RE: [Declude.JunkMail] How to whitelist this

2007-07-27 Thread Kevin Bilbee 
Frankly, I did not think of it, in general I do not like negative weighting. 
But it may apply in this situation. We use negative weighting in rare occasions.

I realize the RDNS is more secure and will not be prone to spammers faking the 
address. BUT, Also, our users use the trusted senders in SmarterMail with 
Declude and I would like to put out a FAQ to them on this issue to better 
clarify to them the functionality of whitelisting.


Kevin Bilbee



> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darrell
> ([EMAIL PROTECTED])
> Sent: Friday, July 27, 2007 1:31 PM
> To: declude.junkmail@declude.com
> Subject: Re: [Declude.JunkMail] How to whitelist this
> 
> Why not just base it on a REVDNS test for .fedex.com and assign a large
> negative weight?
> 
> --
> Check out http://www.invariantsystems.com for utilities for Declude,
> Imail, mxGuard, and ORF.  IMail/Declude Overflow Queue Monitoring,
> SURBL/URI integration, MRTG Integration, and Log Parsers.
> 
> 
> 
> 
> Kevin Bilbee wrote:
> > How does the whitelist features work?
> >
> >
> >
> > We receive various emails from fedex with different domain portions of
> > the email.
> >
> >
> >
> > I have
> >
> >
> >
> > @fedex.com
> >
> > fedex.com
> >
> >
> >
> > In our domain level whitelist? But they emails do not seem to be getting
> > white listed.
> >
> >
> >
> > It seems that the whitelist works on the following
> >
> >
> >
> > [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
> > – the entire email address
> >
> > @fn3nds2.prod.fedex.com – the entire domain including the @
> >
> > fn3nds2.prod.fedex.com – Just the domain portion
> >
> >
> >
> >
> >
> > How do I whitelist just on the first subdomain like fedex.com?
> >
> >
> >
> > Kevin Bilbee
> > Network Administrator
> > Standard Abrasives, Inc.
> > [EMAIL PROTECTED]
> > 
> > Changing the way industry works.
> >
> >
> >
> >
> > ---
> > This E-mail came from the Declude.JunkMail mailing list. To
> > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> > type "unsubscribe Declude.JunkMail". The archives can be found
> > at http://www.mail-archive.com.
> 
> --
> 
> 
> 
> ---
> This E-mail came from the Declude.JunkMail mailing list.  To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.JunkMail".  The archives can be found
> at http://www.mail-archive.com.




---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] How to whitelist this

2007-07-27 Thread Darrell ([EMAIL PROTECTED]) 
Why not just base it on a REVDNS test for .fedex.com and assign a large 
negative weight?


--
Check out http://www.invariantsystems.com for utilities for Declude, 
Imail, mxGuard, and ORF.  IMail/Declude Overflow Queue Monitoring, 
SURBL/URI integration, MRTG Integration, and Log Parsers.





Kevin Bilbee wrote:

How does the whitelist features work?

 

We receive various emails from fedex with different domain portions of 
the email.


 


I have

 


@fedex.com

fedex.com

 

In our domain level whitelist? But they emails do not seem to be getting 
white listed.


 


It seems that the whitelist works on the following

 

[EMAIL PROTECTED]  
– the entire email address


@fn3nds2.prod.fedex.com – the entire domain including the @

fn3nds2.prod.fedex.com – Just the domain portion

 

 


How do I whitelist just on the first subdomain like fedex.com?

 


Kevin Bilbee
Network Administrator
Standard Abrasives, Inc.
[EMAIL PROTECTED]

Changing the way industry works.

 



---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.


--



---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

[Declude.JunkMail] How to whitelist this

2007-07-27 Thread Kevin Bilbee 
How does the whitelist features work?

 

We receive various emails from fedex with different domain portions of the 
email.

 

I have 

 

@fedex.com

fedex.com

 

In our domain level whitelist? But they emails do not seem to be getting white 
listed.

 

It seems that the whitelist works on the following

 

[EMAIL PROTECTED] – the entire email address

@fn3nds2.prod.fedex.com – the entire domain including the @

fn3nds2.prod.fedex.com – Just the domain portion

 

 

How do I whitelist just on the first subdomain like fedex.com?

 

Kevin Bilbee
Network Administrator
Standard Abrasives, Inc.
[EMAIL PROTECTED]

Changing the way industry works. 



 



---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] How to whitelist this?

2003-07-04 Thread Markus Gufler 

> What Declude JM looks at is the "X-Declude-Sender" address

Thank you for this clarification!

Ok, I've put this domain now in the fromfile which I give -70% of our
hold weight.
However we've some hold messages from buongiorno.com because they are
listed nearly every day on different RBLs and can reach up to 250% of
our hold value.

I've asked some of our customers. All this newsletters are wanted and
not interpreted as spam.

