix Technologies, Inc Las Vegas, NV USA www.xidix.com 702.319.4349 -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Bill Landry Sent: Friday, December 19, 2003 7:32 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] SPF setup wizard output Yes, Todd, that should work just fine. If you would like to test it after implementing, let me know and I will forge your domain and send you an e-mail from a yahoo.com account. Bill - Original Message - From: Todd Holt [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, December 19, 2003 7:17 PM Subject: RE: [Declude.JunkMail] SPF setup wizard output It would appear that I could this single line in the zone file: v=spf1 ip4:208.57.224.88 -all and that would specify that all valid mail from the domain originates from this IP address. Is this correct? Todd Holt Xidix Technologies, Inc Las Vegas, NV USA www.xidix.com 702.319.4349 -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Todd Holt Sent: Friday, December 19, 2003 6:54 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] SPF setup wizard output I ran the SPF setup wizard from the spf.pobox.com site and it resulted in the following lines to be inserted into DNS: las-DSL224-cust088.mpowercom.net. IN TXT v=spf1 a -all mail.xidix.com. IN TXT v=spf1 a -all mail2.xidix.com. IN TXT v=spf1 a -all wsip-24-234-126-147.lv.lv.cox.net. IN TXT v=spf1 a -all Why does it specify the 1st and 4th lines? The 1st line appears to be the RDNS suffix of our primary inbound server and the 4th line appears to be the RDNS of our backup inbound mail server IP address. In addition, the wizard said that it found 4 MX records for our server. We only have 2 (see http://www.dnsreport.com/tools/dnsreport.ch?domain=xidix.com). Why did it find 4 MX records? Why should it care how many MX records we have? These are to specify incoming mail servers and SPF is to specify outgoing mail servers (that mail for my domain is allowed to be sent from). Or am I missing something here? We only send mail from 1 IP address. Can I just specify that 1 address? I want to specify that all mail for this domain (Xidix.com) is sent from a single IP address (208.57.224.88). What am I missing in this picture? Todd Holt Xidix Technologies, Inc Las Vegas, NV USA www.xidix.com 702.319.4349 --- [This E-mail scanned for viruses by Declude Virus (http://www.declude.com)] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus (http://www.declude.com)] --- [This E-mail scanned for viruses by Declude Virus (http://www.declude.com)] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus (http://www.declude.com)] --- [This E-mail scanned for viruses by Declude Virus (http://www.declude.com)] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] messages not being delivered
Thank you for the explanation. The message was getting deleted as an outlook blank folding vulnerability. I have read up on what this is, and I do not want to disable checking for vulnerabilities altogether. Is there any way for me to allow these messages to this one user? If you are using Declude Virus Pro, you could disable the virus scanning for that one user, which would allow the vulnerabilities through. Note, though, that any up-to-date mailserver virus scanner will catch that E-mail, so the best thing to do would be to get the sender to fix the problem. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] SPF broken with v1.77i4?
Yep - 1.77i4 definitely broke SPF entirely. The spf.log has not been updated since the new build when in. I just sent a test message through my cable provider (should have failed), instead: 67.80.42.251 [EMAIL PROTECTED] [andyshome]: UNKNOWN: SPF not supported (the HM-Software.com TXT record does not exist). 63.107.174.149 [EMAIL PROTECTED] [TechT1]: UNKNOWN: SPF not supported (the HM-Software.com TXT record does not exist). Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bill Landry Sent: Friday, December 19, 2003 07:21 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] SPF broken with v1.77i4? Scott, I updated to v1.77i4 for the added logging, however, now SPF appears not to be working at all. Logging shows up in spf.none, but no logging shows up in spf.log any longer. I sent a test message through that failed SPF on v1.77i3, but passed right through without notice with v1.77i4. Bill --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] FOOTER action
Title: Message Hi Scott: I assume the FOOTER action only works for the "plain-text" version of an email? Since most SPAM is using HTML, the footer will never be visible to the viewer? Sample: 12/19/2003 17:31:29 Q7c3f039300ba7da8 Msg failed WEIGHTFOOTER (Total weight between 5 and 7.). Action=""> Yet - nothing appears in the delivered mail. Best RegardsAndy SchmidtPhone: +1 201 934-3414 x20 (Business)Fax: +1 201 934-9206
Re: [Declude.JunkMail] OT: DNS Issue (HELP)
Scott, We duplicated the zone files between both providers. So all records are identical. If the zone files are the same than all of the timeouts should not matter. Check this out 1.) Do a direct query against ns1.loudcloud.com for wltx.com - Returns 66.54.32.202. 2.) Do a direct query against ns1.infi.net for wltx.com - Returns 66.54.32.202. 3.) Do a direct query against ns1.mindspring.net or ns2. or ns3 and the query will in general 9 out of 10 times timeout. We can also duplicate this behavior on Charter and Road Runner. I can't even come up with a possible explanation... The zone files are the same Thanks Darrell -- Original Message -- From: R. Scott Perry [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Fri, 19 Dec 2003 22:56:28 -0500 However, something is seriously wrong as the major ISP's can't resolve it (Earthlink, Charter, Some AOL Users, Road Runner). This occured right after the whois info was updated to the new authoratative servers. That's probably the problem. Once the first .com parent server gets the new NS records, it takes up to about 6 hours for all the other .com parent servers to get updated, and another 48 hours before TTL values expire on DNS servers throughout the world. Earthlink, Charter, and some other larger ISPs almost certainly have the old values cached, which will take up to 48 hours to expire after the change. During that time, they will be using the old NS records. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] OT: DNS Issue (HELP)
