RE: [Declude.JunkMail] X-RBL-Warning // Whitelisted but not
Robert, I did that too, but we also had the web server to deal with and some servers within our building that we couldnt connect to without going through fake listings in our own DNS. The long and short is that running my own DNS is an operational requirement unless we change internet providers and completely reconfigure our firewall to do NAT properly. That still doesnt explain why someone who is whitelisted still has some of their email caught. Susan Duncan Web/Communications Officer / Agent des Communications/web Union of Taxation Employees / Syndicat des employées de l'Impôt Tel: 613-235-6704 ext 240 Fax: 613-234-7290 e-mail: [EMAIL PROTECTED] http://www.ute-sei.org/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robert Sent: June 6, 2005 5:38 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] X-RBL-Warning // Whitelisted but not we just put our mail server ip in the hosts file. just a mention. robert - Original Message - From: Susan Duncan To: Declude.JunkMail@declude.com Sent: Monday, June 06, 2005 5:12 PM Subject: RE: [Declude.JunkMail] X-RBL-Warning // Whitelisted but not I fixed the DNS already. As I said it was missing the MX record in my internal dns. I need to run a separate DNS as the email server is behind the firewall and with the current configuration the only way for anyone internal to see the web or email server is to run my own mini dns. 06/01/2005 21:19:04 Q5E8705DC5A1F Skipping E-mail from authenticated user [EMAIL PROTECTED]; whitelisted. This is the only line in the declude log file pertaining to the first spool name. 06/01/2005 21:20:52 Q5EF114F40118D5BC L1 Message OK 06/01/2005 21:20:52 Q5EF114F40118D5BC Tests failed [weight=18]: CATCHALLMAILS=IGNORE IPNOTINMX=IGNORE MXRATE-BLOCK=WARN MAILFROM=WARN SUBJECTCHARS=WARN WEIGHT10=SUBJECT WEIGHT14=ROUTETO 06/01/2005 21:20:52 Q5EF114F40118D5BC Action(s) taken for [EMAIL PROTECTED] = IGNORE WARN SUBJECT ROUTETO [LAST ACTION=""> These are the lines pertaining to the second spool name. Susan Duncan Web/Communications Officer / Agent des Communications/web Union of Taxation Employees / Syndicat des employées de l'Impôt Tel: 613-235-6704 ext 240 Fax: 613-234-7290 e-mail: [EMAIL PROTECTED] http://www.ute-sei.org/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Sent: June 6, 2005 4:53 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] X-RBL-Warning // Whitelisted but not Susan, The double scanning seemed secondary to the problem at hand. You should re-read my message for info about fixing DNS in order to solve the issue. As far as the logs go, you are sending IMail logs and not the Declude JunkMail logs. It would be best to also share your JunkMail log entries corresponding to the headers so one could better figure out what was going on. Your IMail log seems to indicate that there were too many recipients in one message and that caused the Q file to exceed the allowed size. That might have cut off parts of a recipient address or caused other issues. Declude's logs would shed more light on this. Matt ==
RE: [Declude.JunkMail] X-RBL-Warning??
It looks like it should have passed, http://www.dnsstuff.com/tools/lookup.ch?name=ute-sei.orgtype=MX. I would turn the declude log level to High and send another test, this will give you more information on how it is checking. Thanks,Chris Patterson, CCNANetwork Engineer/Support Manager From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan DuncanSent: Monday, June 06, 2005 1:49 PMTo: Declude.JunkMail@declude.comSubject: RE: [Declude.JunkMail] X-RBL-Warning?? Im resending this as I didnt get any replies. Anyone?? -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan DuncanSent: May 31, 2005 9:35 AMTo: Declude.JunkMail@declude.comSubject: [Declude.JunkMail] X-RBL-Warning?? Our own domain is getting caught with an X-RBL-Warning: X-RBL-Warning: MAILFROM: Domain ute-sei.org has no MX or A records [0001]. I checked the documentation for this and found: Each line determines the action to take for a specific test; for example, "ORBZ WARN" lets Declude JunkMail know to add a standard "X-RBL-Warning:" header for E-mail that fails the ORBZ test. I cant find how to check the ORBZ test. Everything I look up tells me that this domain doesnt exist anymore. Any other checks I make on our domain points to the MX record being defined properly. What should I be checking or changing? Susan Duncan Web/Communications Officer / Agent des Communications/webUnion of Taxation Employees / Syndicat des employées de l'ImpôtTel: 613-235-6704 ext 240Fax: 613-234-7290e-mail: [EMAIL PROTECTED]http://www.ute-sei.org/
RE: [Declude.JunkMail] X-RBL-Warning??
