RE: [Declude.JunkMail] Strange header from REVDNS and REMOTEIP
-Subscribe: mailto:[EMAIL PROTECTED] Delivered-To: mailing list [EMAIL PROTECTED] Delivered-To: moderator for [EMAIL PROTECTED] Received: (qmail 1163 invoked from network); 10 Sep 2003 13:30:25 - Message-Id: [EMAIL PROTECTED] From: Dan Harkless [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: Permitting recursion can allow spammers to steal name server resources In-Reply-To: Your message of Tue, 09 Sep 2003 22:52:50 EDT. [EMAIL PROTECTED] Date: Wed, 10 Sep 2003 12:29:57 -0700 X-Declude-Sender: [EMAIL PROTECTED] [205.206.231.27] X-Declude-Spoolname: D975b097c01d0949c.SMD X-RBL-Warning: Total weight: 0 X-Tests-Failed: Whitelisted X-Country-Chain: X-Note: SENT from n his article, which raise ([205.206.231.27]). X-Note: Sender address: [EMAIL PROTECTED] X-RCPT-TO: [EMAIL PROTECTED] Status: R X-UIDL: 350546480 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of R. Scott Perry Sent: Monday, September 08, 2003 4:36 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Strange header from REVDNS and REMOTEIP Well, I'm using Outlook 2000, and the only thing at the level of my PC which might influence the headers is a piece of software which changes incoming HTML email into plain text. If you think it'll make a difference, I can try to retrieve one of these via IMail's Web Messaging, before my local client gets hold of it?? If it is possible, that would be helpful. IMail's web messaging won't alter the headers at all, so that should provide the best results. -Scott --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Strange header from REVDNS and REMOTEIP
Enclosed are several headers taken directly from a main.mbx file on the IMail server. (A few internal names have been changed/protected.) The affected line starts with X-Note: SENT from and should show REVDNS and REMOTEIP. This only happens about once every 30 messages. Hmmm. What are your HOP, HOPHIGH or IPBYPASS settings? It looks like one of them may not be set up correctly. Also, what version of Declude are you running (you can type \IMail\Declude -diag from a command prompt to find out)? -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Strange header from REVDNS and REMOTEIP
We're running version 1.70 professional. After you zeroed in on those settings, I reviewed some posts in the archive and made a change. Here is before and after... HOP 0 HOPHIGH 1 IPBYPASS64.105.145.252 HOP 0 # HOPHIGH 1 # IPBYPASS 64.105.145.252 That IP address was formerly a backup mail server, and we don't yet have a gateway. Am I on the right track now? Keith Purtell, Web/Network Administrator VantageMed Operations (Kansas City) Email: [EMAIL PROTECTED] CONFIDENTIALITY NOTICE: This email message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of R. Scott Perry Sent: Thursday, September 11, 2003 12:53 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Strange header from REVDNS and REMOTEIP Enclosed are several headers taken directly from a main.mbx file on the IMail server. (A few internal names have been changed/protected.) The affected line starts with X-Note: SENT from and should show REVDNS and REMOTEIP. This only happens about once every 30 messages. Hmmm. What are your HOP, HOPHIGH or IPBYPASS settings? It looks like one of them may not be set up correctly. Also, what version of Declude are you running (you can type \IMail\Declude -diag from a command prompt to find out)? -Scott --- --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Strange header from REVDNS and REMOTEIP
We're running version 1.70 professional. I would recommend upgrading to 1.75 (1.70 was a beta version, with some known issues). After you zeroed in on those settings, I reviewed some posts in the archive and made a change. Here is before and after... HOP 0 HOPHIGH 1 IPBYPASS64.105.145.252 HOP 0 # HOPHIGH 1 # IPBYPASS 64.105.145.252 That IP address was formerly a backup mail server, and we don't yet have a gateway. Am I on the right track now? I'm guessing this will fix the problem. I would still recommend upgrading to 1.75, however. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Strange header from REVDNS and REMOTEIP
