[Declude.JunkMail] They got the pill spammer

2003-12-19 Thread Matthew Bramble
...or at least one of them.  There's no way this guy gets past Elliot 
Spitzer.  I hope they take away his passport for obvious reasons.

   Target Spam: NY AG, Microsoft File $38M Suits
   http://www.spamhaus.org/rokso/evidence.lasso?rokso_id=ROK2985
This sounds a lot like the guy (ring) with the heavily 
puncuation-obfuscated text only messages.

   "The investigators also determined that the e-mail messages were
   developed and sent from hijacked computers belonging to a foreign
   government's defense ministry, others from a hospital, and still
   more from elementary and high schools. According to the lawsuits,
   the spam messages used other people's sender names, false subject
   lines, fake server names, inaccurate and misrepresented sender
   addresses, or obscured transmission paths, all in violation of New
   York and Washington state law."
I'm pretty sure that I was blocking over 98% of this stuff, but the 
volume was so immense that it showed up commonly enough, especially in 
my account where there are addresses on about 6 domains and listed 
publicly in association with hundreds of domains (registry and sites), 
and the crud spammers just simply hammer my account, though I don't get 
any contest spam (static spammers) which is the overwhelming volume that 
reaches my server.

Matt

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.


Re: [Declude.JunkMail] OT: DNS Issue (HELP)

2003-12-19 Thread Matthew Bramble
Darrell,

It looks like your name server records were maybe munged for a period of 
time from a root update that is now fixed.  Those munged records though 
are being cached and they should get a good copy once they expire.  This 
might explain why all of us seem to be able to resolve your domain, 
being that we aren't likely to have it cached being smaller providers, 
however the larger providers seem to have bad records for it because 
they hit your domain while the data was bad.  Just guessing of course.

If you have some local ISP's which are likely to have chached an earlier 
copy of the records, try querying their servers to see what it returns.  
I suspect that they will have a bad copy also, at least for a short 
period of time.  I don't believe there is anything you can do about this 
if I am correct.

Matt



Darrell LaRock wrote:

Scott,

On the DNSSTUFF, I used the cached ISP report looking at the NS record.  What does it mean when an ISP has the name server set to ns92.worldnic.com?  Does this mean at one time when the domain was looked up it was not resolved from the root servers?

AT&T Worldnet #1NS=ns1.infi.net. [TTL=1d 9h 38m 50s] NS=ns2.infi.net. [TTL=1d 9h 38m 50s] 
AT&T Worldnet #2NS=ns1.infi.net. [TTL=1d 4h 18m 50s] NS=ns2.infi.net. [TTL=1d 4h 18m 50s] 
AT&T Worldnet #1NS=ns1.infi.net. [TTL=1d 2h 53m 53s] NS=ns2.infi.net. [TTL=1d 2h 53m 53s] 
AT&T Worldnet #2NS=ns91.worldnic.com. [TTL=10h 45m 11s] NS=ns92.worldnic.com. [TTL=10h 45m 11s] 

Taking wild stabs in the dark :)
Darrell
-- Original Message --
From: "R. Scott Perry" <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Date:  Fri, 19 Dec 2003 22:56:28 -0500
 

However, something is seriously wrong as the major ISP's can't resolve it 
(Earthlink, Charter, Some AOL Users, Road Runner).  This occured right 
after the whois info was updated to the new authoratative servers.
 

That's probably the problem.

Once the first .com parent server gets the new NS records, it takes up to 
about 6 hours for all the other .com parent servers to get updated, and 
another 48 hours before TTL values expire on DNS servers throughout the 
world.  Earthlink, Charter, and some other larger ISPs almost certainly 
have the old values cached, which will take up to 48 hours to expire after 
the change.  During that time, they will be using the old NS records.

  -Scott
   



---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.


Re: [Declude.JunkMail] OT: DNS Issue (HELP)

2003-12-19 Thread Darrell LaRock
Scott,

On the DNSSTUFF, I used the cached ISP report looking at the NS record.  What does it 
mean when an ISP has the name server set to ns92.worldnic.com?  Does this mean at one 
time when the domain was looked up it was not resolved from the root servers?

AT&T Worldnet #1NS=ns1.infi.net. [TTL=1d 9h 38m 50s] NS=ns2.infi.net. [TTL=1d 
9h 38m 50s] 
AT&T Worldnet #2NS=ns1.infi.net. [TTL=1d 4h 18m 50s] NS=ns2.infi.net. [TTL=1d 
4h 18m 50s] 
AT&T Worldnet #1NS=ns1.infi.net. [TTL=1d 2h 53m 53s] NS=ns2.infi.net. [TTL=1d 
2h 53m 53s] 
AT&T Worldnet #2NS=ns91.worldnic.com. [TTL=10h 45m 11s] NS=ns92.worldnic.com. 
[TTL=10h 45m 11s] 

Taking wild stabs in the dark :)
Darrell

-- Original Message --
From: "R. Scott Perry" <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Date:  Fri, 19 Dec 2003 22:56:28 -0500

>
>>However, something is seriously wrong as the major ISP's can't resolve it 
>>(Earthlink, Charter, Some AOL Users, Road Runner).  This occured right 
>>after the whois info was updated to the new authoratative servers.
>
>That's probably the problem.
>
>Once the first .com parent server gets the new NS records, it takes up to 
>about 6 hours for all the other .com parent servers to get updated, and 
>another 48 hours before TTL values expire on DNS servers throughout the 
>world.  Earthlink, Charter, and some other larger ISPs almost certainly 
>have the old values cached, which will take up to 48 hours to expire after 
>the change.  During that time, they will be using the old NS records.
>
>-Scott
>---
>Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
>Declude Virus: Catches known viruses and is the leader in mailserver 
>vulnerability detection.
>Find out what you've been missing: Ask about our free 30-day evaluation.
>
>---
>[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
>
>---
>This E-mail came from the Declude.JunkMail mailing list.  To
>unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
>type "unsubscribe Declude.JunkMail".  The archives can be found
>at http://www.mail-archive.com.
>
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.


Re: [Declude.JunkMail] OT: DNS Issue (HELP)

2003-12-19 Thread Darrell LaRock
Scott,

We duplicated the zone files between both providers.  So all records are identical.  
If the zone files are the same than all of the timeouts should not matter.

Check this out
1.) Do a direct query against ns1.loudcloud.com for wltx.com - Returns 66.54.32.202.

2.) Do a direct query against ns1.infi.net for wltx.com - Returns 66.54.32.202.

3.) Do a direct query against ns1.mindspring.net or ns2. or ns3 and the query will in 
general 9 out of 10 times timeout.  We can also duplicate this behavior on Charter and 
Road Runner.

I can't even come up with a possible explanation...  The zone files are the same

Thanks
Darrell


-- Original Message --
From: "R. Scott Perry" <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Date:  Fri, 19 Dec 2003 22:56:28 -0500

>
>>However, something is seriously wrong as the major ISP's can't resolve it 
>>(Earthlink, Charter, Some AOL Users, Road Runner).  This occured right 
>>after the whois info was updated to the new authoratative servers.
>
>That's probably the problem.
>
>Once the first .com parent server gets the new NS records, it takes up to 
>about 6 hours for all the other .com parent servers to get updated, and 
>another 48 hours before TTL values expire on DNS servers throughout the 
>world.  Earthlink, Charter, and some other larger ISPs almost certainly 
>have the old values cached, which will take up to 48 hours to expire after 
>the change.  During that time, they will be using the old NS records.
>
>-Scott
>---
>Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
>Declude Virus: Catches known viruses and is the leader in mailserver 
>vulnerability detection.
>Find out what you've been missing: Ask about our free 30-day evaluation.
>
>---
>[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
>
>---
>This E-mail came from the Declude.JunkMail mailing list.  To
>unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
>type "unsubscribe Declude.JunkMail".  The archives can be found
>at http://www.mail-archive.com.
>
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.


[Declude.JunkMail] FOOTER action

2003-12-19 Thread Andy Schmidt
Title: Message



Hi 
Scott:
 
I assume the FOOTER 
action only works for the "plain-text" version of an email?  Since most 
SPAM is using HTML, the footer will never be visible to the 
viewer?
 
Sample:
12/19/2003 17:31:29 
Q7c3f039300ba7da8 Msg failed WEIGHTFOOTER (Total weight between 5 and 7.). 
Action="">
 
Yet - nothing 
appears in the delivered mail.
Best 
RegardsAndy SchmidtPhone:  +1 201 934-3414 x20 
(Business)Fax:    +1 201 934-9206 
 


RE: [Declude.JunkMail] SPF broken with v1.77i4?

2003-12-19 Thread Andy Schmidt
Yep - 1.77i4 definitely broke SPF entirely.  The spf.log has not been
updated since the new build when in.

I just sent a test message through my cable provider (should have failed),
instead:

67.80.42.251 [EMAIL PROTECTED] [andyshome]: UNKNOWN: SPF not
supported (the HM-Software.com TXT record does not exist). 


63.107.174.149   [EMAIL PROTECTED] [TechT1]: UNKNOWN: SPF not
supported (the HM-Software.com TXT record does not exist). 


Best Regards
Andy Schmidt

Phone:  +1 201 934-3414 x20 (Business)
Fax:+1 201 934-9206 



-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Bill Landry
Sent: Friday, December 19, 2003 07:21 PM
To: [EMAIL PROTECTED]
Subject: [Declude.JunkMail] SPF broken with v1.77i4?


Scott, I updated to v1.77i4 for the added logging, however, now SPF appears
not to be working at all.  Logging shows up in spf.none, but no logging
shows up in spf.log any longer.  I sent a test message through that failed
SPF on v1.77i3, but passed right through without notice with v1.77i4.

Bill

---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To unsubscribe,
just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe
Declude.JunkMail".  The archives can be found at
http://www.mail-archive.com.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.


Re: [Declude.JunkMail] OT: DNS Issue (HELP)

2003-12-19 Thread R. Scott Perry

However, something is seriously wrong as the major ISP's can't resolve it 
(Earthlink, Charter, Some AOL Users, Road Runner).  This occured right 
after the whois info was updated to the new authoratative servers.
That's probably the problem.

Once the first .com parent server gets the new NS records, it takes up to 
about 6 hours for all the other .com parent servers to get updated, and 
another 48 hours before TTL values expire on DNS servers throughout the 
world.  Earthlink, Charter, and some other larger ISPs almost certainly 
have the old values cached, which will take up to 48 hours to expire after 
the change.  During that time, they will be using the old NS records.

   -Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
Declude Virus: Catches known viruses and is the leader in mailserver 
vulnerability detection.
Find out what you've been missing: Ask about our free 30-day evaluation.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.


RE: [Declude.JunkMail] messages not being delivered

2003-12-19 Thread R. Scott Perry

Thank you for the explanation. The message was getting deleted as an outlook
blank folding vulnerability.  I have read up on what this is, and I do not
want to disable checking for vulnerabilities altogether.  Is there any way
for me to allow these messages to this one user?
If you are using Declude Virus Pro, you could disable the virus scanning 
for that one user, which would allow the vulnerabilities through.

Note, though, that any up-to-date mailserver virus scanner will catch that 
E-mail, so the best thing to do would be to get the sender to fix the problem.

   -Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
Declude Virus: Catches known viruses and is the leader in mailserver 
vulnerability detection.
Find out what you've been missing: Ask about our free 30-day evaluation.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.


RE: [Declude.JunkMail] SPF setup wizard output

2003-12-19 Thread Todd Holt
OK, thanks.  We have a hosted DNS and I'm getting the entries done now.
I'll let you know.

Todd Holt
Xidix Technologies, Inc
Las Vegas, NV  USA
www.xidix.com
702.319.4349



> -Original Message-
> From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
> [EMAIL PROTECTED] On Behalf Of Bill Landry
> Sent: Friday, December 19, 2003 7:32 PM
> To: [EMAIL PROTECTED]
> Subject: Re: [Declude.JunkMail] SPF setup wizard output
> 
> Yes, Todd, that should work just fine.  If you would like to test it
after
> implementing, let me know and I will forge your domain and send you an
> e-mail from a yahoo.com account.
> 
> Bill
> - Original Message -
> From: "Todd Holt" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Friday, December 19, 2003 7:17 PM
> Subject: RE: [Declude.JunkMail] SPF setup wizard output
> 
> 
> > It would appear that I could this single line in the zone file:
> >
> > v=spf1 ip4:208.57.224.88 -all
> >
> > and that would specify that all valid mail from the domain
originates
> > from this IP address.
> >
> > Is this correct?
> >
> > Todd Holt
> > Xidix Technologies, Inc
> > Las Vegas, NV  USA
> > www.xidix.com
> > 702.319.4349
> >
> >
> >
> > > -Original Message-
> > > From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
> > > [EMAIL PROTECTED] On Behalf Of Todd Holt
> > > Sent: Friday, December 19, 2003 6:54 PM
> > > To: [EMAIL PROTECTED]
> > > Subject: [Declude.JunkMail] SPF setup wizard output
> > >
> > > I ran the SPF setup wizard from the spf.pobox.com site and it
resulted
> > > in the following lines to be inserted into DNS:
> > >
> > > las-DSL224-cust088.mpowercom.net. IN TXT "v=spf1 a -all"
> > > mail.xidix.com. IN TXT "v=spf1 a -all"
> > > mail2.xidix.com. IN TXT "v=spf1 a -all"
> > > wsip-24-234-126-147.lv.lv.cox.net. IN TXT "v=spf1 a -all"
> > >
> > > Why does it specify the 1st and 4th lines?  The 1st line appears
to be
> > > the RDNS suffix of our primary inbound server and the 4th line
appears
> > > to be the RDNS of our backup inbound mail server IP address.
> > >
> > > In addition, the wizard said that it found 4 MX records for our
> > server.
> > > We only have 2 (see
> > > http://www.dnsreport.com/tools/dnsreport.ch?domain=xidix.com). Why
did
> > > it find 4 MX records?  Why should it care how many MX records we
have?
> > > These are to specify incoming mail servers and SPF is to specify
> > > outgoing mail servers (that mail for my domain is allowed to be
sent
> > > from).  Or am I missing something here?
> > >
> > > We only send mail from 1 IP address.  Can I just specify that 1
> > address?
> > > I want to specify that all mail for this domain (Xidix.com) is
sent
> > from
> > > a single IP address (208.57.224.88).
> > >
> > > What am I missing in this picture?
> > >
> > > Todd Holt
> > > Xidix Technologies, Inc
> > > Las Vegas, NV  USA
> > > www.xidix.com
> > > 702.319.4349
> > >
> > >
> > > ---
> > > [This E-mail scanned for viruses by Declude Virus
> > > (http://www.declude.com)]
> > >
> > > ---
> > > [This E-mail was scanned for viruses by Declude Virus
> > > (http://www.declude.com)]
> > >
> > > ---
> > > This E-mail came from the Declude.JunkMail mailing list.  To
> > > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> > > type "unsubscribe Declude.JunkMail".  The archives can be found
> > > at http://www.mail-archive.com.
> > > ---
> > > [This E-mail scanned for viruses by Declude Virus
> > > (http://www.declude.com)]
> >
> >
> > ---
> > [This E-mail scanned for viruses by Declude Virus
> (http://www.declude.com)]
> >
> > ---
> > [This E-mail was scanned for viruses by Declude Virus
> (http://www.declude.com)]
> >
> > ---
> > This E-mail came from the Declude.JunkMail mailing list.  To
> > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> > type "unsubscribe Declude.JunkMail".  The archives can be found
> > at http://www.mail-archive.com.
> >
> 
> ---
> [This E-mail was scanned for viruses by Declude Virus
> (http://www.declude.com)]
> 
> ---
> This E-mail came from the Declude.JunkMail mailing list.  To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.JunkMail".  The archives can be found
> at http://www.mail-archive.com.
> ---
> [This E-mail scanned for viruses by Declude Virus
> (http://www.declude.com)]


---
[This E-mail scanned for viruses by Declude Virus (http://www.declude.com)]

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.


Re: [Declude.JunkMail] SPF setup wizard output

2003-12-19 Thread Bill Landry
Yes, Todd, that should work just fine.  If you would like to test it after
implementing, let me know and I will forge your domain and send you an
e-mail from a yahoo.com account.

Bill
- Original Message - 
From: "Todd Holt" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, December 19, 2003 7:17 PM
Subject: RE: [Declude.JunkMail] SPF setup wizard output


> It would appear that I could this single line in the zone file:
>
> v=spf1 ip4:208.57.224.88 -all
>
> and that would specify that all valid mail from the domain originates
> from this IP address.
>
> Is this correct?
>
> Todd Holt
> Xidix Technologies, Inc
> Las Vegas, NV  USA
> www.xidix.com
> 702.319.4349
>
>
>
> > -Original Message-
> > From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
> > [EMAIL PROTECTED] On Behalf Of Todd Holt
> > Sent: Friday, December 19, 2003 6:54 PM
> > To: [EMAIL PROTECTED]
> > Subject: [Declude.JunkMail] SPF setup wizard output
> >
> > I ran the SPF setup wizard from the spf.pobox.com site and it resulted
> > in the following lines to be inserted into DNS:
> >
> > las-DSL224-cust088.mpowercom.net. IN TXT "v=spf1 a -all"
> > mail.xidix.com. IN TXT "v=spf1 a -all"
> > mail2.xidix.com. IN TXT "v=spf1 a -all"
> > wsip-24-234-126-147.lv.lv.cox.net. IN TXT "v=spf1 a -all"
> >
> > Why does it specify the 1st and 4th lines?  The 1st line appears to be
> > the RDNS suffix of our primary inbound server and the 4th line appears
> > to be the RDNS of our backup inbound mail server IP address.
> >
> > In addition, the wizard said that it found 4 MX records for our
> server.
> > We only have 2 (see
> > http://www.dnsreport.com/tools/dnsreport.ch?domain=xidix.com). Why did
> > it find 4 MX records?  Why should it care how many MX records we have?
> > These are to specify incoming mail servers and SPF is to specify
> > outgoing mail servers (that mail for my domain is allowed to be sent
> > from).  Or am I missing something here?
> >
> > We only send mail from 1 IP address.  Can I just specify that 1
> address?
> > I want to specify that all mail for this domain (Xidix.com) is sent
> from
> > a single IP address (208.57.224.88).
> >
> > What am I missing in this picture?
> >
> > Todd Holt
> > Xidix Technologies, Inc
> > Las Vegas, NV  USA
> > www.xidix.com
> > 702.319.4349
> >
> >
> > ---
> > [This E-mail scanned for viruses by Declude Virus
> > (http://www.declude.com)]
> >
> > ---
> > [This E-mail was scanned for viruses by Declude Virus
> > (http://www.declude.com)]
> >
> > ---
> > This E-mail came from the Declude.JunkMail mailing list.  To
> > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> > type "unsubscribe Declude.JunkMail".  The archives can be found
> > at http://www.mail-archive.com.
> > ---
> > [This E-mail scanned for viruses by Declude Virus
> > (http://www.declude.com)]
>
>
> ---
> [This E-mail scanned for viruses by Declude Virus
(http://www.declude.com)]
>
> ---
> [This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
>
> ---
> This E-mail came from the Declude.JunkMail mailing list.  To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.JunkMail".  The archives can be found
> at http://www.mail-archive.com.
>

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.


Re: [Declude.JunkMail] OT: DNS Issue (HELP)

2003-12-19 Thread Doug Anderson
>From an earthlink dsl user

Ping test
1 wltx.com 56 60 Success
2 wltx.com 56 60 Success
3 wltx.com 56 60 Success
4 wltx.com 56 60 Success
5 wltx.com 56 60 Success

trace rt
1 0 0 172.16.0.254
2 35 35 172.31.255.251
3 30 -5 192.168.5.53
4 30 0 209.247.34.177 ge-8-0-131.ipcolo1.Chicago1.Level3.net
5 30 0 4.68.112.201 so-7-0-0.bbr1.Chicago1.Level3.net
6 70 40 64.159.0.234 so-0-0-0.bbr1.NewYork1.Level3.net
7 60 -10 64.159.17.3 ge-6-0.ipcolo1.NewYork1.Level3.net
8 70 10 209.244.13.198 so-10-0.hsa1.Newark1.Level3.net
9 65 -5 64.156.0.26 unknown.Level3.net
10 Timed out
11 70 5 66.54.32.202 gannetttv.cust.loudcloud.com

Official name: wltx.com (stack DNS)
IP address: 66.54.32.202

wltx.com. (Earthlink DNS)
nameserver = ns1.infi.net.
wltx.com.
nameserver = ns2.infi.net.
wltx.com.
66.54.32.202

Whois Server Version 1.3
Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.

   Domain Name: WLTX.COM
   Registrar: NETWORK SOLUTIONS, INC.
   Whois Server: whois.networksolutions.com
   Referral URL: http://www.networksolutions.com
   Name Server: NS1.INFI.NET
   Name Server: NS2.INFI.NET
   Status: ACTIVE
   Updated Date: 18-dec-2003
   Creation Date: 19-dec-1997
   Expiration Date: 18-dec-2007

Scan (DNS,FTP,HTTP,POP3,SMTP,ECHO,GOPHER,NNTP,TIME,IMAP)
066.054.032.202 HTTP gannetttv.cust.loudcloud.com


Stupid question, what are you testing with? W2k? Turn of DNS Client Service
and Clear DNS Cache...just a thought.