This part of the problem seems to be fixed. I added an MX record to my internal DNS and Im no longer getting the error. I was confused because I checked the DNS lookups and everything seemed fine but Id forgotten that it first looks at our internal version. Thanks for the reply. Susan Duncan Web/Communications Officer / Agent des Communications/web Union of Taxation Employees / Syndicat des employées de l'Impôt Tel: 613-235-6704 ext 240 Fax: 613-234-7290 e-mail: [EMAIL PROTECTED] http://www.ute-sei.org/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chris Patterson Sent: June 7, 2005 10:00 AM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] X-RBL-Warning?? It looks like it should have passed, http://www.dnsstuff.com/tools/lookup.ch?name=ute-sei.orgtype=MX. I would turn the declude log level to High and send another test, this will give you more information on how it is checking. Thanks, Chris Patterson, CCNA Network Engineer/Support Manager From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Duncan Sent: Monday, June 06, 2005 1:49 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] X-RBL-Warning?? Im resending this as I didnt get any replies. Anyone?? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Duncan Sent: May 31, 2005 9:35 AM To: Declude.JunkMail@declude.com Subject: [Declude.JunkMail] X-RBL-Warning?? Our own domain is getting caught with an X-RBL-Warning: X-RBL-Warning: MAILFROM: Domain ute-sei.org has no MX or A records [0001]. I checked the documentation for this and found: Each line determines the action to take for a specific test; for example, ORBZ WARN lets Declude JunkMail know to add a standard X-RBL-Warning: header for E-mail that fails the ORBZ test. I cant find how to check the ORBZ test. Everything I look up tells me that this domain doesnt exist anymore. Any other checks I make on our domain points to the MX record being defined properly. What should I be checking or changing? Susan Duncan Web/Communications Officer / Agent des Communications/web Union of Taxation Employees / Syndicat des employées de l'Impôt Tel: 613-235-6704 ext 240 Fax: 613-234-7290 e-mail: [EMAIL PROTECTED] http://www.ute-sei.org/
Re: [Declude.JunkMail] X-RBL-Warning // Whitelisted but not
Susan Duncan wrote: That still doesnt explain why someone who is whitelisted still has some of their email caught. That's not the issue, they aren't actually both happening at the same time. It's being double scanned, and it is only being whitelisted when it is being sent, but not when it is received (over one minute later according to your logs). The full headers should have showed the complete path that the E-mail took and it would be easier to diagnose if they were shared (the Received lines). I'm thinking that maybe this E-mail was sent from your server to an address on another server that was actually forwarded back to her address on your server. That's the only way that I can think of that would generate two different spool file names, and cause it to be scanned twice by Declude in this way; adding headers each time. Matt -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =
RE: [Declude.JunkMail] X-RBL-Warning // Whitelisted but not
It seems to be happening when staff are not in the office when they send the mail. When they are out of office they connect to email either through webmail or use outlook same as always but use an outside ISP. In some cases, they have to use some mail proxy server as some of the ISPs are blocking access to port 25 on servers that are not their own. X-Declude-Sender: [EMAIL PROTECTED] [127.0.0.1] X-Declude-Sender: [EMAIL PROTECTED] [32.97.166.48] The first time around it shows the local loop address and the second time around the dial-up ISP (att global) address. Should I still be getting this if I use Whitelist Auth? Ive even whitelisted specific users and still their messages sometimes get caught. Shouldnt whitelist take care of incoming and not outgoing? Should I just turn off outgoing tests? I seem to have misplaced the original message, but here are the headers of another message that follows the same rules. It wasnt scanned twice, but it doesnt show as whitelisted either. Received: from DTRAYOWCRO001.pngxnet.com [209.87.233.98] by ute-sei.org with ESMTP (SMTPD32-8.15) id A4071060152; Tue, 07 Jun 2005 08:33:11 -0400 Received: from UTENP01 ([10.255.255.142]) by DTRAYOWCRO001.pngxnet.com (8.12.4/8.12.4) with ESMTP id j57CfnGK023801 for [EMAIL PROTECTED]; Tue, 7 Jun 2005 08:41:53 -0400 From: Betty Bannon [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: FW: FW: utelocals distribution list Date: Tue, 7 Jun 2005 08:41:36 -0400 Message-ID: [EMAIL PROTECTED] MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.6626 Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 X-Declude-Sender: [EMAIL PROTECTED] [209.87.233.98] X-Declude-Spoolname: D94070106015219BF.SMD X-Declude-Note: Scanned by Declude 2.0.6 (http://www.declude.com/x-note.htm) for spam. X-Declude-Scan: Score [-5] at 08:33:13 on 07 Jun 2005 X-Declude-Tests: None X-Country-Chain: CANADA-destination X-RCPT-TO: [EMAIL PROTECTED] Status: U X-UIDL: 418092265 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Sent: June 7, 2005 10:42 AM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] X-RBL-Warning // Whitelisted but not Susan Duncan wrote: That still doesnt explain why someone who is whitelisted still has some of their email caught. That's not the issue, they aren't actually both happening at the same time. It's being double scanned, and it is only being whitelisted when it is being sent, but not when it is received (over one minute later according to your logs). The full headers should have showed the complete path that the E-mail took and it would be easier to diagnose if they were shared (the Received lines). I'm thinking that maybe this E-mail was sent from your server to an address on another server that was actually forwarded back to her address on your server. That's the only way that I can think of that would generate two different spool file names, and cause it to be scanned twice by Declude in this way; adding headers each time. Matt -- =MailPure custom filters for Declude JunkMail Pro.http://www.mailpure.com/software/=
Re: [Declude.JunkMail] X-RBL-Warning // Whitelisted but not
Just a little follow up about this. The first E-mail appears to be sent from your server in some sort of automated fashion (denoted by the GSC extension on the Q file). These are either postmaster messages, or some message created by calling imail1.exe directly (probably some bulk-mail script in this case, maybe even the listserv). It comes from the address [EMAIL PROTECTED] and was sent to a long list of addresses (too long for IMail not to throw an error). It was whitelisted on the way out. Then, one of the addresses on attglobal.net that it is sent to is apparently forwarding back to [EMAIL PROTECTED]. It is natural that it gets scanned coming back in, creating a second set of headers and a different spool file name. Your logs show the connecting hop as 32.97.166.48 which is in8.prserv.net and is used by ATT for sending/forwarding E-mail. The E-mail was being blocked because of a combination of primarily two things. First, your DNS setup was initially not allowing your server to resolve your own MX records causing a failure in the MAILFROM test when this came in from the other server with a Mail From domain of ute-sei.org. Secondly, you are using MXRATE-BLOCK which has issues with tagging legitimate servers with high volume that allow forwarding (and some that are just simply high volume). To this blacklist, when spam is received by an ATT hosted account that is then forwarded to an account on a different provider's machine that is sourced for data to generate MXRATE-BLOCK, it ends up tagging the forwarding server instead of the actual source. I stopped using MXRATE