Re: [Declude.JunkMail] Originating IP -I'm confused, please don't flame me... flame me...
Marc Catuogno wrote: Please excuse my ignorance again, but since I have updated my Declude to include the EASYNET-DYNA test someone who is sending from an optimum online account is getting caught by this test. Are all of optonline's servers listed by this test? Or is something else going on with this guy's optonline? Maybe I'm just tired... That would be quite hard to figure out, but it is likely that if they have one block, they have many listed. Again, you can counterbalance for that reverse DNS setting or all the local blocks of IP's, even up to the B level if it makes it easier to do. DUL lists shouldn't be scored very high anyway because FP's are common enough and if you aren't whitelisting AUTH, it will definitely pick up some stuff. It's important to understand which tests have a high likelihood of interacting with others when you add them, such as DUL tests, foreign-type tests, bulk mail tests, etc. It's a balancing act where too few of one type can let too much in and too many of one type can create those FP's. Scoring of course should be considered as a component of all related tests. At least that's the way I look at it. Maybe you should be trimming back on the EASYNET-DYNA and forged from address scores. I might get some of this stuff to 70% of my fail weight with those tests, but it's still passing through and it's helpful with blocking. Your userbase might of course be more challenging in other respects as well. Matt --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Originating IP -I'm confused, please don't flame me...
I guess I never really looked. I just assumed that when mail came from my server, even if it was to a local user, that it would have the IP of my server as the sending IP, as it would if my server was sending mail to another server. I wonder if I had them authenticate at a different SMTP or did a store and forward server and having that IP whitelisted, if that would assuage this issue. IMAIL 8 scares me. 80% of my users use the web interface exclusively and the reported slowness will get me tarred and feathered -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sanford Whiteman Sent: Wednesday, November 12, 2003 1:12 AM To: Marc Catuogno Subject: Re: [Declude.JunkMail] Originating IP -I'm confused, please don't flame me... > Why wouldn't they be getting the IP of my server once they > authenticate? Does this happen with other users? Of course not! Since Declude with IMail 7.x and lower doesn't know whether a connection was AUTHed, there's no way that this could work. And with 8.x and higher, the connecting IP remains the same even if WHITELIST AUTH is on--as logic would predict, no? -Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Originating IP -I'm confused, please don't flame me...
It's doing what it should, it's testing the sender and not the receiver. Score both tests lower if you want to use that functionality for this purpose, and so that you don't diminish the value of SPAMDOMAINS otherwise, you should put it into a different spamdomains type of filter file specific to local domains. You might also want to give a few points back for the range of IP's used locally for OPTONLINE. Upgrading to IMail 8 and using WHITELIST AUTH would of course correct much of that problem. I score that same type of filter at 30% of fail weight on my system. Matt Marc Catuogno wrote: In an effort to catch spammers forging my domain, I've added my own domain to a spamdomain test. Now all e-mails sent through outlook are failing the test because the server is seeing them as coming from whatever IP the user is connected to. Since they are mostly OPTONLINE customers they are also failing EASYNET-DYNA test. Why wouldn't they be getting the IP of my server once they authenticate? Am I missing a setting somewhere? Is there anything I can do short of Upgrading from 7.15 to 8.04 and using the Auth White test? Thanks - Marc --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Originating IP -I'm confused, please don't flame me...
> Why wouldn't they be getting the IP of my server once they > authenticate? Does this happen with other users? Of course not! Since Declude with IMail 7.x and lower doesn't know whether a connection was AUTHed, there's no way that this could work. And with 8.x and higher, the connecting IP remains the same even if WHITELIST AUTH is on--as logic would predict, no? -Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
