Re: [Mimedefang] Deadline for SPF records
Let's say that the SPF record for futuresource.com says that the allowed relay is mail.futuresource.com. This means that mail coming from mail.futuresource.com (as the relay) is legitimate and that all other mail is likely to be forged. Now, why would mail.futuresource.com allow someone to spoof the envelope sender from its own domain? For example, my mail server has been configured to check all envelope sender addresses which are from local domains. Therefore, I can't send a message with an envelope sender of [EMAIL PROTECTED] If SPF was widely adopted, these two measures would effectively stop forgery of all wiktel.com addresses. Do you also check [EMAIL PROTECTED] What about people sending email themselves but receiving through your MX? What about people that have access through another company with one of your domains but they arent using your mailserver with authentication? What about receiving email from [EMAIL PROTECTED] from a mailserver that isnt listed as being from AOL, to a valid customer of yours? Cor ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Re: outgoing mail copy
On Tue, 10 Aug 2004 13:42:26 +0500, Muhammad Talha wrote: Dear all Is it possible with mimedefang to copy outgoing mails from specific user to be copied to some other account. is there any other solution ?? Regards M. Talha Try milter-bcc, from http://www.snert.com/Software/milter-bcc/index.shtml -- Dave Smith Server Manager Omnicom Engineering Ltd. ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Re: outgoing mail copy
On Tue, 10 Aug 2004, Dave Smith wrote:
Is it possible with mimedefang to copy outgoing mails from specific user to
be copied to some other account.
Try milter-bcc, from http://www.snert.com/Software/milter-bcc/index.shtml
But it's a one-liner in MIMEDefang. Put this in filter_begin or
filter_end:
add_recipient('[EMAIL PROTECTED]') if ($Sender eq '[EMAIL PROTECTED]');
--
David.
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Bounce and redirect, what am I doing wrong
On Mon, 9 Aug 2004, Tory Blue wrote: This should work, as the docs say that action_bounce does not discard the message. So what this below is doing, is action_bounce prevents delivery of the message, so it won't work. If you want to return a failure code to the sender *and* still deliver the message somewhere, the only way is to re-mail the message in a separate invocation of Sendmail (being sure to detect the re-mailed message in your filter and not bounce that too!) Regards, David. ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] outgoing mail copy
On Tue, Aug 10, 2004 at 01:42:26PM +0500, Muhammad Talha wrote:
Dear all
Is it possible with mimedefang to copy outgoing mails from specific user to
be copied to some other account.
Sure.
sub filter_begin {
if ( $Sender =~ /^[EMAIL PROTECTED]?$/i ) {
add_recipient( '[EMAIL PROTECTED]' );
}
}
Note that this sort of construct is illegal in many countries if the
user you are tapping isn't aware of this. Unless you're the authorities
and have proper authorisation, of course.
is there any other solution ??
Yes, loads... there is software that does this kind of stuff by monitoring
the traffic on the wire, which makes it fully transparent. The mimedefang
thing above is not fully transparent to '[EMAIL PROTECTED]'.
--
#!perl -wpl # mmfppfmpmmpp mmpffm [EMAIL PROTECTED]
$p=3-2*/[^\W\dmpf_]/i;s.[a-z]{$p}.vec($f=join('',$p-1?chr(sub{$_[0]*9+$_[1]*3+
$_[2]}-(map{/p|f/i+/f/i}split//,$)+97):qw(m p f)[map{((ord$)%32-1)/$_%3}(9,
3,1)]),5,1)='`'lt$;$f.eig;# Jan-Pieter Cornet
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] Deadline for SPF records *long w/morbid horoscop e*
-Original Message- From: Lucas Albers [mailto:[EMAIL PROTECTED] I tried to get read the ldap address book entries from my internal exchange server (5.5) but I could never get it to work. I couldn't justify the effort as I'm don't really see it as a big deal at this point. I'm sure i should, but I can't justify the effort for the return. Exchange 5.5 is a tough nut. That's what I have. Under the default lookup, you can only search on a primary e-mail address. All of my users have @elgin.edu addresses, but many of them also have @elgin.cc.il.us addresses from before 2 year colleges were allowed back in .edu. You can use ldap to search on an @elgin.edu address, but you can't use it to search for @elgin.cc.il.us. I understand that it is possible to determine a schema that could be used to search secondary e-mail addresses, but even so there are a lot of e-mail addresses which can't be searched via ldap. Essentially if it isn't visible to the internal directory, it isn't visible via ldap either. I have also not been able to find any decent way to export all the deliverable addresses - such that they could be massaged into access format in an automated way. I've asked this question is several fora whenever the group consensus that there is never any reason why an external MX can't know all valid e-mail becomes noisy. I'll ask again here. If anyone has a solution - which doesn't involve changing my internal e-mail system - I'd absolutely love to hear it. ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Deadline for SPF records
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 David F. Skoll wrote: | On Mon, 9 Aug 2004, Daniel Taylor wrote: | | |All SPF-Pass means is that the e-mail came from an authorized |sender for the domain in question. | | | Right. SPF is *not* an anti-spam technology. | Oh no, not again. This is why I held off from responding to this thread. Sender verification is a necessary but insufficient tool in the anti-spam arsenal. It does little to nothing *BY ITSELF*, but it enables the use of tools such as Domain-based blackhole lists that are impossible without it. Just because a hammer won't hold two boards together doesn't mean that it isn't a construction tool. SPF IS an anti-spam technology, because it enables more effective anti-spam measures. SPF IS NOT the solution to spam. SPF right now is great fodder for your Bayesian filter, and blocks quite a few hostile e-mails cheap, such as from=recipient pattern spam/viruses. Nobody else in the world needs to use it for you to gain those benefits, since you can apply a weak default SPF record to any domain that doesn't publish. - -- Daniel Taylor VP OperationsVocal Laboratories, Inc. [EMAIL PROTECTED] http://www.vocalabs.com/(952)941-6580x203 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org iD8DBQFBGL+i8/QSptFdBtURAqewAJ4rPtV76XFVt7iZh9fTNtLk8j/VxgCeO59g lcSMjMl+jTaO1Tam7XLkqHE= =FkpP -END PGP SIGNATURE- ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] MUA for multiple senders