because of their issues with such things, in addition to them tagging a lot of legitimate bulk-mail that many blacklists have issues with and I didn't want to compound such issues further on my system. I don't know what you score MXRATE-BLOCK at, but you might consider dropping the score a bit if you weight it heavily Matt Matt wrote: Susan Duncan wrote: That still doesnt explain why someone who is whitelisted still has some of their email caught. That's not the issue, they aren't actually both happening at the same time. It's being double scanned, and it is only being whitelisted when it is being sent, but not when it is received (over one minute later according to your logs). The full headers should have showed the complete path that the E-mail took and it would be easier to diagnose if they were shared (the Received lines). I'm thinking that maybe this E-mail was sent from your server to an address on another server that was actually forwarded back to her address on your server. That's the only way that I can think of that would generate two different spool file names, and cause it to be scanned twice by Declude in this way; adding headers each time. Matt -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =
Re: [Declude.JunkMail] X-RBL-Warning // Whitelisted but not
This isn't the same issue. See my last note. Matt Susan Duncan wrote: It seems to be happening when staff are not in the office when they send the mail. When they are out of office they connect to email either through webmail or use outlook same as always but use an outside ISP. In some cases, they have to use some mail proxy server as some of the ISPs are blocking access to port 25 on servers that are not their own. X-Declude-Sender: [EMAIL PROTECTED] [127.0.0.1] X-Declude-Sender: [EMAIL PROTECTED] [32.97.166.48] The first time around it shows the local loop address and the second time around the dial-up ISP (att global) address. Should I still be getting this if I use Whitelist Auth? Ive even whitelisted specific users and still their messages sometimes get caught. Shouldnt whitelist take care of incoming and not outgoing? Should I just turn off outgoing tests? I seem to have misplaced the original message, but here are the headers of another message that follows the same rules. It wasnt scanned twice, but it doesnt show as whitelisted either. Received: from DTRAYOWCRO001.pngxnet.com [209.87.233.98] by ute-sei.org with ESMTP (SMTPD32-8.15) id A4071060152; Tue, 07 Jun 2005 08:33:11 -0400 Received: from UTENP01 ([10.255.255.142]) by DTRAYOWCRO001.pngxnet.com (8.12.4/8.12.4) with ESMTP id j57CfnGK023801 for [EMAIL PROTECTED]; Tue, 7 Jun 2005 08:41:53 -0400 From: "Betty Bannon" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: FW: FW: utelocals distribution list Date: Tue, 7 Jun 2005 08:41:36 -0400 Message-ID: [EMAIL PROTECTED] MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.6626 Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 X-Declude-Sender: [EMAIL PROTECTED] [209.87.233.98] X-Declude-Spoolname: D94070106015219BF.SMD X-Declude-Note: Scanned by Declude 2.0.6 (http://www.declude.com/x-note.htm) for spam. X-Declude-Scan: Score [-5] at 08:33:13 on 07 Jun 2005 X-Declude-Tests: None X-Country-Chain: CANADA-destination X-RCPT-TO: [EMAIL PROTECTED] Status: U X-UIDL: 418092265 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Matt Sent: June 7, 2005 10:42 AM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] X-RBL-Warning // Whitelisted but not Susan Duncan wrote: That still doesnt explain why someone who is whitelisted still has some of their email caught. That's not the issue, they aren't actually both happening at the same time. It's being double scanned, and it is only being whitelisted when it is being sent, but not when it is received (over one minute later according to your logs). The full headers should have showed the complete path that the E-mail took and it would be easier to diagnose if they were shared (the Received lines). I'm thinking that maybe this E-mail was sent from your server to an address on another server that was actually forwarded back to her address on your server. That's the only way that I can think of that would generate two different spool file names, and cause it to be scanned twice by Declude in this way; adding headers each time. Matt -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =
RE: [Declude.JunkMail] X-RBL-Warning // Whitelisted but not
[EMAIL PROTECTED] sent a message to a bunch of people including [EMAIL PROTECTED] using his dial-up att global account. I didnt know there was a limit to the number of addresses in a send list. If our users arent using our distribution lists, but instead their own address lists, and send to all the locals, theyll have at least 51 addresses. [EMAIL PROTECTED] is not coming from att global, the first guy is using att global. Ive dropped the MXRATE-BLOCK to half its original value. I have seen any more caught mail that should not have been, but Im still not clear on why I had two messages which should have been whitelisted, get caught. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Sent: June 7, 2005 11:27 AM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] X-RBL-Warning // Whitelisted but not Just a little follow up about this. The first E-mail appears to be sent from your server in some sort of automated fashion (denoted by the GSC extension on the Q file). These are either postmaster messages, or some message created by calling imail1.exe directly (probably some bulk-mail script in this case, maybe even the listserv). It comes from the address [EMAIL PROTECTED] and was sent to a long list of addresses (too long for IMail not to throw an error). It was whitelisted on the way out. Then, one of the addresses on attglobal.net that it is sent to is apparently forwarding back to [EMAIL PROTECTED]. It is natural that it gets scanned coming back in, creating a second set of headers and a different spool file name. Your logs show the connecting hop as 32.97.166.48 which is in8.prserv.net and is used by ATT for sending/forwarding E-mail. The E-mail was being blocked because of a combination of primarily two things. First, your DNS setup was initially not allowing your server to resolve your own MX records causing a failure in the MAILFROM test when this came in from the other server with a Mail From domain of ute-sei.org. Secondly, you are using MXRATE-BLOCK which has issues with tagging legitimate servers with high volume that allow forwarding (and some that are just simply high volume). To this blacklist, when spam is received by an ATT hosted account that is then forwarded to an account on a different provider's machine that is sourced for data to generate MXRATE-BLOCK, it ends up tagging the forwarding server instead of the actual source. I stopped using MXRATE because of their issues with such things, in addition to them tagging a lot of legitimate bulk-mail that many blacklists have issues with and I didn't want to compound such issues further on my system. I don't know what you score MXRATE-BLOCK at, but you might consider dropping the score a bit if you weight it heavily Matt Matt wrote: Susan Duncan wrote: That still doesnt explain why someone who is whitelisted still has some of their email caught. That's not the issue, they aren't actually both happening at the same time. It's being double scanned, and it is only being whitelisted when it is being sent, but not when it is received (over one minute later according to your logs). The full headers should have showed the complete path that the E-mail took and it would be easier to diagnose if they were shared (the Received lines). I'm thinking that maybe this E-mail was sent from your server to an address on another server that was actually forwarded back to her address on your server. That's the only way that I can think of that would generate two different spool file names, and cause it to be scanned twice by Declude in this way; adding headers each time. Matt -- =MailPure custom filters for Declude JunkMail Pro.http://www.mailpure.com/software/= -- =MailPure custom filters for Declude JunkMail Pro.http://www.mailpure.com/software/=
