RE: [Declude.JunkMail] Windows API call to WINSOCK.DLL
> GetHostByName() usage is pretty straightforward--there must be > hundreds of howtos for VB (though you'll probably need to build/buy > COM object for ASP). > > Again, what's the project exactly? You are going to need a DLL to do this, ASP with VB does not provide any of these functions by default. I believe if you use Simple DNS + you will be able to interact with it via ASP and VB. The link to the web site is http://www.jhsoft.com/ if you prefer a stand alone DLL instead I'm sure you will be able to find one for free. They are usually pretty easy to install and work fine on IIS 4 and IIS 5. Good Luck. Regards, Tom ExecNet Internet Services an Image`fx Company --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Windows API call to WINSOCK.DLL
> It's for a project where we're running a name server with > spam-vertised domain names, IP Numbers and phone numbers. We have an > .exe to pick them out of emails, now we need to look them up on the > name server. The ultimate goal would be to get the IP address of a spam-vertised domain name? I'm not sure what good would that do for you. You can't use that IP address on a blacklist, since the chances of it originating mail itself are infinitesmal (that's why people spamvertise from other servers, I'd think). If you want to just provide an RBL for hostnames you find in an email body, using the DNS protocol is a great idea, but there's no reason to have a real IP address associated with the name, just a 127.0.0.2 response or similar to signify whether the name is listed. You could do likewise for IP addresses, like the IP4r method does, and even phone numbers if you're creative. GetHostByName() usage is pretty straightforward--there must be hundreds of howtos for VB (though you'll probably need to build/buy COM object for ASP). Again, what's the project exactly? -Sandy --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Windows API call to WINSOCK.DLL
I'm not sure I understand what you want to do. The ASP code is just done through the Request.ServerVariables Collection. I'm not sure I understand the requirement for the .exe Have you ever used API's before? > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]] On Behalf Of Paul > Fuhrmeister > Sent: Monday, January 27, 2003 11:21 AM > To: [EMAIL PROTECTED] > Subject: [Declude.JunkMail] Windows API call to WINSOCK.DLL > > > We need to do a Windows API call to WINSOCK.DLL > - GetHostByAddr and > - GetHostByName > > Need to do it in an ASP page and in a server side .exe (VB6). > > It's for a project where we're running a name server with > spam-vertised domain names, IP Numbers and phone numbers. We > have an .exe to pick them out of emails, now we need to look > them up on the name server. > > Can anyone tell us what is the code to do these winsock api call? > > Will make all source and system available to everyone. > > [EMAIL PROTECTED] > > > --- > [This E-mail was scanned for viruses by Declude Virus > (http://www.declude.com)] > > --- > This E-mail came from the > Declude.JunkMail mailing list. To unsubscribe, just send an > E-mail to [EMAIL PROTECTED], and type "unsubscribe > Declude.JunkMail". The archives can be found at > http://www.mail-archive.com. > --- > [This E-mail scanned for > viruses by F-Proto Virus Scanner] > > --- [This E-mail scanned for viruses by F-Proto Virus Scanner] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] COPYTO action on an Outgoing test
Cool that fixed it. Thanks, as always, for the fast response. Bill -Original Message- From: "R. Scott Perry" Sent: Mon, 27 Jan 2003 15:08:59 -0500 Subject: Re: [Declude.JunkMail] COPYTO action on an Outgoing test >Hey Scott, let me know if you have received that email now or not, because >I noticed the email was getting held by declude because the debug file >contained lots for words that set off our filters. But I added a whitlist >rule, so it should have gotten to you now. But let me know if not. This is an issue with Declude JunkMail, and has been fixed in the latest interim release (http://www.declude.com/release/166i/declude.exe). -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Selective clean up of mail folders
My bad - I found it from two weeks ago. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Sanford Whiteman Sent: Monday, January 27, 2003 4:06 PM To: Bill Naber Subject: Re: [Declude.JunkMail] Selective clean up of mail folders > My question, is there a clean-up utility along the lines of > immsgexp.exe that can be directed to only work on selected > mailboxes? Search archives first...just posted last week. -Sandy --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Selective clean up of mail folders