The other day someone asked about an MUA that would support sending from different addresses. Last night I was looking at my Mozilla Thunderbird setup where I have my primary home accoount, as well as my rarely used ISP email account configured in the same client. If I selected the inbox for my ISP account, and then composed a message, the sender was shown as my ISP email address. In my primary account, it used that email address. Hope this helps the person that was recently asking about this. (This was on Windows, say whether this works in other versions) --- ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Deadline for SPF records *long w/morbid horoscop e*
On Tue, 10 Aug 2004 06:44:43 -0500 Damrose, Mark [EMAIL PROTECTED] wrote: Exchange 5.5 is a tough nut. That's what I have. Under the default lookup, you can only search on a primary e-mail address. All of my users have @elgin.edu addresses, but many of them also have @elgin.cc.il.us addresses from before 2 year colleges were allowed back in .edu. You can use ldap to search on an @elgin.edu address, but you can't use it to search for @elgin.cc.il.us. I understand that it is possible to determine a schema that could be used to search secondary e-mail addresses, but even so there are a lot of e-mail addresses which can't be searched via ldap. Essentially if it isn't visible to the internal directory, it isn't visible via ldap either. I have also not been able to find any decent way to export all the deliverable addresses - such that they could be massaged into access format in an automated way. I've asked this question is several fora whenever the group consensus that there is never any reason why an external MX can't know all valid e-mail becomes noisy. I'll ask again here. If anyone has a solution - which doesn't involve changing my internal e-mail system - I'd absolutely love to hear it. Hi Mark, We have a 3000 odd user customer running Exchange 5.5 which we are in the process of planning a migration to 2003 for, but it's unlikely this will happen before the 1st October deadline for SPF. Fortunately, there is only one domain that they utilise. In our office at work, we have Exchange 2000 and some users have a second, non-visible email address, which will cause this same issue. Of course, I'm planning on implementing a mail relay in the not too distant future incorporating MIMEDefang/Spamassassin/ClamAV, which means I'll probably have to provide it a list of valid users. In Exchange 5.5, probably the easiest way would be to export your Directory Store as a csv file. In Exchange Administrator, go to Tools then Directory Export. You can select all items including mailboxes, custom recipients, and distribution groups. You can also select hidden items. Getting the CSV file into a useable list for MD/sendmail will be a different story, but at least you can get the info out of Exchange. In Exchange 2000, you can use ldifde to export AD attributes, which should be able to include additional email addresses. At least I hope this is the case! Anyway, hope that's of some help to you, and sorry to the list for going into Exchange a little bit. Pete ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Deadline for SPF records *long w/morbid horoscope*
--On Monday, August 9, 2004 11:17 PM -0400 Jeff Rife [EMAIL PROTECTED] wrote: At the core, this solution ignores the concept and purpose of a backup MX which is a reality and necessity for many companies where email is critical. I dispute this statement. If the MX host is configured differently it could cause more problems that just letting remote hosts re-try to the regular mail server. Joseph Brennan Academic Technologies Group, Academic Information Systems (AcIS) Columbia University in the City of New York ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Deadline for SPF records *long w/morbid horoscope*
On Mon, Aug 09, 2004 at 11:17:41PM -0400, Jeff Rife wrote: On 9 Aug 2004 at 21:03, Kevin A. McGrail wrote: If the receiving MX servers always knew all valid recipient addresses *at (E)SMTP connection time*, then there would be no bounces...only rejections. This solves the problem without introducing anything new to (E)SMTP. At the core, this solution ignores the concept and purpose of a backup MX which is a reality and necessity for many companies where email is critical. There is no reason a backup MX server can't know if an address is valid or not. How about scaling? I'm pretty sure my ISP will run (screaming, no doubt), from a scenario in which they rely on their customers to keep their list of valid addresses current. How about MS Exchange? :] Graham ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] Deadline for SPF records *long w/morbid horoscop e*
-Original Message- From: Peter A. Cole [mailto:[EMAIL PROTECTED] In Exchange 5.5, probably the easiest way would be to export your Directory Store as a csv file. In Exchange Administrator, go to Tools then Directory Export. You can select all items including mailboxes, custom recipients, and distribution groups. You can also select hidden items. Yes, but you can't get all the deliverable addresses - e.g. system addresses such as postmaster and abuse. I also don't know of any way to do this automatically. I really don't want this to be a manual process, and I don't want to rely on the people adding e-mail addresses to tell me when they've done so. Getting the CSV file into a useable list for MD/sendmail will be a different story, but at least you can get the info out of Exchange. Getting the CSV file into something usable is the easy part. ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Deadline for SPF records *long w/morbid horoscop e*
