RE: [Declude.JunkMail] Imail Web Based Interface
I do store all of my user databases in SQL, but it doesn't really matter, the CF side never see's the username/password. It's just a little trick I did to verify the identity of the user. My whitelist/blacklists are so very simple... I'm actually not using declude's whitelists/blacklists... Those work via IMAIL's rules.ima Any approved senders first. [rules.ima] F~[EMAIL PROTECTED]:MAIN ( sends any mail from approved-sender to main mailbox, stop's processing rules on that message ) Then any black lists F~[EMAIL PROTECTED]:NUL ( just deletes mail without any trace ) Then my weight-rule based on what level the client chose (header check) H~X-SpamLevel-Low:SPAM And of course in $default$.junkmail LOW WARN X-SpamLevel-Low: This message triggered the low spam test MEDIUM WARN X-SpamLevel-Medium: This message triggered the medium spam test HIGH WARN X-SpamLevel-High: This message triggered the high spam test And [global.cfg] HIGHweightrange x x 1 15 MEDIUM weightrange x x 16 25 LOW weight x x 26 0 I am actually finishing up a revision that gives my users a way of syncronizing their approved senders lists to their IMAIL address book, and lets them upload/download their IMAIL address book so they can syncronize it with Outlook Express. When I first started this concept I posted my source to the list, but have not updated that source in quite some time. Some of the source is specific to my system (because of the billing system integaration), but most of what you need is contained within just a couple of .cfm's. I will send you them off list this afternoon. -Tom -Original Message- From: Cxan [mailto:[EMAIL PROTECTED]] Sent: Sunday, December 01, 2002 9:49 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Imail Web Based Interface Tom, This is exactly what I am talking about. I noticed that you used Cold Fusion and that is what our developers use. The idea that I have is extremely close to what you have done. I will search the archive to find your documentation. For the approved and black list did you use a table SQL database. I am assuming that you are not saving your Imail user database in the registry. The reason I ask is I am leaving our Imail user database just as it is (the default) but yet we created a SQL table for whitelist/blacklist information. It is very much a table that holds the rules for per domain or per user email address. This way the users can very much populate this database using interfaces very similar and almost identical to your interface. In addition I wrote a external program in Visual Basic that is call by Declude. queries this table for each incoming email and makes decision and contributes to Decludes weighting system based on the rules stated in the database . That is mainly why I love the design and ideas behind Declude. I was wondering if it is possible to get a copy of your .cfm files and modify them? Best Regards, Mishi - Original Message - From: Tom Baker | Netsmith Inc [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, December 01, 2002 10:23 PM Subject: RE: [Declude.JunkMail] Imail Web Based Interface The session string can be helpful for kicking a user between iwebmsg and your own web server with only a single authentication point. I have already accomplished this with my system, and have integrated my online billing / spam filters with the web templates. You can see an example of what I'm talking about at http://mail.bsc.net/ Email= [EMAIL PROTECTED] Pass = declude Notice whenever your URL begins with http://mail.; you are in IMAIL's Web messeging server, but whenever your URL begins with http://signup.; you have followed a link which kicked you to my other web server, and verified your login information from IMAIL. (preventing you from having to login twice). ( for a specific example, click the spam filters button ) Search the mail archives at http://www.mail-archive.com/declude.junkmail%40declude.com/ to find my older post which explains how I accomplish this, or ask if you are curious. I think this might be along the lines of what you are asking. -Tom -Original Message- From: Cxan [mailto:[EMAIL PROTECTED]] Sent: Sunday, December 01, 2002 4:35 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Imail Web Based Interface Terry, You have been a great help today. I think the links that you sent me would be a good start. Many Thanks Mishi - Original Message - From: Smart Business Lists [EMAIL PROTECTED] To: Cxan [EMAIL PROTECTED] Sent: Sunday, December 01, 2002 5:28 PM Subject: Re: [Declude.JunkMail] Imail Web Based Interface Mishi Sunday, December 1, 2002 you wrote: The link that you sent me did not explain what I am asking for. Let me explain my question a bit more: Suppose there is a virtual domain called abcvirtual.com on a server called