> My question, is there a clean-up utility along the lines of > immsgexp.exe that can be directed to only work on selected > mailboxes? Search archives first...just posted last week. -Sandy --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Selective clean up of mail folders
To keep me out of the spam review loop, I'm using the mailbox function to move spam to a mailbox called "Junk" for each user. If the users feel the need to review/retrieve messages, they can access them via the web interface. My question, is there a clean-up utility along the lines of immsgexp.exe that can be directed to only work on selected mailboxes? I'd like to clean out any junk more than two or three weeks old, but can't clean out the main or other mailboxes since I have some users that only use the web interface and don't have any place to archive messages offline. Thanks, -Bill Naber Kitchin Hospitality, LLC --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Final Action
I run Junkmail at a log setting of HIGH. After switching to 166i11 I have noticed that the last log entry for every e-mail reads "Final Action = IGNORE". This is the case even though various tests may show Actions of WARN, COPYTO, or ROUTETO. What's the story? That's because the final action actually is IGNORE, as far as Declude JunkMail is concerned (perhaps that log file entry would be better in the DEBUG mode, or a name such as "Last action"). The WARN, COPYTO, and ROUTETO actions will occur when Declude JunkMail encounters the action, as opposed to other actions (such as HOLD) which do not occur until the other actions are finished. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] COPYTO action on an Outgoing test
Hey Scott, let me know if you have received that email now or not, because I noticed the email was getting held by declude because the debug file contained lots for words that set off our filters. But I added a whitlist rule, so it should have gotten to you now. But let me know if not. This is an issue with Declude JunkMail, and has been fixed in the latest interim release (http://www.declude.com/release/166i/declude.exe). -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Final Action
Scott, I run Junkmail at a log setting of HIGH. After switching to 166i11 I have noticed that the last log entry for every e-mail reads "Final Action = IGNORE". This is the case even though various tests may show Actions of WARN, COPYTO, or ROUTETO. What's the story? Thanks, George Kulman Partner Ridge Systems, L.L.C. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] COPYTO action on an Outgoing test
Hey Scott, let me know if you have received that email now or not, because I noticed the email was getting held by declude because the debug file contained lots for words that set off our filters. But I added a whitlist rule, so it should have gotten to you now. But let me know if not. It did get here this time; I'll let you know what I find out. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] COPYTO action on an Outgoing test
Hey Scott, let me know if you have received that email now or not, because I noticed the email was getting held by declude because the debug file contained lots for words that set off our filters. But I added a whitlist rule, so it should have gotten to you now. But let me know if not. Thanks, Bill -Original Message- From: "Bill B." Sent: Mon, 27 Jan 2003 13:48:00 EST Subject: Re: [Declude.JunkMail] COPYTO action on an Outgoing test Sure thing. I just resent it, but this time to "[EMAIL PROTECTED]" -Original Message- From: "R. Scott Perry" Sent: Mon, 27 Jan 2003 13:41:42 -0500 Subject: Re: [Declude.JunkMail] COPYTO action on an Outgoing test >Here it is, and I actually sent a bunch of debug information on this >problem to [EMAIL PROTECTED] on Sunday morning... Could you re-send that information? We don't have a record of it here, and it could be very useful in solving the problem. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] COPYTO action on an Outgoing test
Sure thing. I just resent it, but this time to "[EMAIL PROTECTED]" -Original Message- From: "R. Scott Perry" Sent: Mon, 27 Jan 2003 13:41:42 -0500 Subject: Re: [Declude.JunkMail] COPYTO action on an Outgoing test >Here it is, and I actually sent a bunch of debug information on this >problem to [EMAIL PROTECTED] on Sunday morning... Could you re-send that information? We don't have a record of it here, and it could be very useful in solving the problem. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] COPYTO action on an Outgoing test