On Tue, 10 Aug 2004 07:59:56 -0500 Damrose, Mark [EMAIL PROTECTED] wrote: Yes, but you can't get all the deliverable addresses - e.g. system addresses such as postmaster and abuse. I also don't know of any way to do this automatically. I really don't want this to be a manual process, and I don't want to rely on the people adding e-mail addresses to tell me when they've done so. Yep, sorry, I missed your original request for automating the process. Maybe see if you can find something from the Exchange 5.5 resource kit? I've never seen or used it before, or even know if it exists actually, but I'd imagine that MS released one and there may be something there. Getting the CSV file into something usable is the easy part. It's just getting it that's the hard part... Maybe eseutil will let you do something? I've only used it for store maintenance, never tried anything else... Anyway, good luck! Pete ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] [resend] Specfile bug: disables service on update
David F. Skoll wrote: Off topic: I hate RPM! Does anyone have a *good* document where all this stuff is documented? Half the stuff in .spec files seems to be undocumented magic. Sorry.. I know most of my RPM via just working on them over and over and over again. I read Maximum RPM a long time ago, and am trying to dig through the new Red Hat RPM Guide, and by working at RH for 4 years ;). I can try to help on these issues.. now that I have my off-wrok website working a bit more. Regards, David. ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang -- Stephen John Smoogen[EMAIL PROTECTED] Los Alamos National Lab CCN-5 Sched 5/40 PH: 4-0645 Ta-03 SM-1498 MailStop B255 DP 10S Los Alamos, NM 87545 ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Deadline for SPF records *long w/morbid horoscop e*
On Tue, Aug 10, 2004 at 06:44:43AM -0500, Damrose, Mark wrote: -Original Message- From: Lucas Albers [mailto:[EMAIL PROTECTED] I tried to get read the ldap address book entries from my internal exchange server (5.5) but I could never get it to work. I couldn't justify the effort as I'm don't really see it as a big deal at this point. I'm sure i should, but I can't justify the effort for the return. Exchange 5.5 is a tough nut. That's what I have. Under the default lookup, you can only search on a primary e-mail address. All of my users have @elgin.edu addresses, but many of them also have @elgin.cc.il.us addresses from before 2 year colleges were allowed back in .edu. You can use ldap to search on an @elgin.edu address, but you can't use it to search for @elgin.cc.il.us. [del] I have this running ... it gets secondary email addresses as well (you have to bind as a user with admin access in exchange - not neccessarily the same account as domain admin). http://pochacco.dnsalias.net/~gdunn/extract-exchange-55-20040810.tar.gz There's some filtering in there to only pull out addresses in specific domains (we have a shameful listserver that stores lists in hidden containers, and this will pull those and make the access file just monstrous). Let me know if this is what you were talking about... Thanks, Graham ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] How to verify that Network tests are working for spamassassin
I installed MIMEDefang/Spamassassin/Razor2/DCC and set $SALocalTestsOnly = 0; in my filter file and in sa-mimedefang.cf: use_dcc 1 dcc_timeout 10 dcc_path /usr/local/bin/dccproc But still when I send a test spam Email GTUBE from yahoo to me I get it detected as spam because of local tests only as below, I do not see any network tests like DCC or Razor or RBL, although DCC and RBL are working when I run spamassassin alone from shell. pts rule name description -- -- 0.9 FROM_ENDS_IN_NUMS From: ends in numbers 1000 GTUBE BODY: Generic Test for Unsolicited Bulk Email 0.8 HTML_30_40 BODY: Message is 30% to 40% HTML 0.1 HTML_FONTCOLOR_BLUEBODY: HTML font color is blue 0.0 HTML_MESSAGE BODY: HTML included in message Why my network tests are not working? or how can I verify that it is working, or I am missing some config to enable the network tests ? ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Re: outgoing mail copy - OT
Message: 2 Date: Tue, 10 Aug 2004 11:07:23 +0100 From: Dave Smith [EMAIL PROTECTED] Subject: [Mimedefang] Re: outgoing mail copy To: [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=ISO-8859-1 On Tue, 10 Aug 2004 13:42:26 +0500, Muhammad Talha wrote: Dear all Is it possible with mimedefang to copy outgoing mails from specific user to be copied to some other account. is there any other solution ?? Regards M. Talha Try milter-bcc, from http://www.snert.com/Software/milter-bcc/index.shtml You can also try synonym at milter.org. It works quite well for me. And since my perl skills are lacking, it kept me from butchering up my mimedefang install. The only thing I don't like about synonym is it doesn't have support for rule negation yet. Matt Pusateri ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] md_check_against_smtp_server
Bill Maidment wrote: Hi I'm trying to use md_check_against_smtp_server to check the email recipient against valid users on another mail server. The problem I have is that invalid recipients cause the incoming email to continually bounce between my two mail servers. Valid recipients work fine! OK. I've finally found the last problem. I had, for some strange reason, set LUSER_RELAY in the sendmail.mc on the internal server, to point to the external server. Once that was removed, and I added the renaming host line as previously suggested, all was well. Thanks everyone for all the assistance. Cheers Bill ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] How to verify that Network tests are working for spamassassin
