Set up your IMail/Declude server as a gateway for the Lyris box so that
all E-mail sent to it is spam blocked prior to being delivered by Lyris
and then whitelist the IP of the Lyris box. You can then also blacklist
anything that has the Lyris domain name since the whitelist IP overrides
the b
I have a alias on my Imail server running declude 1.80 junkmail pro.
That alias [EMAIL PROTECTED] forwards to another box running my lyris mail
list software.
To prevent people from being bounced due to spam filtering, I have a
whitelist domain for the actual lyris box
ie
[EMAIL PROTECTED] is
Ok, thanks.
-d
- Original Message -
From: "R. Scott Perry" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, September 28, 2004 7:26 PM
Subject: Re: [Declude.JunkMail] DNS Puzzler
>> http://www.dnsstuff.com/tools/ptr.ch?ip=12.20.208.99 shows that AT&T is
delegating the
>> revers
>> http://www.dnsstuff.com/tools/ptr.ch?ip=12.20.208.99 shows that AT&T is
delegating the
>> reverse DNS for 12.20.208.99 to dns.skywaves.net, using the hostname
>> 99.96/28.208.20.12.in-addr.arpa. But dns.skywaves.net doesn't have a
PTR record for
>> 99.96/28.208.20.12.in-addr.arpa.
So I chang
Yes. My global.cfg (which I sent to you in a separate email) contains the
lines
LOG_OK NONE
LOGLEVEL MID
--Elise
At 9/28/04 04:48 PM, you wrote:
Details? Are you seeing the "Message OK" lines?
Typical log entries:
09/28/2004 15:59:07 Qc28b026d0172aa34 L1 Message OK
Is this with "LOG_OK NONE"?
Hey Scott-
So I changed it to
99.96/28IN PTR mail.crofuttsmith.com
And now it works.
Can you explain why?
-Dave
- Original Message -
From: "R. Scott Perry" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, September 28, 2004 4:42 PM
Subject: Re: [Declude.JunkMail] DNS Puzzler
We've implemented SPF for all the domains we do mail hosting for, and have
enabled SPF checking on Declude. Only one thing remains, and that is the
issue of message envelopes. The big thing that busts SPF is a message
forwarding, and the only way around this is to rewrite the envelope.
This is s
We've implemented SPF for all the domains we do mail hosting for, and have
enabled SPF checking on Declude. Only one thing remains, and that is the
issue of message envelopes. The big thing that busts SPF is a message
forwarding, and the only way around this is to rewrite the envelope. I know
IM
Good catch, Stan.
67.100.228.186 is correct. That is an old
problem that I thought we quashed years ago. Network Solutions still has the old
IP address. I have been through this with them as least three or four
times.
I run a tertiary name server on
216.0.165.3, and it is also synchroni
Opps, that was a typo. I actually had the settings below but they were still
wrong. Thanks for you help.
spfpass spf pass x 0 -3
spffail spf fail x 0 0
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of R. Scott Perry
Sent: Tuesday, September 28, 2004 1:15 PM
Title: Message
Trend
calls it something else and claims that it is 13 hours old. We haven't
seen any copies yet.
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_BAGLE.AM
Andrew
8)
-Original Message-From: Don Hickey
[mailto:[EMAIL PROTECTED] Sent: Tue
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of R.
> Scott Perry
>
> Thanks for pointing that out -- it should be fixed now. The
> format used for the forging virus lookups was changed, and we
> had to also make a change on our end to reflect
Just upgraded to 1.80, and checked the configuration. Everything seems to
be working except that I noticed that I got no notifications of the test
Eicar-virus e-mails I sent to myself after upgrading. Just sent Eicarplain
base 64 MIME enocoded mails from http://www.declude.com/Articles.asp?ID=9
The problem is with the DNS servers...
DNSSTUFF shows the authoritative DNS servers
being:
Your NS
records at the parent servers are:
dns.skywaves.com. [67.100.228.186] [TTL=172800] [US]
dns.skywaves.net. [216.0.164.2] [TTL=172800] [US]
[These were obtained
from h.gtld-servers.net]
Yes we are seeing a lot of them also...
Don
- Original Message -
From:
Todd - Smart
Mail
To: [EMAIL PROTECTED]
Sent: Tuesday, September 28, 2004 3:33
PM
Subject: [Declude.JunkMail] New Bagle W32/[EMAIL PROTECTED]
We just started getting hit with
thi
Details? Are you seeing the "Message OK" lines?
Typical log entries:
09/28/2004 15:59:07 Qc28b026d0172aa34 L1 Message OK
Is this with "LOG_OK NONE"? That line should prevent this log file entry
from appearing.
The others, such as Subject/From/etc. should appear if you are using
LOGLEVEL HIGH,
I have one for you DNS experts out there.
We host DNS for a client that runs his own mail server, and we have
received delegation from AT&T for his IP block.
I can see nothing wrong in our setup, yet some places can see the PTR
record for his mail server's IP address, and some cannot. I have
s
Hi
Just upgraded to 1.80, and checked the configuration. Everything seems to be working
except that I noticed that I got no notifications of the test Eicar-virus e-mails I
sent to myself after upgrading. Just sent Eicarplain base 64 MIME enocoded mails from
http://www.declude.com/Articles.asp?
We just started getting hit with this new Bagle.az. Anyone else seeing it?
McAfee has defs but Symantec
doesn’t yet.
Just started getting calls within
the last hour.
Todd Hunter
Smart Mail.
On 28 Sep 2004 at 16:15, R. Scott Perry wrote:
> That was added to v1.69, per http://www.declude.com/relnotes.htm .
Thanks. It may make a nice addition to the manual as well. :)
-Nick
>
>-Scott
> ---
> Declude JunkMail: The advanced anti-spam solution for
Hi,
I have one for you DNS experts out
there.
We host DNS for a client that runs his
own mail server, and we have received delegation from AT&T for his IP
block.
I can see nothing wrong in our setup, yet
some places can see the PTR record for his mail server's IP address, and some
ca
At 9/28/2004 03:58 PM, you wrote:
LOG_OK NONE does not seem to be working. Even messages which fail no
tests are included in the log files.
Details? Are you seeing the "Message OK" lines?
Typical log entries:
09/28/2004 15:59:07 Qc28b026d0172aa34 L1 Message OK
09/28/2004 15:59:07 Qc28b026d0172aa
Now when did that occur? I see no reference of this anywhere. Are
there any other switches?
That was added to v1.69, per http://www.declude.com/relnotes.htm .
-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers
sinc
I was hoping someone could help me with SPF settings. Currently any domain
that has an unknown SPF, is not supported or does not exist has -3 (same as
SPF pass) applied to the overall total.
spfpass spf pass x 0 -3
spffail spf fail x 0 -3
With these settings, any E-mail that does not pass and/or
We installed Declude JunkMail Version 1.80 and immediately observed that
the logfile format and behavior have changed.
Correct.
By design, all the "Msg failed..." lines were taken out of LOGLEVEL LOW,
and moved to LOGLEVEL HIGH. To prevent a loss of important information, a
new log file entry
I was hoping someone could help me with SPF settings. Currently any domain
that has an unknown SPF, is not supported or does not exist has -3 (same as
SPF pass) applied to the overall total. I found the log file "spf.none" that
has these domains listed. How do I get 0 points applied if a domain is
The current version of HiJack supports 'whitelisting' by sending address in
hijack.cfg.
ALLOWADDR [EMAIL PROTECTED]
- Original Message -
From: "Mike Wiegers" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, September 28, 2004 11:57 AM
Subject: RE: [Declude.JunkMail] HiJack
Scott -
wow.
Now when did that occur? I see no reference of this anywhere. Are
there any other switches?
Thanks
-Nick Hayer
> On 28 Sep 2004 at 14:37, Glenn \ WCNet wrote:
> The current version of HiJack supports 'whitelisting' by sending
> address in hijack.cfg.
>
> ALLOWADDR [EMAIL PROT
When you do a MailAll command in IMAIL does that take the IP of the mail
server...seems like I saw a lot of 0.0.0.0 IPs when I sent out the
message in HiJack..
Richard Farris
Ethixs Online
1.270.247. Office
1.800.548.3877 Tech Support
"Crossroads to a Cleaner Internet"
- Original Messa
We installed Declude JunkMail Version 1.80 and immediately observed that
the logfile format and behavior have changed.
LOG_OK NONE does not seem to be working. Even messages which fail no tests
are included in the log files.
LOGLEVEL MID no longer gives a separate line for each test failed.
Ou
With the latest beta I am seeing messages where the
X-Declude-Sender is missing the IP address, i.e., [0.0.0.0].
Ones I've seen are from my internal network.
Are you using HOP or IPBYPASS?
Could you post all the Received: headers for one of these?
Title: Message
That
should be 512 bytes in the UDP packet, and only in the reply. Another good
tip is to tell your firewall that DNS over TCP is fine.
Usually if this is turned off, it is to prevent bad actors from doing a
"zone transfer" to scoop up all of your DNS hosts so that they c
In the "hijack.cfg" file add:
# An ALLOWIP line will let an IP address send unlimited E-mail.
ALLOWIP x.x.x.x
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Richard Farris
Sent: Tuesday, September 28, 2004 11:45 AM
To: [EMAIL PROTECTED]
Subject: [Declud
On 28 Sep 2004 at 11:44, Richard Farris wrote:
Hi Richard,
You need to whitelist your ip, regretfully there is no way to config
by domain -
-Nick
> Now that I have HiJack, I found out yesterday when sending a mass
> email to all my customers that they were held...how do I take myself
> out of
Now that I have HiJack, I found out yesterday when sending a mass email to
all my customers that they were held...how do I take myself out of
HiJack...just turn it off while I send out messages or is there another
way..
Richard Farris
Ethixs Online
1.270.247. Office
1.800.548.3877 Tech Support
Chuck,
When I downloaded the (manual install) declude1.8.zip file, it was in the zip
file (over 10 plus files in there). Hope this helps.
Keith
-Original Message-
From: [EMAIL PROTECTED] on behalf of Chuck Schick
Sent: Tue 9/28/2004 11:00 AM
If you log in on www.declude.com you will see a "automatic install" and a
"manual install" link
Just download the "manual" file. It's a ZIP file and contains anything you
want.
Markus
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Jeff Maze
> S
> Really? I don't see it.. I see the manual and automatic downloads for
> it, and the other links take me other places..
> What am I missing?
The cfg files, eml templates, and manuals are included in the zipped up
version.
- Andy
---
[This E-mail was scanned for viruses by Declude Virus (
Login to your account at declude.com
Download the manual version (ZIP file) In the zip you will find cfg samples,
the manuals, applications and other useful files. I guess they should be the
latest ones.
Luis Arango.
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
David,
Here
is the DNS workaround for win2003 servers. Basically win2003 increased
the packet size to larger than 512k when performing a DNS query. This is
a default setting in win2003. The problem is many firewalls still don’t
allow packets larger than 512k. Here is a link
Keith
Where did you find the manual or the cfg files? I can find the download but
not the link to the manual.
Chuck Schick
Warp 8, Inc.
(303)-421-5140
www.warp8.com
-Original Message-
From: Keith Johnson [mailto:[EMAIL PROTECTED] On Behalf Of
Keith Johnson
Sent: Tuesday, September 28
Really? I don't see it.. I see the manual and automatic downloads for it,
and the other links take me other places..
What am I missing? Think it may just be a blonde moment..
_
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Keith Johnson
Sent: Tuesday, September 28, 2
On 28 Sep 2004 at 10:33, Jeff Maze wrote:
Hi Jeff,
> Hello,
> Just wanted to know if there's a place to download the latest .cfg
> files to handle the v1.8 additions. Or even an updated declude
> manual?
http://www.declude.com/Articles.asp?ID=116
-Nick
>
> Thanks..
>
>
> ---
> [This E-m
Jeff,
I was able to get it via my account login at www.declude.com.
Keith
-Original Message-
From: [EMAIL PROTECTED] on behalf of Jeff Maze
Sent: Tue 9/28/2004 10:33 AM
To: [EMAIL PROTECTED]
Cc:
Subject: [Declude.JunkMail] E-
Hello,
Just wanted to know if there's a place to download the latest .cfg
files to handle the v1.8 additions. Or even an updated declude manual?
Thanks..
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Ju
David,
I migrated our Declude JunkMail setup to a 100
point system awhile back. With our current setup as it is today we HOLD on
100 and DELETE on 300. When I first migrated over the way that I did it
was I set my HOLD weight to 100 and had no DELETE weight and then I assigned
arbitrary (w
We moved up to a 100 point scale last year. We hold at 100
and delete at 250. This seems to work well with catching false positives. Most
of our FPs have been below 200 but occasionally one will get over that because
of something I didn't see in the config.
Usually it's because of a repeated
This virus in sending out notifications with the "SKIPIFFORGING" in the
eml's and it appears to be forged. Is this a spoofed virus?
Thanks,
Mike Wiegers
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing li
Sorry, wrong list..
-Original Message-
From: Mike Wiegers [mailto:[EMAIL PROTECTED]
Sent: Tuesday, September 28, 2004 8:22 AM
To: '[EMAIL PROTECTED]'
Subject: W32/[EMAIL PROTECTED] - Forged??
This virus in sending out notifications with the "SKIPIFFORGING" in the
eml's and it appears to
If you're happy with the weight settings of your current
weighting system (hold on 20 ?) you can simply change to a hold-on-100 system by
multipling all wheigts in your cfg file by factor 5 and change your WEIGHT20
test to WEIGHT100
Then save the cfg file and it's done.
Beside more granular
David,
There is a problem with Win2003 DNS and some firewalls due to packet
size or something like that. I forget exactly what the issue is, but
there is a modification that should be made to your system if in fact
you are getting a lot of time-outs. Hopefully one of those affected
will chim
First Question:
I know this issue has been discussed in the past, but I
would like to make sure I understand the discussions:
1.
We are contemplating revising the
scoring to a 100 point scale
2.
I assume that when the conversion is
made that init
With the latest beta I am seeing messages where the
X-Declude-Sender is missing the IP address, i.e., [0.0.0.0].
Ones I've seen are from my internal network.
Terry Fritts
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.J
Everyone running Declude Updater as a scheduled task, can disable it as new
versions are not more published on www.declude.com/version.txt and it looks
like future releases wouldn't be available as simple .exe file.
regards
Markus
---
[This E-mail was scanned for viruses by Declude Virus (http
54 matches
Mail list logo