Here it is, and I actually sent a bunch of debug information on this problem to [EMAIL PROTECTED] on Sunday morning... Could you re-send that information? We don't have a record of it here, and it could be very useful in solving the problem. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] PERCENT test
Markus, the crux of the issue for you is whether or not you allow relaying for your client servers. If you do, then the percent hack is a legitimate method for their server to request the relay from your server. The IMail security regarding the percent hack is not to *prevent* the percent hack, it is to *notice* that a relay is being requested; IMail would then check its relay restrictions for the server or user that sent the message. I have seen zero spammers use the percent hack in the last 3 years; I suspect that SMTP software has gotten good enough and is secure by default, so the spammers moved to other techniques to take advantage of open relays. Here is my Declude JunkMail configuration regarding the percent test: #Dec-03-2002 AC This is an ancient convention for relaying; from what we've # seen, only legitimate Lotus users now use it to get out # of their own network! PERCENT percent x x 2 0 PERCENT WARN Andrew 8) MG> If I understand right a problem can ocur if one of our clients MG> mailservers (most of them exchange servers) become a open relay because MG> the admin has changed something. If this server has set our Imail-Server MG> as smarthost and uses SMTP-Auth to deliver the messages a "percent hack" MG> can use our server to relay. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] PERCENT test
Monday, January 27, 2003 you wrote: MG> If I understand right a problem can ocur if one of our clients MG> mailservers (most of them exchange servers) become a open relay because MG> the admin has changed something. If this server has set our Imail-Server MG> as smarthost and uses SMTP-Auth to deliver the messages a "percent hack" MG> can use our server to relay. Generally, I don't think this is a valid example because your server is a smart host and it is going to relay for these servers period. So anything coming from the servers is being relayed. The case where this is a vulnerability has rather specific requirements: 1) The first server has to accept messages for a 2nd domain such as a backup mail server might do for a primary. 2) The 2nd domain mail server must relay for the first server So it is only where those 2 conditions exist that this is a vulnerability. The solution is: 1) do not allow IMAIL to relay for its backups 2) or do not allow any server that can relay to be a backup 3) use Declude and the PERCENT test As has been discussed this is fortunately not a vulnerability that is used by spammers. So the exposure is really in becoming blacklisted. Terry Fritts --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] AT&T WorldNet: FP City
They actually used an RDNS blocker (as a hard test) last week, with predictable results: http://zdnet.com.com/2100-1105-982118.html The irony, of course, is how much spam comes FROM WorldNet IPs. Even more interesting is the inaccuracies of the article: "Every IP address maps to a domain name" (if this were the case, reverse DNS lookups wouldn't be useful). "depending on the architecture of the network--whether a server answers to multiple domain names--the mapping may or may not go through" (not true -- either the reverse DNS entry exists, or it doesn't -- the "mapping" doesn't go through if the mapping doesn't exist). "many spammers use fake IP addresses to deliver commercial messages" (I still haven't found a single spammer that used a fake IP address). And, the article keeps talking about how AT&T implemented this test, and then disabled it because of the FPs -- but, it keeps talking about how AT&T is going to implement the test again! That just doesn't seem to make sense. Why disable it now if they are going to re-enable it? -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] COPYTO action on an Outgoing test
Here it is, and I actually sent a bunch of debug information on this problem to
[EMAIL PROTECTED] on Sunday morning...
Diagnostics ON (Declude v1.66i11).
Declude JunkMail: Config file found (d:\imail\Declude\global.CFG).
Declude Virus: Config file found (d:\imail\Declude\Virus.CFG).
Declude Hijack:Config file found (d:\imail\Declude\Hijack.CFG).
Declude Confirm: Not installed (no d:\imail\Declude\Confirm.CFG file).