Stephen J Smoogen [EMAIL PROTECTED] danced on the keyboard and produced: I installed MIMEDefang/Spamassassin/Razor2/DCC and set $SALocalTestsOnly = 0; in my filter file Where? If it's after SA is called it won't have any effect - best to put it in at the top. When you run it from the command line, do you run it as the user that MD runs as? PLEASE - keep list traffic on the list. Email sent directly to me may be ignored utterly. -- Rob | What part of no was it you didn't understand? ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Deadline for SPF records
- Original Message - From: Cor Bosman [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, August 10, 2004 4:06 AM Subject: Re: [Mimedefang] Deadline for SPF records Let's say that the SPF record for futuresource.com says that the allowed relay is mail.futuresource.com. This means that mail coming from mail.futuresource.com (as the relay) is legitimate and that all other mail is likely to be forged. Now, why would mail.futuresource.com allow someone to spoof the envelope sender from its own domain? For example, my mail server has been configured to check all envelope sender addresses which are from local domains. Therefore, I can't send a message with an envelope sender of [EMAIL PROTECTED] If SPF was widely adopted, these two measures would effectively stop forgery of all wiktel.com addresses. Do you also check [EMAIL PROTECTED] If notfakeusername is a valid hotmail user, hotmail's mail server should be able to verify that. If hotmail also implements SPF, you can verify that the mail actaully came from a hotmail server. What about people sending email themselves but receiving through your MX? SPF will allow your mail server to verify that the mail they're receiving is really coming from where it says it is - sort of. Granted, Spam that comes from a domain not using SPF can't be verified. But as mentioned before, it will stop bounces. What about people that have access through another company with one of your domains but they arent using your mailserver with authentication? You mean like an employee on the road using a hotel's ISP or at a wireless hotspot connecting back to your mail server to send mail as from your company? _Make_ them use authentication. Although as I mentioned in an earlier message, I don't know if the current (E)SMTP authentication encrypts the password or sends it in cleartext. What about receiving email from [EMAIL PROTECTED] from a mailserver that isnt listed as being from AOL, to a valid customer of yours? I receive that sort of Spam mail all the time. If they're really an AOL customer, they should be using an AOL mail server. ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Deadline for SPF records *long w/morbid horoscop e*
On Tue, Aug 10, 2004 at 09:26:26AM -0400, Graham Dunn wrote: http://pochacco.dnsalias.net/~gdunn/extract-exchange-55-20040810.tar.gz Forgot to add that you'll need to add whatever you have in @mx_domains to your relay-domains file. Graham ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] [resend] Specfile bug: disables service on update
David F. Skoll wrote: Off topic: I hate RPM! Hah. Try making sense of Debian's dpkg packaging system sometime. *crosses eyes* Oy vey. RPM is clear as glass by comparison. Does anyone have a *good* document where all this stuff is documented? Half the stuff in .spec files seems to be undocumented magic. As mentioned, www.rpm.org has links to the (now quite outdated but still useful) Maximum RPM book, and the online copy is slowly getting updated. I also use offical .srpm's (and the occasional third-party .srpm) as references to see what some of the more complex packages have done to make some interesting trick work. -kgd -- Get your mouse off of there! You don't know where that email has been! ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Deadline for SPF records
On Tue, 10 Aug 2004, Dave Williss wrote: You mean like an employee on the road using a hotel's ISP or at a wireless hotspot connecting back to your mail server to send mail as from your company? _Make_ them use authentication. Ironically enough, Dave Williss's original message was held in our trap because it originated from 24.94.166.115, which caused an SPF fail result for the microimages.com domain. :-) I receive that sort of Spam mail all the time. If they're really an AOL customer, they should be using an AOL mail server. We too have moved in that direction. Regards, David. ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Graphdefang + High CPU Load when processing
Ya know, I was considering the very same thing. My backup server does basically nothing throughout the day (it only runs backups), which makes it a great candidate. :) Just curious, but what, exactly, does the --trim option do? The documentation states that it cuts out old data from the SummaryDB, but doesn't that defeat the purpose of graphdefang when looking for longer-term trends and such? With regards to the corruption issue, the problem creeps in when Graphdefang has a LOT of information to process. In my situation, we have a medium load mail server which generates maillogs on a daily basis anywhere between 2MB and 10MB. Now, that doesn't seem to be too large, but, however, GraphDefang runs, when I was running it on a daily basis, after about a month of gathering data (maybe sooner, but it's been nearly 10 months since we were running it on a daily vs. every 30 minute basis), we noticed that the graphs suddenly flatlined. A little investigation showed that the database was corrupted (ran graphdefang.pl by hand, and no new data would get added to the database). That was the 4th occurance of the same problem, so we opted for the more frequent updates to reduce the amount of data it had to handle at any one point in time. This resolved the problem, but, now, 10 months later, we have seen that graphdefang has started spiking the CPU for a minute or more as it processes (this is a new problem for us). The machine is a solid box with 1GB of RAM.. I'll try running it on a remote