RE: [Declude.JunkMail] Imail Web Based Interface
I just posted asp source to my app which is similar in concept to Tom's, except it also has a spambox to manage held spam for the user. I know some people have looked at it, but I haven't received any feedback yet. It aollows for management of the spam messages separate from Imail's aging since it does not store the messages in Imail. So if you are like me and only have size limitations on your mailboxes, and cannot revert to clearing old messages automatically, the separate spambox can have aged messages, and the size limits on the original mailbox are not affected by spam. Find the app info and download at http://spamreview.argolink.net/doc Thanks, Chuck Frolick ArgoNet, Inc. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Tom Baker | Netsmith Inc Sent: Monday, December 02, 2002 7:35 AM To: '[EMAIL PROTECTED]' Subject: RE: [Declude.JunkMail] Imail Web Based Interface I do store all of my user databases in SQL, but it doesn't really matter, the CF side never see's the username/password. It's just a little trick I did to verify the identity of the user. My whitelist/blacklists are so very simple... I'm actually not using declude's whitelists/blacklists... Those work via IMAIL's rules.ima Any approved senders first. [rules.ima] F~[EMAIL PROTECTED]:MAIN ( sends any mail from approved-sender to main mailbox, stop's processing rules on that message ) Then any black lists F~[EMAIL PROTECTED]:NUL ( just deletes mail without any trace ) Then my weight-rule based on what level the client chose (header check) H~X-SpamLevel-Low:SPAM And of course in $default$.junkmail LOW WARN X-SpamLevel-Low: This message triggered the low spam test MEDIUM WARN X-SpamLevel-Medium: This message triggered the medium spam test HIGH WARN X-SpamLevel-High: This message triggered the high spam test And [global.cfg] HIGHweightrange x x 1 15 MEDIUM weightrange x x 16 25 LOW weight x x 26 0 I am actually finishing up a revision that gives my users a way of syncronizing their approved senders lists to their IMAIL address book, and lets them upload/download their IMAIL address book so they can syncronize it with Outlook Express. When I first started this concept I posted my source to the list, but have not updated that source in quite some time. Some of the source is specific to my system (because of the billing system integaration), but most of what you need is contained within just a couple of .cfm's. I will send you them off list this afternoon. -Tom -Original Message- From: Cxan [mailto:[EMAIL PROTECTED]] Sent: Sunday, December 01, 2002 9:49 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Imail Web Based Interface Tom, This is exactly what I am talking about. I noticed that you used Cold Fusion and that is what our developers use. The idea that I have is extremely close to what you have done. I will search the archive to find your documentation. For the approved and black list did you use a table SQL database. I am assuming that you are not saving your Imail user database in the registry. The reason I ask is I am leaving our Imail user database just as it is (the default) but yet we created a SQL table for whitelist/blacklist information. It is very much a table that holds the rules for per domain or per user email address. This way the users can very much populate this database using interfaces very similar and almost identical to your interface. In addition I wrote a external program in Visual Basic that is call by Declude. queries this table for each incoming email and makes decision and contributes to Decludes weighting system based on the rules stated in the database . That is mainly why I love the design and ideas behind Declude. I was wondering if it is possible to get a copy of your .cfm files and modify them? Best Regards, Mishi - Original Message - From: Tom Baker | Netsmith Inc [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, December 01, 2002 10:23 PM Subject: RE: [Declude.JunkMail] Imail Web Based Interface The session string can be helpful for kicking a user between iwebmsg and your own web server with only a single authentication point. I have already accomplished this with my system, and have integrated my online billing / spam filters with the web templates. You can see an example of what I'm talking about at http://mail.bsc.net/ Email= [EMAIL PROTECTED] Pass = declude Notice whenever your URL begins with http://mail.; you are in IMAIL's Web messeging server, but whenever your URL begins with http://signup.; you have followed a link which kicked you to my other web server, and verified your login information from IMAIL. (preventing you from having to login twice). ( for a specific example, click the spam filters button ) Search the mail archives at http://www.mail-archive.com/declude.junkmail