- Original Message - 
From: "Darrell LaRock" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, December 19, 2003 8:46 PM
Subject: Re: [Declude.JunkMail] OT: DNS Issue (HELP)


> I am absolutly baffled.
>
> Eathlink Dial-up - Does not work
> Charter Cable Connection - Does not work
> AT&T T1 using local bind server - Works
> Roadrunner Cable - Does not work
> AOL - Intermittent.
> Several users who replied - Works
>
> Darrell
>
>
> -- Original Message --
> From: Scott Winberg <[EMAIL PROTECTED]>
> Reply-To: [EMAIL PROTECTED]
> Date:  Fri, 19 Dec 2003 19:13:55 -0700
>
> >Hello Darrell,
> >
> >Working from here. Denver, CO area.
> >
> >
> >Scott
> >
> >Friday, December 19, 2003, 6:59:06 PM, you wrote:
> >
> >Darrell> This is off topic, but I need some help in a bad way to figure
out a DNS problem I am having that is preventing one of our sites from
receiving mail and thier web site from loading.
> >
> >Darrell> We recently (this week) switched the name servers from our
current provider to another provider.   The zone files are duplicate between
providers.
> >
> >Darrell> However, something is seriously wrong as the major ISP's can't
resolve it (Earthlink, Charter, Some AOL Users, Road Runner).  This occured
right after the whois info was updated to the new
> >Darrell> authoratative servers.
> >
> >Darrell> Now the crazy thing is I can resolve the site using the auth.
servers, but not off one of Earthlink's or charters.
> >
> >Darrell> The site is "wltx.com".
> >
> >Darrell> Can you resolve it?
> >
> >Darrell> How can I verify that the site did not fall out of the root
servers? Anyone else have any input?
> >
> >Darrell> Darrell
> >Darrell> ---
> >Darrell> [This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
> >
> >Darrell> ---
> >Darrell> This E-mail came from the Declude.JunkMail mailing list.  To
> >Darrell> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> >Darrell> type "unsubscribe Declude.JunkMail".  The archives can be found
> >Darrell> at http://www.mail-archive.com.
> >
> >
> >
> >-- 
> >
> > Scottmailto:[EMAIL PROTECTED]
> >
> >---
> >[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
> >
> >---
> >This E-mail came from the Declude.JunkMail mailing list.  To
> >unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> >type "unsubscribe Declude.JunkMail".  The archives can be found
> >at http://www.mail-archive.com.
> >
> ---
> [This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
>
> ---
> This E-mail came from the Declude.JunkMail mailing list.  To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.JunkMail".  The archives can be found
> at http://www.mail-archive.com.
>

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.


RE: [Declude.JunkMail] SPF setup wizard output

2003-12-19 Thread Todd Holt
It would appear that I could this single line in the zone file:

v=spf1 ip4:208.57.224.88 -all

and that would specify that all valid mail from the domain originates
from this IP address.

Is this correct?

Todd Holt
Xidix Technologies, Inc
Las Vegas, NV  USA
www.xidix.com
702.319.4349



> -Original Message-
> From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
> [EMAIL PROTECTED] On Behalf Of Todd Holt
> Sent: Friday, December 19, 2003 6:54 PM
> To: [EMAIL PROTECTED]
> Subject: [Declude.JunkMail] SPF setup wizard output
> 
> I ran the SPF setup wizard from the spf.pobox.com site and it resulted
> in the following lines to be inserted into DNS:
> 
> las-DSL224-cust088.mpowercom.net. IN TXT "v=spf1 a -all"
> mail.xidix.com. IN TXT "v=spf1 a -all"
> mail2.xidix.com. IN TXT "v=spf1 a -all"
> wsip-24-234-126-147.lv.lv.cox.net. IN TXT "v=spf1 a -all"
> 
> Why does it specify the 1st and 4th lines?  The 1st line appears to be
> the RDNS suffix of our primary inbound server and the 4th line appears
> to be the RDNS of our backup inbound mail server IP address.
> 
> In addition, the wizard said that it found 4 MX records for our
server.
> We only have 2 (see
> http://www.dnsreport.com/tools/dnsreport.ch?domain=xidix.com). Why did
> it find 4 MX records?  Why should it care how many MX records we have?
> These are to specify incoming mail servers and SPF is to specify
> outgoing mail servers (that mail for my domain is allowed to be sent
> from).  Or am I missing something here?
> 
> We only send mail from 1 IP address.  Can I just specify that 1
address?
> I want to specify that all mail for this domain (Xidix.com) is sent
from
> a single IP address (208.57.224.88).
> 
> What am I missing in this picture?
> 
> Todd Holt
> Xidix Technologies, Inc
> Las Vegas, NV  USA
> www.xidix.com
> 702.319.4349
> 
> 
> ---
> [This E-mail scanned for viruses by Declude Virus
> (http://www.declude.com)]
> 
> ---
> [This E-mail was scanned for viruses by Declude Virus
> (http://www.declude.com)]
> 
> ---
> This E-mail came from the Declude.JunkMail mailing list.  To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.JunkMail".  The archives can be found
> at http://www.mail-archive.com.
> ---
> [This E-mail scanned for viruses by Declude Virus
> (http://www.declude.com)]


---
[This E-mail scanned for viruses by Declude Virus (http://www.declude.com)]

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.


RE: [Declude.JunkMail] OT: DNS Issue (HELP)

2003-12-19 Thread Darrell LaRock
Andrew,

One question that I have is the TTL stuff shouldnt matter since the zone files that 
were moved over are the same.  All we are doing is switching DNS providers right now.

Darrell

-- Original Message --
From: "Colbeck, Andrew" <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Date:  Fri, 19 Dec 2003 18:45:00 -0800

>I'd say that the domain is fine at its new home; the question is what was
>the TTL on the domain before it was moved?
>
>I would go very little out on a limb and say that the folks with trouble to
>wltx.com were cacheing the DNS for longer than the TTL on the domain, or it
>was really high before the change, and they're respecting that.
>
>If you didn't already know it, this site, courtesy of declude.com, is a
>wonderful resource:
>
>http://www.dnsreport.com/
>
>Andrew 8)
>
>-Original Message-
>From: Darrell LaRock [mailto:[EMAIL PROTECTED] 
>Sent: Friday, December 19, 2003 5:59 PM
>To: [EMAIL PROTECTED]
>Subject: [Declude.JunkMail] OT: DNS Issue (HELP)
>
>
>This is off topic, but I need some help in a bad way to figure out a DNS
>problem I am having that is preventing one of our sites from receiving mail
>and thier web site from loading.
>
>We recently (this week) switched the name servers from our current provider
>to another provider.   The zone files are duplicate between providers.
>
>However, something is seriously wrong as the major ISP's can't resolve it
>(Earthlink, Charter, Some AOL Users, Road Runner).  This occured right after
>the whois info was updated to the new authoratative servers.
>
>Now the crazy thing is I can resolve the site using the auth. servers, but
>not off one of Earthlink's or charters.  
>
>The site is "wltx.com".
>
>Can you resolve it?
>
>How can I verify that the site did not fall out of the root servers? Anyone
>else have any input?
>
>Darrell
>---
>[This E-mail was scanned for viruses by Declude Virus
>(http://www.declude.com)]
>
>---
>This E-mail came from the Declude.JunkMail mailing list.  To
>unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
>type "unsubscribe Declude.JunkMail".  The archives can be found
>at http://www.mail-archive.com.
>---
>[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
>
>---
>This E-mail came from the Declude.JunkMail mailing list.  To
>unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
>type "unsubscribe Declude.JunkMail".  The archives can be found
>at http://www.mail-archive.com.
>
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.


[Declude.JunkMail] SPF setup wizard output

2003-12-19 Thread Todd Holt
I ran the SPF setup wizard from the spf.pobox.com site and it resulted
in the following lines to be inserted into DNS:

las-DSL224-cust088.mpowercom.net. IN TXT "v=spf1 a -all"
mail.xidix.com. IN TXT "v=spf1 a -all"
mail2.xidix.com. IN TXT "v=spf1 a -all"
wsip-24-234-126-147.lv.lv.cox.net. IN TXT "v=spf1 a -all"

Why does it specify the 1st and 4th lines?  The 1st line appears to be
the RDNS suffix of our primary inbound server and the 4th line appears
to be the RDNS of our backup inbound mail server IP address.  

In addition, the wizard said that it found 4 MX records for our server.
We only have 2 (see
http://www.dnsreport.com/tools/dnsreport.ch?domain=xidix.com). Why did
it find 4 MX records?  Why should it care how many MX records we have?
These are to specify incoming mail servers and SPF is to specify
outgoing mail servers (that mail for my domain is allowed to be sent
from).  Or am I missing something here?

We only send mail from 1 IP address.  Can I just specify that 1 address?
I want to specify that all mail for this domain (Xidix.com) is sent from
a single IP address (208.57.224.88).

What am I missing in this picture?

Todd Holt
Xidix Technologies, Inc
Las Vegas, NV  USA
www.xidix.com
702.319.4349


---
[This E-mail scanned for viruses by Declude Virus (http://www.declude.com)]

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.


RE: [Declude.JunkMail] OT: DNS Issue (HELP)

2003-12-19 Thread Colbeck, Andrew
I'd say that the domain is fine at its new home; the question is what was
the TTL on the domain before it was moved?

I would go very little out on a limb and say that the folks with trouble to
wltx.com were cacheing the DNS for longer than the TTL on the domain, or it
was really high before the change, and they're respecting that.

If you didn't already know it, this site, courtesy of declude.com, is a
wonderful resource:

http://www.dnsreport.com/

Andrew 8)

-Original Message-
From: Darrell LaRock [mailto:[EMAIL PROTECTED] 
Sent: Friday, December 19, 2003 5:59 PM
To: [EMAIL PROTECTED]
Subject: [Declude.JunkMail] OT: DNS Issue (HELP)


This is off topic, but I need some help in a bad way to figure out a DNS
problem I am having that is preventing one of our sites from receiving mail
and thier web site from loading.

We recently (this week) switched the name servers from our current provider
to another provider.   The zone files are duplicate between providers.

However, something is seriously wrong as the major ISP's can't resolve it
(Earthlink, Charter, Some AOL Users, Road Runner).  This occured right after
the whois info was updated to the new authoratative servers.

Now the crazy thing is I can resolve the site using the auth. servers, but
not off one of Earthlink's or charters.  

The site is "wltx.com".

Can you resolve it?

How can I verify that the site did not fall out of the root servers? Anyone
else have any input?

Darrell
---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.


Re: [Declude.JunkMail] OT: DNS Issue (HELP)

2003-12-19 Thread Darrell LaRock
I am absolutly baffled.

Eathlink Dial-up - Does not work
Charter Cable Connection - Does not work
AT&T T1 using local bind server - Works
Roadrunner Cable - Does not work
AOL - Intermittent.
Several users who replied - Works

Darrell


-- Original Message --
From: Scott Winberg <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Date:  Fri, 19 Dec 2003 19:13:55 -0700

>Hello Darrell,
>
>Working from here. Denver, CO area.
>
>
>Scott
>
>Friday, December 19, 2003, 6:59:06 PM, you wrote:
>
>Darrell> This is off topic, but I need some help in a bad way to figure out a DNS 
>problem I am having that is preventing one of our sites from receiving mail and thier 
>web site from loading.
>
>Darrell> We recently (this week) switched the name servers from our current provider 
>to another provider.   The zone files are duplicate between providers.
>
>Darrell> However, something is seriously wrong as the major ISP's can't resolve it 
>(Earthlink, Charter, Some AOL Users, Road Runner).  This occured right after the 
>whois info was updated to the new
>Darrell> authoratative servers.
>
>Darrell> Now the crazy thing is I can resolve the site using the auth. servers, but 
>not off one of Earthlink's or charters.  
>
>Darrell> The site is "wltx.com".
>
>Darrell> Can you resolve it?
>
>Darrell> How can I verify that the site did not fall out of the root servers? Anyone 
>else have any input?
>
>Darrell> Darrell
>Darrell> ---
>Darrell> [This E-mail was scanned for viruses by Declude Virus 
>(http://www.declude.com)]
>
>Darrell> ---
>Darrell> This E-mail came from the Declude.JunkMail mailing list.  To
>Darrell> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
>Darrell> type "unsubscribe Declude.JunkMail".  The archives can be found
>Darrell> at http://www.mail-archive.com.
>
>
>
>-- 
>
> Scottmailto:[EMAIL PROTECTED]
>
>---
>[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
>
>---
>This E-mail came from the Declude.JunkMail mailing list.  To
>unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
>type "unsubscribe Declude.JunkMail".  The archives can be found
>at http://www.mail-archive.com.
>
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.


Re: [Declude.JunkMail] OT: DNS Issue (HELP)

2003-12-19 Thread Scott Winberg
Hello Darrell,

Email works too:

12:19 19:41 SMTP-(07540069) [x] Connecting socket to service  on host  
using protocol 
12:19 19:41 SMTP-(07540069) [x] using source IP for arvadafire.com [65.125.147.225]
12:19 19:41 SMTP-(07540069) Info - Found wltx.com in DNS Cache 
12:19 19:41 SMTP-(07540069) Connect wltx.com [209.94.11.105:25] (1)
12:19 19:41 SMTP-(07540069) 220 mail1.gannett-tv.com (IMail 7.15 56973-6) NT-ESMTP 
Server X1
12:19 19:41 SMTP-(07540069) >EHLO arvadafire.com
12:19 19:41 SMTP-(07540069) 250-mail1.gannett-tv.com says hello
12:19 19:41 SMTP-(07540069) 250-SIZE 2000
12:19 19:41 SMTP-(07540069) 250-8BITMIME
12:19 19:41 SMTP-(07540069) 250-DSN
12:19 19:41 SMTP-(07540069) 250-ETRN
12:19 19:41 SMTP-(07540069) 250-AUTH LOGIN CRAM-MD5
12:19 19:41 SMTP-(07540069) 250-AUTH=LOGIN
12:19 19:41 SMTP-(07540069) 250 EXPN
12:19 19:41 SMTP-(07540069) >MAIL FROM:<[EMAIL PROTECTED]>
12:19 19:41 SMTP-(07540069) 250 ok
12:19 19:41 SMTP-(07540069) >RCPT To:<[EMAIL PROTECTED]>
12:19 19:41 SMTP-(07540069) 250 ok its for <[EMAIL PROTECTED]>
12:19 19:41 SMTP-(07540069) >DATA
12:19 19:41 SMTP-(07540069) 354 ok, send it; end with .
12:19 19:41 SMTP-(07540069) >.
12:19 19:41 SMTP-(07540069) 250 Message queued
12:19 19:41 SMTP-(07540069) rdeliver wltx.com [EMAIL PROTECTED] (1) <[EMAIL 
PROTECTED]> 827
12:19 19:41 SMTP-(07540069) >QUIT
12:19 19:41 SMTP-(07540069) 221 Goodbye


Scott

Friday, December 19, 2003, 6:59:06 PM, you wrote:

Darrell> This is off topic, but I need some help in a bad way to figure out a DNS 
problem I am having that is preventing one of our sites from receiving mail and thier 
web site from loading.

Darrell> We recently (this week) switched the name servers from our current provider 
to another provider.   The zone files are duplicate between providers.

Darrell> However, something is seriously wrong as the major ISP's can't resolve it 
(Earthlink, Charter, Some AOL Users, Road Runner).  This occured right after the whois 
info was updated to the new
Darrell> authoratative servers.

Darrell> Now the crazy thing is I can resolve the site using the auth. servers, but 
not off one of Earthlink's or charters.  

Darrell> The site is "wltx.com".

Darrell> Can you resolve it?

Darrell> How can I verify that the site did not fall out of the root servers? Anyone 
else have any input?

Darrell> Darrell
Darrell> ---
Darrell> [This E-mail was scanned for viruses by Declude Virus 
(http://www.declude.com)]

Darrell> ---
Darrell> This E-mail came from the Declude.JunkMail mailing list.  To
Darrell> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
Darrell> type "unsubscribe Declude.JunkMail".  The archives can be found
Darrell> at http://www.mail-archive.com.



-- 

 Scottmailto:[EMAIL PROTECTED]

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.


Re: [Declude.JunkMail] OT: DNS Issue (HELP)

2003-12-19 Thread Scott Winberg
Hello Darrell,

Working from here. Denver, CO area.


Scott

Friday, December 19, 2003, 6:59:06 PM, you wrote:

Darrell> This is off topic, but I need some help in a bad way to figure out a DNS 
problem I am having that is preventing one of our sites from receiving mail and thier 
web site from loading.

Darrell> We recently (this week) switched the name servers from our current provider 
to another provider.   The zone files are duplicate between providers.

Darrell> However, something is seriously wrong as the major ISP's can't resolve it 
(Earthlink, Charter, Some AOL Users, Road Runner).  This occured right after the whois 
info was updated to the new
Darrell> authoratative servers.

Darrell> Now the crazy thing is I can resolve the site using the auth. servers, but 
not off one of Earthlink's or charters.  

Darrell> The site is "wltx.com".

Darrell> Can you resolve it?

Darrell> How can I verify that the site did not fall out of the root servers? Anyone 
else have any input?

Darrell> Darrell
Darrell> ---
Darrell> [This E-mail was scanned for viruses by Declude Virus 
(http://www.declude.com)]

Darrell> ---
Darrell> This E-mail came from the Declude.JunkMail mailing list.  To
Darrell> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
Darrell> type "unsubscribe Declude.JunkMail".  The archives can be found
Darrell> at http://www.mail-archive.com.



-- 

 Scottmailto:[EMAIL PROTECTED]

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.


RE: [Declude.JunkMail] OT: DNS Issue (HELP)

2003-12-19 Thread Omar K.
I was able to resolve wltx.com just fine.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Darrell LaRock
Sent: Saturday, December 20, 2003 3:59 AM
To: [EMAIL PROTECTED]
Subject: [Declude.JunkMail] OT: DNS Issue (HELP)


This is off topic, but I need some help in a bad way to figure out a DNS
problem I am having that is preventing one of our sites from receiving mail
and thier web site from loading.

We recently (this week) switched the name servers from our current provider
to another provider.   The zone files are duplicate between providers.

However, something is seriously wrong as the major ISP's can't resolve it
(Earthlink, Charter, Some AOL Users, Road Runner).  This occured right after
the whois info was updated to the new authoratative servers.

Now the crazy thing is I can resolve the site using the auth. servers, but
not off one of Earthlink's or charters.  

The site is "wltx.com".

Can you resolve it?

How can I verify that the site did not fall out of the root servers? Anyone
else have any input?

Darrell
---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.


[Declude.JunkMail] OT: DNS Issue (HELP)

2003-12-19 Thread Darrell LaRock
This is off topic, but I need some help in a bad way to figure out a DNS problem I am 
having that is preventing one of our sites from receiving mail and thier web site from 
loading.

We recently (this week) switched the name servers from our current provider to another 
provider.   The zone files are duplicate between providers.

However, something is seriously wrong as the major ISP's can't resolve it (Earthlink, 
Charter, Some AOL Users, Road Runner).  This occured right after the whois info was 
updated to the new authoratative servers.

Now the crazy thing is I can resolve the site using the auth. servers, but not off one 
of Earthlink's or charters.  

The site is "wltx.com".

Can you resolve it?

How can I verify that the site did not fall out of the root servers? Anyone else have 
any input?

Darrell
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.


RE: [Declude.JunkMail] Windows Server 2003

2003-12-19 Thread John Tolmachoff \(Lists\)
Here is a couple of quick stats from the responses:

Of those using Windows Server 2003 at the time;

0-5K messages per day   4
5K-10K messages per day 2
10K-20K messages per day2
20K-30K messages per day1
30K-50K messages per day0
50K-75K messages per day1
75K-100K messages per day   0
100K or more per day1

Now, how can you see a pattern with those amounts of respondes with problems
on W2K3 compared to W2K?

John Tolmachoff
Engineer/Consultant/Owner
eServices For You


> -Original Message-
> From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
> [EMAIL PROTECTED] On Behalf Of Omar K.
> Sent: Friday, December 19, 2003 5:06 PM
> To: [EMAIL PROTECTED]
> Subject: RE: [Declude.JunkMail] Windows Server 2003
> 
> Statistically, a random 10% sample is sufficient on a lot of things.
> 
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Kevin Bilbee
> Sent: Saturday, December 20, 2003 2:50 AM
> To: [EMAIL PROTECTED]
> Subject: RE: [Declude.JunkMail] Windows Server 2003
> 
> 
> Hey John they do samples in surveys of less that of your sample as
> compared
> to the number of Imail servers.
> 
> If you consider the number of people that watch TV and the small sample of
> people that NEILSON users to rate a shows popularity. I bet you have a
> better sampling than they do.
> 
> 
> Kevin Bilbee
> 
> > -Original Message-
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED] Behalf Of John Tolmachoff
> > (Lists)
> > Sent: Friday, December 19, 2003 4:29 PM
> > To: [EMAIL PROTECTED]
> > Subject: RE: [Declude.JunkMail] Windows Server 2003
> >
> >
> > No. I am saying that only 176 responses to the survey does not give a
> > reliable survey result when there are clearly at least 10 times that
> many
> > out there, if not way more.
> >
> > John Tolmachoff
> > Engineer/Consultant/Owner
> > eServices For You
> >
> > > -Original Message-
> > > From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
> > > [EMAIL PROTECTED] On Behalf Of Todd Holt
> > > Sent: Friday, December 19, 2003 4:13 PM
> > > To: [EMAIL PROTECTED]
> > > Subject: RE: [Declude.JunkMail] Windows Server 2003
> > >
> > > John,
> > > Are you saying that small servers are not reliable?? :))
> > >
> > > Todd Holt
> > > Xidix Technologies, Inc
> > > Las Vegas, NV  USA
> > > www.xidix.com
> > > 702.319.4349
> > >
> > >
> > >
> > > > -Original Message-
> > > > From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
> > > > [EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists)
> > > > Sent: Friday, December 19, 2003 3:05 PM
> > > > To: [EMAIL PROTECTED]
> > > > Subject: RE: [Declude.JunkMail] Windows Server 2003
> > > >
> > > > Unfortunately, there were only 176 responses, mostly from small to
> mid
> > > > size
> > > > setups. Therefore, the results were not reliable.
> > > >
> > > > John Tolmachoff
> > > > Engineer/Consultant/Owner
> > > > eServices For You
> > > >
> > > >
> > > > > -Original Message-
> > > > > From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
> > > > > [EMAIL PROTECTED] On Behalf Of Omar K.
> > > > > Sent: Friday, December 19, 2003 2:15 PM
> > > > > To: [EMAIL PROTECTED]
> > > > > Subject: RE: [Declude.JunkMail] Windows Server 2003
> > > > >
> > > > > Yeah, whatever happened to that, I poured my heart out there :)
> > > > >
> > > > > -Original Message-
> > > > > From: [EMAIL PROTECTED]
> > > > > [mailto:[EMAIL PROTECTED] On Behalf Of
> DLAnalyzer
> > > > > Support
> > > > > Sent: Friday, December 19, 2003 11:52 PM
> > > > > To: [EMAIL PROTECTED]
> > > > > Subject: Re: [Declude.JunkMail] Windows Server 2003
> > > > >
> > > > >
> > > > > John,
> > > > >
> > > > > I remember you did a survey awhile back on problems with
> Imail/etc.
> > > > Were
> > > > > the results of that ever posted?
> > > > >
> > > > > Darrell
> > > > >  
> > > > > Check Out DLAnalyzer a comprehensive reporting tool for
> > > > > Declude Junkmail Logs - http://www.dlanalyzer.com
> > > > >
> > > > >
> > > > > John Tolmachoff (Lists) writes:
> > > > >
> > > > > > For the majority, W2K3 is the way to go if you are able to.
> > > Ipswitch
> > > > > does
> > > > > > support running Imail on W2K3.
> > > > > >
> > > > > > There are some possible issues.
> > > > > >
> > > > > > 1. Running MS DSN service on W2K3 WITH Imail Anti-Spam DNS tests
> > > is a
> > > > > > problem.
> > > > > >
> > > > > > 2. Some issues have been reported on the Imail list when the
> > > server
> > > > > > processes a high volume of messages per day. Nothing seems to be
> > > > > conclusive
> > > > > > as far as I know to date, and from the posts, I have not seen a
> > > > definite
> > > > > > pattern.
> > > > > >
> > > > > > John Tolmachoff
> > > > > > Engineer/Consultant/Owner
> > > > > > eServices For You
> > > > > >
> > > > > >
> > > > > >> -Original Message-
> > > > > >> From: [EMAIL PROTECTED]
> > > [mailto:Declu

RE: [Declude.JunkMail] Windows Server 2003

2003-12-19 Thread Omar K.
Statistically, a random 10% sample is sufficient on a lot of things.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kevin Bilbee
Sent: Saturday, December 20, 2003 2:50 AM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.JunkMail] Windows Server 2003


Hey John they do samples in surveys of less that of your sample as compared
to the number of Imail servers.