server.. :-) -Rich Chris Gauch wrote: I ran into this same issue with Graphdefang, but it was fairly easy to resolve. I set up graphdefang on a remote Linux server that had a low average load. ...snip... You could also set up an rsync process to rsync the maillog onto the remote graphdefang server, rather than configuring remote syslog. On the remote syslog server running graphdefang, you should also add a CRON script that runs the graphdefang.pl --trim option. Just make sure this CRON script DOES NOT run while graphdefang is processing the SummaryDB info, or you'll corrupt the he|| out of your SummaryDB. - Chris Kevin A. McGrail wrote: I run it once a day and never have a corruption issue. If you have corruption issues, suggest looking at your DB installation. There is just very little in graphdefang that could really cause this issue. Are you having other DB corruption issues? I am very wary of using DB on servers because of the numerous issues we see but the speed benefits are great compared to something like mySQL. In other words, all over different mailing lists, I constantly read about DB corrupted this, DB corrupted that. Not to mention that DB is often implemented in a way that loads the entire DB into memory. This is great for small databases but the graphdefang database can hit half a gigabyte for a server. This causes huge spikes in the load but makes it process quicker. Perhaps your machine is running out of memory trying to load the database and just crashing? Regards, KAM ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Deadline for SPF records
On Tue, 2004-08-10 at 09:12, Dave Williss wrote: You mean like an employee on the road using a hotel's ISP or at a wireless hotspot connecting back to your mail server to send mail as from your company? _Make_ them use authentication. Put a price tag on that. If you are selling a product, how many dollars worth of orders are you willing to discard because the potential customer sent a request for information through a public access point instead of their own ISP? Discarding their mail is the only way you can _make_ someone else do things your way. Is it worth it, when what really matters is the individual authentication and/or the message content? I just don't see much value in some untrusted third party's claim of authentication. --- Les Mikesell [EMAIL PROTECTED] ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] adding in x-header
When you add in a new x-header, at what point is the x-header part of the message? I have a network test nd would like to add a x-header so spamassassin can use the result as a bayesian check. Don't I need to do some sort of message_rebuild before calling the sa check? -- Luke Computer Science System Administrator Security Administrator,College of Engineering Montana State University-Bozeman,Montana ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Graphdefang + High CPU Load when processing
Hi Rich, On Tue, Aug 10, 2004 at 12:34:00PM -0400, Rich West told us: handle at any one point in time. This resolved the problem, but, now, 10 months later, we have seen that graphdefang has started spiking the CPU for a minute or more as it processes (this is a new problem for us). The machine is a solid box with 1GB of RAM.. just jumping in here, I don't know your exact setup/OS, but maybe you could try lowering the priority of graphdefang?? This way it would end up not eating so much processing power of your machine (and, of course, taking longer to finish one run). HTH Sven -- Linux zion 2.6.8-rc2 #1 Sun Jul 18 15:00:48 CEST 2004 i686 athlon i386 GNU/Linux 19:18:48 up 22 days, 20:47, 1 user, load average: 0.09, 0.08, 0.02 ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] adding in x-header
On Tue, 10 Aug 2004, Lucas Albers wrote: When you add in a new x-header, at what point is the x-header part of the message? If you mean adding the header with action_add_header(), it doesn't happen until after MIMEDefang returns control to Sendmail. If you want SpamAssassin to see the header, you need to roll your own function that rewrites the INPUTMSG file. Don't I need to do some sort of message_rebuild before calling the sa check? That won't do it. action_rebuild just sets a flag telling mimedefang.pl to rebuild the message after filter_end returns. Regards, David. ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] Deadline for SPF records *long w/morbid horoscop e*
On 10 Aug 2004 at 7:59, Damrose, Mark wrote: Yes, but you can't get all the deliverable addresses - e.g. system addresses such as postmaster and abuse. Those could be added manually to the list after the export. I also don't know of any way to do this automatically. Almost anything that you can do in the Exchange UI is exposed as a COM object interface. -- Jeff Rife| Sam: How's life treatin' you, Norm? SPAM bait: | [EMAIL PROTECTED] | Norm: Well, Sammy, it's not...so I sure [EMAIL PROTECTED] | hope you are. ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Deadline for SPF records *long w/morbid horoscope*
On 10 Aug 2004 at 9:00, Joseph Brennan wrote: --On Monday, August 9, 2004 11:17 PM -0400 Jeff Rife [EMAIL PROTECTED] wrote: At the core, this solution ignores the concept and purpose of a backup MX which is a reality and necessity for many companies where email is critical. I dispute this statement. That's as may be, but check your quoting next time, because I didn't write it. -- Jeff Rife| Wheel of morality, SPAM bait: | Turn, turn, turn. [EMAIL PROTECTED] | Tell us the lesson [EMAIL PROTECTED] | That we should learn | -- Yakko, Animaniacs ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Deadline for SPF records *long w/morbid horoscope*