Re: [Declude.JunkMail] X-RBL-Warning // Whitelisted but not
I reported the false positive (being a good netizin) to MXRATE (Alligate) and their automated reply included the following: "Generally, the most common reason an IP address is falsely listed in the MXRate database is when one of your users forwards all their mail to an account on a server protected by Alligate. Unfortunately, this usually includes all the spam and viruses they receive, and your server may be identified as the sending server." Matt Matt wrote: Just a little follow up about this. The first E-mail appears to be sent from your server in some sort of automated fashion (denoted by the GSC extension on the Q file). These are either postmaster messages, or some message created by calling imail1.exe directly (probably some bulk-mail script in this case, maybe even the listserv). It comes from the address [EMAIL PROTECTED] and was sent to a long list of addresses (too long for IMail not to throw an error). It was whitelisted on the way out. Then, one of the addresses on attglobal.net that it is sent to is apparently forwarding back to [EMAIL PROTECTED]. It is natural that it gets scanned coming back in, creating a second set of headers and a different spool file name. Your logs show the connecting hop as 32.97.166.48 which is in8.prserv.net and is used by ATT for sending/forwarding E-mail. The E-mail was being blocked because of a combination of primarily two things. First, your DNS setup was initially not allowing your server to resolve your own MX records causing a failure in the MAILFROM test when this came in from the other server with a Mail From domain of ute-sei.org. Secondly, you are using MXRATE-BLOCK which has issues with tagging legitimate servers with high volume that allow forwarding (and some that are just simply high volume). To this blacklist, when spam is received by an ATT hosted account that is then forwarded to an account on a different provider's machine that is sourced for data to generate MXRATE-BLOCK, it ends up tagging the forwarding server instead of the actual source. I stopped using MXRATE because of their issues with such things, in addition to them tagging a lot of legitimate bulk-mail that many blacklists have issues with and I didn't want to compound such issues further on my system. I don't know what you score MXRATE-BLOCK at, but you might consider dropping the score a bit if you weight it heavily Matt Matt wrote: Susan Duncan wrote: That still doesnt explain why someone who is whitelisted still has some of their email caught. That's not the issue, they aren't actually both happening at the same time. It's being double scanned, and it is only being whitelisted when it is being sent, but not when it is received (over one minute later according to your logs). The full headers should have showed the complete path that the E-mail took and it would be easier to diagnose if they were shared (the Received lines). I'm thinking that maybe this E-mail was sent from your server to an address on another server that was actually forwarded back to her address on your server. That's the only way that I can think of that would generate two different spool file names, and cause it to be scanned twice by Declude in this way; adding headers each time. Matt -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =
Re: [Declude.JunkMail] X-RBL-Warning // Whitelisted but not
You have to trust me that in the headers and logs that you provided, the E-mail was whitelisted when sent, and the only E-mail that was double scanned was the one that was forwarded from the prserv.net server back to [EMAIL PROTECTED]. It might have been sent directly to [EMAIL PROTECTED], but is is also being sent to an attglobal.net account which is likely the culprit here. This is proper to scan the message again when it returns after having left your server. Matt Susan Duncan wrote: [EMAIL PROTECTED] sent a message to a bunch of people including [EMAIL PROTECTED] using his dial-up att global account. I didnt know there was a limit to the number of addresses in a send list. If our users arent using our distribution lists, but instead their own address lists, and send to all the locals, theyll have at least 51 addresses. [EMAIL PROTECTED] is not coming from att global, the first guy is using att global. Ive dropped the MXRATE-BLOCK to half its original value. I have seen any more caught mail that should not have been, but Im still not clear on why I had two messages which should have been whitelisted, get caught. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Matt Sent: June 7, 2005 11:27 AM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] X-RBL-Warning // Whitelisted but not Just a little follow up about this. The first E-mail appears to be sent from your server in some sort of automated fashion (denoted by the GSC extension on the Q file). These are either postmaster messages, or some message created by calling imail1.exe directly (probably some bulk-mail script in this case, maybe even the listserv). It comes from the address [EMAIL PROTECTED] and was sent to a long list of addresses (too long for IMail not to throw an error). It was whitelisted on the way out. Then, one of the addresses on attglobal.net that it is sent to is apparently forwarding back to [EMAIL PROTECTED]. It is natural that it gets scanned coming back in, creating a second set of headers and a different spool file name. Your logs show the connecting hop as 32.97.166.48 which is in8.prserv.net and is used by ATT for sending/forwarding E-mail. The E-mail was being blocked because of a combination of primarily two things. First, your DNS setup was initially not allowing your server to resolve your own MX records causing a failure in the MAILFROM test when this came in from the other server with a Mail From domain of ute-sei.org. Secondly, you are using MXRATE-BLOCK which has issues with tagging legitimate servers with high volume that allow forwarding (and some that are just simply high volume). To this blacklist, when spam is received by an ATT hosted account that is then forwarded to an account on a different provider's machine that is sourced for data to generate MXRATE-BLOCK, it ends up tagging the forwarding server instead of the actual source. I stopped using MXRATE because of their issues with such things, in addition to them tagging a lot of legitimate bulk-mail that many blacklists have issues with and I didn't want to compound such issues further on my system. I don't know what you score MXRATE-BLOCK at, but you might consider dropping the score a bit if you weight it heavily Matt Matt wrote: Susan Duncan wrote: That still doesnt explain why someone who is whitelisted still has some of their email caught. That's not the issue, they aren't actually both happening at the same time. It's being double scanned, and it is only being whitelisted when it is being sent, but not when it is received (over one minute later according to your logs). The full headers should have showed the complete path that the E-mail took and it would be easier to diagnose if they were shared (the Received lines). I'm thinking that maybe this E-mail was sent from your server to an address on another server that was actually forwarded back to her address on your server. That's the only way that I can think of that would generate two different spool file names, and cause it to be scanned twice by Declude in this way; adding headers each time. Matt -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =
RE: [Declude.JunkMail] X-RBL-Warning??