Re: [Declude.JunkMail] Imail Web Based Interface
This mighthave been asked beforebut has anyone out there developed a web based interface so the users can change some of the parameters? To be more specific about my question is how does Imail pass the security string in the web based client. I looked a few places and could not find any hints or literature. Does any one have a good resource for that? I have been playing around with calling an external program with Delude and it looks very promising. Best Regards, Mishi
Re: [Declude.JunkMail] Imail Web Based Interface
Sunday, December 1, 2002 you wrote: C anyone out there developed a web based interface so the users can C change some of the parameters? A lot of discussion but I don't remember if I've seen anyone actual release a version. C To be more specific about my question is how does Imail pass the C security string in the web based client. I looked a few places and C could not find any hints or literature. try http://support.ipswitch.com/kb/IM-2815-DM03.htm Terry Fritts --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Imail Web Based Interface
Terry, The link that you sent me did not explain what I am asking for. Let me explain my question a bit more: Suppose there is a virtual domain called abcvirtual.com on a server called xyzserver.com. When a user logs in to the server using Imail port 8383 then Imail creates a bunch of security character strings like : http://xyzserver.com:8383/Xade9939bcc9fcf9aee8571e9/menu.63104.cgi?mbx=Main What I am trying to figure out is what holds/creates the string : Xade9939bcc9fcf9aee8571e9 - Original Message - From: Smart Business Lists [EMAIL PROTECTED] To: Cxan [EMAIL PROTECTED] Sent: Sunday, December 01, 2002 4:15 PM Subject: Re: [Declude.JunkMail] Imail Web Based Interface Sunday, December 1, 2002 you wrote: C anyone out there developed a web based interface so the users can C change some of the parameters? A lot of discussion but I don't remember if I've seen anyone actual release a version. C To be more specific about my question is how does Imail pass the C security string in the web based client. I looked a few places and C could not find any hints or literature. try http://support.ipswitch.com/kb/IM-2815-DM03.htm Terry Fritts --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Imail Web Based Interface
Mishi Sunday, December 1, 2002 you wrote: The link that you sent me did not explain what I am asking for. Let me explain my question a bit more: Suppose there is a virtual domain called abcvirtual.com on a server called xyzserver.com. When a user logs in to the server using Imail port 8383 then Imail creates a bunch of security character strings like : http://xyzserver.com:8383/Xade9939bcc9fcf9aee8571e9/menu.63104.cgi?mbx=Main What I am trying to figure out is what holds/creates the string : Xade9939bcc9fcf9aee8571e9 Oh, I did misunderstand. I do not believe that the session id is well known. It is certainly not documented in so far as I know and I've never seen a hack described. There have been vulnerabilities described to acquire someone's session id but all I know presuppose the existence of the id. Since the IMAIL password has been hacked and described I suspect the session id has not been or it would also be described somewhere. Therefore, I suspect your most promising path of exploration is to attempt to modify the templates after the session is created. See these links for aid on customizing web messaging templates and the special tags you can use: http://support.ipswitch.com/kb/IM-2615-DM01.htm http://support.ipswitch.com/kb/IM-20010928-DM01.htm http://www.ipswitch.com/support/IMail/guide/imailug7.1/Appendix%20H%20cal_templates5.html I know this is not answering your question but maybe it will help. Terry Fritts --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Imail Web Based Interface