On 10 Aug 2004 at 9:04, Graham Dunn wrote: There is no reason a backup MX server can't know if an address is valid or not. How about scaling? I'm pretty sure my ISP will run (screaming, no doubt), from a scenario in which they rely on their customers to keep their list of valid addresses current. If your ISP allows you to have mail servers behind theirs and they are the front line MX and forward everything to you, then your ISP is really odd. If, on the other hand, you just use your ISP as backup MX, *and* they don't run MIMEDefang, etc., then you lose a lot of the benefits of running MIMEDefang. The solution my small (less than 300 employees) company chose was to put another Linux server *that we control* somewhere else. We can do this because we have a couple of different ISPs for our different physical locations. How about MS Exchange? :] How about it? There are lots of ways you can automatically generate all valid e-mail addresses from an Exchange server, and get those to a Linux box in a way that MIMEDefang can use to verify. We, instead, chose to educate our president and officers about the actual costs of Exchange, and it left the building quite unceremoniously. -- Jeff Rife| SPAM bait: | http://www.nabs.net/Cartoons/AngryTVGod.gif [EMAIL PROTECTED] | [EMAIL PROTECTED] | ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Deadline for SPF records
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Les Mikesell wrote: | On Tue, 2004-08-10 at 09:12, Dave Williss wrote: | | |You mean like an employee on the road using a hotel's ISP or at a |wireless hotspot connecting back to your mail server to send mail |as from your company? _Make_ them use authentication. | | | Put a price tag on that. If you are selling a product, how many | dollars worth of orders are you willing to discard because the | potential customer sent a request for information through a | public access point instead of their own ISP? Discarding their | mail is the only way you can _make_ someone else do things | your way. Is it worth it, when what really matters is the | individual authentication and/or the message content? I just | don't see much value in some untrusted third party's claim | of authentication. | Excellent point. Unfortunately for your intended point it cuts both ways. In the case of an SPF reject the potential client gets an immediate notification that something is wrong, and can take corrective action if they are that interested. Since their company must be publishing a strict SPF record for this scenario to occur they just may appreciate your respecting their policy and call you instead. Say your potential client sends the same e-mail from the same location and your spam filter sidelines it because it triggered a couple minor SA rules and was from a blackholed IP range. Now your potential client thinks the mail went through, you know nothing about it, and the business opportunity may well pass permanently because the potential client thinks you just aren't interested in the business. They are almost definitely offended by the non-response. Which scenario works better for you? - -- Daniel Taylor VP OperationsVocal Laboratories, Inc. [EMAIL PROTECTED] http://www.vocalabs.com/(952)941-6580x203 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org iD8DBQFBGQwl8/QSptFdBtURAifNAJ4pcMpfqvm/7W8QC8Kd0aeQkezxcQCfVej0 6/vne8j6V6GsqleCcnW0unc= =PgoW -END PGP SIGNATURE- ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Deadline for SPF records *long w/morbid horoscope*
How about scaling? I'm pretty sure my ISP will run (screaming, no doubt), from a scenario in which they rely on their customers to keep their list of valid addresses current. If your ISP allows you to have mail servers behind theirs and they are the front line MX and forward everything to you, then your ISP is really odd. This is not odd at all. Cor ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] Deadline for SPF records
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Put a price tag on that. If you are selling a product, how many dollars worth of orders are you willing to discard because the potential customer sent a request for information through a public access point instead of their own ISP? If a potential customer sends you a message through a public access point and their domain has SPF enabled and doesn't list that access point as a valid relay, is that you fault? No, it's their administrator's fault for setting up restrictive SPF without properly configuring their employee's/user's laptops. Example: Let's say that I work for a hypothetical ACME Widgets, Inc. My e-mail address is [EMAIL PROTECTED] A potential customer, [EMAIL PROTECTED], tries to send me an e-mail message from his laptop using a public access point in his hotel. The network he's on is not listed as an allowed relay for example.com, according to their SPF record. My administrator (at acmewidgets.com) is honoring SPF records. What happens? If the people at example.com have setup their SPF record to say that mail from unlisted networks should be bounced, the message will be bounced. If they've said it should be subject to additional checks, but not outright rejected, it will be accepted and the SpamAssassin score increased. The behavior is exactly per their setup. Richard Laager Wikstrom Telecom Internet -BEGIN PGP SIGNATURE- Version: PGP 8.0.2 Comment: If you don't know what this is, you can safely ignore it. iQA/AwUBQRkdsm31OrleHxvOEQKW+gCg09o78crSght3oPnLeNrkStYeSVoAoKRM ohcAK9K0LqS9HGqHRwinnVkc =xuhF -END PGP SIGNATURE- ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] Deadline for SPF records
On Tue, 10 Aug 2004, Richard Laager wrote: If a potential customer sends you a message through a public access point and their domain has SPF enabled and doesn't list that access point as a valid relay, is that you fault? No, it's their administrator's fault for setting up restrictive SPF without properly configuring their employee's/user's laptops. I agree. And the problem is that it's next to impossible for a moderate-to- large ISP to force its users to configure their laptops appropriately, so I doubt we'll ever see a -all entry in SPF records for AOL, Hotmail, etc. This considerably reduces the effectiveness of SPF. Regards, David. ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Deadline for SPF records *long w/morbid horoscope*
