Re: [Declude.JunkMail] white list or positive weight for a specific To address?
“It is just our way.” That has such a Zen sound to it, like you must find your own path to enlightenment. I am still confused by both your suggestion and Randy’s. They both seem to be based on the From line, which would not be declude.com. Here are the first few header lines from one of Randy’s emails in this discussion: Received: from smtp.declude.com [216.144.195.81] by mail2.bcwebhost.net with ESMTP (SMTPD-9.23) id A94001FC; Sat, 18 Jun 2011 11:06:56 -0700 Received: from smail.globalweb.net (smail.globalweb.net [208.74.80.105]) by smtp.declude.com with SMTP; Sat, 18 Jun 2011 13:05:28 -0500 Received: from HRADellDTPC (173-163-199-121-richmond.hfc.comcastbusiness.net [173.163.199.121]) by smail.globalweb.net with SMTP; Sat, 18 Jun 2011 14:05:05 -0400 From: Randy A ra...@globalweb.us To: Declude.JunkMail@declude.com References: -291971859_45532...@smtp.declude.com -170080375_45540...@smtp.declude.com 242286454_45562...@smtp.declude.com 251212219_45563...@smtp.declude.com 258933297_45563...@smtp.declude.com 317249079_45567...@smtp.declude.com 51015843_49160...@smtp.declude.com 82729453_49162...@smtp.declude.com 119798468_49164...@smtp.declude.com In-Reply-To: 119798468_49164...@smtp.declude.com Subject: RE: [Declude.JunkMail] white list or positive weight for a specific To address? Date: Sat, 18 Jun 2011 14:06:08 -0400 I would expect both your whitelist technique and Randy’s counter-weighting to apply to the From line, which shows ra...@globalweb.us, not Declude.com. So am I misunderstanding how these tests work? Do they use the In-Reply-To line instead? Or search the whole header? Thanks, Ben From: Nick Hayer Sent: Saturday, June 18, 2011 12:12 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] white list or positive weight for a specific To address? yup there is some sort of cap in global.cfg the around that is with a whitelist file that would contain entries like: MAILFROMWHITELISTCONTAINS@declude.com and clearly implementation technique is a personal thing :) We use compensatory filters to add/subtract weights as needed, and whitelist filters for whitelisting - which I am not suggesting is a better way. Its just our way.. -Nick MadRiverAccess.com|Skywaves.com Tech Support US/Canada 877-873-6482 or International +1-802-229-6574 Emergency Support 24/7: supp...@skywaves.net General and Non-Emergency support ticket: https://www.skywaves.com/content/secure/support_ticket.htm From: Randy A ra...@globalweb.us Sent: Saturday, June 18, 2011 2:23 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] white list or positive weight for a specific To address? Yes but if I remember correctly there is a limit on the number of whitelist entries you can have in the cfg file (200 I think – please correct me if I am wrong) so depending on the number of domains you are hosting email for, this could fill up at some point. We use the whitelist technique for our company needs, and the text file format for customer needs so everything is in one location for easier management. Sincerely, Randy Armbrecht Global Web Solutions, Inc. Office: 804.442.5300 option 1 Toll Free: 877.800.4562 24 /7 Tech Support! Your Internet Source.Since 1996! NEW GlobalSync Remote-BackUp Solutions! Web Hosting - E-Mail - Spam/Virus Gateway Services Hi-Speed DSL and Wireless Internet - T-1/T-3's PC Support - Networking - Virus/MalWare Removal 25% discount on most services for Non-Profits! Call us today! From: Nick Hayer [mailto:n...@madriveraccess.com] Sent: Saturday, June 18, 2011 2:10 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] white list or positive weight for a specific To address? An easy way to whitelist these in your global.cfg WHITELISTFROM@declude.com -Nick MadRiverAccess.com|Skywaves.com Tech Support US/Canada 877-873-6482 or International +1-802-229-6574 Emergency Support 24/7: supp...@skywaves.net General and Non-Emergency support ticket: https://www.skywaves.com/content/secure/support_ticket.htm From: IMail Admin imailad...@bcwebhost.net Sent: Saturday, June 18, 2011 1:36 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] white list or positive weight for a specific To address? Can you give me the line you used in the config file? From: Randy A Sent: Saturday, June 18, 2011 12:18 AM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] white list or positive weight for a specific To address? On my declude config, I set up a GoodMailList test text file, added a negative point value to this test, and then I add any of my customer’s email lists that were getting flagged by declude Sincerely, Randy Armbrecht Global Web Solutions, Inc. Office:
RE: [Declude.JunkMail] white list or positive weight for a specific To address?