Im resending this as I didnt get any replies. Anyone?? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Duncan Sent: May 31, 2005 9:35 AM To: Declude.JunkMail@declude.com Subject: [Declude.JunkMail] X-RBL-Warning?? Our own domain is getting caught with an X-RBL-Warning: X-RBL-Warning: MAILFROM: Domain ute-sei.org has no MX or A records [0001]. I checked the documentation for this and found: Each line determines the action to take for a specific test; for example, ORBZ WARN lets Declude JunkMail know to add a standard X-RBL-Warning: header for E-mail that fails the ORBZ test. I cant find how to check the ORBZ test. Everything I look up tells me that this domain doesnt exist anymore. Any other checks I make on our domain points to the MX record being defined properly. What should I be checking or changing? Susan Duncan Web/Communications Officer / Agent des Communications/web Union of Taxation Employees / Syndicat des employées de l'Impôt Tel: 613-235-6704 ext 240 Fax: 613-234-7290 e-mail: [EMAIL PROTECTED] http://www.ute-sei.org/
Re: [Declude.JunkMail] X-RBL-Warning??
The MAILFROM test will only fail if Declude fails to find an A or MX record for the domain in question. Since it exists, I would assume that it is the result of something involving DNS. You should check your DNS and make sure that your server is resolving properly, and that it is the same DNS data that the rest of the world sees. If you find nothing there, then you might want to share the full headers of one such message along with the log file entries that correspond to it. Matt Susan Duncan wrote: Im resending this as I didnt get any replies. Anyone?? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Susan Duncan Sent: May 31, 2005 9:35 AM To: Declude.JunkMail@declude.com Subject: [Declude.JunkMail] X-RBL-Warning?? Our own domain is getting caught with an X-RBL-Warning: X-RBL-Warning: MAILFROM: Domain ute-sei.org has no MX or A records [0001]. I checked the documentation for this and found: Each line determines the action to take for a specific test; for example, "ORBZ WARN" lets Declude JunkMail know to add a standard "X-RBL-Warning:" header for E-mail that fails the ORBZ test. I cant find how to check the ORBZ test. Everything I look up tells me that this domain doesnt exist anymore. Any other checks I make on our domain points to the MX record being defined properly. What should I be checking or changing? Susan Duncan Web/Communications Officer / Agent des Communications/web Union of Taxation Employees / Syndicat des employes de l'Impt Tel: 613-235-6704 ext 240 Fax: 613-234-7290 e-mail: [EMAIL PROTECTED] http://www.ute-sei.org/ -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =
RE: [Declude.JunkMail] X-RBL-Warning // Whitelisted but not
Matt, Because of firewall settings, Im running DNS on the IMAIL server pointing to internal IP addresses while a third party does DNS for the rest of the world to see. The only thing missing on the internal version was the MX information which Ive added. It should have found it based on the external DNS though as it is there. Im including the full headers of one of the messages: X-Declude-Sender: [EMAIL PROTECTED] [127.0.0.1] X-Declude-Spoolname: D5E8705DC5A1F.GSC X-Declude-Note: Scanned by Declude 2.0.6 (http://www.declude.com/x-note.htm) for spam. X-Declude-Scan: Score [0] at 21:19:04 on 01 Jun 2005 X-Declude-Tests: Whitelisted X-Country-Chain: X-RBL-Warning: MXRATE-BLOCK: http://www.mxrate.com/lookup/refused.asp?ipaddress=32.97.166.48 X-RBL-Warning: MAILFROM: Domain ute-sei.org has no MX or A records [0001]. X-RBL-Warning: SUBJECTCHARS: Subject with at least 50 characters found. X-Declude-Sender: [EMAIL PROTECTED] [32.97.166.48] X-Declude-Spoolname: D5EF114F40118D5BC.SMD X-Declude-Note: Scanned by Declude 2.0.6 (http://www.declude.com/x-note.htm) for spam. X-Declude-Scan: Score [18] at 21:20:52 on 01 Jun 2005 X-Declude-Tests: MXRATE-BLOCK, MAILFROM, SUBJECTCHARS, WEIGHT10, WEIGHT14 X-Country-Chain: CANADA-UNITED STATES-destination I started looking at the log files, but got a little confused as it seems that there are two spoolnames with the message. I can forward the entire logfile if you think it will help. Ive changed the subject of this message as it covers both the problems Im seeing. Youll notice that the message is also whitelisted. Susan Duncan Web/Communications Officer / Agent des Communications/web Union of Taxation Employees / Syndicat des employées de l'Impôt Tel: 613-235-6704 ext 240 Fax: 613-234-7290 e-mail: [EMAIL PROTECTED] http://www.ute-sei.org/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Sent: June 6, 2005 2:00 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] X-RBL-Warning?? The MAILFROM test will only fail if Declude fails to find an A or MX record for the domain in question. Since it exists, I would assume that it is the result of something involving DNS. You should check your DNS and make sure that your server is resolving properly, and that it is the same DNS data that the rest of the world sees. If you find nothing there, then you might want to share the full headers of one such message along with the log file entries that correspond to it. Matt Susan Duncan wrote: Im resending this as I didnt get any replies. Anyone?? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Susan Duncan Sent: May 31, 2005 9:35 AM To: Declude.JunkMail@declude.com Subject: [Declude.JunkMail] X-RBL-Warning?? Our own domain is getting caught with an X-RBL-Warning: X-RBL-Warning: MAILFROM: Domain ute-sei.org has no MX or A records [0001]. I checked the documentation for this and found: Each line determines the action to take for a specific test; for example, ORBZ WARN lets Declude JunkMail know to add a standard X-RBL-Warning: header for E-mail that fails the ORBZ test. I cant find how to check the ORBZ test. Everything I look up tells me that this domain doesnt exist anymore. Any other checks I make on our domain points to the MX record being defined properly. What should I be checking or changing? Susan Duncan Web/Communications Officer / Agent des Communications/web Union of Taxation Employees / Syndicat des employées de l'Impôt Tel: 613-235-6704 ext 240 Fax: 613-234-7290 e-mail: [EMAIL PROTECTED] http://www.ute-sei.org/ -- =MailPure custom filters for Declude JunkMail Pro.http://www.mailpure.com/software/=
Re: [Declude.JunkMail] X-RBL-Warning // Whitelisted but not