Scott, On the DNSSTUFF, I used the cached ISP report looking at the NS record. What does it mean when an ISP has the name server set to ns92.worldnic.com? Does this mean at one time when the domain was looked up it was not resolved from the root servers? ATT Worldnet #1NS=ns1.infi.net. [TTL=1d 9h 38m 50s] NS=ns2.infi.net. [TTL=1d 9h 38m 50s] ATT Worldnet #2NS=ns1.infi.net. [TTL=1d 4h 18m 50s] NS=ns2.infi.net. [TTL=1d 4h 18m 50s] ATT Worldnet #1NS=ns1.infi.net. [TTL=1d 2h 53m 53s] NS=ns2.infi.net. [TTL=1d 2h 53m 53s] ATT Worldnet #2NS=ns91.worldnic.com. [TTL=10h 45m 11s] NS=ns92.worldnic.com. [TTL=10h 45m 11s] Taking wild stabs in the dark :) Darrell -- Original Message -- From: R. Scott Perry [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Fri, 19 Dec 2003 22:56:28 -0500 However, something is seriously wrong as the major ISP's can't resolve it (Earthlink, Charter, Some AOL Users, Road Runner). This occured right after the whois info was updated to the new authoratative servers. That's probably the problem. Once the first .com parent server gets the new NS records, it takes up to about 6 hours for all the other .com parent servers to get updated, and another 48 hours before TTL values expire on DNS servers throughout the world. Earthlink, Charter, and some other larger ISPs almost certainly have the old values cached, which will take up to 48 hours to expire after the change. During that time, they will be using the old NS records. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] OT: DNS Issue (HELP)
Darrell, It looks like your name server records were maybe munged for a period of time from a root update that is now fixed. Those munged records though are being cached and they should get a good copy once they expire. This might explain why all of us seem to be able to resolve your domain, being that we aren't likely to have it cached being smaller providers, however the larger providers seem to have bad records for it because they hit your domain while the data was bad. Just guessing of course. If you have some local ISP's which are likely to have chached an earlier copy of the records, try querying their servers to see what it returns. I suspect that they will have a bad copy also, at least for a short period of time. I don't believe there is anything you can do about this if I am correct. Matt Darrell LaRock wrote: Scott, On the DNSSTUFF, I used the cached ISP report looking at the NS record. What does it mean when an ISP has the name server set to ns92.worldnic.com? Does this mean at one time when the domain was looked up it was not resolved from the root servers? ATT Worldnet #1NS=ns1.infi.net. [TTL=1d 9h 38m 50s] NS=ns2.infi.net. [TTL=1d 9h 38m 50s] ATT Worldnet #2NS=ns1.infi.net. [TTL=1d 4h 18m 50s] NS=ns2.infi.net. [TTL=1d 4h 18m 50s] ATT Worldnet #1NS=ns1.infi.net. [TTL=1d 2h 53m 53s] NS=ns2.infi.net. [TTL=1d 2h 53m 53s] ATT Worldnet #2NS=ns91.worldnic.com. [TTL=10h 45m 11s] NS=ns92.worldnic.com. [TTL=10h 45m 11s] Taking wild stabs in the dark :) Darrell -- Original Message -- From: R. Scott Perry [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Fri, 19 Dec 2003 22:56:28 -0500 However, something is seriously wrong as the major ISP's can't resolve it (Earthlink, Charter, Some AOL Users, Road Runner). This occured right after the whois info was updated to the new authoratative servers. That's probably the problem. Once the first .com parent server gets the new NS records, it takes up to about 6 hours for all the other .com parent servers to get updated, and another 48 hours before TTL values expire on DNS servers throughout the world. Earthlink, Charter, and some other larger ISPs almost certainly have the old values cached, which will take up to 48 hours to expire after the change. During that time, they will be using the old NS records. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] They got the pill spammer
...or at least one of them. There's no way this guy gets past Elliot Spitzer. I hope they take away his passport for obvious reasons. Target Spam: NY AG, Microsoft File $38M Suits http://www.spamhaus.org/rokso/evidence.lasso?rokso_id=ROK2985 This sounds a lot like the guy (ring) with the heavily puncuation-obfuscated text only messages. The investigators also determined that the e-mail messages were developed and sent from hijacked computers belonging to a foreign government's defense ministry, others from a hospital, and still more from elementary and high schools. According to the lawsuits, the spam messages used other people's sender names, false subject lines, fake server names, inaccurate and misrepresented sender addresses, or obscured transmission paths, all in violation of New York and Washington state law. I'm pretty sure that I was blocking over 98% of this stuff, but the volume was so immense that it showed up commonly enough, especially in my account where there are addresses on about 6 domains and listed publicly in association with hundreds of domains (registry and sites), and the crud spammers just simply hammer my account, though I don't get any contest spam (static spammers) which is the overwhelming volume that reaches my server. Matt --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