Maybe the best way is to track for some days all
buongiorno.com-newsletters and whitelist (or give an additional negative
weight) to the sending IP's.

Markus




---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] How to whitelist this?

2003-07-03 Thread Bill Landry 
Title: Nachricht



Markus, in the sample two headers you posted here, 
you could whitelist buongiorno.com (not that I would recommend doing so, 
however).  What Declude JM looks at is the "X-Declude-Sender" address, and 
in this case both examples you posted end with buongiorno.com.
 
What I would recommend doing, if you are running a 
version that supports the weighting system, is to use something like the 
following in a mailfrom filter file:
 
MAILFROM -25 CONTAINS .buongiorno.com
 
or
 

MAILFROM -25 ENDSWITH 
.buongiorno.com
 
That way you can apply just enough of a 
negative weight to the message so that it can be delivered, however, if a 
spammer tries to use "buongiorno.com" as a forged sender address, you still have 
a fighting chance to block the message with your other spam tests.  If you 
whitelist the domain, then anything any spammer happens to send to your users 
will get delivered if the sender address is forged to be [EMAIL PROTECTED].
 
Bill


  - Original Message - 
  From: 
  Markus Gufler 
  
  To: [EMAIL PROTECTED] 
  
  Sent: Thursday, July 03, 2003 2:22 
  PM
  Subject: [Declude.JunkMail] How to 
  whitelist this?
  
  What's the best 
  way to whitelist emails like the following two?
  Yesterday I've 
  posted something about buongiorno.com and that they send out a lot of (legit?) 
  newsletter following the opt-in principle.
   
  whitelisting the 
  from-domain does not work, because in some of this newsletters the from-domain 
  it's not buongiorno.com (see second header example below)
   
  As you can see the 
  messages can come also from different IP's (the first from their italian, the 
  second one from the austrian Mailer, and I don't know if there are also 
  others)
   
  Is there anything 
  else in the header that I can use to reliable whitelist this 
  messages?
   
  Markus
   
   
   
  Header 1  
  
  Received: from be3a.com [217.27.90.132] by 
  mail.zcom.it  (SMTPD32-7.15) id A9052AC00C0; Thu, 03 Jul 2003 
  22:58:45 +0200Error-To: [EMAIL PROTECTED]Reply-To: CustomerCare <[EMAIL PROTECTED]>Date: Thu, 3 Jul 2003 17:13:00 CESTFrom: 
  B!Direct <[EMAIL PROTECTED]>To: info@domain.itSubject: [s241] [03/07]  - ProProteggi la tua rete. 
  Ora.Content-Type: 
  multipart/alternative; boundary="__BoundaryOfDocument__"MIME-Version: 
  1.0Content-Transfer-Encoding: 7bitMessage-Id: <[EMAIL PROTECTED]>X-RBL-Warning: SPAMCOP: Blocked - see http://spamcop.net/bl.shtml?217.27.90.132X-RBL-Warning: NOABUSE: Not supporting [EMAIL PROTECTED]X-RBL-Warning: 
  BADHEADERS: This E-mail was sent from a broken mail client 
  [c040020f].X-RBL-Warning: SPAMHEADERS: This E-mail has headers consistent 
  with spam [c040020f].X-RBL-Warning: SPAMCHK: Message failed 
  SPAMCHK: 105.X-Declude-Sender: 
  [EMAIL PROTECTED] [217.27.90.132]X-Spam-Tests-Failed: SPAMCOP, NOABUSE, 
  BADHEADERS, SPAMHEADERS, NOLEGITCONTENT, SPAMCHK, WHTLST_DOMAIN, WEIGHT75, 
  WEIGHT100 [141]X-Note: Sent from 
  [EMAIL PROTECTED] - teng1.be3a.com ([217.27.90.132]).X-Spam-Prob: 0.999833
   
   
  
   
  Header 2  
  
  Received: from be3a.com [212.239.56.2] by 
  mail.zcom.it  (SMTPD32-7.15) id A22249200B0; Thu, 03 Jul 2003 
  21:21:06 +0200Error-To: [EMAIL PROTECTED]Reply-To: [EMAIL PROTECTED]Date: Thu, 3 Jul 2003 12:00:00 CESTFrom: Der Spekulant 
  <[EMAIL PROTECTED]>To: info@domain.itSubject: [s106] Bank Austria interessantContent-Type: 
  multipart/alternative;    
  boundary="__BoundaryOfDocument__"MIME-Version: 
  1.0Content-Transfer-Encoding: 7bitMessage-Id: <[EMAIL PROTECTED]>X-RBL-Warning: SPAMCOP: Blocked - see http://spamcop.net/bl.shtml?212.239.56.2X-RBL-Warning: NOABUSE: Not supporting [EMAIL PROTECTED]X-RBL-Warning: 
  BADHEADERS: This E-mail was sent from a broken mail client 
  [c040020f].X-RBL-Warning: SPAMHEADERS: This E-mail has headers consistent 
  with spam [c040020f].X-RBL-Warning: SPAMCHK: Message failed 
  SPAMCHK: 35.X-Declude-Sender: 
  [EMAIL PROTECTED] [212.239.56.2]X-Spam-Tests-Failed: SPAMCOP, NOABUSE, 
  BADHEADERS, SPAMHEADERS, HEUR10, NOLEGITCONTENT, SPAMCHK, WEIGHT75, WEIGHT100 
  [106]X-Note: Sent from [EMAIL PROTECTED] - eng6.be3a.com ([212.239.56.2]).X-Spam-Prob: 
  0.999833
   