Terry, You have been a great help today. I think the links that you sent me would be a good start. Many Thanks Mishi - Original Message - From: Smart Business Lists [EMAIL PROTECTED] To: Cxan [EMAIL PROTECTED] Sent: Sunday, December 01, 2002 5:28 PM Subject: Re: [Declude.JunkMail] Imail Web Based Interface Mishi Sunday, December 1, 2002 you wrote: The link that you sent me did not explain what I am asking for. Let me explain my question a bit more: Suppose there is a virtual domain called abcvirtual.com on a server called xyzserver.com. When a user logs in to the server using Imail port 8383 then Imail creates a bunch of security character strings like : http://xyzserver.com:8383/Xade9939bcc9fcf9aee8571e9/menu.63104.cgi?mbx=Main What I am trying to figure out is what holds/creates the string : Xade9939bcc9fcf9aee8571e9 Oh, I did misunderstand. I do not believe that the session id is well known. It is certainly not documented in so far as I know and I've never seen a hack described. There have been vulnerabilities described to acquire someone's session id but all I know presuppose the existence of the id. Since the IMAIL password has been hacked and described I suspect the session id has not been or it would also be described somewhere. Therefore, I suspect your most promising path of exploration is to attempt to modify the templates after the session is created. See these links for aid on customizing web messaging templates and the special tags you can use: http://support.ipswitch.com/kb/IM-2615-DM01.htm http://support.ipswitch.com/kb/IM-20010928-DM01.htm http://www.ipswitch.com/support/IMail/guide/imailug7.1/Appendix%20H%20cal_te mplates5.html I know this is not answering your question but maybe it will help. Terry Fritts --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Imail Web Based Interface
The session string can be helpful for kicking a user between iwebmsg and your own web server with only a single authentication point. I have already accomplished this with my system, and have integrated my online billing / spam filters with the web templates. You can see an example of what I'm talking about at http://mail.bsc.net/ Email= [EMAIL PROTECTED] Pass = declude Notice whenever your URL begins with http://mail.; you are in IMAIL's Web messeging server, but whenever your URL begins with http://signup.; you have followed a link which kicked you to my other web server, and verified your login information from IMAIL. (preventing you from having to login twice). ( for a specific example, click the spam filters button ) Search the mail archives at http://www.mail-archive.com/declude.junkmail%40declude.com/ to find my older post which explains how I accomplish this, or ask if you are curious. I think this might be along the lines of what you are asking. -Tom -Original Message- From: Cxan [mailto:[EMAIL PROTECTED]] Sent: Sunday, December 01, 2002 4:35 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Imail Web Based Interface Terry, You have been a great help today. I think the links that you sent me would be a good start. Many Thanks Mishi - Original Message - From: Smart Business Lists [EMAIL PROTECTED] To: Cxan [EMAIL PROTECTED] Sent: Sunday, December 01, 2002 5:28 PM Subject: Re: [Declude.JunkMail] Imail Web Based Interface Mishi Sunday, December 1, 2002 you wrote: The link that you sent me did not explain what I am asking for. Let me explain my question a bit more: Suppose there is a virtual domain called abcvirtual.com on a server called xyzserver.com. When a user logs in to the server using Imail port 8383 then Imail creates a bunch of security character strings like : http://xyzserver.com:8383/Xade9939bcc9fcf9aee8571e9/menu.63104.cgi?mbx=Main What I am trying to figure out is what holds/creates the string : Xade9939bcc9fcf9aee8571e9 Oh, I did misunderstand. I do not believe that the session id is well known. It is certainly not documented in so far as I know and I've never seen a hack described. There have been vulnerabilities described to acquire someone's session id but all I know presuppose the existence of the id. Since the IMAIL password has been hacked and described I suspect the session id has not been or it would also be described somewhere. Therefore, I suspect your most promising path of exploration is to attempt to modify the templates after the session is created. See these links for aid on customizing web messaging templates and the special tags you can use: http://support.ipswitch.com/kb/IM-2615-DM01.htm http://support.ipswitch.com/kb/IM-20010928-DM01.htm http://www.ipswitch.com/support/IMail/guide/imailug7.1/Appendix%20H%20cal_te mplates5.html I know this is not answering your question but maybe it will help. Terry Fritts --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Imail Web Based Interface
You may find this message of interest - http://www.mail-archive.com/declude.junkmail@declude.com/msg03771.html I haven't implemented it yet, but am planning to in .ASP for Declude setting integration. - Original Message - From: Cxan [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, December 01, 2002 4:38 PM Subject: Re: [Declude.JunkMail] Imail Web Based Interface called xyzserver.com. When a user logs in to the server using Imail port 8383 then Imail creates a bunch of security character strings like : http://xyzserver.com:8383/Xade9939bcc9fcf9aee8571e9/menu.63104.cgi?mbx=Main What I am trying to figure out is what holds/creates the string : Xade9939bcc9fcf9aee8571e9 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Imail Web Based Interface
