Re: [Declude.JunkMail] DJM Held Mail For Domain That Wasn'tConfigured For Filtering

[R. Scott Perry]

I apologize in advance if the questions I'm about to pose to your are
simple.
No need to apologize -- simple questions are easier for me to answer.  :)

> What makes this tricky is that the headers do not include the list of
> recipients.  For that, you would need to check the IMail SMTP log file
> (looking for the "RCPT TO:" lines).  The "To:" header is sometimes
> different than the actual recipient list.
Since the message passed through on the 17th, is the IMail SMTP Log File
that I'm supposed to be looking at located at D:\iMail\spool\log0617.txt?
Correct.

I know very little about IMail and had nothing to do with it's installation on
the server.
http://www.declude.com/info/logs.htm may help out a bit with the log files.

PERCENT  HOLD

I had no idea this was in the global.cfg.  It must have been a default or
something because I didn't set it up.
That is correct -- "PERCENT HOLD" is a default setting (it catches spammers 
trying to relay using an outdated relaying method that should not be used 
anymore).

Knowing that is there, though explains a lot.  If you look back at the 
original message you can see that
the recipient e-mail address does have a '%' in the username.

So I guess my question is this, should DJM be HOLDing on this test?  I've
never seen it come up before.
Most people find that it should be.  In this case, the address 
"Melinda_Long/[EMAIL PROTECTED]" uses an outdated routing 
scheme.  Assuming that you can't get the chase.com people to fix this, you 
would need to turn off the PERCENT test (unless you were willing to 
whitelist all E-mail to this user, and any others using this format).



   -Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
Declude Virus: Catches known viruses and is the leader in mailserver 
vulnerability detection.
Find out what you have been missing: Ask for a free 30-day evaluation.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] DJM Held Mail For Domain That Wasn'tConfigured For Filtering

[R. Scott Perry]

We are using Declude JunkMail Pro.  For the time being I am using "per
domain" filtering.  A piece of e-mail was blocked by DJM that isn't set up
for "per domain" filtering and I don't understand why.  Here are the
headers...
What makes this tricky is that the headers do not include the list of 
recipients.  For that, you would need to check the IMail SMTP log file 
(looking for the "RCPT TO:" lines).  The "To:" header is sometimes 
different than the actual recipient list.

X-RBL-Warning: WEIGHT10: Weight of 10 reaches or exceeds the limit of 10.
In this case, Declude JunkMail used a configuration file that has "WEIGHT10 
WARN" in it.

The domain itself is a valid name on our IMail Server but nothing is setup
in DJM to tell it to even look at these domains.  I looked at the
$default$.junkmail which is at the root of "\imail\declude" (the only part
of DJM which I think could effect it) and every action for every test is set
to IGNORE.
Do you have a line "WEIGHT10 WARN" in the \IMail\Declude\global.cfg file 
(which would be used if IMail considered this outgoing E-mail)?  What do 
the log file entries say about this E-mail?

   -Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
Declude Virus: Catches known viruses and is the leader in mailserver 
vulnerability detection.
Find out what you have been missing: Ask for a free 30-day evaluation.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.