Cor Bosman wrote: How about scaling? I'm pretty sure my ISP will run (screaming, no doubt), from a scenario in which they rely on their customers to keep their list of valid addresses current. If your ISP allows you to have mail servers behind theirs and they are the front line MX and forward everything to you, then your ISP is really odd. This is not odd at all. I concur. This is not odd at all and is actually the goal of people like MSN.com. To their mail server, your mail server could be an MTA, MSA or MUA. They don't care... they'll take anything. Users cannot email WITHOUT relaying through their servers. Now for business accounts, that's another story. -Ben ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Deadline for SPF records
Richard Laager wrote: Example: Let's say that I work for a hypothetical ACME Widgets, Inc. My e-mail address is [EMAIL PROTECTED] A potential customer, [EMAIL PROTECTED], tries to send me an e-mail message from his laptop using a public access point in his hotel. The network he's on is not listed as an allowed relay for example.com, according to their SPF record. My administrator (at acmewidgets.com) is honoring SPF records. What happens? That's just it - if your sales guy is at hotel with his laptop, he could use AUTH/STARTTLS and actually relay through his company's mail server. Thus the email from [EMAIL PROTECTED] would be delivered by mail.acmewidgets.com to where it needed to go... SPF would be valid. This no bounce at the destination. So the second part below wouldn't even be an issue. If the people at example.com have setup their SPF record to say that mail from unlisted networks should be bounced, the message will be bounced. If they've said it should be subject to additional checks, but not outright rejected, it will be accepted and the SpamAssassin score increased. The behavior is exactly per their setup. -Ben ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Deadline for SPF records
Let's say that I work for a hypothetical ACME Widgets, Inc. My e-mail address is [EMAIL PROTECTED] A potential customer, [EMAIL PROTECTED], tries to send me an e-mail message from his laptop using a public access point in his hotel. The network he's on is not listed as an allowed relay for example.com, according to their SPF record. My administrator (at acmewidgets.com) is honoring SPF records. What happens? That's just it - if your sales guy is at hotel with his laptop, he could use AUTH/STARTTLS and actually relay through his company's mail server. Thus the email from [EMAIL PROTECTED] would be delivered by mail.acmewidgets.com to where it needed to go... SPF would be valid. This no bounce at the destination. You try and tell that to thousands of customers. Who had their laptops set up in 1997 by a company that has long gone bankrupt. And will sue you if suddenly their email isnt working anymore :) Welcome to the world of ISPs :) Cor ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] Deadline for SPF records
On Tue, 2004-08-10 at 14:10, Richard Laager wrote: If a potential customer sends you a message through a public access point and their domain has SPF enabled and doesn't list that access point as a valid relay, is that you fault? No, it's their administrator's fault for setting up restrictive SPF without properly configuring their employee's/user's laptops. How would this work for wireless delivery services like Blackberry? My CEO has one of these and uses it a lot. All messages must be sent through their server but we want the 'From:' to be his desktop address. --- Les Mikesell [EMAIL PROTECTED] ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Help with removing files with names defined in bad_exts
I would like to remove certain named zip files from emails but I don't wan't to discard all zip files since we use them. I tried to add the whole filename to bad_exts but this does not work. Is there somewhere else in the filter I can add this or do I need to add my own code to the re_match function. Thanks, David ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] Help with removing files with names defined in bad_exts
David Reta wrote:
I would like to remove certain named zip files from emails
but I don't wan't to discard all zip files since we use them.
I tried to add the whole filename to bad_exts but this does
not work. Is there somewhere else in the filter I can add
this or do I need to add my own code to the re_match function.
You need to add your own code. Here's a sample (untested)
sub filter_bad_filename ($) {
my($entity) = @_;
my($bad_exts, $re);
my @badfilenames =
( price.zip,
the-price.zip,
snowhite.scr,
)
for my $badfilename (@badfilenames)
{if (lc $badfilename eq $entity)
{return 1;
}
}
# Bad extensions
$bad_exts = '(ade|adp|app|asd|asf|asx|bas|bat|chm|cmd|com|cpl|crt|dl
l|exe|fxp|hlp|hta|html?|hto|inf|ini|ins|isp|jse?|lib|lnk|mdb|mde|msc|msi
|msp|mst
|ocx|pcd|pif|prg|reg|scr|sct|sh|shb|shs|sys|url|vb|vbe|vbs|vcs|vxd|wmd|w
ms|wmz|w
sc|wsf|wsh|\{[^\}]+\})';
# Do not allow:
# - CLSIDs {foobarbaz}
# - bad extensions (possibly with trailing dots) at end or
# followed by non-alphanum
$re = '\.' . $bad_exts . '\.*([^-A-Za-z0-9_.,]|$)';
return re_match($entity, $re);
}
[EMAIL PROTECTED] 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
perl -emap{y/a-z/l-za-k/;print}shift Jjhi pcdiwtg Ptga wprztg,
smime.p7s
Description: S/MIME cryptographic signature
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] Help with removing files with names defined in bad_exts
{if (lc $badfilename eq $entity)
Should be
{if (lc $badfilename eq lc $entity)
smime.p7s
Description: S/MIME cryptographic signature
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] Help with removing files with names defined in bad_exts
Matthew.van.Eerde wrote:
David Reta wrote:
I would like to remove certain named zip files from emails
but I don't wan't to discard all zip files since we use them.
I tried to add the whole filename to bad_exts but this does
not work. Is there somewhere else in the filter I can add
this or do I need to add my own code to the re_match function.