I've started getting strange results in an XINHEADER. Specifically, one that uses REVDNS and REMOTEIP. Enclosed is an example followed by the relevant snippet from config.cfg. I can't figure out the SENT from X-Note which has recently been sporadically showing gibberish, and the first line that includes the text information for me which looks like a fragment. (Slightly modified to protect email addresses.) === : information for me ([207.227.11.155]). Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset=us-ascii Date: Mon, 8 Sep 2003 12:25:51 -0500 From: Andy User [EMAIL PROTECTED] Message-Id: [EMAIL PROTECTED] Received: from atlas.custfirst.com [207.227.11.155] by www.vantagemed.com with ESMTP (SMTPD32-8.02) id A6D720E00282; Mon, 08 Sep 2003 12:05:27 -0500 Received: by atlas.custfirst.com with Internet Mail Service (5.5.2653.19) id SP42NS05; Mon, 8 Sep 2003 12:25:52 -0500 Return-Receipt-To: Andy User [EMAIL PROTECTED] Subject: RE: Users for CustomerFirst and Upgrade To: 'Post Master' [EMAIL PROTECTED] X-Declude-Sender: [EMAIL PROTECTED] [207.227.11.155] X-Declude-Spoolname: Db6d720e002829198.SMD X-Mailer: Internet Mail Service (5.5.2653.19) X-Note: SENT from that X-Note: Sender address: [EMAIL PROTECTED] === XINHEADER X-RBL-Warning: Total weight: %WEIGHT% XINHEADER X-Tests-Failed: %TESTSFAILED% XOUTHEADER X-Note: Scanned by Declude JunkMail (www.declude.com). XINHEADER X-Note: SENT from %REVDNS% ([%REMOTEIP%]). XINHEADER X-Note: Sender address: %MAILFROM% XSENDER ON === Keith Purtell, Web/Network Administrator VantageMed Operations (Kansas City) Email: [EMAIL PROTECTED] CONFIDENTIALITY NOTICE: This email message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Strange header from REVDNS and REMOTEIP
I've started getting strange results in an XINHEADER. Specifically, one that uses REVDNS and REMOTEIP. Enclosed is an example followed by the relevant snippet from config.cfg. I can't figure out the SENT from X-Note which has recently been sporadically showing gibberish, and the first line that includes the text information for me which looks like a fragment. (Slightly modified to protect email addresses.) Do you have the full headers in the proper order? It looks like you are using a mail client that modifies the order and/or content of the headers, which makes it difficult to troubleshoot an issue like this. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Strange header from REVDNS and REMOTEIP
Well, I'm using Outlook 2000, and the only thing at the level of my PC which might influence the headers is a piece of software which changes incoming HTML email into plain text. If you think it'll make a difference, I can try to retrieve one of these via IMail's Web Messaging, before my local client gets hold of it?? Keith Purtell, Web/Network Administrator VantageMed Operations (Kansas City) Email: [EMAIL PROTECTED] CONFIDENTIALITY NOTICE: This email message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of R. Scott Perry Sent: Monday, September 08, 2003 4:02 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Strange header from REVDNS and REMOTEIP I've started getting strange results in an XINHEADER. Specifically, one that uses REVDNS and REMOTEIP. Enclosed is an example followed by the relevant snippet from config.cfg. I can't figure out the SENT from X-Note which has recently been sporadically showing gibberish, and the first line that includes the text information for me which looks like a fragment. (Slightly modified to protect email addresses.) Do you have the full headers in the proper order? It looks like you are using a mail client that modifies the order and/or content of the headers, which makes it difficult to troubleshoot an issue like this. -Scott --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Strange header from REVDNS and REMOTEIP
Well, I'm using Outlook 2000, and the only thing at the level of my PC which might influence the headers is a piece of software which changes incoming HTML email into plain text. If you think it'll make a difference, I can try to retrieve one of these via IMail's Web Messaging, before my local client gets hold of it?? If it is possible, that would be helpful. IMail's web messaging won't alter the headers at all, so that should provide the best results. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.