   
   

[Declude.JunkMail] How to whitelist this?

2003-07-03 Thread Markus Gufler 
Title: Nachricht



What's the best way 
to whitelist emails like the following two?
Yesterday I've 
posted something about buongiorno.com and that they send out a lot of (legit?) 
newsletter following the opt-in principle.
 
whitelisting the 
from-domain does not work, because in some of this newsletters the from-domain 
it's not buongiorno.com (see second header example below)
 
As you can see the 
messages can come also from different IP's (the first from their italian, the 
second one from the austrian Mailer, and I don't know if there are also 
others)
 
Is there anything 
else in the header that I can use to reliable whitelist this 
messages?
 
Markus
 
 
 
Header 1  

Received: from be3a.com [217.27.90.132] by 
mail.zcom.it  (SMTPD32-7.15) id A9052AC00C0; Thu, 03 Jul 2003 22:58:45 
+0200Error-To: [EMAIL PROTECTED]Reply-To: CustomerCare <[EMAIL PROTECTED]>Date: Thu, 3 Jul 2003 17:13:00 CESTFrom: B!Direct 
<[EMAIL PROTECTED]>To: info@domain.itSubject: [s241] [03/07]  - ProProteggi la tua rete. 
Ora.Content-Type: 
multipart/alternative; boundary="__BoundaryOfDocument__"MIME-Version: 
1.0Content-Transfer-Encoding: 7bitMessage-Id: <[EMAIL PROTECTED]>X-RBL-Warning: SPAMCOP: Blocked - see http://spamcop.net/bl.shtml?217.27.90.132X-RBL-Warning: NOABUSE: Not supporting [EMAIL PROTECTED]X-RBL-Warning: 
BADHEADERS: This E-mail was sent from a broken mail client 
[c040020f].X-RBL-Warning: SPAMHEADERS: This E-mail has headers consistent 
with spam [c040020f].X-RBL-Warning: SPAMCHK: Message failed 
SPAMCHK: 105.X-Declude-Sender: 
[EMAIL PROTECTED] [217.27.90.132]X-Spam-Tests-Failed: SPAMCOP, NOABUSE, 
BADHEADERS, SPAMHEADERS, NOLEGITCONTENT, SPAMCHK, WHTLST_DOMAIN, WEIGHT75, 
WEIGHT100 [141]X-Note: Sent from 
[EMAIL PROTECTED] - teng1.be3a.com ([217.27.90.132]).X-Spam-Prob: 0.999833
 
 

 
Header 2  

Received: from be3a.com [212.239.56.2] by 
mail.zcom.it  (SMTPD32-7.15) id A22249200B0; Thu, 03 Jul 2003 21:21:06 
+0200Error-To: [EMAIL PROTECTED]Reply-To: [EMAIL PROTECTED]Date: Thu, 3 Jul 2003 12:00:00 CESTFrom: Der Spekulant 
<[EMAIL PROTECTED]>To: 
info@domain.itSubject: [s106] Bank Austria interessantContent-Type: 
multipart/alternative;    
boundary="__BoundaryOfDocument__"MIME-Version: 
1.0Content-Transfer-Encoding: 7bitMessage-Id: <[EMAIL PROTECTED]>X-RBL-Warning: SPAMCOP: Blocked - see http://spamcop.net/bl.shtml?212.239.56.2X-RBL-Warning: NOABUSE: Not supporting [EMAIL PROTECTED]X-RBL-Warning: 
BADHEADERS: This E-mail was sent from a broken mail client 
[c040020f].X-RBL-Warning: SPAMHEADERS: This E-mail has headers consistent 
with spam [c040020f].X-RBL-Warning: SPAMCHK: Message failed 
SPAMCHK: 35.X-Declude-Sender: 
[EMAIL PROTECTED] [212.239.56.2]X-Spam-Tests-Failed: SPAMCOP, NOABUSE, 
BADHEADERS, SPAMHEADERS, HEUR10, NOLEGITCONTENT, SPAMCHK, WEIGHT75, WEIGHT100 
[106]X-Note: Sent from [EMAIL PROTECTED] - eng6.be3a.com ([212.239.56.2]).X-Spam-Prob: 
0.999833