Susan, Things are being double scanned and that should be looked into, but your DNS might well be the culprit. The server that Declude is using for lookups must have all of the records for your domain. This means not just the MX records, but also the A records that the MX records correspond to. If ute-sei.org is defined in that DNS server, it won't look to the external one for records that it doesn't contain. It just assumes that it is authoritative for one and all. Normally you shouldn't have a DNS server that acts as a non-authoritative/out of sync server from which you do queries (primarily because of situations like this one). To get your log file entries, look in the Declude JunkMail log for the spool name values, but replace the starting D with a Q or just simply leave it off. Matt Susan Duncan wrote: Matt, Because of firewall settings, Im running DNS on the IMAIL server pointing to internal IP addresses while a third party does DNS for the rest of the world to see. The only thing missing on the internal version was the MX information which Ive added. It should have found it based on the external DNS though as it is there. Im including the full headers of one of the messages: X-Declude-Sender: [EMAIL PROTECTED] [127.0.0.1] X-Declude-Spoolname: D5E8705DC5A1F.GSC X-Declude-Note: Scanned by Declude 2.0.6 (http://www.declude.com/x-note.htm) for spam. X-Declude-Scan: Score [0] at 21:19:04 on 01 Jun 2005 X-Declude-Tests: Whitelisted X-Country-Chain: X-RBL-Warning: MXRATE-BLOCK: "http://www.mxrate.com/lookup/refused.asp?ipaddress=32.97.166.48" X-RBL-Warning: MAILFROM: Domain ute-sei.org has no MX or A records [0001]. X-RBL-Warning: SUBJECTCHARS: Subject with at least 50 characters found. X-Declude-Sender: [EMAIL PROTECTED] [32.97.166.48] X-Declude-Spoolname: D5EF114F40118D5BC.SMD X-Declude-Note: Scanned by Declude 2.0.6 (http://www.declude.com/x-note.htm) for spam. X-Declude-Scan: Score [18] at 21:20:52 on 01 Jun 2005 X-Declude-Tests: MXRATE-BLOCK, MAILFROM, SUBJECTCHARS, WEIGHT10, WEIGHT14 X-Country-Chain: CANADA-UNITED STATES-destination I started looking at the log files, but got a little confused as it seems that there are two spoolnames with the message. I can forward the entire logfile if you think it will help. Ive changed the subject of this message as it covers both the problems Im seeing. Youll notice that the message is also whitelisted. Susan Duncan Web/Communications Officer / Agent des Communications/web Union of Taxation Employees / Syndicat des employes de l'Impt Tel: 613-235-6704 ext 240 Fax: 613-234-7290 e-mail: [EMAIL PROTECTED] http://www.ute-sei.org/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Matt Sent: June 6, 2005 2:00 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] X-RBL-Warning?? The MAILFROM test will only fail if Declude fails to find an A or MX record for the domain in question. Since it exists, I would assume that it is the result of something involving DNS. You should check your DNS and make sure that your server is resolving properly, and that it is the same DNS data that the rest of the world sees. If you find nothing there, then you might want to share the full headers of one such message along with the log file entries that correspond to it. Matt Susan Duncan wrote: Im resending this as I didnt get any replies. Anyone?? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Susan Duncan Sent: May 31, 2005 9:35 AM To: Declude.JunkMail@declude.com Subject: [Declude.JunkMail] X-RBL-Warning?? Our own domain is getting caught with an X-RBL-Warning: X-RBL-Warning: MAILFROM: Domain ute-sei.org has no MX or A records [0001]. I checked the documentation for this and found: Each line determines the action to take for a specific test; for example, "ORBZ WARN" lets Declude JunkMail know to add a standard "X-RBL-Warning:" header for E-mail that fails the ORBZ test. I cant find how to check the ORBZ test. Everything I look up tells me that this domain doesnt exist anymore. Any other checks I make on our domain points to the MX record being defined properly. What should I be checking or changing? Susan Duncan Web/Communications Officer / Agent des Communications/web Union of Taxation Employees / Syndicat des employes de l'Impt Tel: 613-235-6704 ext 240 Fax: 613-234-7290 e-mail: [EMAIL PROTECTED] http://www.ute-sei.org/ -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =
RE: [Declude.JunkMail] X-RBL-Warning // Whitelisted but not
I fixed the DNS already. As I said it was missing the MX record in my internal dns. I need to run a separate DNS as the email server is behind the firewall and with the current configuration the only way for anyone internal to see the web or email server is to run my own mini dns. 06/01/2005 21:19:04 Q5E8705DC5A1F Skipping E-mail from authenticated user [EMAIL PROTECTED]; whitelisted. This is the only line in the declude log file pertaining to the first spool name. 06/01/2005 21:20:52 Q5EF114F40118D5BC L1 Message OK 06/01/2005 21:20:52 Q5EF114F40118D5BC Tests failed [weight=18]: CATCHALLMAILS=IGNORE IPNOTINMX=IGNORE MXRATE-BLOCK=WARN MAILFROM=WARN SUBJECTCHARS=WARN WEIGHT10=SUBJECT WEIGHT14=ROUTETO 06/01/2005 21:20:52 Q5EF114F40118D5BC Action(s) taken for [EMAIL PROTECTED] = IGNORE WARN SUBJECT ROUTETO [LAST ACTION=""> These are the lines pertaining to the second spool name. Susan Duncan Web/Communications Officer / Agent des Communications/web Union of Taxation Employees / Syndicat des employées de l'Impôt Tel: 613-235-6704 ext 240 Fax: 613-234-7290 e-mail: [EMAIL PROTECTED] http://www.ute-sei.org/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Sent: June 6, 2005 4:53 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] X-RBL-Warning // Whitelisted but not Susan, The double scanning seemed secondary to the problem at hand. You should re-read my message for info about fixing DNS in order to solve the issue. As far as the logs go, you are sending IMail logs and not the Declude JunkMail logs. It would be best to also share your JunkMail log entries corresponding to the headers so one could better figure out what was going on. Your IMail log seems to indicate that there were too many recipients in one message and that caused the Q file to exceed the allowed size. That might have cut off parts of a recipient address or caused other issues. Declude's logs would shed more light on this. Matt ==
Re: [Declude.JunkMail] X-RBL-Warning // Whitelisted but not