Sorry for repeated postings. Now that I've read the mimedefang.pl,
here's a better chunk of code:
sub filter_bad_filename ($) {
my($entity) = @_;
my($bad_exts, $re);
my @badfilepats =
(^price\.zip$,
^the-price\.zip$,
^snowhite.scr$,
);
for my $badfilepat (@badfilepats)
{if (re_match($entity, $badfilepat))
{return 1;
}
}
# Bad extensions
$bad_exts =
'(ade|adp|app|asd|asf|asx|bas|bat|chm|cmd|com|cpl|crt|dll|exe|fxp|hlp|ht
a|html?|hto|inf|ini|ins|isp|jse?|lib|lnk|mdb|mde|msc|msi|msp|mst|ocx|pcd
|pif|prg|reg|scr|sct|sh|shb|shs|sys|url|vb|vbe|vbs|vcs|vxd|wmd|wms|wmz|w
sc|wsf|wsh|\{[^\}]+\})';
# Do not allow:
# - CLSIDs {foobarbaz}
# - bad extensions (possibly with trailing dots) at end or
# followed by non-alphanum
$re = '\.' . $bad_exts . '\.*([^-A-Za-z0-9_.,]|$)';
return re_match($entity, $re);
}
[EMAIL PROTECTED] 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
perl -emap{y/a-z/l-za-k/;print}shift Jjhi pcdiwtg Ptga wprztg,
smime.p7s
Description: S/MIME cryptographic signature
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Deadline for SPF records
Er, oo... Well, in that case, let me introduce you to Mr. Reply-To: field. chuckle Can't help ya there.. that is a problem. But the reply-to: would fix that. :) Les Mikesell wrote: On Tue, 2004-08-10 at 14:10, Richard Laager wrote: If a potential customer sends you a message through a public access point and their domain has SPF enabled and doesn't list that access point as a valid relay, is that you fault? No, it's their administrator's fault for setting up restrictive SPF without properly configuring their employee's/user's laptops. How would this work for wireless delivery services like Blackberry? My CEO has one of these and uses it a lot. All messages must be sent through their server but we want the 'From:' to be his desktop address. -- Ben Kamen - O.D.T, S.P. -- Home: [EMAIL PROTECTED] http://www.benjammin.net Work: [EMAIL PROTECTED] gPG Pub Key - http://www.benjammin.net/www/pages/library * * NOTE: Opinions and Views discussed via email are my own and not that * * of the State of Illinois, University of Illinois or the Illinois Dept * * of Natural Resources. * * ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Deadline for SPF records
Cor Bosman wrote: That's just it - if your sales guy is at hotel with his laptop, he could use AUTH/STARTTLS and actually relay through his company's mail server. Thus the email from [EMAIL PROTECTED] would be delivered by mail.acmewidgets.com to where it needed to go... SPF would be valid. This no bounce at the destination. You try and tell that to thousands of customers. Who had their laptops set up in 1997 by a company that has long gone bankrupt. And will sue you if suddenly their email isnt working anymore :) Welcome to the world of ISPs :) I was speaking in the terms of a corporate user which should have an IT department. Tongue in Cheek But seriously, it's so easy to set up StartTLS on the client side... That's what an ISP's FAQ/Techsupport Page is for, right!?! -Ben p.s. Seriously, STARTTLS/AUTH is really easy to set up on the client side. It's either going to be conform or be blocked. (sigh) I hear you guys. Not gonna be pretty. ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] Deadline for SPF records
Quoting Les Mikesell [EMAIL PROTECTED]: On Tue, 2004-08-10 at 14:10, Richard Laager wrote: If a potential customer sends you a message through a public access point and their domain has SPF enabled and doesn't list that access point as a valid relay, is that you fault? No, it's their administrator's fault for setting up restrictive SPF without properly configuring their employee's/user's laptops. How would this work for wireless delivery services like Blackberry? My CEO has one of these and uses it a lot. All messages must be sent through their server but we want the 'From:' to be his desktop address. You have to add the blackberry servers to the list of allowed senders in the SPF record that YOU design. Tony This message was sent using IMP, the Internet Messaging Program. This email message from Starpoint Solutions LLC is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. Opinions, conclusions and other information in this message that do not relate to the official business of Starpoint Solutions shall be understood as neither given nor endorsed by it. ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Graphdefang + High CPU Load when processing
On Tue, 10 Aug 2004, Rich West wrote: Just curious, but what, exactly, does the --trim option do? The documentation states that it cuts out old data from the SummaryDB, but doesn't that defeat the purpose of graphdefang when looking for longer-term trends and such? You should use the --trim option regularly. When I added it to the code, it reduced the size of my DB by 10x. It deletes all of the detailed data that is for months previous to the current month. It keeps all of the summarized data, and it keeps all of the top 25 data per user per month and per day, but you no longer actually need the rest of the detailed line-item data in your DB. Regards, John ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Re: MIMEDefang Digest, Vol 11, Issue 28
On Tue, 10 Aug 2004, Ben Kamen [EMAIL PROTECTED] wrote: Er, oo... Well, in that case, let me introduce you to Mr. Reply-To: field. chuckle Can't help ya there.. that is a problem. But the reply-to: would fix that. For a good time, try introducing a Eudora user to the concept of a reply-to header. -- Paul Russell Senior Systems Administrator OIT Messaging Services Team University of Notre Dame ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Adding X-Received-ASN header
Just saw this on the SA mailing list: http://twiki.iwethey.org/Main/SpamByASN Does anybody have code for MD to add the required header so SA can run the Bayes machine against it? ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
