Alex, I have seen no issues with Hijack
and Imail V. 8.
Are you using DAISYCHAIN any where in
Declude?
John Tolmachoff MCSE CSSA
Engineer/Consultant
eServices For You
www.eservicesforyou.com
-Original Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
How would I test in Declude for the presence of the X-Imail-Spam
header? (or does running order prevent this?) I want Declude to put a
Spam notation in the subject line when an email fails enough of either Imail or
Declude checking.
Thanks,
John
I know I saw a bunch of strings last week regarding AOL so I hate to ask
again but here it goes.
I have users who were able to send to AOL accounts until recently. What
needs to be done on either my end or the AOL end to send mail to them?
Thanks for any insight to this.
Samantha
---
[This
I have noticed that AOL frequently rejects connect attempts so it requires
multiple retries to get mail to AOL users. Set you retries to a higher
number and see if that helps like it did for us.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Bridges,
Create a filterfile test, then have it
check HEADERS for that string.
John Tolmachoff MCSE CSSA
Engineer/Consultant
eServices For You
www.eservicesforyou.com
-Original Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Carter
Sent:
Samantha,
You could start with this:
WARNING: One or more of your mailservers claims to be a host other than what
it really is (the SMTP greeting should be a 3-digit code, followed by a
space or a dash, then the host name). This probably won't cause any harm,
but is a technical violation of
I'm getting that indication when I run the DNS report from dnsreport.com.
I'm running Imail 8.0 does anybody know how to fix this?
Terry
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of David
Sent: Thursday, June 26, 2003 7:31 AM
To: [EMAIL PROTECTED]
Anybody have documentation on how to interpret the displayed information
from DECCON?
Terry
---
[This E-mail scanned for viruses by SURFSIDE INTERNET]
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing
macombisd.org claims to be host
I'm getting that indication when I run the DNS report from dnsreport.com.
I'm running Imail 8.0 does anybody know how to fix this?
It's actually not an IMail issue -- it's a
I thought Win2003 was supposed to have added console access to Terminal
Services (I have some recollection that you are running 2003, could be
wrong though)? If you are not running 2003, just install VNC for the
occasions you need console access. That's what I had to do.
Thanks,
Chuck Frolick
I don't know what they did, and it is running as a service, but,
SimpleDNS Plus by jhsoftware.com had a similar issue with the need for
console access, however they found a way around it in their beta version
(not publicly released thought). I may have to poke at it a bit to see
if I can figure it
Of all of the spam tests that IMail V8.0 now
supports, all but the statistical content filtering test (which is the one that
places the X-Imail-Spam entry into the header) run before being passed to
Declude JunkMail. Unfortunately, the IMail statistical test does not run
until JunkMail
I run an Exchange 5.5 server that IMail forward to. The Exchange server
allows you to put in a Reply Address. My Exchange server is macombisd.org
and the IMail server is misd.net.
Sorry for the confusion.
Samantha
-Original Message-
From: R. Scott Perry [mailto:[EMAIL PROTECTED]
Sent:
Yah.. Something is wack with your mail server...
telnet exmail.macombisd.org 25
Trying 64.88.82.249...
Connected to exmail.macombisd.org.
Escape character is '^]'.
220
2*
From: David [EMAIL
I thought Win2003 was supposed to have added console access to Terminal
Services (I have some recollection that you are running 2003, could be
wrong though)? If you are not running 2003, just install VNC for the
occasions you need console access. That's what I had to do.
I was using Windows
Yah.. Something is wack with your mail server...
telnet exmail.macombisd.org 25
Trying 64.88.82.249...
Connected to exmail.macombisd.org.
Escape character is '^]'.
220
**
**
2*
You need to
Not possible with the current process order.
IMail does not run this test until after Declude has finished and passed the
message back to IMail for delivery.
Bill
- Original Message -
From:
John Tolmachoff (Lists)
To: [EMAIL PROTECTED]
Sent: Thursday, June 26, 2003
You don't have to leave it logged on, you can log in and out remotely
with VNC, you can even lock out the local inputs while in remote mode.
Thanks,
Chuck Frolick
ArgoNet, Inc.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff
(Lists)
Sent:
John,
I'm not using daisychain.
Actually I just looked and it appears to only
happen when hold one is reachedwhen people are sendingfrom
killerwebmail.
Alex
- Original Message -
From:
John Tolmachoff (Lists)
To: [EMAIL PROTECTED]
Sent: Thursday, June 26, 2003 2:27
Ah, the IP address of the server is
being caught.
In that case, you should use ALLOWIP and
the IP of the server.
John Tolmachoff MCSE CSSA
Engineer/Consultant
eServices For You
www.eservicesforyou.com
-Original Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL
I found archived messages about the order in which tests are run, but
nothing which directly applies
to something I noticed in our logs. Whitelisting works, but many messages
are getting tests run on
them before the whitelist. Seems like a waste of CPU. Is there a way to
make Declude skip all
I found archived messages about the order in which tests are run, but nothing which
directly applies
to something I noticed in our logs. Whitelisting works, but many messages are getting
tests run on
them before the whitelist. Seems like a waste of CPU. Is there a way to make Declude
skip all
According to you guys its not the mail server it is the Firewallright?
What needs to be changed on the Firewall and why is the current setup so
bad?
Thanks
Samantha
-Original Message-
From: Patrick Childers [mailto:[EMAIL PROTECTED]
Sent: Thursday, June 26, 2003 11:48 AM
To:
What I'm looking for is a way to monitor store and forward domains. It
appears that the domlist tool doesn't count messages for these domains. Am
I missing something with domlist, or does anybody know of a tool that will
be able to give me stats like the following: Total number of messages
You know, this brings up another point. We use a weighting method and
consider all 20 weights to be spam. Once that weight is reached, it
would make sense to stop testing to save proc time. Just food for
thought.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
According to you guys its not the mail server it is the Firewallright?
Correct.
What needs to be changed on the Firewall
I believe someone said it is the SMTP Fixup Protocol that needs to be
turned off.
and why is the current setup so bad?
Two reasons:
[1] It makes your server
That seems all well and good, but what if you next test has a large
negative weight? If your email didn't get the chance to fail that test,
you may get many more false positives.
Perhaps if there was a way to order the tests so the admin could put all
the tests that have the potential of a
Disabling the SMTP Fixup Protocol at the firewall disables ESMTP and allows
only SMTP
Anyone using Imail peering will not be able to disable ESMTP
Rick Davidson
Buckeye Internet Inc
www.buckeyeweb.com
440-953-1900 ext: 222
- Original Message -
From: R. Scott Perry [EMAIL PROTECTED]
To:
Isn't that backwards?
Firewall with Fixup - ESMTP will not work, and mail defaults to
ordinary SMTP transaction
Firewall without Fixup -- ESMTP works fine
Jason
- Original Message -
From: Rick Davidson [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, June 26, 2003
Disabling the SMTP Fixup Protocol at the firewall disables ESMTP and allows
only SMTP
Anyone using Imail peering will not be able to disable ESMTP
Does that mean that Cisco firewalls can't be set up not to interfere with
SMTP transactions?
If enabling the fixup protocol breaks RFC-compliance
good idea - thanks John.
I was just stumped as to why they never cleared out
of hold 1 but that solution will work:)
- Original Message -
From:
John Tolmachoff (Lists)
To: [EMAIL PROTECTED]
Sent: Thursday, June 26, 2003 12:55
PM
Subject: RE: [Declude.JunkMail]
You know, this brings up another point. We use a weighting method and
consider all 20 weights to be spam. Once that weight is reached, it
would make sense to stop testing to save proc time. Just food for
thought.
That's one we've given some thought to. The catch, though, is negative
weights --
Does that mean that Cisco firewalls can't be set up not to interfere
with SMTP transactions?
Nah, PIXes are fine with no smtp fixup.
-Sandy
Sanford Whiteman, Chief Technologist
Broadleaf Systems, a division of
Cypress Integrated Systems, Inc.
e-mail:
If it is a CISCO pix you need to add the line
no fixup protocol smtp 25
I just looked in our PIX and this is the exact line.
Kevin Bilbee
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Jason Newland
Sent: Thursday, June 26, 2003 11:12 AM
To:
I have talked to cisco people in Cebit Hannover about the PIX problem
Rifat : The Fix-up protocol does not support ESMTP , my clients need to
use SMTP Authentication.
Cisco Tech Guy : Just use the Vpn client to get the client to local subnet.
Rifat : My clients PIX is a cheaper model it
I'm not sure what the rationale was for this...
Simplicity and performance: if you separated the all-in-one Queue
Manager into a separate Content Scanner and a Queue Manager (with the
ability to interpolate third-party processors at any point), an
all-IMail setup would be
Yes ,exactly
Remove the smtp fixup and everything works fine
Better , remove the PIX firewall from your system , and add a real firewall
,
You will have much less problems.
Rifat
- Original Message -
From: Sanford Whiteman [EMAIL PROTECTED]
To: R. Scott Perry [EMAIL PROTECTED]
Sent:
But just because your Cisco tech guy doesn't know anything about the
application-level effects of the Cisco fixup features doesn't mean
there's anything wrong or unreal about the PIX as a firewall, as
long as you eliminate the fixup problem. If neither you nor the tech
thought or
Terry here,
Now I am lost...should the fix-up protocol be used or not? If not, how is it
turned off?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Rifat Levis
Sent: Thursday, June 26, 2003 11:41 AM
To: [EMAIL PROTECTED]
Subject: [Declude.JunkMail] Cisco
We run a PIX with no Issues. Like any thing else if it is configured
properly it will run great.
Kevin Bilbee
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Rifat Levis
Sent: Thursday, June 26, 2003 11:45 AM
To: [EMAIL PROTECTED]
Subject: Re: Re[2]:
Terry , just disable the fixup protocol for smtp
And all your problems will be over .
Rifat
- Original Message -
From: Terry Parks [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, June 26, 2003 10:03 PM
Subject: RE: [Declude.JunkMail] Cisco Pix firewall fixup
Terry here,
Now
All so much hokum. This should be a configurable option to run all tests
either before or after third-party plug-ins, but not a hard-coded split in
the spam processing (again, at least not without a configuration option).
Bill
- Original Message -
From: Sanford Whiteman [EMAIL
OK, What's the command to do this?
Terry
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Rifat Levis
Sent: Thursday, June 26, 2003 12:12 PM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.JunkMail] Cisco Pix firewall fixup
Terry , just disable the fixup
no fixup protocol smtp 25
I just looked in our PIX and this is the exact line.
Kevin Bilbee
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Terry Parks
Sent: Thursday, June 26, 2003 12:40 PM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.JunkMail]
Title: Message
Hi;
Does anyone know
of the Spamdomain entries for Prodigy?
This is what I saw
in a spam..
X-Spam-Tests-Failed: NOABUSE, NOPOSTMASTER, IPNOTINMX, NOLEGITCONTENT,
BASE64, FILTER-SUBJECT, FILTER-HEADER-XMAIL, COUNTRY, WEIGHT20s, WEIGHT20r,
FREEEMAILSX-Weight: 49X-Mailfrom:
Correct. It will disable SMTP AUTH as well
The fixup was added to IOS to allow ESMTP
its quite a pickle
Rick Davidson
Buckeye Internet Inc
www.buckeyeweb.com
440-953-1900 ext: 222
- Original Message -
From: R. Scott Perry [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, June
I afraid you have got it backwards. The fixup protocol disables ESMTP,
which would include SMTP Auth, because fixup or permits SMTP attributes, but
none of the extended atributes. Disabling the fixup protocol allow for
ESMTP to pass through the PIX, including SMTP Auth.
Bill
- Original
Title: Message
This looks to be most likely a dynamic DSL customer
of Unity Telephone:
dig -x 200.67.73.3
;; ANSWER SECTION:3.73.67.200.in-addr.arpa.
3380 IN PTR
dsl-200-67-73-3.prodigy.net.mx.
;; AUTHORITY SECTION:73.67.200.in-addr.arpa.
3380 IN
NS
Title: Message
Scott, after thinking some more about Kami's
situation, would this scenario pass or fail the spamdomains test?:
==
SpamDomain.txt file entry:
prodigy.net
Message from (X-Declude Sender):
[EMAIL PROTECTED]
Connecting mail server (or one tested based on HOP
and IPBYPASS
Scott, after thinking some more about Kami's situation, would this
scenario pass or fail the spamdomains test?:
==
SpamDomain.txt file entry:
prodigy.net
Message from (X-Declude Sender):
mailto:[EMAIL PROTECTED][EMAIL PROTECTED]
Connecting mail server (or one tested based on HOP and
We run Sniffer, and we're testing Alligate (soon to be buying).
I'd like to set up a test that adds points if BOTH tests fail. An
Accelerator test, I guess.
For instance, let's say failing Alligate adds 5 points, and failing Sniffer
adds 5 points.
If an e-mail fails both, I want the total
We just purchased and implemented Declude Junkmail here.
I am attempting to understand what should be changed to catch more messages.
We are using the default values. Many messages are getting through with low values.
One thing came to me tonight, I turned on the XINHEADER option to show the RDNS
I preface this by saying that my techniques are based on studying and understanding
spammers and the way they behave. More Sun Ztu than Zen:
I've been noticing an increasing number of politically oriented spam, starting after
the war with Iraq. The most wanted playing card spam turned into
53 matches
Mail list logo