we just put our mail server ip in the hosts file. just a mention. robert - Original Message - From: Susan Duncan To: Declude.JunkMail@declude.com Sent: Monday, June 06, 2005 5:12 PM Subject: RE: [Declude.JunkMail] X-RBL-Warning // Whitelisted but not I fixed the DNS already. As I said it was missing the MX record in my internal dns. I need to run a separate DNS as the email server is behind the firewall and with the current configuration the only way for anyone internal to see the web or email server is to run my own mini dns. 06/01/2005 21:19:04 Q5E8705DC5A1F Skipping E-mail from authenticated user [EMAIL PROTECTED]; whitelisted. This is the only line in the declude log file pertaining to the first spool name. 06/01/2005 21:20:52 Q5EF114F40118D5BC L1 Message OK 06/01/2005 21:20:52 Q5EF114F40118D5BC Tests failed [weight=18]: CATCHALLMAILS=IGNORE IPNOTINMX=IGNORE MXRATE-BLOCK=WARN MAILFROM=WARN SUBJECTCHARS=WARN WEIGHT10=SUBJECT WEIGHT14=ROUTETO 06/01/2005 21:20:52 Q5EF114F40118D5BC Action(s) taken for [EMAIL PROTECTED] = IGNORE WARN SUBJECT ROUTETO [LAST ACTION=""> These are the lines pertaining to the second spool name. Susan Duncan Web/Communications Officer / Agent des Communications/webUnion of Taxation Employees / Syndicat des employées de l'ImpôtTel: 613-235-6704 ext 240Fax: 613-234-7290e-mail: [EMAIL PROTECTED]http://www.ute-sei.org/ -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of MattSent: June 6, 2005 4:53 PMTo: Declude.JunkMail@declude.comSubject: Re: [Declude.JunkMail] X-RBL-Warning // Whitelisted but not Susan, The double scanning seemed secondary to the problem at hand. You should re-read my message for info about fixing DNS in order to solve the issue. As far as the logs go, you are sending IMail logs and not the Declude JunkMail logs. It would be best to also share your JunkMail log entries corresponding to the headers so one could better figure out what was going on. Your IMail log seems to indicate that there were too many recipients in one message and that caused the Q file to exceed the allowed size. That might have cut off parts of a recipient address or caused other issues. Declude's logs would shed more light on this. Matt ==
RE: [Declude.JunkMail] X-RBL-Warning:
I just received this this from a mail admin of another ISP, Anyone care to comment... Your outgoing mail server adds the header: X-RBL-Warning: SPAM-NONE: Total weight between 0 and 4. Our filter software scans incomming mesages for a line that starts X-RBL-Warning: This is used as an indicator of spam. In your case it is saying that this message is not spam, but our software only picks up the first half of the tag. RBL stands for Real Time Blacklist. Normally that tag is used to indicate that the sender of the mail has an IP address that is listed at a RBL. It should not be used to tag mail as non spam, because people block on the X-RBL-Warning part. As you've found out. Contact your mail admin and ask him to either change the tag or even remove it all together. In theory it is a good idea to have a tag along the lines of : X-spam-scanned: ok But dont use the RBL tag unless your IP is on a RBL, or else you will be blocked as spam. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] X-RBL-Warning:
I just received this this from a mail admin of another ISP, Anyone care to comment... Our filter software scans incomming mesages for a line that starts X-RBL-Warning: This is used as an indicator of spam. In your case it is saying that this message is not spam, but our software only picks up the first half of the tag. You're both right. While a mail client/server really shouldn't block on the X-RBL-Warning: header alone, it's probably best not to use it for tests that don't somehow indicate that the E-mail is likely to be spam. Instead of SPAM-NONE WARN, I would use SPAM-NONE WARN X-Note: This E-mail fell into the SPAM-NONE range (Total weight between 0 and 4). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] X-RBL-Warning: SPAMHEADERS: This E-mailhas headers consistent with spam
I am trying to learn more about Message-ID: header. The Message-ID: header is used to uniquely identify an E-mail. The RFCs require that it be present in an E-mail unless there is a good reason and the consequences of not having it are understood. I use server-side components such as ASPmail and CDONTS to handle various kinds of email sent directly from the site -- say a confirmation email. I've learned that these emails are missing a Message-ID: header, and therefore get the following SPAM test failure: X-RBL-Warning: SPAMHEADERS: This E-mail has headers consistent with spam [420e]. My problem is that I don't know how to produce the Message-ID: Should the mail component be creating these? ASPmail and CDONTS definitely should be adding these (unless you are constructing all the headers, including the Date: headers). It may be that you would need to upgrade those programs in order for the Message-ID: header to be automatically added. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] X-RBL-Warning: SPAMHEADERS: This E-mail has headers consistent with spam
Thanks for the assist, R. Scott. I will see what I can find out from ServerObjects and Microsoft about Message-ID: headers being included. All the best, -- Sean Sean Connors 4BusinessHosting.com - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, January 06, 2003 3:16 PM Subject: Re: [Declude.JunkMail] X-RBL-Warning: SPAMHEADERS: This E-mail has headers consistent with spam I am trying to learn more about Message-ID: header. The Message-ID: header is used to uniquely identify an E-mail. The RFCs require that it be present in an E-mail unless there is a good reason and the consequences of not having it are understood. I use server-side components such as ASPmail and CDONTS to handle various kinds of email sent directly from the site -- say a confirmation email. I've learned that these emails are missing a Message-ID: header, and therefore get the following SPAM test failure: X-RBL-Warning: SPAMHEADERS: This E-mail has headers consistent with spam [420e]. My problem is that I don't know how to produce the Message-ID: Should the mail component be creating these? ASPmail and CDONTS definitely should be adding these (unless you are constructing all the headers, including the Date: headers). It may be that you would need to upgrade those programs in order for the Message-ID: header to be automatically added. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] X-RBL-Warning: SPAMHEADERS
I saw the follow two X-RBL-Warning headers in an e-mail message: X-RBL-Warning: ROUTING: This E-mail was routed in a poor manner consistent with spam [6000410f]. X-RBL-Warning: SPAMHEADERS: This E-mail has headers consistent with spam [6000410f]. I was wondering what the 6000410f SPAMHEADERS code meant, so I went to the Declude web site and entered the 6000410f in the BADHEADER Lookup and it came back with: Code: 6000410f. The E-mail (code 6000410f) didn't fail either the BADHEADERS or SPAMHEADERS tests. That was caused by a glitch in the PHP script used to process the code. It wasn't designed to be able to handle E-mail that failed both the ROUTING and SPAMHEADERS test; this should now work properly. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
Re: [Declude.JunkMail] X-RBL-Warning: This E-mail was sent from a mail server [NoReverse DNS] with no reverse DNS entry.[Declude.JunkMail]MISSING_REVERSE_DNS:How do I add this header?