42 spam tests defined: LIST KILL WORD COUNTRY DSBL MONKEYFORMMAIL
MONKEYPROXIES ORDB OSDUL OSFORM OSLIST OSPROXY OSRELAY OSSMART OSSOFT OSSRC
NJABL NJABLDUL NJA BLSOURCES NJABLMULTI NJABLFORMMAIL NJABLPROXIES SPAMCOP
WIREHUBDNSBL DSN NOABUSE NOPOSTMASTER BADHEADERS HELOBOGUS MAILFROM REVDNS
ROUTING SPAMHEADERS BASE64 IPMX HABEAS DNA WEIGHTFAIL WEIGHTFAILOUT
WEIGHTFAILALL PERCENT BULKOUT
IMail reports Official Host Name as: "mail01.excedent.us".
IMail's SendName registry seems OK: "d:\imail\Declude.exe".
Declude JunkMail Status: PRO version registered.
Declude Virus Status:Pro Version Registered.
Declude Hijack Status: Registered.
End of diagnostics.
-Original Message-
From: "R. Scott Perry"
Sent: Mon, 27 Jan 2003 12:50:32 -0500
Subject: Re: [Declude.JunkMail] COPYTO action on an Outgoing test
>Is anybody using the COPYTO action for an Outgoing test (requires Declude
>Pro)? I can't seem to get it to work. It always copies the email to a
>blank recipient. I've got this line in the global.cfg file...
Which version of Declude JunkMail are you running ("\IMail\Declude -diag"
from a command prompt will show you)?
-Scott
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
[Declude.JunkMail] AT&T WorldNet: FP City
They actually used an RDNS blocker (as a hard test) last week, with predictable results: http://zdnet.com.com/2100-1105-982118.html The irony, of course, is how much spam comes FROM WorldNet IPs. Dan --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] COPYTO action on an Outgoing test
Is anybody using the COPYTO action for an Outgoing test (requires Declude
Pro)? I can't seem to get it to work. It always copies the email to a
blank recipient. I've got this line in the global.cfg file...
Which version of Declude JunkMail are you running ("\IMail\Declude -diag"
from a command prompt will show you)?
-Scott
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
[Declude.JunkMail] COPYTO action on an Outgoing test
Is anybody using the COPYTO action for an Outgoing test (requires Declude Pro)? I can't seem to get it to work. It always copies the email to a blank recipient. I've got this line in the global.cfg file... SOMETEST COPYTO [EMAIL PROTECTED] ...but the sender of the email where this outgoing test fails always receives a bounce email saying... Invalid final delivery userid: @localhost Running Declude in debug mode shows that it is being copied to a blank address... Msg failed SOMETEST. Action=COPYTO. Copying spam to . AlterRecip( 3, [EMAIL PROTECTED], ); AlterRecip: Loading queuefile Copying E-mail to . Altering queuefile. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] IP Range to CIDR Conversion
>> >>I just block them all. In your config file: >>CN-KR ip4r cn-kr.blackholes.us 127.0.0.2 13 0 >>assigns weight 13 for instance to China and Korea - add test in >>$junkmail see www.blackhoes.us for others >> HAHA! I think I'm blocking that site! ;) Dan Horne --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Windows API call to WINSOCK.DLL
We need to do a Windows API call to WINSOCK.DLL - GetHostByAddr and - GetHostByName Need to do it in an ASP page and in a server side .exe (VB6). It's for a project where we're running a name server with spam-vertised domain names, IP Numbers and phone numbers. We have an .exe to pick them out of emails, now we need to look them up on the name server. Can anyone tell us what is the code to do these winsock api call? Will make all source and system available to everyone. [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] FW: Exim error message (X-RBL-Warning..)
>From the message you attached: forced failure: SPAMCHK: Message failed SPAMCHK: -65. And the offending line in the headers: X-RBL-Warning: SPAMCHK: Message failed SPAMCHK: -65. Is it possible that Exim is seeing "SPAMCHK:" as a separate part of the header because of the colon? __ David Fletcher InfoTech International, LLC. (904)338-9234 (904)721-1253 fax http://www.ITI-InfoTech.com __ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Markus Gufler Sent: Monday, January 27, 2003 9:59 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] FW: Exim error message (X-RBL-Warning..) > In this case, since they don't seem to care *which* spam > tests fail (the > fact that you use an X-RBL-Warning: header rather than > blocking the E-mail > typically indicates that the test doesn't justify blocking > the E-mail), I > would recommend using a trick to allow you to keep the X-RBL-Warning: > headers while still getting this mail through. ... > I can't follow: The default- and per Domain configuration is used to process incoming mail for this specific domain. But the Exim Mail server bounce our messages with the outgoing X-RBL-Warnings from declude. As I know only the pro version handle the outgoing actions set in the global.cfg So I'm neither able to disable only outgoing warnings. The problem is, that we has had this problem with more then one of our domains/clients in the last month. The austrian ISP seem's to be a large provider with many clients. The next strange thing is, that not all messages are bounced by the Exim MTA. Also after an extensive research I wasn't able to identify why. I have no headers of messages that was delivered successfully. One bounced error maessage is attached to this mail. The question is: Why Exim can have something against X-RBL-Warnings? Are this warnings a standard or a declude specific message? How can I prevent adding any header to outgoing messages? (if this solves the problem) Markus --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] New feature
Sounds very interesting as an option. John Tolmachoff MCSE, CSSA IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com > -Original Message- > From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- > [EMAIL PROTECTED]] On Behalf Of Adam Hobach > Sent: Monday, January 27, 2003 7:17 AM > To: [EMAIL PROTECTED] > Subject: [Declude.JunkMail] New feature > > Scott, > > I have a new feature request: > > This would be for the ROUTETO action, to have the emails moved to individual > folders for each users email address. This way when we use the ROUTETO > command instead of having all the emails in the main mailbox and not knowing > who they were addressed to without opening, we could go into the individual > folders for each user. > > My thought on the ROUTETO folder Action would be: > > WEIGHT1 ROUTETO [EMAIL PROTECTED]username > > This would be in the junkmail file, where the USERNAME would grab the part > of the email address before the @ sign and direct it to a folder. > > Thoughts??? > > > Adam > > > > > Adam Hobach > CyberLynk Sales/Support > [EMAIL PROTECTED] or [EMAIL PROTECTED] > > ADDITIONAL CYBERLYNK SERVICES > > CyberLynk GroupLynk - This is a program that can > provide home dialup connections for your employees. > You would get a login/password to our website > where you can add/modify dialup accounts as you > please. > > CyberLynk Toll-Free Dialup - This account includes > the first 60 minutes free and then you pay .13cents > per minute after that. This is a great way to stay > connected while on those important business or > personal trips. > - > For more information please contact me. > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] FW: Exim error message (X-RBL-Warning..)
I can't follow: The default- and per Domain configuration is used to process incoming mail for this specific domain. But the Exim Mail server bounce our messages with the outgoing X-RBL-Warnings from declude. As I know only the pro version handle the outgoing actions set in the global.cfg So I'm neither able to disable only outgoing warnings. Have you tried my suggestion? :) Declude JunkMail Standard allows for per-domain configurations. The per-domain (and per-user) configurations work based on who the E-mail is addressed to. Declude JunkMail will let you set up per-user/per-domain configurations for any recipient, regardless of whether they are local or not. The question is: Why Exim can have something against X-RBL-Warnings? Are this warnings a standard or a declude specific message? How can I prevent adding any header to outgoing messages? (if this solves the problem) The X-RBL-Warning: header is a de-facto standard header (it isn't listed in the RFCs, but has been used by a number of different anti-spam programs for many years now). It basically means "This E-mail failed a spam test". I'm sure that Exim doesn't have anything against those headers; most likely, the ISP running Exim decided (without thinking about it) that they would bounce all E-mail with X-RBL-Warning: headers, no matter what spam test(s) they failed. That's a really dumb thing to do, but there are a lot of dumb people out there. :) -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] New feature
Scott, I have a new feature request: This would be for the ROUTETO action, to have the emails moved to individual folders for each users email address. This way when we use the ROUTETO command instead of having all the emails in the main mailbox and not knowing who they were addressed to without opening, we could go into the individual folders for each user. My thought on the ROUTETO folder Action would be: WEIGHT1 ROUTETO [EMAIL PROTECTED]username This would be in the junkmail file, where the USERNAME would grab the part of the email address before the @ sign and direct it to a folder. Thoughts??? Adam Adam Hobach CyberLynk Sales/Support [EMAIL PROTECTED] or [EMAIL PROTECTED] ADDITIONAL CYBERLYNK SERVICES CyberLynk GroupLynk - This is a program that can provide home dialup connections for your employees. You would get a login/password to our website where you can add/modify dialup accounts as you please. CyberLynk Toll-Free Dialup - This account includes the first 60 minutes free and then you pay .13cents per minute after that. This is a great way to stay connected while on those important business or personal trips. - For more information please contact me. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] FW: Exim error message (X-RBL-Warning..)
> In this case, since they don't seem to care *which* spam > tests fail (the > fact that you use an X-RBL-Warning: header rather than > blocking the E-mail > typically indicates that the test doesn't justify blocking > the E-mail), I > would recommend using a trick to allow you to keep the X-RBL-Warning: > headers while still getting this mail through. ... > I can't follow: The default- and per Domain configuration is used to process incoming mail for this specific domain. But the Exim Mail server bounce our messages with the outgoing X-RBL-Warnings from declude. As I know only the pro version handle the outgoing actions set in the global.cfg So I'm neither able to disable only outgoing warnings. The problem is, that we has had this problem with more then one of our domains/clients in the last month. The austrian ISP seem's to be a large provider with many clients. The next strange thing is, that not all messages are bounced by the Exim MTA. Also after an extensive research I wasn't able to identify why. I have no headers of messages that was delivered successfully. One bounced error maessage is attached to this mail. The question is: Why Exim can have something against X-RBL-Warnings? Are this warnings a standard or a declude specific message? How can I prevent adding any header to outgoing messages? (if this solves the problem) Markus --- Begin Message --- Title: Mail delivery failed: returning message to sender This message was created automatically by mail delivery software (Exim). A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed: [EMAIL PROTECTED] forced failure: SPAMCHK: Message failed SPAMCHK: -65. -- This is a copy of the message, including all the headers. -- Return-path: <[EMAIL PROTECTED]> Received: from [217.199.0.33] (helo=mail.zcom.it) by mx.inode.at with esmtp (Exim 3.31 #2) id 18bHaG-0007wP-00 for [EMAIL PROTECTED]; Wed, 22 Jan 2003 10:54:12 +0100 Received: from NB01 [80.117.116.229] by mail.zcom.it with ESMTP (SMTPD32-7.13) id AA2FC640090; Wed, 22 Jan 2003 10:53:51 +0100 From: "Markus Gufler" <[EMAIL PROTECTED]> To: "'Johann Neuhold'" <[EMAIL PROTECTED]> Subject: Homepage Date: Wed, 22 Jan 2003 10:53:45 +0100 Message-ID: <004601c2c1fc$284adf30$0105a8c0@NB01> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="=_NextPart_000_0047_01C2C204.8A0F4730" X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2616 In-Reply-To: <005b01c2c1f5$6feee270$5b10e5d5@med2> Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-RBL-Warning: SPAMCHK: Message failed SPAMCHK: -65. X-Declude-Sender: [EMAIL PROTECTED] [80.117.116.229] X-Spam-Tests-Failed: SPAMCHK [-65] X-Note: Sent from [EMAIL PROTECTED] - host229-116.pool80117.interbusiness.it ([80.117.116.229]). --- End Message ---
Re: [Declude.JunkMail] Reverse DNS and Classless Delegation?
Below is a header of an email processed by Declude today - it sees the RDNS as: >> 202.112.78.63.in-addr.arpa [63.78.112.202] << However, your own http://www.dnsstuff.com/tools/ptr.ch?ip=63.78.112.202 correctly reports: >> smtp.hhbrown.com. << Seems as if Declude doesn't follow the classless delegation and applies different logic than DNSSTUFF? That is correct. The reverse DNS lookup in Declude JunkMail was designed just to check for the presence of a reverse DNS entry (which would count a CNAME as having the reverse DNS, whether or not the CNAME resolved). Now that it is possible to filter on the reverse DNS entries, though, it sounds like we will need to add support for the CNAMEs. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] IP Range to CIDR Conversion
Thanks Terry, I opted to use the cn-kr.blackholes.us. Thanks for the info! FWIW, I had to change the line: CN-KR ip4r cn-kr.blackholes.us 127.0.0.2 13 0 to read CN-KR ip4r cn-kr.blackholes.us * 13 0 to get it to work. Apparently the zone returns 127.0.0.2 and 127.0.0.3 depending on the country. Thanks again Rick Rountree IANAP (I am not a programmer) At 09:32 AM 1/26/2003 -0600, you wrote: RR> 2) If anyone has a JunkMail style file to share which includes all RR> of China's, Korea's, )and other Asian countries that are prone to RR> open relays) assigned IPs (better) I just block them all. In your config file: CN-KR ip4r cn-kr.blackholes.us 127.0.0.2 13 0 assigns weight 13 for instance to China and Korea - add test in $junkmail see www.blackhoes.us for others RR> 3) Read in my MailShield file and spit out a JunkMail style file. (best) It would not be hard to do really. Are you a programmer? Terry Fritts --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] PERCENT test
Wow. What an explanation. Thank you! If I understand right a problem can ocur if one of our clients mailservers (most of them exchange servers) become a open relay because the admin has changed something. If this server has set our Imail-Server as smarthost and uses SMTP-Auth to deliver the messages a "percent hack" can use our server to relay. Markus > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]] On Behalf Of > Smart Business Lists > Sent: Monday, January 27, 2003 12:12 PM > To: Markus Gufler > Subject: Re: [Declude.JunkMail] PERCENT test > > > Markus, > > Monday, January 27, 2003 you wrote: > MG> How can I test relaying trough my servers using the %piggyback > MG> address? "[EMAIL PROTECTED]" should be the > MG> correct format. This will not work. > > You have 2 mail servers, example.com, which is an IMAIL server, > and example.net. Example.net lives on a different network, backs > up example.com, and may or may not be an IMAIL server. I will > discuss below how to relay mail to a third domain, example.org, > using the %piggyback technique: > > Example.net is a backup for example.com. The Admin who runs > example.com mistakenly entered the IP address of example.net > in his allowed to relay ACL. Or perhaps he runs both servers > and has each backup the other. > > So send a message addressed to "[EMAIL PROTECTED]" > through the example.net server (the backup server for > example.com). > > Since example.net is a backup for example.com it inspects the > message and correctly accepts it for delivery to example.com > which is the correct domain parsed from the address. The > message is queued and sent on to example.com. > > When example.com, our IMAIL server, receives the message it > checks to see if example.net is authorized to relay. If it is > then IMAIL parses the address in such a way that the % sign is > changed to an @ character and delivery is attempted to > [EMAIL PROTECTED] In part this is because the % > sign (and > other characters can be used as a domain delimiter. > > In fact neither server has done anything really wrong. But > the effect of the process is that you will be listed as an > open relay if you are tested in this way. > > The obvious solution is to make certain you do not allow > relaying for any backup mail servers. > > And if that is not possible then you have to rely on Declude's > PERCENT test. > > MG> What can Scott mean by writing "IMail does normally check > for this, > MG> but there is a report of it not catching this type of mail under > MG> certain circumstances." ? > > Just exactly what it says. > > IMAIL and other mail servers can be set to use other domain > delimiters besides the "@" character. There are actually valid > uses for this phenomenon, too. It dates back to early sendmail or > perhaps even earlier. > > hth > > Terry Fritts > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] FW: Exim error message (X-RBL-Warning..)
Because since we use SPAMCHK there was also some bounced messages from Exim indicating the casue of the error "forced faulure: SPAMCHK ..." I'm sure Exim bounce our messages because there are the "X-RBL-Warning: " lines in the header. Talk about a "poor man's spam filter" -- relying on the mailserver the spammer uses to run the spam tests. :) What can be wrong on this header lines? The only way to resolve this issue fast and without discussion with the other ISP is to remove all X-... Header lines for outgoing messages in our declude config file. In this case, since they don't seem to care *which* spam tests fail (the fact that you use an X-RBL-Warning: header rather than blocking the E-mail typically indicates that the test doesn't justify blocking the E-mail), I would recommend using a trick to allow you to keep the X-RBL-Warning: headers while still getting this mail through. To do this, you can create a per-domain configuration file for the domain that is running Exim. To do this, you can copy the \IMail\Declude\$default$.JunkMail file to \IMail\Declude\example.com\$default$.JunkMail, and use "IGNORE" as the action for all the tests. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] PERCENT test
Markus, Monday, January 27, 2003 you wrote: MG> How can I test relaying trough my servers using the %piggyback address? MG> "[EMAIL PROTECTED]" should be the correct format. MG> This will not work. You have 2 mail servers, example.com, which is an IMAIL server, and example.net. Example.net lives on a different network, backs up example.com, and may or may not be an IMAIL server. I will discuss below how to relay mail to a third domain, example.org, using the %piggyback technique: Example.net is a backup for example.com. The Admin who runs example.com mistakenly entered the IP address of example.net in his allowed to relay ACL. Or perhaps he runs both servers and has each backup the other. So send a message addressed to "[EMAIL PROTECTED]" through the example.net server (the backup server for example.com). Since example.net is a backup for example.com it inspects the message and correctly accepts it for delivery to example.com which is the correct domain parsed from the address. The message is queued and sent on to example.com. When example.com, our IMAIL server, receives the message it checks to see if example.net is authorized to relay. If it is then IMAIL parses the address in such a way that the % sign is changed to an @ character and delivery is attempted to [EMAIL PROTECTED] In part this is because the % sign (and other characters can be used as a domain delimiter. In fact neither server has done anything really wrong. But the effect of the process is that you will be listed as an open relay if you are tested in this way. The obvious solution is to make certain you do not allow relaying for any backup mail servers. And if that is not possible then you have to rely on Declude's PERCENT test. MG> What can Scott mean by writing "IMail does normally check for this, but MG> there is a report of it not catching this type of mail under certain MG> circumstances." ? Just exactly what it says. IMAIL and other mail servers can be set to use other domain delimiters besides the "@" character. There are actually valid uses for this phenomenon, too. It dates back to early sendmail or perhaps even earlier. hth Terry Fritts --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] FW: Exim error message (X-RBL-Warning..)
There is a ISP from Austria using the Exim Internet Mailer. (www.exim.org) In the last months there was a lot of messages send from our system to this provider where Exim returned an error message like: = This message was created automatically by mail delivery software (Exim). A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed: [EMAIL PROTECTED] forced failure: REVDNS: This E-mail was sent from a MUA/MTA 2xx.1xx.9xx.155 with no reverse DNS entry. = At the first moment I tought Exim checks for a valid REVDNS entry like Declude and is set to bounce a message also if it has only no REVDNS entry. (no weighting system) Because since we use SPAMCHK there was also some bounced messages from Exim indicating the casue of the error "forced faulure: SPAMCHK ..." I'm sure Exim bounce our messages because there are the "X-RBL-Warning: " lines in the header. What can be wrong on this header lines? The only way to resolve this issue fast and without discussion with the other ISP is to remove all X-... Header lines for outgoing messages in our declude config file. Markus --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] PERCENT test
Ok, thank you Sanford and Terry for the information. How can I test relaying trough my servers using the %piggyback address? "[EMAIL PROTECTED]" should be the correct format. This will not work. What can Scott mean by writing "IMail does normally check for this, but there is a report of it not catching this type of mail under certain circumstances." ? Markus --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