Why not use the HELO or REVDNS? REVDNS is going to be the safest because of the difficulty in forging it HELO -10 CONTAINS smtp.declude.com or HELO WHITELIST CONTAINS smtp.declude.com REVDNS -10 CONTAINS smtp.declude.com or REVDNS WHITELIST CONTAINS smtp.declude.com or even blanket the headers with HEADERS -10 CONTAINS smtp.declude.com or HEADERS WHITELIST CONTAINS smtp.declude.com MAILFROM would be my 4th choice if the helo or revdns was broken -- Rick From: IMail Admin [mailto:imailad...@bcwebhost.net] Sent: Sunday, June 19, 2011 1:02 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] white list or positive weight for a specific To address? “It is just our way.” That has such a Zen sound to it, like you must find your own path to enlightenment. I am still confused by both your suggestion and Randy’s. They both seem to be based on the From line, which would not be declude.com. Here are the first few header lines from one of Randy’s emails in this discussion: Received: from smtp.declude.com [216.144.195.81] by mail2.bcwebhost.net with ESMTP (SMTPD-9.23) id A94001FC; Sat, 18 Jun 2011 11:06:56 -0700 Received: from smail.globalweb.net (smail.globalweb.net [208.74.80.105]) by smtp.declude.com with SMTP; Sat, 18 Jun 2011 13:05:28 -0500 Received: from HRADellDTPC (173-163-199-121-richmond.hfc.comcastbusiness.net [173.163.199.121]) by smail.globalweb.net with SMTP; Sat, 18 Jun 2011 14:05:05 -0400 From: Randy A ra...@globalweb.us To: Declude.JunkMail@declude.com References: -291971859_45532...@smtp.declude.com -170080375_45540...@smtp.declude.com 242286454_45562...@smtp.declude.com 251212219_45563...@smtp.declude.com 258933297_45563...@smtp.declude.com 317249079_45567...@smtp.declude.com 51015843_49160...@smtp.declude.com 82729453_49162...@smtp.declude.com 119798468_49164...@smtp.declude.com In-Reply-To: 119798468_49164...@smtp.declude.com Subject: RE: [Declude.JunkMail] white list or positive weight for a specific To address? Date: Sat, 18 Jun 2011 14:06:08 -0400 I would expect both your whitelist technique and Randy’s counter-weighting to apply to the From line, which shows ra...@globalweb.usmailto:ra...@globalweb.us, not Declude.com. So am I misunderstanding how these tests work? Do they use the In-Reply-To line instead? Or search the whole header? Thanks, Ben From: Nick Hayermailto:n...@madriveraccess.com Sent: Saturday, June 18, 2011 12:12 PM To: Declude.JunkMail@declude.commailto:Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] white list or positive weight for a specific To address? yup there is some sort of cap in global.cfg the around that is with a whitelist file that would contain entries like: MAILFROMWHITELISTCONTAINS@declude.com and clearly implementation technique is a personal thing :) We use compensatory filters to add/subtract weights as needed, and whitelist filters for whitelisting - which I am not suggesting is a better way. Its just our way.. -Nick MadRiverAccess.com|Skywaves.com Tech Support US/Canada 877-873-6482 or International +1-802-229-6574 Emergency Support 24/7: supp...@skywaves.net General and Non-Emergency support ticket: https://www.skywaves.com/content/secure/support_ticket.htm From: Randy A ra...@globalweb.us Sent: Saturday, June 18, 2011 2:23 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] white list or positive weight for a specific To address? Yes but if I remember correctly there is a limit on the number of whitelist entries you can have in the cfg file (200 I think – please correct me if I am wrong) so depending on the number of domains you are hosting email for, this could fill up at some point. We use the whitelist technique for our company needs, and the text file format for customer needs so everything is in one location for easier management. Sincerely, Randy Armbrecht Global Web Solutions, Inc. Office: 804.442.5300 option 1 Toll Free: 877.800.4562 24 /7 Tech Support! Your Internet Source.Since 1996! NEW GlobalSync Remote-BackUp Solutions! Web Hosting - E-Mail - Spam/Virus Gateway Services Hi-Speed DSL and Wireless Internet - T-1/T-3's PC Support - Networking - Virus/MalWare Removal 25% discount on most services for Non-Profits! Call us today! From: Nick Hayer [mailto:n...@madriveraccess.com] Sent: Saturday, June 18, 2011 2:10 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] white list or positive weight for a specific To address? An easy way to whitelist these in your global.cfg WHITELISTFROM@declude.com -Nick MadRiverAccess.com|Skywaves.com Tech Support US/Canada 877-873-6482 or International +1-802-229-6574 Emergency Support 24/7: supp...@skywaves.netmailto:supp...@skywaves.net General and Non-Emergency support ticket: https://www.skywaves.com/content/secure/support_ticket.htm From: IMail Admin imailad...@bcwebhost.net Sent:
Re: [Declude.JunkMail] white list or positive weight for a specific To address?
Why not use the HELO or REVDNS? REVDNS is going to be the safest because of the difficulty in forging it Not always... if the domain has a hard-fail SPF record that isn't *itself* dependent on forgeable records (only uses IPs and forward DNS entries), then the MAILFROM can't successfully impersonate the protected domain (the envelope sender can still be trivially crafted, of course, but the mail will be rejected). However, in the case under discussion, declude.com's SPF record depends on the forgeable PTR, so in this case the SPF isn't any stronger protection than REVDNS itself. I would hesitate to say that there's any difficulty forging the PTR as part of a targeted attack. @ Ben, the MAILFROM for list messages uses the format declude.junkmail-your_verp...@declude.com, so there is a consistent SMTP (RFC 821) emvelope sender to filter on. -- Sandy --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.