Tom, This is exactly what I am talking about. I noticed that you used Cold Fusion and that is what our developers use. The idea that I have is extremely close to what you have done. I will search the archive to find your documentation. For the approved and black list did you use a table SQL database. I am assuming that you are not saving your Imail user database in the registry. The reason I ask is I am leaving our Imail user database just as it is (the default) but yet we created a SQL table for whitelist/blacklist information. It is very much a table that holds the rules for per domain or per user email address. This way the users can very much populate this database using interfaces very similar and almost identical to your interface. In addition I wrote a external program in Visual Basic that is call by Declude. queries this table for each incoming email and makes decision and contributes to Decludes weighting system based on the rules stated in the database . That is mainly why I love the design and ideas behind Declude. I was wondering if it is possible to get a copy of your .cfm files and modify them? Best Regards, Mishi - Original Message - From: Tom Baker | Netsmith Inc [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, December 01, 2002 10:23 PM Subject: RE: [Declude.JunkMail] Imail Web Based Interface The session string can be helpful for kicking a user between iwebmsg and your own web server with only a single authentication point. I have already accomplished this with my system, and have integrated my online billing / spam filters with the web templates. You can see an example of what I'm talking about at http://mail.bsc.net/ Email= [EMAIL PROTECTED] Pass = declude Notice whenever your URL begins with http://mail.; you are in IMAIL's Web messeging server, but whenever your URL begins with http://signup.; you have followed a link which kicked you to my other web server, and verified your login information from IMAIL. (preventing you from having to login twice). ( for a specific example, click the spam filters button ) Search the mail archives at http://www.mail-archive.com/declude.junkmail%40declude.com/ to find my older post which explains how I accomplish this, or ask if you are curious. I think this might be along the lines of what you are asking. -Tom -Original Message- From: Cxan [mailto:[EMAIL PROTECTED]] Sent: Sunday, December 01, 2002 4:35 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Imail Web Based Interface Terry, You have been a great help today. I think the links that you sent me would be a good start. Many Thanks Mishi - Original Message - From: Smart Business Lists [EMAIL PROTECTED] To: Cxan [EMAIL PROTECTED] Sent: Sunday, December 01, 2002 5:28 PM Subject: Re: [Declude.JunkMail] Imail Web Based Interface Mishi Sunday, December 1, 2002 you wrote: The link that you sent me did not explain what I am asking for. Let me explain my question a bit more: Suppose there is a virtual domain called abcvirtual.com on a server called xyzserver.com. When a user logs in to the server using Imail port 8383 then Imail creates a bunch of security character strings like : http://xyzserver.com:8383/Xade9939bcc9fcf9aee8571e9/menu.63104.cgi?mbx=Main What I am trying to figure out is what holds/creates the string : Xade9939bcc9fcf9aee8571e9 Oh, I did misunderstand. I do not believe that the session id is well known. It is certainly not documented in so far as I know and I've never seen a hack described. There have been vulnerabilities described to acquire someone's session id but all I know presuppose the existence of the id. Since the IMAIL password has been hacked and described I suspect the session id has not been or it would also be described somewhere. Therefore, I suspect your most promising path of exploration is to attempt to modify the templates after the session is created. See these links for aid on customizing web messaging templates and the special tags you can use: http://support.ipswitch.com/kb/IM-2615-DM01.htm http://support.ipswitch.com/kb/IM-20010928-DM01.htm http://www.ipswitch.com/support/IMail/guide/imailug7.1/Appendix%20H%20cal_te mplates5.html I know this is not answering your question but maybe it will help. Terry Fritts --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type