If you consider the number of people that watch TV and the small sample of
people that NEILSON users to rate a shows popularity. I bet you have a
better sampling than they do.


Kevin Bilbee

> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of John Tolmachoff
> (Lists)
> Sent: Friday, December 19, 2003 4:29 PM
> To: [EMAIL PROTECTED]
> Subject: RE: [Declude.JunkMail] Windows Server 2003
>
>
> No. I am saying that only 176 responses to the survey does not give a
> reliable survey result when there are clearly at least 10 times that many
> out there, if not way more.
>
> John Tolmachoff
> Engineer/Consultant/Owner
> eServices For You
>
> > -Original Message-
> > From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
> > [EMAIL PROTECTED] On Behalf Of Todd Holt
> > Sent: Friday, December 19, 2003 4:13 PM
> > To: [EMAIL PROTECTED]
> > Subject: RE: [Declude.JunkMail] Windows Server 2003
> >
> > John,
> > Are you saying that small servers are not reliable?? :))
> >
> > Todd Holt
> > Xidix Technologies, Inc
> > Las Vegas, NV  USA
> > www.xidix.com
> > 702.319.4349
> >
> >
> >
> > > -Original Message-
> > > From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
> > > [EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists)
> > > Sent: Friday, December 19, 2003 3:05 PM
> > > To: [EMAIL PROTECTED]
> > > Subject: RE: [Declude.JunkMail] Windows Server 2003
> > >
> > > Unfortunately, there were only 176 responses, mostly from small to mid
> > > size
> > > setups. Therefore, the results were not reliable.
> > >
> > > John Tolmachoff
> > > Engineer/Consultant/Owner
> > > eServices For You
> > >
> > >
> > > > -Original Message-
> > > > From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
> > > > [EMAIL PROTECTED] On Behalf Of Omar K.
> > > > Sent: Friday, December 19, 2003 2:15 PM
> > > > To: [EMAIL PROTECTED]
> > > > Subject: RE: [Declude.JunkMail] Windows Server 2003
> > > >
> > > > Yeah, whatever happened to that, I poured my heart out there :)
> > > >
> > > > -Original Message-
> > > > From: [EMAIL PROTECTED]
> > > > [mailto:[EMAIL PROTECTED] On Behalf Of DLAnalyzer
> > > > Support
> > > > Sent: Friday, December 19, 2003 11:52 PM
> > > > To: [EMAIL PROTECTED]
> > > > Subject: Re: [Declude.JunkMail] Windows Server 2003
> > > >
> > > >
> > > > John,
> > > >
> > > > I remember you did a survey awhile back on problems with Imail/etc.
> > > Were
> > > > the results of that ever posted?
> > > >
> > > > Darrell
> > > >  
> > > > Check Out DLAnalyzer a comprehensive reporting tool for
> > > > Declude Junkmail Logs - http://www.dlanalyzer.com
> > > >
> > > >
> > > > John Tolmachoff (Lists) writes:
> > > >
> > > > > For the majority, W2K3 is the way to go if you are able to.
> > Ipswitch
> > > > does
> > > > > support running Imail on W2K3.
> > > > >
> > > > > There are some possible issues.
> > > > >
> > > > > 1. Running MS DSN service on W2K3 WITH Imail Anti-Spam DNS tests
> > is a
> > > > > problem.
> > > > >
> > > > > 2. Some issues have been reported on the Imail list when the
> > server
> > > > > processes a high volume of messages per day. Nothing seems to be
> > > > conclusive
> > > > > as far as I know to date, and from the posts, I have not seen a
> > > definite
> > > > > pattern.
> > > > >
> > > > > John Tolmachoff
> > > > > Engineer/Consultant/Owner
> > > > > eServices For You
> > > > >
> > > > >
> > > > >> -Original Message-
> > > > >> From: [EMAIL PROTECTED]
> > [mailto:Declude.JunkMail-
> > > > >> [EMAIL PROTECTED] On Behalf Of Jonathan
> > > > >> Sent: Thursday, December 18, 2003 10:44 PM
> > > > >> To: [EMAIL PROTECTED]
> > > > >> Subject: RE: [Declude.JunkMail] Windows Server 2003
> > > > >>
> > > > >> So I haven't heard anything else back on this .. are you guys all
> > > > staying
> > > > >> away from Windows 2003 and Imail? I'm having a hard time trying
> > to
> > > > justify
> > > > >> the risk of running new servers on 2k3 when 2k works just fine ..
> > but
> > > > then
> > > > >> again, 2k3 seems more stable over time  but not if Imail
> > doesn't
> > > > >> support it well yet.
> > > > >>
> > > > >> g
> > > > >>
> > > > >> Thoughts?
> > > > >>
> > > > >> Jonathan
> > > > >>
> > > > >> At 05:04 PM 12/4/2003, you wrote:
> > > > >> >The issues seem to appear at high volumes.
> > > > >> >
> > > > >> >Besides, I am more than willing to use those licenses for you.
> > ;)
> > > > >> >
> > > > >> >John Tolmachoff
> > > > >> >Engineer/Consultant/Owner
> > > > >> >eServices For You
> > > > >> >
> > > 

RE: [Declude.JunkMail] Windows Server 2003

2003-12-19 Thread Kevin Bilbee
Hey John they do samples in surveys of less that of your sample as compared
to the number of Imail servers.

If you consider the number of people that watch TV and the small sample of
people that NEILSON users to rate a shows popularity. I bet you have a
better sampling than they do.


Kevin Bilbee

> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of John Tolmachoff
> (Lists)
> Sent: Friday, December 19, 2003 4:29 PM
> To: [EMAIL PROTECTED]
> Subject: RE: [Declude.JunkMail] Windows Server 2003
>
>
> No. I am saying that only 176 responses to the survey does not give a
> reliable survey result when there are clearly at least 10 times that many
> out there, if not way more.
>
> John Tolmachoff
> Engineer/Consultant/Owner
> eServices For You
>
> > -Original Message-
> > From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
> > [EMAIL PROTECTED] On Behalf Of Todd Holt
> > Sent: Friday, December 19, 2003 4:13 PM
> > To: [EMAIL PROTECTED]
> > Subject: RE: [Declude.JunkMail] Windows Server 2003
> >
> > John,
> > Are you saying that small servers are not reliable?? :))
> >
> > Todd Holt
> > Xidix Technologies, Inc
> > Las Vegas, NV  USA
> > www.xidix.com
> > 702.319.4349
> >
> >
> >
> > > -Original Message-
> > > From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
> > > [EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists)
> > > Sent: Friday, December 19, 2003 3:05 PM
> > > To: [EMAIL PROTECTED]
> > > Subject: RE: [Declude.JunkMail] Windows Server 2003
> > >
> > > Unfortunately, there were only 176 responses, mostly from small to mid
> > > size
> > > setups. Therefore, the results were not reliable.
> > >
> > > John Tolmachoff
> > > Engineer/Consultant/Owner
> > > eServices For You
> > >
> > >
> > > > -Original Message-
> > > > From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
> > > > [EMAIL PROTECTED] On Behalf Of Omar K.
> > > > Sent: Friday, December 19, 2003 2:15 PM
> > > > To: [EMAIL PROTECTED]
> > > > Subject: RE: [Declude.JunkMail] Windows Server 2003
> > > >
> > > > Yeah, whatever happened to that, I poured my heart out there :)
> > > >
> > > > -Original Message-
> > > > From: [EMAIL PROTECTED]
> > > > [mailto:[EMAIL PROTECTED] On Behalf Of DLAnalyzer
> > > > Support
> > > > Sent: Friday, December 19, 2003 11:52 PM
> > > > To: [EMAIL PROTECTED]
> > > > Subject: Re: [Declude.JunkMail] Windows Server 2003
> > > >
> > > >
> > > > John,
> > > >
> > > > I remember you did a survey awhile back on problems with Imail/etc.
> > > Were
> > > > the results of that ever posted?
> > > >
> > > > Darrell
> > > >  
> > > > Check Out DLAnalyzer a comprehensive reporting tool for
> > > > Declude Junkmail Logs - http://www.dlanalyzer.com
> > > >
> > > >
> > > > John Tolmachoff (Lists) writes:
> > > >
> > > > > For the majority, W2K3 is the way to go if you are able to.
> > Ipswitch
> > > > does
> > > > > support running Imail on W2K3.
> > > > >
> > > > > There are some possible issues.
> > > > >
> > > > > 1. Running MS DSN service on W2K3 WITH Imail Anti-Spam DNS tests
> > is a
> > > > > problem.
> > > > >
> > > > > 2. Some issues have been reported on the Imail list when the
> > server
> > > > > processes a high volume of messages per day. Nothing seems to be
> > > > conclusive
> > > > > as far as I know to date, and from the posts, I have not seen a
> > > definite
> > > > > pattern.
> > > > >
> > > > > John Tolmachoff
> > > > > Engineer/Consultant/Owner
> > > > > eServices For You
> > > > >
> > > > >
> > > > >> -Original Message-
> > > > >> From: [EMAIL PROTECTED]
> > [mailto:Declude.JunkMail-
> > > > >> [EMAIL PROTECTED] On Behalf Of Jonathan
> > > > >> Sent: Thursday, December 18, 2003 10:44 PM
> > > > >> To: [EMAIL PROTECTED]
> > > > >> Subject: RE: [Declude.JunkMail] Windows Server 2003
> > > > >>
> > > > >> So I haven't heard anything else back on this .. are you guys all
> > > > staying
> > > > >> away from Windows 2003 and Imail? I'm having a hard time trying
> > to
> > > > justify
> > > > >> the risk of running new servers on 2k3 when 2k works just fine ..
> > but
> > > > then
> > > > >> again, 2k3 seems more stable over time  but not if Imail
> > doesn't
> > > > >> support it well yet.
> > > > >>
> > > > >> g
> > > > >>
> > > > >> Thoughts?
> > > > >>
> > > > >> Jonathan
> > > > >>
> > > > >> At 05:04 PM 12/4/2003, you wrote:
> > > > >> >The issues seem to appear at high volumes.
> > > > >> >
> > > > >> >Besides, I am more than willing to use those licenses for you.
> > ;)
> > > > >> >
> > > > >> >John Tolmachoff
> > > > >> >Engineer/Consultant/Owner
> > > > >> >eServices For You
> > > > >> >
> > > > >> >
> > > > >> > > -Original Message-
> > > > >> > > From: [EMAIL PROTECTED]
> > > [mailto:Declude.JunkMail-
> > > > >> > > [EMAIL PROTECTED] On Behalf Of Jonathan
> > > > >> > > Sent: Thursday, December 04, 2003 2:43 PM
> > > > >> > > To: [EMAIL PROTECTED]
> > > > >> > > Subject

RE: [Declude.JunkMail] Windows Server 2003

2003-12-19 Thread Todd Holt
I'm just giving you a hard time, John.  I appreciate your effort to
collate some data on the subject.

Todd Holt
Xidix Technologies, Inc
Las Vegas, NV  USA
www.xidix.com
702.319.4349



> -Original Message-
> From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
> [EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists)
> Sent: Friday, December 19, 2003 4:29 PM
> To: [EMAIL PROTECTED]
> Subject: RE: [Declude.JunkMail] Windows Server 2003
> 
> No. I am saying that only 176 responses to the survey does not give a
> reliable survey result when there are clearly at least 10 times that
many
> out there, if not way more.
> 
> John Tolmachoff
> Engineer/Consultant/Owner
> eServices For You
> 
> > -Original Message-
> > From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
> > [EMAIL PROTECTED] On Behalf Of Todd Holt
> > Sent: Friday, December 19, 2003 4:13 PM
> > To: [EMAIL PROTECTED]
> > Subject: RE: [Declude.JunkMail] Windows Server 2003
> >
> > John,
> > Are you saying that small servers are not reliable?? :))
> >
> > Todd Holt
> > Xidix Technologies, Inc
> > Las Vegas, NV  USA
> > www.xidix.com
> > 702.319.4349
> >
> >
> >
> > > -Original Message-
> > > From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
> > > [EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists)
> > > Sent: Friday, December 19, 2003 3:05 PM
> > > To: [EMAIL PROTECTED]
> > > Subject: RE: [Declude.JunkMail] Windows Server 2003
> > >
> > > Unfortunately, there were only 176 responses, mostly from small to
mid
> > > size
> > > setups. Therefore, the results were not reliable.
> > >
> > > John Tolmachoff
> > > Engineer/Consultant/Owner
> > > eServices For You
> > >
> > >
> > > > -Original Message-
> > > > From: [EMAIL PROTECTED]
[mailto:Declude.JunkMail-
> > > > [EMAIL PROTECTED] On Behalf Of Omar K.
> > > > Sent: Friday, December 19, 2003 2:15 PM
> > > > To: [EMAIL PROTECTED]
> > > > Subject: RE: [Declude.JunkMail] Windows Server 2003
> > > >
> > > > Yeah, whatever happened to that, I poured my heart out there :)
> > > >
> > > > -Original Message-
> > > > From: [EMAIL PROTECTED]
> > > > [mailto:[EMAIL PROTECTED] On Behalf Of
DLAnalyzer
> > > > Support
> > > > Sent: Friday, December 19, 2003 11:52 PM
> > > > To: [EMAIL PROTECTED]
> > > > Subject: Re: [Declude.JunkMail] Windows Server 2003
> > > >
> > > >
> > > > John,
> > > >
> > > > I remember you did a survey awhile back on problems with
Imail/etc.
> > > Were
> > > > the results of that ever posted?
> > > >
> > > > Darrell
> > > >  
> > > > Check Out DLAnalyzer a comprehensive reporting tool for
> > > > Declude Junkmail Logs - http://www.dlanalyzer.com
> > > >
> > > >
> > > > John Tolmachoff (Lists) writes:
> > > >
> > > > > For the majority, W2K3 is the way to go if you are able to.
> > Ipswitch
> > > > does
> > > > > support running Imail on W2K3.
> > > > >
> > > > > There are some possible issues.
> > > > >
> > > > > 1. Running MS DSN service on W2K3 WITH Imail Anti-Spam DNS
tests
> > is a
> > > > > problem.
> > > > >
> > > > > 2. Some issues have been reported on the Imail list when the
> > server
> > > > > processes a high volume of messages per day. Nothing seems to
be
> > > > conclusive
> > > > > as far as I know to date, and from the posts, I have not seen
a
> > > definite
> > > > > pattern.
> > > > >
> > > > > John Tolmachoff
> > > > > Engineer/Consultant/Owner
> > > > > eServices For You
> > > > >
> > > > >
> > > > >> -Original Message-
> > > > >> From: [EMAIL PROTECTED]
> > [mailto:Declude.JunkMail-
> > > > >> [EMAIL PROTECTED] On Behalf Of Jonathan
> > > > >> Sent: Thursday, December 18, 2003 10:44 PM
> > > > >> To: [EMAIL PROTECTED]
> > > > >> Subject: RE: [Declude.JunkMail] Windows Server 2003
> > > > >>
> > > > >> So I haven't heard anything else back on this .. are you guys
all
> > > > staying
> > > > >> away from Windows 2003 and Imail? I'm having a hard time
trying
> > to
> > > > justify
> > > > >> the risk of running new servers on 2k3 when 2k works just
fine ..
> > but
> > > > then
> > > > >> again, 2k3 seems more stable over time  but not if Imail
> > doesn't
> > > > >> support it well yet.
> > > > >>
> > > > >> g
> > > > >>
> > > > >> Thoughts?
> > > > >>
> > > > >> Jonathan
> > > > >>
> > > > >> At 05:04 PM 12/4/2003, you wrote:
> > > > >> >The issues seem to appear at high volumes.
> > > > >> >
> > > > >> >Besides, I am more than willing to use those licenses for
you.
> > ;)
> > > > >> >
> > > > >> >John Tolmachoff
> > > > >> >Engineer/Consultant/Owner
> > > > >> >eServices For You
> > > > >> >
> > > > >> >
> > > > >> > > -Original Message-
> > > > >> > > From: [EMAIL PROTECTED]
> > > [mailto:Declude.JunkMail-
> > > > >> > > [EMAIL PROTECTED] On Behalf Of Jonathan
> > > > >> > > Sent: Thursday, December 04, 2003 2:43 PM
> > > > >> > > To: [EMAIL PROTECTED]
> > > > >> > > Subject: [Declude.JunkMail] Windows Server 2003
> > > > >> > >
> > > > >> > > So, what's the scoop wit

RE: [Declude.JunkMail] messages not being delivered

2003-12-19 Thread Jeffrey Di Gregorio
Scott,

Thank you for the explanation. The message was getting deleted as an outlook
blank folding vulnerability.  I have read up on what this is, and I do not
want to disable checking for vulnerabilities altogether.  Is there any way
for me to allow these messages to this one user?  

-Original Message-
From: R. Scott Perry [mailto:[EMAIL PROTECTED] 
Sent: Friday, December 19, 2003 3:36 PM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.JunkMail] messages not being delivered


>Thanks for the quick reply.  The message I'm concerned with is process
>E9380148 and it just appears to stop with no more entries right at the
point
>of those mx failure entries.

The catch here is that you are just looking at the SMTPD entries (the 
process identifier changes for the SMTP or SMTP- entries), which won't show 
the E-mail being delivered.

What you need to do is look at the last SMTPD entry, the one with the 
filename ("d:\IMAIL\spool\D5ec1e938014870fd.SMD").  Then, you need to 
search for the filename minus the path, first character, and extension.  So 
in this case, you would use "5ec1e938014870fd" (you can use this to search 
the IMail and/or Declude log files to find references to the 
E-mail).  There should be "SMTP" or "SMTP-" entries in the IMail SMTP log 
file (unless it was blocked by Declude JunkMail -- in that case, 
"5ec1e938014870fd" should appear in the Declude JunkMail log file, 
explaining what happened).

-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
Declude Virus: Catches known viruses and is the leader in mailserver 
vulnerability detection.
Find out what you've been missing: Ask about our free 30-day evaluation.

---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.


RE: [Declude.JunkMail] Windows Server 2003

2003-12-19 Thread John Tolmachoff \(Lists\)
No. I am saying that only 176 responses to the survey does not give a
reliable survey result when there are clearly at least 10 times that many
out there, if not way more.

John Tolmachoff
Engineer/Consultant/Owner
eServices For You

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
> [EMAIL PROTECTED] On Behalf Of Todd Holt
> Sent: Friday, December 19, 2003 4:13 PM
> To: [EMAIL PROTECTED]
> Subject: RE: [Declude.JunkMail] Windows Server 2003
> 
> John,
> Are you saying that small servers are not reliable?? :))
> 
> Todd Holt
> Xidix Technologies, Inc
> Las Vegas, NV  USA
> www.xidix.com
> 702.319.4349
> 
> 
> 
> > -Original Message-
> > From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
> > [EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists)
> > Sent: Friday, December 19, 2003 3:05 PM
> > To: [EMAIL PROTECTED]
> > Subject: RE: [Declude.JunkMail] Windows Server 2003
> >
> > Unfortunately, there were only 176 responses, mostly from small to mid
> > size
> > setups. Therefore, the results were not reliable.
> >
> > John Tolmachoff
> > Engineer/Consultant/Owner
> > eServices For You
> >
> >
> > > -Original Message-
> > > From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
> > > [EMAIL PROTECTED] On Behalf Of Omar K.
> > > Sent: Friday, December 19, 2003 2:15 PM
> > > To: [EMAIL PROTECTED]
> > > Subject: RE: [Declude.JunkMail] Windows Server 2003
> > >
> > > Yeah, whatever happened to that, I poured my heart out there :)
> > >
> > > -Original Message-
> > > From: [EMAIL PROTECTED]
> > > [mailto:[EMAIL PROTECTED] On Behalf Of DLAnalyzer
> > > Support
> > > Sent: Friday, December 19, 2003 11:52 PM
> > > To: [EMAIL PROTECTED]
> > > Subject: Re: [Declude.JunkMail] Windows Server 2003
> > >
> > >
> > > John,
> > >
> > > I remember you did a survey awhile back on problems with Imail/etc.
> > Were
> > > the results of that ever posted?
> > >
> > > Darrell
> > >  
> > > Check Out DLAnalyzer a comprehensive reporting tool for
> > > Declude Junkmail Logs - http://www.dlanalyzer.com
> > >
> > >
> > > John Tolmachoff (Lists) writes:
> > >
> > > > For the majority, W2K3 is the way to go if you are able to.
> Ipswitch
> > > does
> > > > support running Imail on W2K3.
> > > >
> > > > There are some possible issues.
> > > >
> > > > 1. Running MS DSN service on W2K3 WITH Imail Anti-Spam DNS tests
> is a
> > > > problem.
> > > >
> > > > 2. Some issues have been reported on the Imail list when the
> server
> > > > processes a high volume of messages per day. Nothing seems to be
> > > conclusive
> > > > as far as I know to date, and from the posts, I have not seen a
> > definite
> > > > pattern.
> > > >
> > > > John Tolmachoff
> > > > Engineer/Consultant/Owner
> > > > eServices For You
> > > >
> > > >
> > > >> -Original Message-
> > > >> From: [EMAIL PROTECTED]
> [mailto:Declude.JunkMail-
> > > >> [EMAIL PROTECTED] On Behalf Of Jonathan
> > > >> Sent: Thursday, December 18, 2003 10:44 PM
> > > >> To: [EMAIL PROTECTED]
> > > >> Subject: RE: [Declude.JunkMail] Windows Server 2003
> > > >>
> > > >> So I haven't heard anything else back on this .. are you guys all
> > > staying
> > > >> away from Windows 2003 and Imail? I'm having a hard time trying
> to
> > > justify
> > > >> the risk of running new servers on 2k3 when 2k works just fine ..
> but
> > > then
> > > >> again, 2k3 seems more stable over time  but not if Imail
> doesn't
> > > >> support it well yet.
> > > >>
> > > >> g
> > > >>
> > > >> Thoughts?
> > > >>
> > > >> Jonathan
> > > >>
> > > >> At 05:04 PM 12/4/2003, you wrote:
> > > >> >The issues seem to appear at high volumes.
> > > >> >
> > > >> >Besides, I am more than willing to use those licenses for you.
> ;)
> > > >> >
> > > >> >John Tolmachoff
> > > >> >Engineer/Consultant/Owner
> > > >> >eServices For You
> > > >> >
> > > >> >
> > > >> > > -Original Message-
> > > >> > > From: [EMAIL PROTECTED]
> > [mailto:Declude.JunkMail-
> > > >> > > [EMAIL PROTECTED] On Behalf Of Jonathan
> > > >> > > Sent: Thursday, December 04, 2003 2:43 PM
> > > >> > > To: [EMAIL PROTECTED]
> > > >> > > Subject: [Declude.JunkMail] Windows Server 2003
> > > >> > >
> > > >> > > So, what's the scoop with current Imail 8, declude, sniffer,
> etc
> > on
> > > >> > > Windows
> > > >> > > 2003 Server? We're thinking about moving it to some new iron
> > > >> internally,
> > > >> > > and Ive got some 2k3 licenses just burning a hole in my
> pocket.
> > :)
> > > >> > >
> > > >> > > I heard some stability issues, saw some imail patches/etc ..
> > things
> > > >> stable
> > > >> > > (and *robust*) now? Relatively high volumes of email ..
> > > >> > >
> > > >> > > Jonathan
> > > >> > >
> > > >> > > ---
> > > >> > > [This E-mail was scanned for viruses by Declude Virus
> > > >> > > (http://www.declude.com)]
> > > >> > >
> > > >> > > ---
> > > >> > > This E-mail came from the Declude.JunkMail mailing list.  To
> > > >> > > unsubsc

[Declude.JunkMail] SPF broken with v1.77i4?

2003-12-19 Thread Bill Landry
Scott, I updated to v1.77i4 for the added logging, however, now SPF appears
not to be working at all.  Logging shows up in spf.none, but no logging
shows up in spf.log any longer.  I sent a test message through that failed
SPF on v1.77i3, but passed right through without notice with v1.77i4.

Bill

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.


RE: [Declude.JunkMail] Windows Server 2003

2003-12-19 Thread Todd Holt
John,
Are you saying that small servers are not reliable?? :))

Todd Holt
Xidix Technologies, Inc
Las Vegas, NV  USA
www.xidix.com
702.319.4349



> -Original Message-
> From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
> [EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists)
> Sent: Friday, December 19, 2003 3:05 PM
> To: [EMAIL PROTECTED]
> Subject: RE: [Declude.JunkMail] Windows Server 2003
> 
> Unfortunately, there were only 176 responses, mostly from small to mid
> size
> setups. Therefore, the results were not reliable.
> 
> John Tolmachoff
> Engineer/Consultant/Owner
> eServices For You
> 
> 
> > -Original Message-
> > From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
> > [EMAIL PROTECTED] On Behalf Of Omar K.
> > Sent: Friday, December 19, 2003 2:15 PM
> > To: [EMAIL PROTECTED]
> > Subject: RE: [Declude.JunkMail] Windows Server 2003
> >
> > Yeah, whatever happened to that, I poured my heart out there :)
> >
> > -Original Message-
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED] On Behalf Of DLAnalyzer
> > Support
> > Sent: Friday, December 19, 2003 11:52 PM
> > To: [EMAIL PROTECTED]
> > Subject: Re: [Declude.JunkMail] Windows Server 2003
> >
> >
> > John,
> >
> > I remember you did a survey awhile back on problems with Imail/etc.
> Were
> > the results of that ever posted?
> >
> > Darrell
> >  
> > Check Out DLAnalyzer a comprehensive reporting tool for
> > Declude Junkmail Logs - http://www.dlanalyzer.com
> >
> >
> > John Tolmachoff (Lists) writes:
> >
> > > For the majority, W2K3 is the way to go if you are able to.
Ipswitch
> > does
> > > support running Imail on W2K3.
> > >
> > > There are some possible issues.
> > >
> > > 1. Running MS DSN service on W2K3 WITH Imail Anti-Spam DNS tests
is a
> > > problem.
> > >
> > > 2. Some issues have been reported on the Imail list when the
server
> > > processes a high volume of messages per day. Nothing seems to be
> > conclusive
> > > as far as I know to date, and from the posts, I have not seen a
> definite
> > > pattern.
> > >
> > > John Tolmachoff
> > > Engineer/Consultant/Owner
> > > eServices For You
> > >
> > >
> > >> -Original Message-
> > >> From: [EMAIL PROTECTED]
[mailto:Declude.JunkMail-
> > >> [EMAIL PROTECTED] On Behalf Of Jonathan
> > >> Sent: Thursday, December 18, 2003 10:44 PM
> > >> To: [EMAIL PROTECTED]
> > >> Subject: RE: [Declude.JunkMail] Windows Server 2003
> > >>
> > >> So I haven't heard anything else back on this .. are you guys all
> > staying
> > >> away from Windows 2003 and Imail? I'm having a hard time trying
to
> > justify
> > >> the risk of running new servers on 2k3 when 2k works just fine ..
but
> > then
> > >> again, 2k3 seems more stable over time  but not if Imail
doesn't
> > >> support it well yet.
> > >>
> > >> g
> > >>
> > >> Thoughts?
> > >>
> > >> Jonathan
> > >>
> > >> At 05:04 PM 12/4/2003, you wrote:
> > >> >The issues seem to appear at high volumes.
> > >> >
> > >> >Besides, I am more than willing to use those licenses for you.
;)
> > >> >
> > >> >John Tolmachoff
> > >> >Engineer/Consultant/Owner
> > >> >eServices For You
> > >> >
> > >> >
> > >> > > -Original Message-
> > >> > > From: [EMAIL PROTECTED]
> [mailto:Declude.JunkMail-
> > >> > > [EMAIL PROTECTED] On Behalf Of Jonathan
> > >> > > Sent: Thursday, December 04, 2003 2:43 PM
> > >> > > To: [EMAIL PROTECTED]
> > >> > > Subject: [Declude.JunkMail] Windows Server 2003
> > >> > >
> > >> > > So, what's the scoop with current Imail 8, declude, sniffer,
etc
> on
> > >> > > Windows
> > >> > > 2003 Server? We're thinking about moving it to some new iron
> > >> internally,
> > >> > > and Ive got some 2k3 licenses just burning a hole in my
pocket.
> :)
> > >> > >
> > >> > > I heard some stability issues, saw some imail patches/etc ..
> things
> > >> stable
> > >> > > (and *robust*) now? Relatively high volumes of email ..
> > >> > >
> > >> > > Jonathan
> > >> > >
> > >> > > ---
> > >> > > [This E-mail was scanned for viruses by Declude Virus
> > >> > > (http://www.declude.com)]
> > >> > >
> > >> > > ---
> > >> > > This E-mail came from the Declude.JunkMail mailing list.  To
> > >> > > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> > >> > > type "unsubscribe Declude.JunkMail".  The archives can be
found
> > >> > > at http://www.mail-archive.com.
> > >> >
> > >> >---
> > >> >[This E-mail was scanned for viruses by Declude Virus
> > >> >(http://www.declude.com)]
> > >> >
> > >> >---
> > >> >This E-mail came from the Declude.JunkMail mailing list.  To
> > >> >unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> > >> >type "unsubscribe Declude.JunkMail".  The archives can be found
> > >> >at http://www.mail-archive.com.
> > >>
> > >> ---
> > >> [This E-mail was scanned for viruses by Declude Virus
> > >> (http://www.declude.com)]
> > >>
> > >> ---
> > >> This E-mail came from the Declude.JunkMail mailing list.  To
> > >> unsubscribe, just se

RE: [Declude.JunkMail] Host Alias Question

2003-12-19 Thread R. Scott Perry

Yes, I have per-domain settings.

I do not scan their mail for spam unless they pay for it. So, I turn the
domains on individually.
I assume I need to set up each individual domain in Declude.
With per-domain settings, you'll need to either list all the domains that 
you want enabled (and have the \IMail\Declude\$default$.JunkMail file set 
to use the IGNORE action on all tests), or list all the domains that you do 
not want enabled (and have the \IMail\Declude\$default$.JunkMail file used 
to block mail).

Another option is to use the REDIRECT command, which may make 
administration a bit easier.

For the per-domain settings, you'll need to use the official name of the 
domain (not one of the host aliases).

   -Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
Declude Virus: Catches known viruses and is the leader in mailserver 
vulnerability detection.
Find out what you've been missing: Ask about our free 30-day evaluation.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.


RE: [Declude.JunkMail] Host Alias Question

2003-12-19 Thread Paul Fuhrmeister
Yes, I have per-domain settings. 

I do not scan their mail for spam unless they pay for it. So, I turn the
domains on individually. 

I assume I need to set up each individual domain in Declude. 

[EMAIL PROTECTED]

> 
> You will only need to do something special if you set up per-user or 
> per-domain settings.
> 
> -Scott
> ---
> Declude JunkMail: The advanced anti-spam solution for IMail 
> mailservers. Declude Virus: Catches known viruses and is the 
> leader in mailserver 
> vulnerability detection.
> Find out what you've been missing: Ask about our free 30-day 
> evaluation.
> 
> ---
> [This E-mail was scanned for viruses by Declude Virus 
(http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To unsubscribe,
just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe
Declude.JunkMail".  The archives can be found at
http://www.mail-archive.com.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.


RE: [Declude.JunkMail] messages not being delivered

2003-12-19 Thread R. Scott Perry

Thanks for the quick reply.  The message I'm concerned with is process
E9380148 and it just appears to stop with no more entries right at the point
of those mx failure entries.
The catch here is that you are just looking at the SMTPD entries (the 
process identifier changes for the SMTP or SMTP- entries), which won't show 
the E-mail being delivered.

What you need to do is look at the last SMTPD entry, the one with the 
filename ("d:\IMAIL\spool\D5ec1e938014870fd.SMD").  Then, you need to 
search for the filename minus the path, first character, and extension.  So 
in this case, you would use "5ec1e938014870fd" (you can use this to search 
the IMail and/or Declude log files to find references to the 
E-mail).  There should be "SMTP" or "SMTP-" entries in the IMail SMTP log 
file (unless it was blocked by Declude JunkMail -- in that case, 
"5ec1e938014870fd" should appear in the Declude JunkMail log file, 
explaining what happened).

   -Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
Declude Virus: Catches known viruses and is the leader in mailserver 
vulnerability detection.
Find out what you've been missing: Ask about our free 30-day evaluation.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.


RE: [Declude.JunkMail] messages not being delivered

2003-12-19 Thread Jeffrey Di Gregorio
Scott,

Thanks for the quick reply.  The message I'm concerned with is process
E9380148 and it just appears to stop with no more entries right at the point
of those mx failure entries. But, like you pointed out these mx failure
entries are for a different process.  I do have a ROUTETO action in Declude
Junkmail, but it is only for routing messages to a special mailbox in the
PSR domain that fail my weight40 test (it did not appear in this mailbox),
and besides I could not find any entries for this message in my dec or vir
log files, which I think it would have, had it failed any these tests. Any
ideas?
Thanks for any help
Jeffrey

-Original Message-
From: R. Scott Perry [mailto:[EMAIL PROTECTED] 
Sent: Friday, December 19, 2003 2:58 PM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.JunkMail] messages not being delivered


>I seem to be having messages disappearing from one particular sender.  I 
>have tested this by having them send a message to me which appears in the 
>log file at my gateway mail server then nothing happens after that and 
>there are no entries in the vir or dec log files. It does show a failure 
>in MX connect... I had them send another message to me from another user 
>at the same domain and it arrives without any issues.  I have attached a 
>txt file of the log entries. I do not understand what is going on here, 
>and what I can do about it.  Any advice or help in my understanding of 
>this would be much appreciated.

You may want to try going to http://www.declude.com/info/logs.htm for some 
information on reading IMail log files.

The MX connect fails shown in the log are for E-mails to an IP for 
t-online.com.  However, since the log file entries related to those E-mails 
weren't included, I can't say what E-mail address they belong to (and 
whether or not IMail used the correct IP).

Are you by chance using the ROUTETO action in Declude JunkMail (which would 
explain why an E-mail addressed to psr.edu was instead sent to another
domain)?

-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
Declude Virus: Catches known viruses and is the leader in mailserver 
vulnerability detection.
Find out what you've been missing: Ask about our free 30-day evaluation.

---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.


RE: [Declude.JunkMail] Windows Server 2003

2003-12-19 Thread John Tolmachoff \(Lists\)
Unfortunately, there were only 176 responses, mostly from small to mid size
setups. Therefore, the results were not reliable.

John Tolmachoff
Engineer/Consultant/Owner
eServices For You


> -Original Message-
> From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
> [EMAIL PROTECTED] On Behalf Of Omar K.
> Sent: Friday, December 19, 2003 2:15 PM
> To: [EMAIL PROTECTED]
> Subject: RE: [Declude.JunkMail] Windows Server 2003
> 
> Yeah, whatever happened to that, I poured my heart out there :)
> 
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of DLAnalyzer
> Support
> Sent: Friday, December 19, 2003 11:52 PM
> To: [EMAIL PROTECTED]
> Subject: Re: [Declude.JunkMail] Windows Server 2003
> 
> 
> John,
> 
> I remember you did a survey awhile back on problems with Imail/etc.  Were
> the results of that ever posted?
> 
> Darrell
>  
> Check Out DLAnalyzer a comprehensive reporting tool for
> Declude Junkmail Logs - http://www.dlanalyzer.com
> 
> 
> John Tolmachoff (Lists) writes:
> 
> > For the majority, W2K3 is the way to go if you are able to. Ipswitch
> does
> > support running Imail on W2K3.
> >
> > There are some possible issues.
> >
> > 1. Running MS DSN service on W2K3 WITH Imail Anti-Spam DNS tests is a
> > problem.
> >
> > 2. Some issues have been reported on the Imail list when the server
> > processes a high volume of messages per day. Nothing seems to be
> conclusive
> > as far as I know to date, and from the posts, I have not seen a definite
> > pattern.
> >
> > John Tolmachoff
> > Engineer/Consultant/Owner
> > eServices For You
> >
> >
> >> -Original Message-
> >> From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
> >> [EMAIL PROTECTED] On Behalf Of Jonathan
> >> Sent: Thursday, December 18, 2003 10:44 PM
> >> To: [EMAIL PROTECTED]
> >> Subject: RE: [Declude.JunkMail] Windows Server 2003
> >>
> >> So I haven't heard anything else back on this .. are you guys all
> staying
> >> away from Windows 2003 and Imail? I'm having a hard time trying to
> justify
> >> the risk of running new servers on 2k3 when 2k works just fine .. but
> then
> >> again, 2k3 seems more stable over time  but not if Imail doesn't
> >> support it well yet.
> >>
> >> g
> >>
> >> Thoughts?
> >>
> >> Jonathan
> >>
> >> At 05:04 PM 12/4/2003, you wrote:
> >> >The issues seem to appear at high volumes.
> >> >
> >> >Besides, I am more than willing to use those licenses for you. ;)
> >> >
> >> >John Tolmachoff
> >> >Engineer/Consultant/Owner
> >> >eServices For You
> >> >
> >> >
> >> > > -Original Message-
> >> > > From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
> >> > > [EMAIL PROTECTED] On Behalf Of Jonathan
> >> > > Sent: Thursday, December 04, 2003 2:43 PM
> >> > > To: [EMAIL PROTECTED]
> >> > > Subject: [Declude.JunkMail] Windows Server 2003
> >> > >
> >> > > So, what's the scoop with current Imail 8, declude, sniffer, etc on
> >> > > Windows
> >> > > 2003 Server? We're thinking about moving it to some new iron
> >> internally,
> >> > > and Ive got some 2k3 licenses just burning a hole in my pocket. :)
> >> > >
> >> > > I heard some stability issues, saw some imail patches/etc .. things
> >> stable
> >> > > (and *robust*) now? Relatively high volumes of email ..
> >> > >
> >> > > Jonathan
> >> > >
> >> > > ---
> >> > > [This E-mail was scanned for viruses by Declude Virus
> >> > > (http://www.declude.com)]
> >> > >
> >> > > ---
> >> > > This E-mail came from the Declude.JunkMail mailing list.  To
> >> > > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> >> > > type "unsubscribe Declude.JunkMail".  The archives can be found
> >> > > at http://www.mail-archive.com.
> >> >
> >> >---
> >> >[This E-mail was scanned for viruses by Declude Virus
> >> >(http://www.declude.com)]
> >> >
> >> >---
> >> >This E-mail came from the Declude.JunkMail mailing list.  To
> >> >unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> >> >type "unsubscribe Declude.JunkMail".  The archives can be found
> >> >at http://www.mail-archive.com.
> >>
> >> ---
> >> [This E-mail was scanned for viruses by Declude Virus
> >> (http://www.declude.com)]
> >>
> >> ---
> >> This E-mail came from the Declude.JunkMail mailing list.  To
> >> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> >> type "unsubscribe Declude.JunkMail".  The archives can be found
> >> at http://www.mail-archive.com.
> >
> > ---
> > [This E-mail was scanned for viruses by Declude Virus
> (http://www.declude.com)]
> >
> > ---
> > This E-mail came from the Declude.JunkMail mailing list.  To
> > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> > type "unsubscribe Declude.JunkMail".  The archives can be found
> > at http://www.mail-archive.com.
> 
> ---
> [This E-mail was scanned for viruses by Declude Virus
> (http://www.declude.com)]
> 
> ---
> This E-mail came from the Declude.JunkMail mailing list.  To
> unsubscribe, just send an E-mail

Re: [Declude.JunkMail] messages not being delivered

2003-12-19 Thread R. Scott Perry

I seem to be having messages disappearing from one particular sender.  I 
have tested this by having them send a message to me which appears in the 
log file at my gateway mail server then nothing happens after that and 
there are no entries in the vir or dec log files. It does show a failure 
in MX connect... I had them send another message to me from another user 
at the same domain and it arrives without any issues.  I have attached a 
txt file of the log entries. I do not understand what is going on here, 
and what I can do about it.  Any advice or help in my understanding of 
this would be much appreciated.
You may want to try going to http://www.declude.com/info/logs.htm for some 
information on reading IMail log files.

The MX connect fails shown in the log are for E-mails to an IP for 
t-online.com.  However, since the log file entries related to those E-mails 
weren't included, I can't say what E-mail address they belong to (and 
whether or not IMail used the correct IP).

Are you by chance using the ROUTETO action in Declude JunkMail (which would 
explain why an E-mail addressed to psr.edu was instead sent to another domain)?

   -Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
Declude Virus: Catches known viruses and is the leader in mailserver 
vulnerability detection.
Find out what you've been missing: Ask about our free 30-day evaluation.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.


[Declude.JunkMail] messages not being delivered

2003-12-19 Thread Jeffrey Di Gregorio








Hello,

 

I seem to be having messages disappearing from one
particular sender.  I have tested this by having them send a message to me
which appears in the log file at my gateway mail server then nothing happens
after that and there are no entries in the vir or dec log files. It does show a
failure in MX connect... I had them send another message to me from another
user at the same domain and it arrives without any issues.  I have
attached a txt file of the log entries. I do not understand what is going on
here, and what I can do about it.  Any advice or help in my understanding
of this would be much appreciated.

 

Thanks,

 

Jeffrey

 

Jeffrey Di Gregorio

Systems Administrator

Pacific School of Religion

510-849-8283

 






20031219 122537 127.0.0.1   SMTPD (E9380148) [209.76.204.2] connect 169.229.70.239 
port 2121
20031219 122537 127.0.0.1   SMTPD (E9380148) [169.229.70.239] EHLO 
universe.housing.berkeley.edu
20031219 122537 127.0.0.1   SMTPD (E9380148) [169.229.70.239] MAIL FROM:<[EMAIL 
PROTECTED]>
20031219 122537 127.0.0.1   SMTPD (E9380148) [169.229.70.239] RCPT TO:<[EMAIL 
PROTECTED]>
20031219 122537 127.0.0.1   SMTPD (E9380148) [169.229.70.239] 
d:\IMAIL\spool\D5ec1e938014870fd.SMD 24387


20031219 122537 127.0.0.1   SMTPD (E9380148) [209.76.204.2] connect 169.229.70.239 
port 2121
20031219 122537 127.0.0.1   SMTPD (E9380148) [169.229.70.239] EHLO 
universe.housing.berkeley.edu
20031219 122537 127.0.0.1   SMTPD (E9380148) [169.229.70.239] MAIL FROM:<[EMAIL 
PROTECTED]>
20031219 122537 127.0.0.1   SMTPD (E9380148) [169.229.70.239] RCPT TO:<[EMAIL 
PROTECTED]>
20031219 122537 127.0.0.1   SMTPD (E9380148) [169.229.70.239] 
d:\IMAIL\spool\D5ec1e938014870fd.SMD 24387
20031219 122547 127.0.0.1   SMTPD (DFE5012E) [209.76.204.2] connect 209.76.204.2 
port 2898
20031219 122602 127.0.0.1   SMTP (461) MX connect fail "194.25.134.99"
20031219 122647 127.0.0.1   SMTPD (DFE7012E) [209.76.204.2] connect 209.76.204.2 
port 2902
20031219 122651 127.0.0.1   SMTP (461) MX connect fail "194.25.134.28"
20031219 122708 127.0.0.1   SMTPD (C6630142) [209.76.204.2] connect 211.144.32.198 
port 4442


20031219 122429 127.0.0.1   SMTPD (6DEC0134) [209.76.204.2] connect 128.32.25.164 
port 56678
20031219 122430 127.0.0.1   SMTPD (6DEC0134) [128.32.25.164] EHLO 
uclink-r.berkeley.edu
20031219 122430 127.0.0.1   SMTPD (6DEC0134) [128.32.25.164] MAIL From:<[EMAIL 
PROTECTED]>
20031219 122430 127.0.0.1   SMTPD (6DEC0134) [128.32.25.164] RCPT To:<[EMAIL 
PROTECTED]>
20031219 122430 127.0.0.1   SMTPD (6DEC0134) [128.32.25.164] 
d:\IMAIL\spool\D5e7e6dec013469be.SMD 3260
20031219 122435 127.0.0.1   SMTP (397) processing 
d:\IMAIL\spool\Q5e7e6dec013469be.SMD
20031219 122436 127.0.0.1   SMTP (397) Trying psr.edu (0)
20031219 122436 127.0.0.1   SMTP (397) Connect psr.edu [64.162.197.3:25] (1)
20031219 122436 127.0.0.1   SMTP (397) 220 chirala.psr.edu ESMTP Server (Microsoft 
Exchange Internet Mail Service 5.5.2653.13) ready
20031219 122436 127.0.0.1   SMTP (397) >EHLO mecca.psr.edu
20031219 122436 127.0.0.1   SMTP (397) 250-chirala.psr.edu Hello [mecca.psr.edu]
20031219 122436 127.0.0.1   SMTP (397) 250-XEXCH50
20031219 122436 127.0.0.1   SMTP (397) 250-HELP
20031219 122436 127.0.0.1   SMTP (397) 250-ETRN
20031219 122436 127.0.0.1   SMTP (397) 250-DSN
20031219 122436 127.0.0.1   SMTP (397) 250-SIZE 0
20031219 122436 127.0.0.1   SMTP (397) 250-AUTH LOGIN
20031219 122436 127.0.0.1   SMTP (397) 250 AUTH=LOGIN
20031219 122436 127.0.0.1   SMTP (397) >MAIL FROM:<[EMAIL PROTECTED]>
20031219 122436 127.0.0.1   SMTP (397) 250 OK - mail from <[EMAIL PROTECTED]>
20031219 122436 127.0.0.1   SMTP (397) >RCPT To:<[EMAIL PROTECTED]>
20031219 122436 127.0.0.1   SMTP (397) 250 OK - Recipient <[EMAIL PROTECTED]>
20031219 122436 127.0.0.1   SMTP (397) >DATA
20031219 122436 127.0.0.1   SMTP (397) 354 Send data.  End with CRLF.CRLF
20031219 122436 127.0.0.1   SMTP (397) >.
20031219 122436 127.0.0.1   SMTP (397) 250 OK
20031219 122436 127.0.0.1   SMTP (397) rdeliver psr.edu [EMAIL PROTECTED] (1) 
<[EMAIL PROTECTED]> 3794
20031219 122436 127.0.0.1   SMTP (397) >QUIT
20031219 122436 127.0.0.1   SMTP (397) 221 closing connection
20031219 122436 127.0.0.1   SMTP (397) finished 
d:\IMAIL\spool\Q5e7e6dec013469be.SMD status=1

RE: [Declude.JunkMail] Windows Server 2003

2003-12-19 Thread Omar K.
Yeah, whatever happened to that, I poured my heart out there :)

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of DLAnalyzer Support
Sent: Friday, December 19, 2003 11:52 PM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.JunkMail] Windows Server 2003


John, 

I remember you did a survey awhile back on problems with Imail/etc.  Were 
the results of that ever posted? 

Darrell
 
Check Out DLAnalyzer a comprehensive reporting tool for
Declude Junkmail Logs - http://www.dlanalyzer.com 


John Tolmachoff (Lists) writes: 

> For the majority, W2K3 is the way to go if you are able to. Ipswitch does
> support running Imail on W2K3. 
> 
> There are some possible issues. 
> 
> 1. Running MS DSN service on W2K3 WITH Imail Anti-Spam DNS tests is a
> problem. 
> 
> 2. Some issues have been reported on the Imail list when the server
> processes a high volume of messages per day. Nothing seems to be
conclusive
> as far as I know to date, and from the posts, I have not seen a definite
> pattern. 
> 
> John Tolmachoff
> Engineer/Consultant/Owner
> eServices For You 
> 
> 
>> -Original Message-
>> From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
>> [EMAIL PROTECTED] On Behalf Of Jonathan
>> Sent: Thursday, December 18, 2003 10:44 PM
>> To: [EMAIL PROTECTED]
>> Subject: RE: [Declude.JunkMail] Windows Server 2003 
>> 
>> So I haven't heard anything else back on this .. are you guys all staying
>> away from Windows 2003 and Imail? I'm having a hard time trying to
justify
>> the risk of running new servers on 2k3 when 2k works just fine .. but
then
>> again, 2k3 seems more stable over time  but not if Imail doesn't
>> support it well yet. 
>> 
>> g 
>> 
>> Thoughts? 
>> 
>> Jonathan 
>> 
>> At 05:04 PM 12/4/2003, you wrote:
>> >The issues seem to appear at high volumes.
>> >
>> >Besides, I am more than willing to use those licenses for you. ;)
>> >
>> >John Tolmachoff
>> >Engineer/Consultant/Owner
>> >eServices For You
>> >
>> >
>> > > -Original Message-
>> > > From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
>> > > [EMAIL PROTECTED] On Behalf Of Jonathan
>> > > Sent: Thursday, December 04, 2003 2:43 PM
>> > > To: [EMAIL PROTECTED]
>> > > Subject: [Declude.JunkMail] Windows Server 2003
>> > >
>> > > So, what's the scoop with current Imail 8, declude, sniffer, etc on
>> > > Windows
>> > > 2003 Server? We're thinking about moving it to some new iron
>> internally,
>> > > and Ive got some 2k3 licenses just burning a hole in my pocket. :)
>> > >
>> > > I heard some stability issues, saw some imail patches/etc .. things
>> stable
>> > > (and *robust*) now? Relatively high volumes of email ..
>> > >
>> > > Jonathan
>> > >
>> > > ---
>> > > [This E-mail was scanned for viruses by Declude Virus
>> > > (http://www.declude.com)]
>> > >
>> > > ---
>> > > This E-mail came from the Declude.JunkMail mailing list.  To
>> > > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
>> > > type "unsubscribe Declude.JunkMail".  The archives can be found
>> > > at http://www.mail-archive.com.
>> >
>> >---
>> >[This E-mail was scanned for viruses by Declude Virus
>> >(http://www.declude.com)]
>> >
>> >---
>> >This E-mail came from the Declude.JunkMail mailing list.  To
>> >unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
>> >type "unsubscribe Declude.JunkMail".  The archives can be found
>> >at http://www.mail-archive.com. 
>> 
>> ---
>> [This E-mail was scanned for viruses by Declude Virus
>> (http://www.declude.com)] 
>> 
>> ---
>> This E-mail came from the Declude.JunkMail mailing list.  To
>> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
>> type "unsubscribe Declude.JunkMail".  The archives can be found
>> at http://www.mail-archive.com.
> 
> ---
> [This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)] 
> 
> ---
> This E-mail came from the Declude.JunkMail mailing list.  To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.JunkMail".  The archives can be found
> at http://www.mail-archive.com.
 
---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.


Re: [Declude.JunkMail] Windows Server 2003

2003-12-19 Thread DLAnalyzer Support
John, 

I remember you did a survey awhile back on problems with Imail/etc.  Were 
the results of that ever posted? 

Darrell

Check Out DLAnalyzer a comprehensive reporting tool for
Declude Junkmail Logs - http://www.dlanalyzer.com 

John Tolmachoff (Lists) writes: 

For the majority, W2K3 is the way to go if you are able to. Ipswitch does
support running Imail on W2K3. 

There are some possible issues. 

1. Running MS DSN service on W2K3 WITH Imail Anti-Spam DNS tests is a
problem. 

2. Some issues have been reported on the Imail list when the server
processes a high volume of messages per day. Nothing seems to be conclusive
as far as I know to date, and from the posts, I have not seen a definite
pattern. 

John Tolmachoff
Engineer/Consultant/Owner
eServices For You 


-Original Message-
From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
[EMAIL PROTECTED] On Behalf Of Jonathan
Sent: Thursday, December 18, 2003 10:44 PM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.JunkMail] Windows Server 2003 

So I haven't heard anything else back on this .. are you guys all staying
away from Windows 2003 and Imail? I'm having a hard time trying to justify
the risk of running new servers on 2k3 when 2k works just fine .. but then
again, 2k3 seems more stable over time  but not if Imail doesn't
support it well yet. 

g 

Thoughts? 

Jonathan 

At 05:04 PM 12/4/2003, you wrote:
>The issues seem to appear at high volumes.
>
>Besides, I am more than willing to use those licenses for you. ;)
>
>John Tolmachoff
>Engineer/Consultant/Owner
>eServices For You
>
>
> > -Original Message-
> > From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
> > [EMAIL PROTECTED] On Behalf Of Jonathan
> > Sent: Thursday, December 04, 2003 2:43 PM
> > To: [EMAIL PROTECTED]
> > Subject: [Declude.JunkMail] Windows Server 2003
> >
> > So, what's the scoop with current Imail 8, declude, sniffer, etc on
> > Windows
> > 2003 Server? We're thinking about moving it to some new iron
internally,
> > and Ive got some 2k3 licenses just burning a hole in my pocket. :)
> >
> > I heard some stability issues, saw some imail patches/etc .. things
stable
> > (and *robust*) now? Relatively high volumes of email ..
> >
> > Jonathan
> >
> > ---
> > [This E-mail was scanned for viruses by Declude Virus
> > (http://www.declude.com)]
> >
> > ---
> > This E-mail came from the Declude.JunkMail mailing list.  To
> > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> > type "unsubscribe Declude.JunkMail".  The archives can be found
> > at http://www.mail-archive.com.
>
>---
>[This E-mail was scanned for viruses by Declude Virus
>(http://www.declude.com)]
>
>---
>This E-mail came from the Declude.JunkMail mailing list.  To
>unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
>type "unsubscribe Declude.JunkMail".  The archives can be found
>at http://www.mail-archive.com. 

---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)] 

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] 

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.


RE: [Declude.JunkMail] Declude not taking action

2003-12-19 Thread John Tolmachoff \(Lists\)
UPDATE:

>From a response I received from Ipswitch a bit ago:

"I think 8.05 might have addressed this...how about upgrading and letting me
know"

John Tolmachoff
Engineer/Consultant/Owner
eServices For You


> -Original Message-
> From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
> [EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists)
> Sent: Monday, December 08, 2003 6:55 AM
> To: [EMAIL PROTECTED]
> Subject: RE: [Declude.JunkMail] Declude not taking action
> 
> FYI, I have a support incident open with Ipswitch on this issue and have
> passed on others information posted here. Here is there response this
> morning:
> 
> "John, We're looking into it a bit further, I've passed the info to R&D
> for
> some further insight.  Thanks for your patience."
> 
> John Tolmachoff
> Engineer/Consultant/Owner
> eServices For You
> 
> > -Original Message-
> > From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
> > [EMAIL PROTECTED] On Behalf Of R. Scott Perry
> > Sent: Monday, December 08, 2003 5:03 AM
> > To: [EMAIL PROTECTED]
> > Subject: RE: [Declude.JunkMail] Declude not taking action
> >
> >
> > >- In our configuration we do all the IP4r tests in IMail and add header
> > for
> > >Declude to analyze.  It is as if IMail never added the headers.. Since
> > none
> > >are there.  Could it be that IMail somehow skips its own spam test?
> > Should
> > >we not expect if IMail has done all that it was to do the headers from
> > its
> > >spam test would show up?  Why are they absent?
> >
> > It sounds like the bug is hitting IMail, too.  I'd actually call that a
> > double-bug, if it is really true.
> >
> > The problem here seems to be that IMail's SMTPD process is unlocking the
> > E-mail, but then leaving it unlocked while it runs the spam tests!
> That's
> > the first bug -- it is supposed to lock the file.  The next bug is the
> > even
> > more serious one, that allows the queue manager to send out E-mail that
> > hasn't been fully processed yet.
> >
> > >May be if we try to present the common factors of the ones that are
> being
> > >skipped we can find what is causing it.  I know for sure we are getting
> > 5+ a
> > >day..
> >
> > It looks like you've found the common factor.
> >
> > We're going to do some testing here, but for some reason the IMail v8
> > anti-spam on our test server doesn't seem to be working.
> >
> > -Scott
> > ---
> > Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
> > Declude Virus: Catches known viruses and is the leader in mailserver
> > vulnerability detection.
> > Find out what you've been missing: Ask about our free 30-day evaluation.
> >
> > ---
> > [This E-mail was scanned for viruses by Declude Virus
> > (http://www.declude.com)]
> >
> > ---
> > This E-mail came from the Declude.JunkMail mailing list.  To
> > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> > type "unsubscribe Declude.JunkMail".  The archives can be found
> > at http://www.mail-archive.com.
> 
> ---
> [This E-mail was scanned for viruses by Declude Virus
> (http://www.declude.com)]
> 
> ---
> This E-mail came from the Declude.JunkMail mailing list.  To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.JunkMail".  The archives can be found
> at http://www.mail-archive.com.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.


Re: [Declude.JunkMail] OT SPF and Windows 2000 DNS

2003-12-19 Thread Burzin Sumariwalla
Thanks Bill!

B

At 02:08 PM 12/19/2003, you wrote:
Burzin, it doesn't matter where in the zone file the txt record goes.  You
could simply added it via the GUI, as well, since txt records are supported
by W2K DNS.
Bill
- Original Message -
From: "Burzin Sumariwalla" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, December 19, 2003 11:26 AM
Subject: [Declude.JunkMail] OT SPF and Windows 2000 DNS
> Hello,
>
> I used the SPF wizard to create the SPF entries.  Am I correct in
> understanding that I can place the (corrected) Bind version of these
> entries into the ."domain" file on my Windows 2000 DNS server.  Does it
> matter where the lines go?  Any advice?
>
> I tried posting to the SPF forum, but that didn't work.
>
>
> Thanks,
>
> Burzin
>
> --
> Burzin Sumariwalla   Phone: (314) 994-9411 x291
> [EMAIL PROTECTED]  Fax:   (314) 997-7615
>Pager: (314) 407-3345
>
> Networking and Telecommunications Manager
> Information Technology Services
> St. Louis County Library District
> 1640 S. Lindbergh Blvd.
> St. Louis, MO  63131
>
> ---
> [This E-mail scanned for viruses by Declude Virus]
>
> ---
> [This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
>
> ---
> This E-mail came from the Declude.JunkMail mailing list.  To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.JunkMail".  The archives can be found
> at http://www.mail-archive.com.
>
---
[This E-mail was scanned for viruses by Declude Virus 
(http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.
---
[This E-mail scanned for viruses by Declude Virus]
--
Burzin Sumariwalla   Phone: (314) 994-9411 x291
[EMAIL PROTECTED]  Fax:   (314) 997-7615
  Pager: (314) 407-3345
Networking and Telecommunications Manager
Information Technology Services
St. Louis County Library District
1640 S. Lindbergh Blvd.
St. Louis, MO  63131 

---
[This E-mail scanned for viruses by Declude Virus]
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.


RE: [Declude.JunkMail] Host Alias Question

2003-12-19 Thread R. Scott Perry

Do I need to set up Decule for each domain name or does setting Declude up
on the Official Host Name cover them all?
You do not need to do anything -- Declude JunkMail (and Declude Virus) will 
scan all the mail.

You will only need to do something special if you set up per-user or 
per-domain settings.

   -Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
Declude Virus: Catches known viruses and is the leader in mailserver 
vulnerability detection.
Find out what you've been missing: Ask about our free 30-day evaluation.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.


RE: [Declude.JunkMail] Host Alias Question

2003-12-19 Thread Paul Fuhrmeister
I'm confused.

I have :

  >Official Host Name: TripleBDomain.com
  >Host Aliases: 3BDomain.com, 3BD.com

Some users use the TripleBDomain.com domain name for their email 
([EMAIL PROTECTED] and [EMAIL PROTECTED])

Other users use the 3BD.com domain name:
([EMAIL PROTECTED])

Yet another uses [EMAIL PROTECTED]

All on the same virtual server using Host Aliases.

Do I need to set up Decule for each domain name or does setting Declude up
on the Official Host Name cover them all?

[EMAIL PROTECTED]


> -Original Message-
> From: [EMAIL PROTECTED] 
> [mailto:[EMAIL PROTECTED] On Behalf Of R. 
> Scott Perry
> Sent: Friday, December 19, 2003 1:57 PM
> To: [EMAIL PROTECTED]
> Subject: Re: [Declude.JunkMail] Host Alias Question
> 
> 
> 
> >I have a mail domain with three different domain names:
> >
> >Official Host Name: TripleBDomain.com
> >
> >Host Aliases: 3BDomain.com, 3BD.com
> >
> >Do I need to set up Decule Virus and Junk Mail for each domain name?
> 
> That depends on what you are doing.  For a default 
> installation, you don't 
> need to do anything -- all mail to/from those domains will be scanned.
> 
> However, if you are setting up per-user or per-domain 
> settings in Declude 
> JunkMail, you should use the official name (unless the 
> address is a user 
> alias, in which case the domain used in the user alias will 
> be used, but 
> that *should* be the same as the official name).
> 
> -Scott
> ---
> Declude JunkMail: The advanced anti-spam solution for IMail 
> mailservers. Declude Virus: Catches known viruses and is the 
> leader in mailserver 
> vulnerability detection.
> Find out what you've been missing: Ask about our free 30-day 
> evaluation.
> 
> ---
> [This E-mail was scanned for viruses by Declude Virus 
(http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To unsubscribe,
just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe
Declude.JunkMail".  The archives can be found at
http://www.mail-archive.com.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.


RE: [Declude.JunkMail] Whitelist Auth?

2003-12-19 Thread nick
Todd,

You can control this to some degree in your filters with
SKIPIFWEIGHT and
MAXWEIGHT

Also I believe the filters run in order of listing in global config. I suggest you 
list your neg filters first and your largest filters last.

Hope this helps

-Nick Hayer

-- Original Message --
From: "Todd Holt" <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Date:  Fri, 19 Dec 2003 11:28:05 -0800

>I found the whitelist auth in the archives.  Sorry.
>
>I still want to know how to stop performing tests after a certain weight
>level.
>
>Thanks, 
>
>Todd Holt
>Xidix Technologies, Inc
>Las Vegas, NV  USA
>www.xidix.com
>702.319.4349
>
>
>
>> -Original Message-
>> From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
>> [EMAIL PROTECTED] On Behalf Of Todd Holt
>> Sent: Friday, December 19, 2003 11:13 AM
>> To: [EMAIL PROTECTED]
>> Subject: [Declude.JunkMail] Whitelist Auth?
>> 
>> I have been looking for the syntax for this entry.  Can you publish
>it?
>> My understanding is that this will whitelist anyone that has
>> authenticated for SMTP.  Is that correct?
>> 
>> Also, what is the entry to stop performing tests if the weight reaches
>a
>> certain level?
>> 
>> Thanks,
>> 
>> Todd Holt
>> Xidix Technologies, Inc
>> Las Vegas, NV  USA
>> www.xidix.com
>> 702.319.4349
>> 
>> 
>> 
>> ---
>> [This E-mail scanned for viruses by Declude Virus
>> (http://www.declude.com)]
>> 
>> ---
>> [This E-mail was scanned for viruses by Declude Virus
>> (http://www.declude.com)]
>> 
>> ---
>> This E-mail came from the Declude.JunkMail mailing list.  To
>> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
>> type "unsubscribe Declude.JunkMail".  The archives can be found
>> at http://www.mail-archive.com.
>> ---
>> [This E-mail scanned for viruses by Declude Virus
>> (http://www.declude.com)]
>
>
>---
>[This E-mail scanned for viruses by Declude Virus (http://www.declude.com)]
>
>---
>[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
>
>---
>This E-mail came from the Declude.JunkMail mailing list.  To
>unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
>type "unsubscribe Declude.JunkMail".  The archives can be found
>at http://www.mail-archive.com.
>
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.


Re: [Declude.JunkMail] Why SPF "UNKNOWN"?

2003-12-19 Thread R. Scott Perry

I have lots of SPF "unknown" in the SPF.log file - most look as if they 
should have FAILED:

12.219.157.132   [EMAIL PROTECTED] 
[family]: UNKNOWN
This definitely should have been a fail.  I haven't been able to reproduce 
this, however,  There is a new interim release 
(http://www.declude.com/interim) that will log the reason for an UNKNOWN in 
most cases, which should help determine why this is happening.

   -Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
Declude Virus: Catches known viruses and is the leader in mailserver 
vulnerability detection.
Find out what you've been missing: Ask about our free 30-day evaluation.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.


Re: [Declude.JunkMail] Imail 8.05 Release

2003-12-19 Thread R. Scott Perry

It looks as if IpSwitch may have fixed the issue in 8.05 that
keeps Declude from being called.
You beat me to it -- I was just about to post about that, but saw yours 
first.  :)

I quick "thank you" to Ipswitch for taking care of this so quickly.  This 
was a big concern for many of our customers.

For those that are not aware of the issue, there is a very short period of 
time between the time IMail receives an E-mail and Declude is started where 
it can be "usurped" by a queue run, causing it to be delivered before 
Declude can see it.  This problem became much more noticeable recently, as 
E-mail volumes have risen due to spam, and for people using IMail v8's 
anti-spam (which would apparently increase the delay, increasing the 
chances that this problem would occur).  This has been fixed for IMail v8.05.

   -Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
Declude Virus: Catches known viruses and is the leader in mailserver 
vulnerability detection.
Find out what you've been missing: Ask about our free 30-day evaluation.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.


RE: [Declude.JunkMail] Test order

2003-12-19 Thread Todd Holt
This could be a very useful feature.  I could define my negative weight
tests first, then the "high probability/high weight" tests next.  Then
if the weight exceeds my delete weight quickly, Declude could stop
spending cycles/bandwidth on the other tests.  Admittedly, I would
require the admin to correctly configure the order of the tests.

Todd Holt
Xidix Technologies, Inc
Las Vegas, NV  USA
www.xidix.com
702.319.4349



> -Original Message-
> From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
> [EMAIL PROTECTED] On Behalf Of R. Scott Perry
> Sent: Friday, December 19, 2003 11:55 AM
> To: [EMAIL PROTECTED]
> Subject: Re: [Declude.JunkMail] Test order
> 
> 
> >Are the tests performed in the order listed in the global.cfg?
> 
> No.
> 
> Declude JunkMail has a hard-coded for the test types.  However, for
each
> test type, the tests will be run in the order that they are listed in
the
> global.cfg file.
> 
> So if you have an ip4r test and a filter test, the order they are
listed
> in
> will not matter.  However, if you have 2 filter tests, they will be
run in
> the order they are listed in the global.cfg file.
> 
> -Scott
> ---
> Declude JunkMail: The advanced anti-spam solution for IMail
mailservers.
> Declude Virus: Catches known viruses and is the leader in mailserver
> vulnerability detection.
> Find out what you've been missing: Ask about our free 30-day
evaluation.
> 
> ---
> [This E-mail was scanned for viruses by Declude Virus
> (http://www.declude.com)]
> 
> ---
> This E-mail came from the Declude.JunkMail mailing list.  To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.JunkMail".  The archives can be found
> at http://www.mail-archive.com.
> ---
> [This E-mail scanned for viruses by Declude Virus
> (http://www.declude.com)]


---
[This E-mail scanned for viruses by Declude Virus (http://www.declude.com)]

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.


[Declude.JunkMail] Imail 8.05 Release

2003-12-19 Thread Keith Johnson
Scott,
It looks as if IpSwitch may have fixed the issue in 8.05 that
keeps Declude from being called.


Taken from 8.05 Release Notes...


o Queuemgr: Decreased the possibility that during a queue run the
queuemgr might process files before a third party process 
locks the message.

Keith
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.


Re: [Declude.JunkMail] OT SPF and Windows 2000 DNS

2003-12-19 Thread Bill Landry
Burzin, it doesn't matter where in the zone file the txt record goes.  You
could simply added it via the GUI, as well, since txt records are supported
by W2K DNS.

Bill
- Original Message - 
From: "Burzin Sumariwalla" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, December 19, 2003 11:26 AM
Subject: [Declude.JunkMail] OT SPF and Windows 2000 DNS


> Hello,
>
> I used the SPF wizard to create the SPF entries.  Am I correct in
> understanding that I can place the (corrected) Bind version of these
> entries into the ."domain" file on my Windows 2000 DNS server.  Does it
> matter where the lines go?  Any advice?
>
> I tried posting to the SPF forum, but that didn't work.
>
>
> Thanks,
>
> Burzin
>
> --
> Burzin Sumariwalla   Phone: (314) 994-9411 x291
> [EMAIL PROTECTED]  Fax:   (314) 997-7615
>Pager: (314) 407-3345
>
> Networking and Telecommunications Manager
> Information Technology Services
> St. Louis County Library District
> 1640 S. Lindbergh Blvd.
> St. Louis, MO  63131
>
> ---
> [This E-mail scanned for viruses by Declude Virus]
>
> ---
> [This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
>
> ---
> This E-mail came from the Declude.JunkMail mailing list.  To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.JunkMail".  The archives can be found
> at http://www.mail-archive.com.
>

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.


Re: [Declude.JunkMail] Host Alias Question

2003-12-19 Thread R. Scott Perry

I have a mail domain with three different domain names:

Official Host Name: TripleBDomain.com

Host Aliases: 3BDomain.com, 3BD.com

Do I need to set up Decule Virus and Junk Mail for each domain name?
That depends on what you are doing.  For a default installation, you don't 
need to do anything -- all mail to/from those domains will be scanned.

However, if you are setting up per-user or per-domain settings in Declude 
JunkMail, you should use the official name (unless the address is a user 
alias, in which case the domain used in the user alias will be used, but 
that *should* be the same as the official name).

   -Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
Declude Virus: Catches known viruses and is the leader in mailserver 
vulnerability detection.
Find out what you've been missing: Ask about our free 30-day evaluation.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.


RE: [Declude.JunkMail] Whitelist Auth?

2003-12-19 Thread R. Scott Perry

I still want to know how to stop performing tests after a certain weight
level.
Unfortunately, that isn't possible.  There are a number of problems with 
this (negative weights that would have been added after processing stops, 
the order of tests, etc.).

   -Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
Declude Virus: Catches known viruses and is the leader in mailserver 
vulnerability detection.
Find out what you've been missing: Ask about our free 30-day evaluation.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.


Re: [Declude.JunkMail] Test order

2003-12-19 Thread R. Scott Perry

Are the tests performed in the order listed in the global.cfg?
No.

Declude JunkMail has a hard-coded for the test types.  However, for each 
test type, the tests will be run in the order that they are listed in the 
global.cfg file.

So if you have an ip4r test and a filter test, the order they are listed in 
will not matter.  However, if you have 2 filter tests, they will be run in 
the order they are listed in the global.cfg file.

   -Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
Declude Virus: Catches known viruses and is the leader in mailserver 
vulnerability detection.
Find out what you've been missing: Ask about our free 30-day evaluation.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.


[Declude.JunkMail] declude/Imail as a gateway - question

2003-12-19 Thread Adam Hobach
Hello,

We have Declude/Imail setup as a gateway and I have a couple customers using
the ROUTETO action. The problem is email that is sent to bogus addresses at
the domain and are marked as SPAM automatically go to the specified ROUTETO
mailbox. Is it possible to setup a test that queries a text file or actually
talks the mail server the email is relayed to, to check to see if the email
address is real?

I am not sure if anybody else has this problem...

Thoughts??

Adam

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.


Re: [Declude.JunkMail] SPF vs. Form Mail

2003-12-19 Thread R. Scott Perry

There is some potential with this as a negative weight test, however once 
the spammers catch on, the value would be diminished greatly, and of 
course legit mail servers are sources of spam, just not as often as the 
illegitimate ones, and I don't see the need to credit senders based only 
on the fact that they matched their SPF records.  ... Considering these 
issues, I don't see why I should push something forward with such a flaw.
One other thing that I forgot about here is that you can do some creative 
things with SPF, such as:

v=spf1 +mx -exists:%{ir4}.bl.spamcop.net ?all

which would still give a PASS for users using your mailserver and an 
UNKNOWN for your roaming users, but also would give a FAIL to people listed 
in SPAMCOP.  Another interesting technique someone is already using 
something like is:

v=spf1 +mx -exists:%{ir4}.test.example.com +all

With this, the DNS server for test.example.com is running software that 
allows this first X hits per day, and none after that.  It could also have 
extra logic, such as denying E-mail from certain return addresses (or 
perhaps only allowing E-mail from addresses of users who may be "on the road").

   -Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
Declude Virus: Catches known viruses and is the leader in mailserver 
vulnerability detection.
Find out what you've been missing: Ask about our free 30-day evaluation.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.


[Declude.JunkMail] Test order

2003-12-19 Thread Todd Holt
Are the tests performed in the order listed in the global.cfg?

Todd Holt
Xidix Technologies, Inc
Las Vegas, NV  USA
www.xidix.com
702.319.4349



---
[This E-mail scanned for viruses by Declude Virus (http://www.declude.com)]

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.


RE: [Declude.JunkMail] Outbound Port 25, was -> Virginia Indicts Indicts

2003-12-19 Thread Pete McNeil
|Pete McNeil wrote:
|
|>A tip-off is that the counter to this argument is up-front in their 
|>proposal. Specifically that they will create and manage a mechanism 
|>that tracks the end-user's subscrbe/unsubscribe requests... I think 
|>this is a lot like putting the foxes in charge of the hen house.
|>  
|>
|I thought the tip-off was where they claimed that 15% of legitimate 
|commercial E-mail was being blocked :)

Just like me to miss the obvious first time around %^b

_M

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.


[Declude.JunkMail] Host Alias Question

2003-12-19 Thread Paul Fuhrmeister
I can not find this in the archive . . . 

I have a mail domain with three different domain names:

Official Host Name: TripleBDomain.com

Host Aliases: 3BDomain.com, 3BD.com

Do I need to set up Decule Virus and Junk Mail for each domain name?

[EMAIL PROTECTED]

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.


RE: [Declude.JunkMail] Whitelist Auth?

2003-12-19 Thread Todd Holt
I found the whitelist auth in the archives.  Sorry.

I still want to know how to stop performing tests after a certain weight
level.

Thanks, 

Todd Holt
Xidix Technologies, Inc
Las Vegas, NV  USA
www.xidix.com
702.319.4349



> -Original Message-
> From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
> [EMAIL PROTECTED] On Behalf Of Todd Holt
> Sent: Friday, December 19, 2003 11:13 AM
> To: [EMAIL PROTECTED]
> Subject: [Declude.JunkMail] Whitelist Auth?
> 
> I have been looking for the syntax for this entry.  Can you publish
it?
> My understanding is that this will whitelist anyone that has
> authenticated for SMTP.  Is that correct?
> 
> Also, what is the entry to stop performing tests if the weight reaches
a
> certain level?
> 
> Thanks,
> 
> Todd Holt
> Xidix Technologies, Inc
> Las Vegas, NV  USA
> www.xidix.com
> 702.319.4349
> 
> 
> 
> ---
> [This E-mail scanned for viruses by Declude Virus
> (http://www.declude.com)]
> 
> ---
> [This E-mail was scanned for viruses by Declude Virus
> (http://www.declude.com)]
> 
> ---
> This E-mail came from the Declude.JunkMail mailing list.  To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.JunkMail".  The archives can be found
> at http://www.mail-archive.com.
> ---
> [This E-mail scanned for viruses by Declude Virus
> (http://www.declude.com)]


---
[This E-mail scanned for viruses by Declude Virus (http://www.declude.com)]

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.


[Declude.JunkMail] OT SPF and Windows 2000 DNS

2003-12-19 Thread Burzin Sumariwalla
Hello,

I used the SPF wizard to create the SPF entries.  Am I correct in 
understanding that I can place the (corrected) Bind version of these 
entries into the ."domain" file on my Windows 2000 DNS server.  Does it 
matter where the lines go?  Any advice?

I tried posting to the SPF forum, but that didn't work.

Thanks,

Burzin

--
Burzin Sumariwalla   Phone: (314) 994-9411 x291
[EMAIL PROTECTED]  Fax:   (314) 997-7615
  Pager: (314) 407-3345
Networking and Telecommunications Manager
Information Technology Services
St. Louis County Library District
1640 S. Lindbergh Blvd.
St. Louis, MO  63131 

---
[This E-mail scanned for viruses by Declude Virus]
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.


[Declude.JunkMail] Whitelist Auth?

2003-12-19 Thread Todd Holt
I have been looking for the syntax for this entry.  Can you publish it?
My understanding is that this will whitelist anyone that has
authenticated for SMTP.  Is that correct?

Also, what is the entry to stop performing tests if the weight reaches a
certain level?

Thanks,

Todd Holt
Xidix Technologies, Inc
Las Vegas, NV  USA
www.xidix.com
702.319.4349



---
[This E-mail scanned for viruses by Declude Virus (http://www.declude.com)]

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.


RE: [Declude.JunkMail] SPF support to be added to next beta

2003-12-19 Thread R. Scott Perry

Is there a way that I can setup this test to only check incoming
messages?
No (although you can set it up so that no action would be taken for 
outgoing mail, the weight would still be applied).

In this case, "WHITELIST AUTH" (with works with Declude JunkMail v1.75 and 
higher, and IMail v8 and higher) might be the best option.  Alternatively, 
you could use "WHITELIST IP 192.0.2.0/24" to whitelist the dialup IPs, or 
set up a filter that would subtract weight for E-mails coming from those IPs.

   -Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
Declude Virus: Catches known viruses and is the leader in mailserver 
vulnerability detection.
Find out what you've been missing: Ask about our free 30-day evaluation.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.


Re: [Declude.JunkMail] Outbound Port 25, was -> Virginia Indicts Indicts

2003-12-19 Thread Matthew Bramble
Pete McNeil wrote:

A tip-off is that the counter to this argument is up-front in their
proposal. Specifically that they will create and manage a mechanism that
tracks the end-user's subscrbe/unsubscribe requests... I think this is a
lot like putting the foxes in charge of the hen house.
 

I thought the tip-off was where they claimed that 15% of legitimate 
commercial E-mail was being blocked :)

The good thing is that this will go no where because there are too many 
of us, and if it's unwanted and we block it, it only makes them look all 
the worse.  As things stand, they have a lot of catching up to do.  You 
don't create a monopoly out of anarchy.

Matt

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.


Re: [Declude.JunkMail] SPAMCOP Question

2003-12-19 Thread Burzin Sumariwalla
Doug,

I don't think anything is wrong.  SpamC. is returning a TXT record with 
that information.
The link says that's experimental.

Burzin

At 12:22 PM 12/19/2003, you wrote:
I was looking at the headers and saw SPAMCOP : Blocked

Is that how it should be - what it's returning? If not, ideas on what 
could be wrong?

X-RBL-Warning: SORBS-SPAM: Spam Received See: 
http://www.dnsbl.sorbs.net/cgi-bin/lookup?IP=66.111.254.21
X-RBL-Warning: SPAMCOP: Blocked - see 
http://www.spamcop.net/bl.shtml?66.111.254.21
X-RBL-Warning: SPAMHEADERS: This E-mail has headers consistent with spam 
[4000120e].
X-RBL-Warning: GIBBERISH: Message failed GIBBERISH test (line 303, weight 0)
X-RBL-Warning: ANTI-GIBBERISH: Message failed ANTI-GIBBERISH test (line 
283, weight 0)
X-RBL-Warning: BLASTER: Message failed BLASTER test (line 3, weight 0)
X-Declude-Sender: [EMAIL PROTECTED] 
[66.111.254.21]
X-Declude-Spoolname: D25320b0a00f84423.SMD
X-Note: This E-mail was scanned by Declude JunkMail 
(www.declude.com) for spam.
X-Spam-Tests-Failed: SORBS-SPAM, SPAMCOP, SPAMHEADERS, GIBBERISH, 
ANTI-GIBBERISH, BLASTER, WEIGHT10, WEIGHT20 [22]
X-Note: This E-mail was sent from net21.netholdem.com ([66.111.254.21]).
X-RCPT-TO: <[EMAIL PROTECTED]>
Status: U
X-UIDL: 367795725
--
Burzin Sumariwalla   Phone: (314) 994-9411 x291
[EMAIL PROTECTED]  Fax:   (314) 997-7615
  Pager: (314) 407-3345
Networking and Telecommunications Manager
Information Technology Services
St. Louis County Library District
1640 S. Lindbergh Blvd.
St. Louis, MO  63131 

---
[This E-mail scanned for viruses by Declude Virus]
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.


RE: [Declude.JunkMail] SPF support to be added to next beta

2003-12-19 Thread Bill

Is there a way that I can setup this test to only check incoming
messages? 

I set up the DNS record and it will work fine except when one of my
dial-up users sends an outgoing message.  The test does exactly what I
would like it to do.   When one of my dial-up users bypasses my SMTP
server, the message could be flagged as spam at the receiving end using
an SPF test.  

However, if the user is sending mail correctly, through my SMTP server,
the test flags there dial-up IP as an invalid SMTP server!  I would like
to turn off this test  for outgoing messages while still doing other
spam testing on outgoing messages.  Is there some way to do this?

Here is an example:

Received: from wamgfk19jmdhqi [63.252.12.191] by wamusa.com with ESMTP
  (SMTPD32-8.04) id A5ECDE20074; Fri, 19 Dec 2003 12:39:40 -0600
From: "Bill Morgan" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Subject: test
Date: Fri, 19 Dec 2003 12:39:40 -0600
Message-ID: <[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.2627
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Importance: Normal
X-Declude-Sender: [EMAIL PROTECTED] [63.252.12.191]
X-Spam-Tests-Failed: SPFFAIL [1]
X-Note: This E-mail was sent from 63-252-12-191.ip.mcleodusa.net
([63.252.12.191]).
X-Declude-Date: 12/19/2003 18:39:40 [0]
X-RCPT-TO: <[EMAIL PROTECTED]>
Status: U
X-UIDL: 367544318

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry
Sent: Monday, December 15, 2003 5:54 PM
To: [EMAIL PROTECTED]
Subject: [Declude.JunkMail] SPF support to be added to next beta


We will be adding support for SPF ("Sender Permitted From", at 
http://spf.pobox.com ) to the next beta of Declude JunkMail.  This is a 
system that lets owners of domains publish information on what
mailservers 
people can use to send mail from the domain.  We expect that this can be

very useful in blocking spam (similar to the SPAMDOMAINS test), as well
as 
helping ensure that legitimate mail gets through.

http://spf.pobox.com/dns.html covers how to add an SPF record for your
own 
domain.  At its simplest, if all your E-mail is coming from your 
mailserver, and your mailserver is listed in your MX record, you would
add 
a TXT record of "v=spf1 +mx -all" for your domain.  The SPF records
always 
start with "v=spf1"; the "+mx" means that any E-mail from an IP listed
in 
your MX records is good,  and the "-all" is a default so that any other 
E-mail is bad.

The SPF system is much, much more flexible than the SPAMDOMAINS test,
and 
it lets domain owners control the settings (which allows them to be much

more accurate).  If widely implemented, it will make it much more
difficult 
for spammers to get their spam delivered.

-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
Declude Virus: Catches known viruses and is the leader in mailserver 
vulnerability detection.
Find out what you've been missing: Ask about our free 30-day evaluation.

---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type
"unsubscribe Declude.JunkMail".  The archives can be found at
http://www.mail-archive.com.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.


RE: [Declude.JunkMail] Outbound Port 25, was -> Virginia Indicts Indicts

2003-12-19 Thread Pete McNeil
Hm No sir, I don't like it!

In the end where this is headed is that if you belong to their group
then they will legitimize any messages that you send... then they will
use their combined resources to loby and otherwise "make it a bad thing"
for you to do any kind of filtering to their messages.

The problem I see with this is that the receiver eventually loses
control and power over that decision migrates toward those who have the
money to pay for access. In my view it is another form of the
sender-pays line of thinking - but worse because the "paying" part is
downplayed.

A tip-off is that the counter to this argument is up-front in their
proposal. Specifically that they will create and manage a mechanism that
tracks the end-user's subscrbe/unsubscribe requests... I think this is a
lot like putting the foxes in charge of the hen house.

My $0.02.
_M

|-Original Message-
|From: [EMAIL PROTECTED] 
|[mailto:[EMAIL PROTECTED] On Behalf Of 
|Burzin Sumariwalla
|Sent: Thursday, December 18, 2003 2:12 PM
|To: [EMAIL PROTECTED]
|Subject: Re: [Declude.JunkMail] Outbound Port 25, was -> 
|Virginia Indicts Indicts
|
|
|Does any one have comments on any of the following:
|
|http://www.computerworld.com/softwaretopics/software/groupware/
|story/0,10801,80626,00.html
|
|Project Lumos
|
|http://www.camram.org
|
|CANRAM
|
|Burzin
|
|
|At 09:01 PM 12/15/2003, you wrote:
|
|>How about some new suggestions for methods to combat the spammers?
|>
|>-
|>
|>---
|>[This E-mail scanned for viruses by Declude Virus]
|>
|>---
|>[This E-mail was scanned for viruses by Declude Virus 
|>(http://www.declude.com)]
|>
|>---
|>This E-mail came from the Declude.JunkMail mailing list.  To 
|>unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type 
|>"unsubscribe Declude.JunkMail".  The archives can be found at 
|>http://www.mail-archive.com.
|>
|>_
|>[This E-mail virus scanned by 4C Web]
|>
|>
|>---
|>[This E-mail was scanned for viruses by Declude Virus
|>(http://www.declude.com)]
|>
|>---
|>This E-mail came from the Declude.JunkMail mailing list.  To 
|>unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type 
|>"unsubscribe Declude.JunkMail".  The archives can be found at 
|>http://www.mail-archive.com.
|>---
|>[This E-mail scanned for viruses by Declude Virus]
|
|--
|Burzin Sumariwalla   Phone: (314) 994-9411 x291
|[EMAIL PROTECTED]  Fax:   (314) 997-7615
|   Pager: (314) 407-3345
|
|Networking and Telecommunications Manager
|Information Technology Services
|St. Louis County Library District
|1640 S. Lindbergh Blvd.
|St. Louis, MO  63131 
|
|---
|[This E-mail scanned for viruses by Declude Virus]
|
|---
|[This E-mail was scanned for viruses by Declude Virus 
(http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type
"unsubscribe Declude.JunkMail".  The archives can be found at
http://www.mail-archive.com.


---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.


Re: [Declude.JunkMail] SPAMCOP Question

2003-12-19 Thread R. Scott Perry

I was looking at the headers and saw SPAMCOP : Blocked

Is that how it should be - what it's returning? If not, ideas on what 
could be wrong?
That is what it is returning:

X-RBL-Warning: SPAMCOP: Blocked - see 
http://www.spamcop.net/bl.shtml?66.111.254.21
Spamcop is returning a TXT record of "Blocked - see 
http://www.spamcop.net/bl.shtml?66.111.254.21";, 
which is what Declude JunkMail uses by default in the X-RBL-Warning: header.

   -Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
Declude Virus: Catches known viruses and is the leader in mailserver 
vulnerability detection.
Find out what you've been missing: Ask about our free 30-day evaluation.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.


[Declude.JunkMail] SPAMCOP Question

2003-12-19 Thread Doug Anderson



I was looking at the headers and saw SPAMCOP : 
Blocked
 
Is that how it should be - what it's returning? If not, ideas 
on what could be wrong?
 
 
X-RBL-Warning: SORBS-SPAM: Spam Received See: http://www.dnsbl.sorbs.net/cgi-bin/lookup?IP=66.111.254.21X-RBL-Warning: 
SPAMCOP: Blocked - see http://www.spamcop.net/bl.shtml?66.111.254.21X-RBL-Warning: 
SPAMHEADERS: This E-mail has headers consistent with spam 
[4000120e].X-RBL-Warning: GIBBERISH: Message failed GIBBERISH test (line 
303, weight 0)X-RBL-Warning: ANTI-GIBBERISH: Message failed ANTI-GIBBERISH 
test (line 283, weight 0)X-RBL-Warning: BLASTER: Message failed BLASTER test 
(line 3, weight 0)X-Declude-Sender: [EMAIL PROTECTED] 
[66.111.254.21]X-Declude-Spoolname: D25320b0a00f84423.SMDX-Note: This 
E-mail was scanned by Declude JunkMail (www.declude.com) for 
spam.X-Spam-Tests-Failed: SORBS-SPAM, SPAMCOP, SPAMHEADERS, GIBBERISH, 
ANTI-GIBBERISH, BLASTER, WEIGHT10, WEIGHT20 [22]X-Note: This E-mail was sent 
from net21.netholdem.com ([66.111.254.21]).X-RCPT-TO: <[EMAIL PROTECTED]>Status: 
UX-UIDL: 367795725


RE: [Declude.JunkMail] Windows Server 2003

2003-12-19 Thread John Tolmachoff \(Lists\)
For the majority, W2K3 is the way to go if you are able to. Ipswitch does
support running Imail on W2K3.

There are some possible issues.

1. Running MS DSN service on W2K3 WITH Imail Anti-Spam DNS tests is a
problem.

2. Some issues have been reported on the Imail list when the server
processes a high volume of messages per day. Nothing seems to be conclusive
as far as I know to date, and from the posts, I have not seen a definite
pattern.

John Tolmachoff
Engineer/Consultant/Owner
eServices For You


> -Original Message-
> From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
> [EMAIL PROTECTED] On Behalf Of Jonathan
> Sent: Thursday, December 18, 2003 10:44 PM
> To: [EMAIL PROTECTED]
> Subject: RE: [Declude.JunkMail] Windows Server 2003
> 
> So I haven't heard anything else back on this .. are you guys all staying
> away from Windows 2003 and Imail? I'm having a hard time trying to justify
> the risk of running new servers on 2k3 when 2k works just fine .. but then
> again, 2k3 seems more stable over time  but not if Imail doesn't
> support it well yet.
> 
> g
> 
> Thoughts?
> 
> Jonathan
> 
> At 05:04 PM 12/4/2003, you wrote:
> >The issues seem to appear at high volumes.
> >
> >Besides, I am more than willing to use those licenses for you. ;)
> >
> >John Tolmachoff
> >Engineer/Consultant/Owner
> >eServices For You
> >
> >
> > > -Original Message-
> > > From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
> > > [EMAIL PROTECTED] On Behalf Of Jonathan
> > > Sent: Thursday, December 04, 2003 2:43 PM
> > > To: [EMAIL PROTECTED]
> > > Subject: [Declude.JunkMail] Windows Server 2003
> > >
> > > So, what's the scoop with current Imail 8, declude, sniffer, etc on
> > > Windows
> > > 2003 Server? We're thinking about moving it to some new iron
> internally,
> > > and Ive got some 2k3 licenses just burning a hole in my pocket. :)
> > >
> > > I heard some stability issues, saw some imail patches/etc .. things
> stable
> > > (and *robust*) now? Relatively high volumes of email ..
> > >
> > > Jonathan
> > >
> > > ---
> > > [This E-mail was scanned for viruses by Declude Virus
> > > (http://www.declude.com)]
> > >
> > > ---
> > > This E-mail came from the Declude.JunkMail mailing list.  To
> > > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> > > type "unsubscribe Declude.JunkMail".  The archives can be found
> > > at http://www.mail-archive.com.
> >
> >---
> >[This E-mail was scanned for viruses by Declude Virus
> >(http://www.declude.com)]
> >
> >---
> >This E-mail came from the Declude.JunkMail mailing list.  To
> >unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> >type "unsubscribe Declude.JunkMail".  The archives can be found
> >at http://www.mail-archive.com.
> 
> ---
> [This E-mail was scanned for viruses by Declude Virus
> (http://www.declude.com)]
> 
> ---
> This E-mail came from the Declude.JunkMail mailing list.  To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.JunkMail".  The archives can be found
> at http://www.mail-archive.com.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.


Re: [Declude.JunkMail] Using SUBJECT

2003-12-19 Thread Burzin Sumariwalla
Oopps.  My apologies.

Thanks,
Burzin
At 09:13 AM 12/19/2003, you wrote:

I think SUBJECT added Spam ##

where ## is the Declude weight.  Is there a way to add a space between my 
message and the Spam ##?
It shouldn't, unless you had "TESTNAME SUBJECT Spam %WEIGHT%" in one of 
your config files.  I would recommend checking all your Declude JunkMail 
config files to see if you have the phrase "Spam %WEIGHT%" in any of them.

   -Scott
---
[This E-mail scanned for viruses by Declude Virus]
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.


RE: [Declude.JunkMail] Windows Server 2003

2003-12-19 Thread Jonathan
So I haven't heard anything else back on this .. are you guys all staying 
away from Windows 2003 and Imail? I'm having a hard time trying to justify 
the risk of running new servers on 2k3 when 2k works just fine .. but then 
again, 2k3 seems more stable over time  but not if Imail doesn't 
support it well yet.

g

Thoughts?

Jonathan

At 05:04 PM 12/4/2003, you wrote:
The issues seem to appear at high volumes.

Besides, I am more than willing to use those licenses for you. ;)

John Tolmachoff
Engineer/Consultant/Owner
eServices For You
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
> [EMAIL PROTECTED] On Behalf Of Jonathan
> Sent: Thursday, December 04, 2003 2:43 PM
> To: [EMAIL PROTECTED]
> Subject: [Declude.JunkMail] Windows Server 2003
>
> So, what's the scoop with current Imail 8, declude, sniffer, etc on
> Windows
> 2003 Server? We're thinking about moving it to some new iron internally,
> and Ive got some 2k3 licenses just burning a hole in my pocket. :)
>
> I heard some stability issues, saw some imail patches/etc .. things stable
> (and *robust*) now? Relatively high volumes of email ..
>
> Jonathan
>
> ---
> [This E-mail was scanned for viruses by Declude Virus
> (http://www.declude.com)]
>
> ---
> This E-mail came from the Declude.JunkMail mailing list.  To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.JunkMail".  The archives can be found
> at http://www.mail-archive.com.
---
[This E-mail was scanned for viruses by Declude Virus 
(http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.


RE: [Declude.JunkMail] SPF vs. Form Mail

2003-12-19 Thread Aaron Caviglia
Scott,

I just wanted to post and let you know that I started a website
www.adminforums.com and have added a Declude and Imail section, so that
this community can post their configurations without wasting list
bandwidth.  

I for one am interested in seeing what is working for people.  I would
really like to see some of the test configurations that Declude runs
itself...hint ...hint



-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry
Sent: Friday, December 19, 2003 9:16 AM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.JunkMail] SPF vs. Form Mail



>This is kind of a response to all the follow ups this morning.  I can't
>afford to use this test on the majority of my domains because I can't 
>currently make use of WHITELIST AUTH, and I have enough customers that
use 
>third-party outgoing mail servers for one reason or another that this 
>would cause issues there as well.

It seems that a lot of people don't really understand the full power of 
SPF.  Most people assume it is pass/fail, but it is actuall 
pass/fail/unknown.  What this means is that you can set up an SPF record

that instead of saying "E-mail from @example.com that comes from
192.0.2.25 
is definitely legitimate, but everything else is bogus" ("v=spf1 
+ip4:192.0.2.25 -all"), you can say ""E-mail from @example.com that 
+comes
from 192.0.2.25 is definitely legitimate, but any E-mail from
@example.com 
from other IPs may or may not be bogus" ("v=spf1 +ip4:192.0.2.25 ?all").

This is *guaranteed* to give you better results than no SPF record, even
if 
many of your users do not send mail directly through your mailserver.

>I was already debating what to do with a spamdomains variant that was
>coded for local domains, and I was only scoring that at 20% of my fail 
>weight.  I could remove that test and replace it with SPF scored at
20%, 
>however the effects of the SPF would carry over to other sources that 
>would potentially have problems and over which I would have no control
over.

But that's exactly the point -- you have no control over it!  If we set
up 
declude.com as "v=spf1 +mx -all", and I send an E-mail from another IP
and 
it gets caught on your server, that is *my* fault (or the fault of
whoever 
authorized the SPF record for declude.com).

In this case, if one of your users says "But my friend with a competing
ISP 
can get mail from Scott!", you can tell him "But, the company Scott
works 
for does not allow mail to be sent except from their servers."  Often,
you 
get stuck telling a customer "That company has serious problems" (open 
relay, no reverse DNS, etc.).  But with SPF, it is company policy, which

you are honoring.

>There is some potential with this as a negative weight test, however 
>once
>the spammers catch on, the value would be diminished greatly, and of 
>course legit mail servers are sources of spam, just not as often as the

>illegitimate ones, and I don't see the need to credit senders based
only 
>on the fact that they matched their SPF records.  ... Considering these

>issues, I don't see why I should push something forward with such a
flaw.

This might be best discussed on the SPF mailing list, where the creator
of 
SPF and others can better comment on how SPF will deal with this.  Only 
time will tell if spammers will be able to successfully abuse SPF, but
at 
the very least it will give them more work to do, costing them more
money.

>I'm very sorry to have not liked either this effort or the Web-O-Trust
>thing, and I don't want to sound like I'm just being critical for the
sake 
>of it (though sometimes I am overly critical), but I feel that it is 
>constructive for me to say this if for no other reason than to warn
others 
>about the potential of issues, but hopefully rather to influence the 
>process for the better.  I'm sure there are others around here that
feel 
>the same way, but choose not to voice their opinions out of fear of 
>insulting someone else...or maybe I'm just whacked :)

That's fine -- if there are flaws with an idea and nobody comes out and 
says it, everybody loses.

-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
Declude Virus: Catches known viruses and is the leader in mailserver 
vulnerability detection.
Find out what you've been missing: Ask about our free 30-day evaluation.

---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type
"unsubscribe Declude.JunkMail".  The archives can be found at
http://www.mail-archive.com.



---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be

[Declude.JunkMail] Problem with 1.77i3

2003-12-19 Thread Kami Razvan
Title: Problem with 1.77i3






Hi Scott:


I think there is an issue with i3.


We are seeing a lot of tests being triggered but no weight is recorded.  Several emails have been delivered where in fact they were supposed to be deleted had the weights been added.

X-RBL-Warning: HEUR: Heuristic spam detection level 9 [0.999304]

X-RBL-Warning: IPNOTINMX: 

X-RBL-Warning: NOLEGITCONTENT: No content unique to legitimate E-mail detected.

X-RBL-Warning: IP-BLACKLIST: 

X-RBL-Warning: WORDFILTERMx: Message failed WORDFILTERMx test (line 1, weight 0)

X-RBL-Warning: FILTER-SPAM-HTML: Message failed FILTER-SPAM-HTML test (line 79, weight 5)

X-RBL-Warning: FILTER-PORN: Message failed FILTER-PORN test (line 365, weight 0)


Or


X-IMAIL-SPAM-DNSBL: (SPAMCOP,42860696,127.0.0.2)

X-IMAIL-SPAM-DNSBL: (NJABL,42860696,127.0.0.9)

X-IMAIL-SPAM-DNSBL: (BLARS,42860696,127.1.0.17)

X-IMAIL-SPAM-DNSBL: (DSBL,42860696,127.0.0.2)

X-IMAIL-SPAM-DNSBL: (DSBLALL,42860696,127.0.0.2)

X-IMAIL-SPAM-DNSBL: (SORBS-DUL,42860696,127.0.0.10)

X-IMAIL-SPAM-DNSBL: (AHBL,42860696,127.0.0.3)

X-RBL-Warning: NOABUSE: "Not supporting [EMAIL PROTECTED]"

X-RBL-Warning: NOPOSTMASTER: "Not supporting [EMAIL PROTECTED]"

X-RBL-Warning: IPNOTINMX: 

X-RBL-Warning: NOLEGITCONTENT: No content unique to legitimate E-mail detected.

X-RBL-Warning: FILTER-BODY-CREDIT: Message failed FILTER-BODY-CREDIT test (line 259, weight 0)

X-RBL-Warning: COUNTRY: Message failed COUNTRY test (line 43, weight 0)

X-RBL-Warning: FILTER-SPAM-HTML: Message failed FILTER-SPAM-HTML test (line 80, weight 0)

X-Declude-Sender: [EMAIL PROTECTED] [200.86.95.6]


A lot of Weight 0.


None of our filters have changed.. 


I will do more checking but just wanted to see if others are seeing this.


Regards,

Kami





Re: [Declude.JunkMail] SPF vs. Form Mail

2003-12-19 Thread R. Scott Perry

This is kind of a response to all the follow ups this morning.  I can't 
afford to use this test on the majority of my domains because I can't 
currently make use of WHITELIST AUTH, and I have enough customers that use 
third-party outgoing mail servers for one reason or another that this 
would cause issues there as well.
It seems that a lot of people don't really understand the full power of 
SPF.  Most people assume it is pass/fail, but it is actuall 
pass/fail/unknown.  What this means is that you can set up an SPF record 
that instead of saying "E-mail from @example.com that comes from 192.0.2.25 
is definitely legitimate, but everything else is bogus" ("v=spf1 
+ip4:192.0.2.25 -all"), you can say ""E-mail from @example.com that comes 
from 192.0.2.25 is definitely legitimate, but any E-mail from @example.com 
from other IPs may or may not be bogus" ("v=spf1 +ip4:192.0.2.25 ?all").

This is *guaranteed* to give you better results than no SPF record, even if 
many of your users do not send mail directly through your mailserver.

I was already debating what to do with a spamdomains variant that was 
coded for local domains, and I was only scoring that at 20% of my fail 
weight.  I could remove that test and replace it with SPF scored at 20%, 
however the effects of the SPF would carry over to other sources that 
would potentially have problems and over which I would have no control over.
But that's exactly the point -- you have no control over it!  If we set up 
declude.com as "v=spf1 +mx -all", and I send an E-mail from another IP and 
it gets caught on your server, that is *my* fault (or the fault of whoever 
authorized the SPF record for declude.com).

In this case, if one of your users says "But my friend with a competing ISP 
can get mail from Scott!", you can tell him "But, the company Scott works 
for does not allow mail to be sent except from their servers."  Often, you 
get stuck telling a customer "That company has serious problems" (open 
relay, no reverse DNS, etc.).  But with SPF, it is company policy, which 
you are honoring.

There is some potential with this as a negative weight test, however once 
the spammers catch on, the value would be diminished greatly, and of 
course legit mail servers are sources of spam, just not as often as the 
illegitimate ones, and I don't see the need to credit senders based only 
on the fact that they matched their SPF records.  ... Considering these 
issues, I don't see why I should push something forward with such a flaw.
This might be best discussed on the SPF mailing list, where the creator of 
SPF and others can better comment on how SPF will deal with this.  Only 
time will tell if spammers will be able to successfully abuse SPF, but at 
the very least it will give them more work to do, costing them more money.

I'm very sorry to have not liked either this effort or the Web-O-Trust 
thing, and I don't want to sound like I'm just being critical for the sake 
of it (though sometimes I am overly critical), but I feel that it is 
constructive for me to say this if for no other reason than to warn others 
about the potential of issues, but hopefully rather to influence the 
process for the better.  I'm sure there are others around here that feel 
the same way, but choose not to voice their opinions out of fear of 
insulting someone else...or maybe I'm just whacked :)
That's fine -- if there are flaws with an idea and nobody comes out and 
says it, everybody loses.

   -Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
Declude Virus: Catches known viruses and is the leader in mailserver 
vulnerability detection.
Find out what you've been missing: Ask about our free 30-day evaluation.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.


Re: [Declude.JunkMail] SPF vs. Form Mail

2003-12-19 Thread Matthew Bramble
R. Scott Perry wrote:

I'm not sure if this is in the RFC, but it would be a lot more 
accurate if you could compare the HELO to the SPF data.  Some scripts 
to also falsify the HELO, but no where near the number of forged 
domains in MAILFROM.


The original design for SPF allowed for that, but the current one does 
not.  I'm not sure why that was changed.


This is kind of a response to all the follow ups this morning.  I can't 
afford to use this test on the majority of my domains because I can't 
currently make use of WHITELIST AUTH, and I have enough customers that 
use third-party outgoing mail servers for one reason or another that 
this would cause issues there as well.  I was already debating what to 
do with a spamdomains variant that was coded for local domains, and I 
was only scoring that at 20% of my fail weight.  I could remove that 
test and replace it with SPF scored at 20%, however the effects of the 
SPF would carry over to other sources that would potentially have 
problems and over which I would have no control over.  There is some 
potential with this as a negative weight test, however once the spammers 
catch on, the value would be diminished greatly, and of course legit 
mail servers are sources of spam, just not as often as the illegitimate 
ones, and I don't see the need to credit senders based only on the fact 
that they matched their SPF records.  IPNOTINMX already does most of 
this as a dumb test, and I only give that 1 point of credit anyway.  
Considering these issues, I don't see why I should push something 
forward with such a flaw.

I would however reevaluate the idea if it was modified to work on HELO 
instead of MAILFROM, though that would require some monitoring as there 
are always unexpected results.  I hope that this can become a tool, and 
I'm all for the idea of supporting innovation by adding my own records 
to the mix, but I'm not convinced that this will help in it's current 
format.  I don't believe you can verify the sender any more reliably 
than we already are with SMTP, and efforts should instead be focused on 
verifying the server.

I'm very sorry to have not liked either this effort or the Web-O-Trust 
thing, and I don't want to sound like I'm just being critical for the 
sake of it (though sometimes I am overly critical), but I feel that it 
is constructive for me to say this if for no other reason than to warn 
others about the potential of issues, but hopefully rather to influence 
the process for the better.  I'm sure there are others around here that 
feel the same way, but choose not to voice their opinions out of fear of 
insulting someone else...or maybe I'm just whacked :)

Matt

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.


Re: [Declude.JunkMail] SPF Question

2003-12-19 Thread Bill Landry
Nice catch, Scott!  There is a bug in the SPF record creator at
http://www.infinitepenguins.net/SPF/create.php which is generating the
"ipv4" entry instead of "ip4".  I have notified the site maintainer.

Thanks!

Bill
- Original Message - 
From: "R. Scott Perry" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, December 19, 2003 7:27 AM
Subject: Re: [Declude.JunkMail] SPF Question


>
> >Scott, I have setup an SPF record for pointshare.com as follows:
> >
> >TXT "v=spf1 ipv4:206.114.136.0/23 ipv4:206.114.143.240/28
> >a:psmail02.pointshare.com ptr mx/24 -all"
>
> At first, I thought that was fine -- but it isn't.  After checking it at
> http://www.dnsstuff.com/pages/spf.htm , it seems that the TXT record
should be:
>
> TXT "v=spf1 ip4:206.114.136.0/23 ip4:206.114.143.240/28
> a:psmail02.pointshare.com ptr mx/24 -all"
>
> with the "ipv4:"'s being changed to "ip4:".  Since "ipv4:" isn't a defined
> mechanism, a result of UNKNOWN is returned.
>
> -Scott
> ---
> Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
> Declude Virus: Catches known viruses and is the leader in mailserver
> vulnerability detection.
> Find out what you've been missing: Ask about our free 30-day evaluation.
>
> ---
> [This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
>
> ---
> This E-mail came from the Declude.JunkMail mailing list.  To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.JunkMail".  The archives can be found
> at http://www.mail-archive.com.
>

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.


Re: [Declude.JunkMail] SPF Question

2003-12-19 Thread R. Scott Perry

Scott, I have setup an SPF record for pointshare.com as follows:

TXT "v=spf1 ipv4:206.114.136.0/23 ipv4:206.114.143.240/28
a:psmail02.pointshare.com ptr mx/24 -all"
At first, I thought that was fine -- but it isn't.  After checking it at 
http://www.dnsstuff.com/pages/spf.htm , it seems that the TXT record should be:

TXT "v=spf1 ip4:206.114.136.0/23 ip4:206.114.143.240/28 
a:psmail02.pointshare.com ptr mx/24 -all"

with the "ipv4:"'s being changed to "ip4:".  Since "ipv4:" isn't a defined 
mechanism, a result of UNKNOWN is returned.

   -Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
Declude Virus: Catches known viruses and is the leader in mailserver 
vulnerability detection.
Find out what you've been missing: Ask about our free 30-day evaluation.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.


Re: [Declude.JunkMail] Using SUBJECT

2003-12-19 Thread R. Scott Perry

I think SUBJECT added Spam ##

where ## is the Declude weight.  Is there a way to add a space between my 
message and the Spam ##?
It shouldn't, unless you had "TESTNAME SUBJECT Spam %WEIGHT%" in one of 
your config files.  I would recommend checking all your Declude JunkMail 
config files to see if you have the phrase "Spam %WEIGHT%" in any of them.

   -Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
Declude Virus: Catches known viruses and is the leader in mailserver 
vulnerability detection.
Find out what you've been missing: Ask about our free 30-day evaluation.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.


[Declude.JunkMail] SPF Question

2003-12-19 Thread Bill Landry
Scott, I have setup an SPF record for pointshare.com as follows:

TXT "v=spf1 ipv4:206.114.136.0/23 ipv4:206.114.143.240/28
a:psmail02.pointshare.com ptr mx/24 -all"

I then sent out a test message from at yahoo account with a pointshare.com
e-mail address.  Here is a snippet of the log entries for this message:

BLARSBL:2 FORGED-DOMAINS:5 SNIFFER-WHITERULE:-3 REDUCTION-FILTER:-10
VERP-FILTER:5 .  Total weight = -1.
NOT bypassing whitelisting of E-mail with weight >=16 (-1) and at least 2
recipients (1).
Using [outgoing] CFG file global.cfg.
Msg failed BLARSBL (This E-mail came from 66.163.169.226, a potential spam
source listed in BLARSBL.). Action=WARN.
Msg failed IPNOTINMX (). Action=WARN.
Msg failed NOLEGITCONTENT (No content unique to legitimate E-mail
detected.). Action=WARN.
Msg failed FORGED-DOMAINS (Spamdomain '@pointshare.com' found: Address of
[EMAIL PROTECTED] sent from invalid smtp106.mail.sc5.yahoo.com.).
Action=WARN.
Msg failed SNIFFER-WHITERULE (Message failed SNIFFER-WHITERULE: 0.).
Action=WARN.
Msg failed REDUCTION-FILTER (Message failed REDUCTION-FILTER test (line 545,
weight 0)). Action=WARN.
Msg failed VERP-FILTER (Message failed VERP-FILTER test (line 64, weight
5)). Action=WARN.
R1 Message OK
Subject: test 3
From: [EMAIL PROTECTED] To: [EMAIL PROTECTED]  IP: 66.163.169.226 ID:
C4812ADA13
Last action = IGNORE.