How do I add this header? X-RBL-Warning: Weight of 10 exceeds the limit of 10. (Don't see it in the manual) It's listing in the Weighting system section of the Advanced Configuration section of the manual. The default files include a WEIGHT10 test that includes that header. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
Re: [Declude.JunkMail] X-RBL-Warning: This E-mail was sent from a mail server [NoReverse DNS] with no reverse DNS entry.
So this is note is written to the headers when you use the WARN action with the WEIGHT test? That's correct. (We use the SUBJECT action, so we don't get this warning in the headers?) That's correct. And what's with the subject line - I know I don't have reverse lookup. Then you know why. You need to add the reverse DNS entry. Note that Verio seriously messed up your reverse DNS (see http://www.dnsstuff.com/tools/ptr.ch?ip=209.39.192.44 ). They are in charge of the reverse DNS for your IP, yet they say they aren't, which causes a nasty loop (ARIN says See Verio, and Verio says See ARIN, who says See Verio...). This could cause some mail servers (such as SIMS) to choke, and possibly not be able to accept your mail. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
Re: [Declude.JunkMail] X-RBL-Warning: This E-mail was sent from a mail server [NoReverse DNS] with no reverse DNS entry.MISSING_REVERSE_DNS:Re:[Declude.JunkMail] No Reverse DNS --- NEW ISSUE
Hello all. We just got the reverse DNS capabilities delegated to us by our upline connection (Sprint). That looks good: http://www.DNSstuff.com/tools/ptr.ch?ip=208.34.50.132 shows that Sprint is referring reverse DNS queries to your nameservers. So now the only piece left is to get your DNS servers to answer the PTR request for 132.50.34.208.in-addr.arpa. However, when I look in the DNS (MS DNS, NT4) at the reverse DNS records (50.34.208.in-addr.arpa), there are no records. I've tried manually entering one for our mail server (208.34.50.132) but I can't. I'm not familiar with MS DNS, so I can't say how you would you would go about it. You may need to add a zone 50.34.208.in-addr.arpa, and then add the PTR record for 132.50.34.208.in-addr.arpa. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
RE: [Declude.JunkMail] X-RBL-Warning: Domain videoage1.com hasno MX/A records.
This is what I mean. I thought the MAILFROM test simply checked for a properly formatted email address in the mail from. I didn't realize it checked for an MX record on the domain name. It seems like I should bounce anything that fails the MAILFROM test? That might not be such a good idea: The E-mails that fail the MAILFROM test don't have an MX/A record, so a bounce message won't have anywhere to go. Those might deserve a DELETE action. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
RE: [Declude.JunkMail] X-RBL-Warning: Domain videoage1.com hasno MX/A records.
Anyone know of any good emails that might fail MAILFROM test??? Sincerely, Grant Griffith, Vice President EI8HT LEGS Web Management Co., Inc. http://www.getafreewebsite.com 877-483-3393 ||-Original Message- ||From: [EMAIL PROTECTED] ||[mailto:[EMAIL PROTECTED]]On Behalf Of R. Scott Perry ||Sent: Friday, January 18, 2002 11:00 AM ||To: [EMAIL PROTECTED] ||Subject: RE: [Declude.JunkMail] X-RBL-Warning: Domain videoage1.com ||hasno MX/A records. || || || ||This is what I mean. I thought the MAILFROM test simply checked for a ||properly formatted email address in the mail from. I didn't realize it ||checked for an MX record on the domain name. || ||It seems like I should bounce anything that fails the MAILFROM test? || ||That might not be such a good idea: The E-mails that fail the MAILFROM ||test don't have an MX/A record, so a bounce message won't have ||anywhere to ||go. Those might deserve a DELETE action. ||-Scott || ||--- ||[This E-mail was scanned for viruses by Declude Virus ||(http://www.declude.com)] || ||--- || ||This E-mail came from the Declude.JunkMail mailing list. To ||unsubscribe, just send an E-mail to [EMAIL PROTECTED], and ||type unsubscribe Declude.JunkMail. You can E-mail ||[EMAIL PROTECTED] for assistance. You can visit our web ||site at http://www.declude.com . || --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
RE: [Declude.JunkMail] X-RBL-Warning: Domain videoage1.comhasno MX/A records.
Anyone know of any good emails that might fail MAILFROM test??? Only good E-mails that are sent with a bogus return address. :) -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
Re: [Declude.JunkMail] X-RBL-Warning: domain: whatever.com
X-RBL-Warning: domain: whatever.com What test is an email failing when the above is the warning? That's most likely the MAILFROM test that is failing. That test will fail if an E-mail arrives with a return address that is from a domain that does not accept E-mail. There's a slight chance, however, that that could be from another test, if one of the DNS-based tests has a TXT record of domain: whatever.com. You would need to check the logs to be certain. -Scott --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .