ast one wave of this spam.
Andrew 8)
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Serge
> Sent: Monday, December 12, 2005 8:36 AM
> To: Declude.JunkMail@declude.com
> Subject: Re: [Declude.JunkMail] REVDNS
>
> I use t
all the details,
try checking the archives.
- Original Message -
From: "Markus Gufler" <[EMAIL PROTECTED]>
To:
Sent: Monday, December 12, 2005 3:14 PM
Subject: RE: [Declude.JunkMail] REVDNS
> Thank you Scott,
>
> Serge, why do you use such a filter? A SpamDomain
5 AM
Subject: RE: [Declude.JunkMail] REVDNS
Is a REVDNS-timeout such a frequent thing?
Markus
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Scott Fisher
Sent: Monday, December 12, 2005 4:31 PM
To: Declude.JunkMail@declude.com
Subject: Re: [Declude.
Is a REVDNS-timeout such a frequent thing?
Markus
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Scott Fisher
> Sent: Monday, December 12, 2005 4:31 PM
> To: Declude.JunkMail@declude.com
> Subject: Re: [Declud
Spamdomains tests do not trigger on a REVDNS Timeout.
- Original Message -
From: "Markus Gufler" <[EMAIL PROTECTED]>
To:
Sent: Monday, December 12, 2005 9:14 AM
Subject: RE: [Declude.JunkMail] REVDNS
Thank you Scott,
Serge, why do you use such a filter? A SpamDomai
It is (Timeout), but Declude isn't case sensative.
- Original Message -
From: "Serge" <[EMAIL PROTECTED]>
To:
Sent: Monday, December 12, 2005 9:14 AM
Subject: Re: [Declude.JunkMail] REVDNS
should this be (Timeout) or (timeout) ?
- Original Message -
m
> Subject: Re: [Declude.JunkMail] REVDNS
>
> should this be (Timeout) or (timeout) ?
>
>
>
> - Original Message -
> From: "Scott Fisher" <[EMAIL PROTECTED]>
> To:
> Sent: Monday, December 12, 2005 2:58 PM
> Subject: Re: [Declude.JunkMail]
should this be (Timeout) or (timeout) ?
- Original Message -
From: "Scott Fisher" <[EMAIL PROTECTED]>
To:
Sent: Monday, December 12, 2005 2:58 PM
Subject: Re: [Declude.JunkMail] REVDNS
> REVDNS 10 IS (Timeout)
>
> - Original Message -
> F
ail@declude.com
> Subject: Re: [Declude.JunkMail] REVDNS
>
> REVDNS 10 IS (Timeout)
>
> - Original Message -
> From: "Markus Gufler" <[EMAIL PROTECTED]>
> To:
> Sent: Monday, December 12, 2005 1:42 AM
> Subject: RE: [Declude.JunkMail] REVDNS
> I'm going to try
> REVDNS END CONTAINS (timeout)
Can you send a message from an IP who will timeout for REVDNS?
Declude support?
Markus
---
[This E-mail was scanned for viruses by Declude EVA www.declude.com]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, jus
age-
> From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
> [EMAIL PROTECTED] On Behalf Of Serge
> Sent: Monday, December 12, 2005 9:54 AM
> To: Declude.JunkMail@declude.com
> Subject: Re: [Declude.JunkMail] REVDNS
>
> > So it would be interesting know what's
gt;
To:
Sent: Monday, December 12, 2005 7:42 AM
Subject: RE: [Declude.JunkMail] REVDNS
>
> > I think it may be (timeout). I know Scott
> > Fisher posted a filter the other day that had the exact text
> > on what it is when rev dns times out.
>
> It was a message from
REVDNS 10 IS (Timeout)
- Original Message -
From: "Markus Gufler" <[EMAIL PROTECTED]>
To:
Sent: Monday, December 12, 2005 1:42 AM
Subject: RE: [Declude.JunkMail] REVDNS
I think it may be (timeout). I know Scott
Fisher posted a filter the other day that had t
> I think it may be (timeout). I know Scott
> Fisher posted a filter the other day that had the exact text
> on what it is when rev dns times out.
It was a message from Scott Fisher on the "cbl"-thread and as I can see he
posted a line
TESTSFAILED 50 CONTAINS REVDNS-TIMEOUT
So it would be in
e" <[EMAIL PROTECTED]>
To:
Sent: Sunday, December 11, 2005 7:15 PM
Subject: [Declude.JunkMail] REVDNS
I have good homail messages failing the false hotmail test below
the reason is REVDNS timeouts
the filter should end at the first line, but does not
any workarround?
REVDNS END ENDSWITH
I have good homail messages failing the false hotmail test below
the reason is REVDNS timeouts
the filter should end at the first line, but does not
any workarround?
REVDNS END ENDSWITH .hotmail.com
MAILFROM 3 ENDSWITH @hotmail.com
HELO 5 ENDSWITH hotmail.com
---
[This E-mail was scanned f
Title: Message
Look
at then DNS server that declude uses
Kevin
Bilbee
-Original Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of ToddSent: Wednesday, August 24, 2005 7:16
PMTo: Declude.JunkMail@declude.comSubject:
[Declude.JunkMail] REVDNS
I was looking through my reports and found that
around the end of June the number of email that failed the REVDNS test went
way up.
June and earlier it was common to have 20% -
25% of mail trip this test. July on I am seeing 70% - 90% of all email
fail.
We had not made any changes that
Thanks!
-d
- Original Message -
From:
Scott
Fisher
To: Declude.JunkMail@declude.com
Sent: Saturday, March 05, 2005 7:05
PM
Subject: Re: [Declude.JunkMail] REVDNS /
ROUTING
The REVDNSEXISTS test won't fail on a
timeout. Probably a safety measu
5:23
PM
Subject: [Declude.JunkMail] REVDNS /
ROUTING
Hi,
In a message I received
today:
X-REVDNS: This E-mail was sent from
(timeout) ([83.132.120.87]).X-Country-Chain: UNITED
STATES->PORTUGAL->destination
I would think with Declude info like
Hi,
In a message I received
today:
X-REVDNS: This E-mail was sent from
(timeout) ([83.132.120.87]).X-Country-Chain: UNITED
STATES->PORTUGAL->destination
I would think with Declude info like this in the headers,
the message would have failed REVDNS and ROUTING, but it didn't trip eit
I've solved this problem, thanks; it was related to a mail server
config problem. Now, the IPNOTINMX test is failing for precisionx.net
and I'm not sure why since the MX record is pointing to 65.110.77.72
(http://dnsstuff.com/tools/lookup.ch?name=precisionx.net&type=MX)
X-Declude-Sender: [EMAIL PR
day, June 04, 2004 11:47 AM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.JunkMail] REVDNS Failure question
OK, thanks.
Jose
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of R. Scott Perry
Sent: Friday, June 04, 2004 11:42 AM
To: [EMAIL PROTECTED]
Subject: RE:
I guess I'm confused as to why it's coming from this IP
216.119.112.51 when I've specified the MX record for precisionx.net
to point to 65.110.77.72
That I can't explain -- you would need to check with the documents for the
"inFusion email Server" that sent the mail to see how to get it to use a
une 04, 2004 11:32 AM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.JunkMail] REVDNS Failure question
>Why did this fail the REVDNS test? If I do a reverse DNS
>lookup for precisionx.net I get a valid PTR record back.
Reverse DNS is different than forward DNS. Reverse DNS takes an IP and
OK, thanks.
Jose
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of R. Scott Perry
Sent: Friday, June 04, 2004 11:42 AM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.JunkMail] REVDNS Failure question
>I guess I'm confused as to why it's coming
Why did this fail the REVDNS test? If I do a reverse DNS
lookup for precisionx.net I get a valid PTR record back.
Reverse DNS is different than forward DNS. Reverse DNS takes an IP and
returns the host name (using a PTR record); forward DNS usually takes a
host name and returns an IP (using an
Why did this fail the REVDNS test? If I do a reverse DNS
lookup for precisionx.net I get a valid PTR record back.
TIA
Received: from precisionx.net [216.119.112.51] by fpmamail.com with ESMTP
(SMTPD32-6.06) id A02C4790076; Fri, 04 Jun 2004 11:07:24 -0400
Received: from DedA50 [216.119.112.51]
Greg,
20% of our hold weight on our primary mx
30% of our hold weight on our backup mx
Darrell
Check Out DLAnalyzer a comprehensive reporting tool for
Declude Junkmail Logs - http://www.dlanalyzer.com
System Administrator writes:
I'm curious
negative rDNS scores 5. No hold or delete. Subject line maker SPAM-VHIGH @
30+.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of System
Administrator
Sent: 11 December 2003 13:01
To: [EMAIL PROTECTED]
Subject: [Declude.JunkMail] revdns weight question
I
I'm curious as to what others are doing concerning the weight assigned to
the revdns test. How much weight do you assign to your revdns test, as a
percentage of your hold or delete limit? Our percentage is currently at 25%
(10/40).
Thanks,
Greg
---
[This E-mail was scanned for viruses by Declude
Is it accurate to say that a filter in DECLUDE Pro using REVDNS is more
efficient and runs faster
than a filter using BODY?
Yes, it is (simply because the reverse DNS entry is much shorter than the
body of the E-mail, so there is less searching to do).
My standard procedure was to add a BODY fi
Is it accurate to say that a filter in DECLUDE Pro using REVDNS is more efficient and
runs faster
than a filter using BODY?
My standard procedure was to add a BODY filter that contains the domain of a link
found in the spam
messages that make it through other tests. This makes sure that they wil
I've been using this filter with success:
REVDNS -100 ENDSWITH .shawcable.net
But what happens if :
X-Declude-Sender: [EMAIL PROTECTED] [204.209.208.8]
Does that test match the ip address to yahoo.com?
Not in this specific case (since 204.209.208.8 doesn't have a reverse DNS
entry, even th
Hi,
I've been using this filter with success:
REVDNS -100 ENDSWITH .shawcable.net
But what happens if :
X-Declude-Sender: [EMAIL PROTECTED] [204.209.208.8]
Does that test match the ip address to yahoo.com?
Or if the ip addresses reverses to shawcable.net, it will let it through
even if th
sion.
Thanks for the help.
- Original Message -
From: "R. Scott Perry" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, September 16, 2003 11:45 AM
Subject: Re: [Declude.JunkMail] RevDNS
I'm guessing that your local DNS server thinks th
From: "R. Scott Perry" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, September 16, 2003 11:45 AM
Subject: Re: [Declude.JunkMail] RevDNS
>
> > > I'm guessing that your local DNS server thinks that it is
authoritative for
> > > reverse
> I'm guessing that your local DNS server thinks that it is authoritative for
> reverse DNS lookups, but doesn't have a reverse DNS entry for 209.7.3.194.
>
When you say local, you are talking about the internal Private DNS server,
right?
By "local" I mean the DNS server that IMail uses.
Or the d
- Original Message -
From: "R. Scott Perry" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, September 16, 2003 10:06 AM
Subject: Re: [Declude.JunkMail] RevDNS
>
> > I've had this problem for a while, and although I found a way around
it, I
&g
I've had this problem for a while, and although I found a way around it, I
want to get it corrected
so that I don't see this warning...anyway...
My work is behind a firewall, this firewall, contains 3 zones:
Our Private network with a 192.168.x.x IP range
Our DMZ
and the Internet Zone
The fir
- Original Message -
From: "EN" <[EMAIL PROTECTED]>
> The firewall does NAT to hide all our machines behind one IP which is
> designated on the firewall.
> When a user sends email while using the web interface of Imail, all is
well.
> When a user sends an email using Outlook Express, the
Hi all,
I've had this problem for a while, and although I found a way around it, I
want to get it corrected
so that I don't see this warning...anyway...
My work is behind a firewall, this firewall, contains 3 zones:
Our Private network with a 192.168.x.x IP range
Our DMZ
and the Internet Zone
t: Tuesday, September 02, 2003 4:40 PM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.JunkMail] REVDNS and HELOBOGUS
We only white list after emailing the user and the mail admin. It is in
their best interest to fix the RDNS and HELO bogus issues.
Attached is the email I send to them.
Why should
I reduced the scores of those test's. Messages that fail BAHDEADERS
seem to often fail HELOBOGUS in my experience. It would be good to know
the error code returned by the BADHEADERS test because this shouldn't be
failed by most mailing applications (even automated ones). If you look
in your
l (E-mail)
> Subject: [Declude.JunkMail] REVDNS and HELOBOGUS
>
>
> Hello,
>
> We get a lot of false postives from sites that fail two of three simple
> tests such as REVDNS, HELOBOGUS and BADHEADERS which combined have just
> enough weight (10 to12 ), to get tagged as spam.
Hello,
We get a lot of false postives from sites that fail two of three simple
tests such as REVDNS, HELOBOGUS and BADHEADERS which combined have just
enough weight (10 to12 ), to get tagged as spam. I have been whitelisting
as I learn about them, which seems to be approx one to three entries
Title: Message
Hi;
A while back I
suggested a test based on REVDNS. The idea was simply trying to track
spammers that are not just occasional senders but do this on a much larger
scale.
Since then we
started tracking REVDNS of all addresses that send more than 1 email in a
batch. Simp
the dns servers are 208.13.150.92 and 208.13.150.91 set in imail...
Those servers seem to be responding properly.
In this case, I would suggest using the debug mode. To use the debug mode,
you can change the "LOGLEVEL LOW" line in \IMail\Declude\global.cfg to
"LOGLEVEL DEBUG". Then, after
the dns servers are 208.13.150.92 and 208.13.150.91 set in imail...
On Sat, 2003-01-11 at 11:45, R. Scott Perry wrote:
>
> >perhaps it's too early - but I notice these being tagged as revdns
> >failed ...
>
>
> >Received: from IMGate.Mailstop7.com [208.13.150.9] by mailstop7.com with
> > ESMTP
perhaps it's too early - but I notice these being tagged as revdns
failed ...
Received: from IMGate.Mailstop7.com [208.13.150.9] by mailstop7.com with
ESMTP (SMTPD32-7.13) id A93013FE0108; Sun, 05 Jan 2003 18:01:04 -0500
This is the only header that has an IP address, so this should be the
perhaps it's too early - but I notice these being tagged as revdns
failed - this just started a couple days ago - can someone more awake
than I, help - I am off to get some coffee...the imgate machine is my
postfix gateway...it is trying to send me a report that it itself is
blocking due to content
>Scott, I've now been running DECLUDE for two days and from a first look,
>I like the product. However, it has been catching a large number of
>valid messages and I'm wondering what actions to take with them. The
>most common failures are on REVDNS,
That one does have a lot of false positives
Scott, I've now been running DECLUDE for two days and from a first look,
I like the product. However, it has been catching a large number of
valid messages and I'm wondering what actions to take with them. The
most common failures are on REVDNS, HELOBOGUS and WEIGHT10. I remember
reading about
>I have a question about the REVDNS test. We are hosting our customers
>email on a server at one of our POP's and reverse DNS is being done for the
>virtual email server. The reverse DNS states only the domain name and not
>does not have 'mail' specfied in the reverse DNS.
>
>Email Server IP:
I have a question about the REVDNS test. We are hosting our customers
email on a server at one of our POP's and reverse DNS is being done for the
virtual email server. The reverse DNS states only the domain name and not
does not have 'mail' specfied in the reverse DNS.
Email Server IP: 207.22
>Ok, now I'm confused. Are you saying then that even though all the
>machines in my
>network are assigned IP addresses via DHCP, that I have to have each of those
>address resolve to something in the reverse DNS? I think most people
>would only
>list servers, not workstations in DNS. I don't
Ok, now I'm confused. Are you saying then that even though all the machines in my
network are assigned IP addresses via DHCP, that I have to have each of those
address resolve to something in the reverse DNS? I think most people would only
list servers, not workstations in DNS. I don't even hav
>Can I get more info on how the REVDNS test is done?
It's a standard reverse DNS lookup -- for more details, you'll need to go
to the RFCs.
>We have half a class C so our upstream provider does our reverse DNS.
That's fine. They can either handle it, or delegate your half of the class
C to
t.com
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Susan Duncan
Sent: Tuesday, March 12, 2002 9:30 AM
To: Declude List
Subject: [Declude.JunkMail] REVDNS test
Can I get more info on how the REVDNS test is done? We have half a
class C so our ups
Can I get more info on how the REVDNS test is done? We have half a
class C so our upstream provider does our reverse DNS. Apparently
somewhere along the line they dropped the config for us and we didn't
have reverse dns set up for mail.sirc.ca. After much email back and
forth, yesterday they to
>PS: What's the story with your garbled list server subject field. For the
>last two days, I always see garbled text such as:
>
>"RE: X-RBL-Warning: %WARNING%REVDNS:Re: [Declude.JunkMail] 1.21b Improved -
>but Headers stillbroken!"
I'm working on that one. It seems to be a problem with the E-m
SP>> That would happen if there was no IP address to test for the remote
server. It could happen if, for example, you have Declude bypass your
backup mail server, and that mail server doesn't record the IP
address. <<
Nope - that's not the case here.
Look at the header one more time, please. Y
>In fact, so far I have yet to see ANY email where REVDNS was successful!
FYI, there was a problem discovered where the reverse DNS lookups were not
working properly with 1.21a. v121b has just been put online to take care
of that.
-Scott
---
T
Hi,
I believe, there is in a bug in the REVDNS implementation.
Instead of checking for reverse DNS for the originating SMTP server, it
actually is looking up the end-users workstation address - which of course
often will NOT have a reverse DNS entry.
Example - in the following test mail, Declud
Scott:
Well - the first sample that I sent you was sent to my .129 address - and I
found that I have .129 set to "ignore" in the GLOBAL.CFG. So I suppose that
explains why it's not looking up that server.
But, I'm home now - and I'm using Auth SMTP to my IMAIL server from Outlook
2000.
Now, lo
>I believe, there is in a bug in the REVDNS implementation.
>
>Instead of checking for reverse DNS for the originating SMTP server, it
>actually is looking up the end-users workstation address - which of course
>often will NOT have a reverse DNS entry.
The REVDNS test should check the same IP ad
66 matches
Mail list logo