I would have thought that this message should have failed the SPF test,
however, here is what was entered in the spf.log:

66.163.169.226   [EMAIL PROTECTED] [smtp106.mail.sc5.yahoo.com]: UNKNOWN

Any idea why this did not get a fail instead of unknown?

Bill

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.


Re: [Declude.JunkMail] False Positives v. Uncaught Spam for Various Tests Various Tests

2003-12-19 Thread Burzin Sumariwalla
Thanks for pointing me to the right place.

Burzin

At 05:51 PM 12/18/2003, you wrote:

1.  Does anyone have stats. on false positives v. uncaught spam for 
various tests.  Am I correct in understanding that
tests with ratios closer to zero are more accurate?
Right now, I believe the best source is:

2.  Can someone point me to Scott's November Spam Statistics post.  I 
couldn't find it in the Declude archive.
this.  It doesn't have information on false positives, however (we're 
working on that, but it's a lot more work).  You can find the latest spam 
stats post at 
http://www.mail-archive.com/[EMAIL PROTECTED]/msg76305.html .

   -Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
Declude Virus: Catches known viruses and is the leader in mailserver 
vulnerability detection.
Find out what you've been missing: Ask about our free 30-day evaluation.

---
[This E-mail was scanned for viruses by Declude Virus 
(http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.
---
[This E-mail scanned for viruses by Declude Virus]
--
Burzin Sumariwalla   Phone: (314) 994-9411 x291
[EMAIL PROTECTED]  Fax:   (314) 997-7615
  Pager: (314) 407-3345
Networking and Telecommunications Manager
Information Technology Services
St. Louis County Library District
1640 S. Lindbergh Blvd.
St. Louis, MO  63131 

---
[This E-mail scanned for viruses by Declude Virus]
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.


Re: [Declude.JunkMail] Using SUBJECT

2003-12-19 Thread Burzin Sumariwalla
I think SUBJECT added Spam ##

where ## is the Declude weight.  Is there a way to add a space between my 
message and the Spam ##?

Burzin

At 05:49 PM 12/18/2003, you wrote:
Silly question.  I've entered the following action in response to test:

SUBJECT Message Contains Unsafe URL

However, messages get tagged as

Message Contains Unsafe URLSpam ##: test

How do (or can) I prevent the Spam ## from showing up?
Unfortunately, there isn't a way to do that -- the SUBJECT action will add 
text to the beginning of the subject, but cannot replace the subject.

   -Scott
--
Burzin Sumariwalla   Phone: (314) 994-9411 x291
[EMAIL PROTECTED]  Fax:   (314) 997-7615
  Pager: (314) 407-3345
Networking and Telecommunications Manager
Information Technology Services
St. Louis County Library District
1640 S. Lindbergh Blvd.
St. Louis, MO  63131 

---
[This E-mail scanned for viruses by Declude Virus]
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.


[Declude.JunkMail] messagescreen.com

2003-12-19 Thread Frederick Samarelli
Does anyone have any info on this service.
 
 messagescreen.com
 
Fred
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.


RE: [Declude.JunkMail] Reverse dns help

2003-12-19 Thread Glen Ostgaard
Thanks!  got it working. Just never saw that before.

-Original Message-
From: R. Scott Perry [mailto:[EMAIL PROTECTED]
Sent: Friday, December 19, 2003 6:49 AM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.JunkMail] Reverse dns help



>I asked Ameritech - oops SBC to add a reverse dns entry for me, instead it
>appears they have delegated rdns to me.
>
>I tried http://www.dnsstuff.com/tools/ptr.ch?ip=65.42.199.3 to see what is
>happening.
>I don't quite understand the Got CNAME referral to ns2.ostgaard.com (zone
>3.0.199.42.65.in-addr.arpa) should this not return (zone
>3.199.42.65.in-addr.arpa) ?

What is happening here is that Ameritech/SBC is using CNAMEs to delegate on 
other than Class A/B/C boundaries.

>Is this the correct response, or have they not quite done the delegation
>correctly?

They actually have done it correctly.  In this case, you would set up a PTR 
record for 3.0.199.42.65.in-addr.arpa, which would be the reverse DNS entry 
for 65.42.199.3.  It's a bit confusing, but works.

-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
Declude Virus: Catches known viruses and is the leader in mailserver 
vulnerability detection.
Find out what you've been missing: Ask about our free 30-day evaluation.

---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.
*** appended by declude *** To: [EMAIL PROTECTED] FROM:
[EMAIL PROTECTED] WEIGHT: -3 HEADERCODE: e REMOTEHOST:
declude.com REMOTEIP: 24.107.232.14 SENDERHOST declude.com REVDNS:
cpe-24-107-232-14.ma.charter.com  QUEUENAME: Df7fd033700fa8e02.SMD
TESTSFAILED: WEIGHTCOPY
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.


Re: [Declude.JunkMail] SPF support to be added to next beta

2003-12-19 Thread R. Scott Perry

I've been looking over this trying to figure out how to best implement it 
for my domains.  It seems that since they are all on one class C, I should 
do the following:

   v=spf1 +a/24 +mx/24 -all

Now three very important questions...

1) If I implement this, will intra-server E-mail fail this test?  i.e. 
local mail customer at client IP 123.123.123.123 E-mail's me, where 
123.123.123.123 is not a local address, but the address of the border 
router at the client's location.
Yes.  Think of it this way -- is there any way to know that 123.123.123.123 
belongs to your client and not a spammer?

OTOH, you could use "WHITELIST AUTH" to whitelist their E-mail.

2) When my clients who are SMTP blocked by their ISP (port 25), and forced 
to use their ISP's mail server, am I correct in assuming that this will fail?
Correct.  In this case, it sounds like you would instead want to use:

v=spf1 +a/24 +mx/24 ?all

That way, you are saying that legitimate E-mail might come from IPs other 
than the ones that you list.  This way, neither #1 nor #2 will fail.

If I changed the test to +all in order to prevent these issues (if real), 
then it seems that it would only be useful as a negative weight test when 
my data is used.
"+all" is a very bad thing -- it says "Spammers, you are welcome to forge 
my domain from any IP."  While "-all" wouldn't work for you (it says that 
nobody from IPs you do not list can send mail from your domain), "?all" 
would work (it says that anybody trying to send mail from your domain using 
an IP you do not list *may* be legitimate).

   -Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
Declude Virus: Catches known viruses and is the leader in mailserver 
vulnerability detection.
Find out what you've been missing: Ask about our free 30-day evaluation.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.


Re: [Declude.JunkMail] Reverse dns help

2003-12-19 Thread R. Scott Perry

I asked Ameritech - oops SBC to add a reverse dns entry for me, instead it
appears they have delegated rdns to me.
I tried http://www.dnsstuff.com/tools/ptr.ch?ip=65.42.199.3 to see what is
happening.
I don't quite understand the Got CNAME referral to ns2.ostgaard.com (zone
3.0.199.42.65.in-addr.arpa) should this not return (zone
3.199.42.65.in-addr.arpa) ?
What is happening here is that Ameritech/SBC is using CNAMEs to delegate on 
other than Class A/B/C boundaries.

Is this the correct response, or have they not quite done the delegation
correctly?
They actually have done it correctly.  In this case, you would set up a PTR 
record for 3.0.199.42.65.in-addr.arpa, which would be the reverse DNS entry 
for 65.42.199.3.  It's a bit confusing, but works.

   -Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
Declude Virus: Catches known viruses and is the leader in mailserver 
vulnerability detection.
Find out what you've been missing: Ask about our free 30-day evaluation.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.


RE: [Declude.JunkMail] SPF support to be added to next beta

2003-12-19 Thread Kami Razvan
Matt:

That is the conclusion that I have reached ..

Our employees who check messages at home with ISP's blocking SMTP - will
naturally fail this.

Also I am still trying to figure out web responses.

Based on all that I have seen and read it appears a slight negative weight
to reduce FP's is all the use I see for this test... I think a positive test
will only increase our FP rate.

Regards,
Kami

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Matthew Bramble
Sent: Friday, December 19, 2003 12:14 AM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.JunkMail] SPF support to be added to next beta

Scott,

I've been looking over this trying to figure out how to best implement it
for my domains.  It seems that since they are all on one class C, I should
do the following:

v=spf1 +a/24 +mx/24 -all

Now three very important questions...

1) If I implement this, will intra-server E-mail fail this test?  i.e. 
local mail customer at client IP 123.123.123.123 E-mail's me, where
123.123.123.123 is not a local address, but the address of the border router
at the client's location. 

2) When my clients who are SMTP blocked by their ISP (port 25), and forced
to use their ISP's mail server, am I correct in assuming that this will
fail?

3) If the answer is yes to either one of these, does this make more sense to
implement against HELO instead of MAILFROM?  This would seem to be more
problematic than SPAMDOMAINS if it operates on MAILFROM, even if local
domains could be excluded.  Naturally, I might not be understanding this
fully.  If I changed the test to +all in order to prevent these issues (if
real), then it seems that it would only be useful as a negative weight test
when my data is used.

Thanks,

Matt




R. Scott Perry wrote:

> We will be adding support for SPF ("Sender Permitted From", at 
> http://spf.pobox.com ) to the next beta of Declude JunkMail.  This is 
> a system that lets owners of domains publish information on what 
> mailservers people can use to send mail from the domain.  We expect 
> that this can be very useful in blocking spam (similar to the 
> SPAMDOMAINS test), as well as helping ensure that legitimate mail gets 
> through.
>
> http://spf.pobox.com/dns.html covers how to add an SPF record for your 
> own domain.  At its simplest, if all your E-mail is coming from your 
> mailserver, and your mailserver is listed in your MX record, you would 
> add a TXT record of "v=spf1 +mx -all" for your domain.  The SPF 
> records always start with "v=spf1"; the "+mx" means that any E-mail 
> from an IP listed in your MX records is good,  and the "-all" is a 
> default so that any other E-mail is bad.
>
> The SPF system is much, much more flexible than the SPAMDOMAINS test, 
> and it lets domain owners control the settings (which allows them to 
> be much more accurate).  If widely implemented, it will make it much 
> more difficult for spammers to get their spam delivered.
>
>-Scott



---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To unsubscribe,
just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe
Declude.JunkMail".  The archives can be found at
http://www.mail-archive.com.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.


Re: [Declude.JunkMail] SPF support to be added to next beta

2003-12-19 Thread Matthew Bramble
Scott,

I've been looking over this trying to figure out how to best implement 
it for my domains.  It seems that since they are all on one class C, I 
should do the following:

   v=spf1 +a/24 +mx/24 -all

Now three very important questions...

1) If I implement this, will intra-server E-mail fail this test?  i.e. 
local mail customer at client IP 123.123.123.123 E-mail's me, where 
123.123.123.123 is not a local address, but the address of the border 
router at the client's location. 

2) When my clients who are SMTP blocked by their ISP (port 25), and 
forced to use their ISP's mail server, am I correct in assuming that 
this will fail?

3) If the answer is yes to either one of these, does this make more 
sense to implement against HELO instead of MAILFROM?  This would seem to 
be more problematic than SPAMDOMAINS if it operates on MAILFROM, even if 
local domains could be excluded.  Naturally, I might not be 
understanding this fully.  If I changed the test to +all in order to 
prevent these issues (if real), then it seems that it would only be 
useful as a negative weight test when my data is used.

Thanks,

Matt



R. Scott Perry wrote:

We will be adding support for SPF ("Sender Permitted From", at 
http://spf.pobox.com ) to the next beta of Declude JunkMail.  This is 
a system that lets owners of domains publish information on what 
mailservers people can use to send mail from the domain.  We expect 
that this can be very useful in blocking spam (similar to the 
SPAMDOMAINS test), as well as helping ensure that legitimate mail gets 
through.

http://spf.pobox.com/dns.html covers how to add an SPF record for your 
own domain.  At its simplest, if all your E-mail is coming from your 
mailserver, and your mailserver is listed in your MX record, you would 
add a TXT record of "v=spf1 +mx -all" for your domain.  The SPF 
records always start with "v=spf1"; the "+mx" means that any E-mail 
from an IP listed in your MX records is good,  and the "-all" is a 
default so that any other E-mail is bad.

The SPF system is much, much more flexible than the SPAMDOMAINS test, 
and it lets domain owners control the settings (which allows them to 
be much more accurate).  If widely implemented, it will make it much 
more difficult for spammers to get their spam delivered.

   -Scott


---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.


Re: [Declude.JunkMail] HOTMAIL ?

2003-12-19 Thread Bill Landry
These lines are not long enough to wrap, so they are correct as listed
below.

Bill
- Original Message - 
From: "Glenn Brooks" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, December 18, 2003 3:16 PM
Subject: RE: [Declude.JunkMail] HOTMAIL ?


> I would like to try the file listed below for the spamdomains...but I am
> nto sure if wrapping has taken place in the mail client. Could someone
send
> me a attachement of the text file that has been working for them...thanks
> in advance...At 04:31 PM 12/18/2003 -0500, you wrote:
>
> >altavista.  .av.com
> >amazon.com  .forevermail.com
> >ameritech.net  .sbc.com
> >.aol.com
> >@aol.com  .aol.com
> >.apple.com
> >@apple.com  .apple.com
> >.att.   .cdpd.airdata.com
> >@att.   .att.
> >attbi.com  .comcast.
> >bellatlantic.net .verizon.net
> >.bellsouth.net
> >@bellsouth.net  .bellsouth.net
> >.btinternet.
> >@btinternet.  .btinternet.
> >.buy.com  .dartmail.com
> >@buy.com  .buy.com
> >.charter.net
> >@charter.net  .charter.net
> >.cisco.com
> >@cisco.com  .cisco.com
> >.comcast.
> >@comcast.  .comcast.
> >.compaq.com
> >@compaq.com  .compaq.com
> >compuserve.com  .aol.com
> >concentric.com  .cnchost.com
> >concentric.net  .cnc.net
> >.cox.
> >@cox.   .cox.
> >@cs.com   .aol.com
> >.dell.com
> >@dell.com  .dell.com
> >earthlink.  .mindspring.
> >.ebay.com  .emailebay.com
> >@ebay.com  .ebay.com
> >excite.com  .excitenetwork.com
> >.gateway.com  .dartmail.net
> >@gateway.com  .gateway.com
> >geocities.com  .yahoo.com
> >gte.   .verizon.
> >.hotmail.com
> >@hotmail.com  .hotmail.com
> >hp.com   .compaq.com
> >juno.com  .untd.com
> >.lycos.com
> >@lycos.com  .lycos.com
> >.microsoft.com
> >@microsoft.com  .microsoft.com
> >mindspring.  .earthlink.
> >msn.com   .hotmail.com
> >netscape.  .aol.com
> >netzero.  .untd.com
> >.paypal.com
> >@paypal.com  .paypal.com
> >prodigy.net  .yahoo.
> >psi.   .cogentco.com
> >qwest.   .uswest.
> >.rr.com
> >@rr.com   .rr.com
> >.sbc.com
> >@sbc.com  .sbc.com
> >sprint.   .sprintlink.net
> >swbell.net  .prodigy.net
> >uswest.   .qwest.
> >verio.   .veriomail.com
> >verizon.com  .gte.com
> >verizon.net  .bellatlantic.
> >.yahoo.
> >@yahoo.   .yahoo.
>
>
> ---
> [This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
>
> ---
> This E-mail came from the Declude.JunkMail mailing list.  To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.JunkMail".  The archives can be found
> at http://www.mail-archive.com.
>

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.


Re: [Declude.JunkMail] SPF vs. Form Mail

2003-12-19 Thread R. Scott Perry

I think whitelisting E-mail based on an SPF PASS probably isn't a wise 
idea, but I'm sure that spammers that do use SPF will be much easier to 
catch (they are providing a list of IPs that they may be spamming from ).
If I was a spammer, I would use this to my advantage.  These guys collect 
2,000 IP's at a time, and move around their blocks in order to avoid being 
perma-listed in the RBL's already, and turning on and off some SPF 
listings can't be that much more difficult.
But, they then have to register domains to publish the SPF records 
with.  That leaves a new area for exploration -- finding the registrars 
they are using, checking WHOIS information, NS records, etc.  If SPF E-mail 
was being whitelisted, it would be very useful for the spammer.  But if it 
subtracts 10 points from the weight of the E-mail, it isn't going to be 
enough to make it worth the while for spammers to do this.

Normally, it uses the return address of the E-mail (MAILFROM, from the 
X-Declude-Sender: header).  However, if there is a NULL <> return 
address, or the address isn't valid ("postmaster", for example), then the 
domain in the HELO/EHLO will be used.


I'm not sure if this is in the RFC, but it would be a lot more accurate if 
you could compare the HELO to the SPF data.  Some scripts to also falsify 
the HELO, but no where near the number of forged domains in MAILFROM.
The original design for SPF allowed for that, but the current one does 
not.  I'm not sure why that was changed.

   -Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
Declude Virus: Catches known viruses and is the leader in mailserver 
vulnerability detection.
Find out what you've been missing: Ask about our free 30-day evaluation.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.


[Declude.JunkMail] Reverse dns help

2003-12-19 Thread Glen Ostgaard
I asked Ameritech - oops SBC to add a reverse dns entry for me, instead it
appears they have delegated rdns to me.

I tried http://www.dnsstuff.com/tools/ptr.ch?ip=65.42.199.3 to see what is
happening.
I don't quite understand the Got CNAME referral to ns2.ostgaard.com (zone
3.0.199.42.65.in-addr.arpa) should this not return (zone
3.199.42.65.in-addr.arpa) ?

Is this the correct response, or have they not quite done the delegation
correctly?



How I am searching:
Asking e.root-servers.net for 3.199.42.65.in-addr.arpa PTR record:
   e.root-servers.net says to go to ginseng.arin.net. (zone:
65.in-addr.arpa.)
Asking ginseng.arin.net. for 3.199.42.65.in-addr.arpa PTR record:
   ginseng.arin.net says to go to NS2.AMERITECH.NET. (zone:
42.65.in-addr.arpa.)
Asking NS2.AMERITECH.NET. for 3.199.42.65.in-addr.arpa PTR record:  Got
CNAME referral to ns2.ostgaard.com. (zone 3.0.199.42.65.in-addr.arpa.)
Asking ns2.ostgaard.com. for 3.0.199.42.65.in-addr.arpa. PTR record:
Reports that no PTR records exist.

Answer:
No PTR records exist for 65.42.199.3. [Neg TTL=86400 seconds]

Any assistance would be appreciated.


---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.


[Declude.JunkMail] Why SPF "UNKNOWN"?

2003-12-19 Thread Andy Schmidt
Title: Message



Hi:
 
I have lots of SPF 
"unknown" in the SPF.log file - most look as if they should have 
FAILED:
 
12.219.157.132   [EMAIL PROTECTED] [family]: UNKNOWN
 
Here the Imail 
log:
 
12:18 23:10 
SMTPD(16C9012A) [63.107.174.78] connect 12.219.157.132 port 449312:18 23:10 
SMTPD(16C9012A) [12.219.157.132] EHLO family12:18 
23:10 SMTPD(16C9012A) [12.219.157.132] MAIL FROM:<[EMAIL PROTECTED]>12:18 23:10 
SMTPD(16C9012A) [12.219.157.132] RCPT TO:<[EMAIL PROTECTED]>12:18 23:10 
SMTPD(16C9012A) [12.219.157.132] D:\IMAIL\spool\D7a4f16c9012af4a4.SMD 
2744
 
Here the declude 
log:
 
12/18/2003 23:10:59 
Q7a4f16c9012af4a4 CBL:7 nNOLEGITCONTENT:-3 SPAMDOMAINS:4 WEIGHTFILTER:-2 .  
Total weight = 6.12/18/2003 23:10:59 Q7a4f16c9012af4a4 NOT bypassing 
whitelisting of E-mail with weight >=20 (6) and at least 1 recipients 
(1).12/18/2003 23:10:59 Q7a4f16c9012af4a4 NOT bypassing whitelisting of 
E-mail with weight >=15 (6) and at least 4 recipients (1).12/18/2003 
23:10:59 Q7a4f16c9012af4a4 Msg failed SORBS ("Dynamic IP Address See: http://www.dnsbl.sorbs.net/cgi-bin/lookup?IP=12.219.157.132"). 
Action="">12/18/2003 23:10:59 Q7a4f16c9012af4a4 Msg failed CBL ("Blocked - 
see http://cbl.abuseat.org/lookup.cgi?ip=12.219.157.132"). 
Action="">12/18/2003 23:10:59 Q7a4f16c9012af4a4 Msg failed SPAMDOMAINS 
(Spamdomain 'hm-software.com' found: Address of [EMAIL PROTECTED] sent from invalid 
12-219-157-132.client.mchsi.com.). Action="">12/18/2003 23:10:59 
Q7a4f16c9012af4a4 Msg failed WEIGHTFILTER (Message failed WEIGHTFILTER test 
(line 6, weight 0)). Action="">12/18/2003 23:10:59 Q7a4f16c9012af4a4 Msg 
failed WEIGHTHDR (Total weight between 6 and 7.). Action="">12/18/2003 
23:10:59 Q7a4f16c9012af4a4 Subject: your wife will NEVER know!12/18/2003 
23:10:59 Q7a4f16c9012af4a4 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED]  IP: 
12.219.157.132 ID: 
 
Best 
RegardsAndy SchmidtPhone:  +1 201 934-3414 x20 
(Business)Fax:    +1 201 934-9206 
 


[Declude.JunkMail] SPF -> Altavista

2003-12-19 Thread Andy Schmidt
Title: Message



I'm impressed who is 
already on board:
 
http://www.dnsstuff.com/tools/lookup.ch?name=altavista.net&type=TXT
http://www.dnsstuff.com/tools/lookup.ch?name=softhome.net&type=TXT
 
It's been catching a 
few spammers already.
 
Best 
RegardsAndy SchmidtPhone:  +1 201 934-3414 x20 
(Business)Fax:    +1 201 934-9206