Re: [Declude.JunkMail] ***DECLUDE NO-AUTHENTICATION KEY***
So what needs to be done with ClamAV? -Original Message- From: Matt Sent: Wednesday, April 17, 2013 11:24 AM To: Declude.JunkMail@declude.com Subject: [Declude.JunkMail] ***DECLUDE NO-AUTHENTICATION KEY*** It seems clear at this point that the failure of Declude's licensing system is causing widespread havoc for their customers, and they are not responding to support issues, or any issues at all, and that they are in fact out of business. Therefore I am going to share the key that allows Declude to operate without authentication. This key will not allow either AVG nor Commtouch Zero Hour to work, but it will allow Declude to process email with filters and other add-ons. The key goes in your Declude.cfg file and it requires a restart. This is the same key that was shared, but I am changing the subject in order to highlight that the code is in here: CODE28607230-BF21-4CDE-A59B-A451CC7C9CA0 My recommendation is to configure both Sniffer (convert your license with Pete if it was bound to Declude) and ClamAV so that you have virus protection. Matt --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] No one at Declude?
Why the negative weight on Caution? What’s the logic behind that? Thanks, Ben From: Pete McNeil Sent: Wednesday, April 17, 2013 10:47 AM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] No one at Declude? On 2013-04-17 13:36, David Barker wrote: SNIFFER external NONZERO "C:\Smartermail\Declude\SNF\SNFClient.exe" 20 0 SNIFFER-CAUTION external 020 "C:\Smartermail\Declude\SNF\SNFClient.exe" -10 0 SNIFFER-TRUNCATEexternal 040 "C:\Smartermail\Declude\SNF\SNFClient.exe" 10 0 Woops!! That's backward. It SHOULD be: SNIFFER-CAUTIONexternal040etc... SNIFFER-TRUNCATEexternal020etc... Best, _M -- Pete McNeil, President MicroNeil Research Corporation www.microneil.com 703.779.4909 x7010 twitter/codedweller --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] No one at Declude?
For IMail that was true, but I switched to SM last fall and that no longer appears to be the case. There is no license code in my declude.cfg file and the cod line says "SmarterMail can removed this line". Ben -Original Message- From: Randy Armbrecht Sent: Wednesday, April 17, 2013 10:43 AM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] No one at Declude? License code is in the declude.cfg file Sincerely, Randy A. -Original Message----- From: SM Admin [mailto:imailad...@bcwebhost.net] Sent: Wednesday, April 17, 2013 1:27 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] No one at Declude? Hi, I haven't seen anyone else comment on this post and I wondered if it was one of the perpetual licenses. I would test it but I can't recall or figure out how to change the license code manually. So how do I do that? Thanks, Ben -Original Message- From: Stephan Chayer Sent: Wednesday, April 17, 2013 2:36 AM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] No one at Declude? Use this key: CODE 28607230-BF21-4CDE-A59B-A451CC7C9CA0 -Message d'origine- De : SM Admin [mailto:imailad...@bcwebhost.net] Envoyé : 17 avril, 2013 2:43 À : Declude.JunkMail@declude.com Objet : Re: [Declude.JunkMail] No one at Declude? Apparently I was too quick on the draw as this line has since been added to the diag file: 04/16/2013 22:24:21.947[BB86F9-606322-C04138-958B5A-AB7343-94F75B] IS INVALID KEY Did someone say something about new keys? -Original Message- From: SM Admin Sent: Tuesday, April 16, 2013 10:25 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] No one at Declude? I noticed today that Declude wasn't processing. I checked the diag file and it has the usual entries at the top plus an entry at the bottom saying that the Sniffer license is invalid. How is that? So then I restarted the Declud service and now the diag file only shows this: Declude 4.12.02 Diagnostics Compilation Platform: SmarterMail Copyright (c) 2000-2013 Declude, Inc. Host Name mail1.bcwebhost.net Declude Key So I have no idea what's going on. Anyone? -Original Message- From: Brian Baker Sent: Tuesday, April 16, 2013 7:09 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] No one at Declude? Looks like tonight we better figure out a new approach. My declude diag file is now reading declude lic as invalid. Anyone else? - Original Message - From: "Todd Richards" To: Sent: Monday, April 15, 2013 9:34 AM Subject: RE: [Declude.JunkMail] No one at Declude? What system is that? Our users are getting hammered with spam. Reminds me of the days, many years ago, before I happened upon Declude... Todd -Original Message- On Sunday, April 14, 2013 10:24 PM, John Doyle wrote: >>I have reverted to a system that works. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] No one at Declude?
Hi, I haven't seen anyone else comment on this post and I wondered if it was one of the perpetual licenses. I would test it but I can't recall or figure out how to change the license code manually. So how do I do that? Thanks, Ben -Original Message- From: Stephan Chayer Sent: Wednesday, April 17, 2013 2:36 AM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] No one at Declude? Use this key: CODE 28607230-BF21-4CDE-A59B-A451CC7C9CA0 -Message d'origine- De : SM Admin [mailto:imailad...@bcwebhost.net] Envoyé : 17 avril, 2013 2:43 À : Declude.JunkMail@declude.com Objet : Re: [Declude.JunkMail] No one at Declude? Apparently I was too quick on the draw as this line has since been added to the diag file: 04/16/2013 22:24:21.947[BB86F9-606322-C04138-958B5A-AB7343-94F75B] IS INVALID KEY Did someone say something about new keys? -Original Message- From: SM Admin Sent: Tuesday, April 16, 2013 10:25 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] No one at Declude? I noticed today that Declude wasn't processing. I checked the diag file and it has the usual entries at the top plus an entry at the bottom saying that the Sniffer license is invalid. How is that? So then I restarted the Declud service and now the diag file only shows this: Declude 4.12.02 Diagnostics Compilation Platform: SmarterMail Copyright (c) 2000-2013 Declude, Inc. Host Name mail1.bcwebhost.net Declude Key So I have no idea what's going on. Anyone? -Original Message- From: Brian Baker Sent: Tuesday, April 16, 2013 7:09 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] No one at Declude? Looks like tonight we better figure out a new approach. My declude diag file is now reading declude lic as invalid. Anyone else? - Original Message - From: "Todd Richards" To: Sent: Monday, April 15, 2013 9:34 AM Subject: RE: [Declude.JunkMail] No one at Declude? What system is that? Our users are getting hammered with spam. Reminds me of the days, many years ago, before I happened upon Declude... Todd -Original Message- On Sunday, April 14, 2013 10:24 PM, John Doyle wrote: >>I have reverted to a system that works. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] No one at Declude?
Apparently I was too quick on the draw as this line has since been added to the diag file: 04/16/2013 22:24:21.947[BB86F9-606322-C04138-958B5A-AB7343-94F75B] IS INVALID KEY Did someone say something about new keys? -Original Message- From: SM Admin Sent: Tuesday, April 16, 2013 10:25 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] No one at Declude? I noticed today that Declude wasn't processing. I checked the diag file and it has the usual entries at the top plus an entry at the bottom saying that the Sniffer license is invalid. How is that? So then I restarted the Declud service and now the diag file only shows this: Declude 4.12.02 Diagnostics Compilation Platform: SmarterMail Copyright (c) 2000-2013 Declude, Inc. Host Name mail1.bcwebhost.net Declude Key So I have no idea what's going on. Anyone? -Original Message- From: Brian Baker Sent: Tuesday, April 16, 2013 7:09 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] No one at Declude? Looks like tonight we better figure out a new approach. My declude diag file is now reading declude lic as invalid. Anyone else? - Original Message - From: "Todd Richards" To: Sent: Monday, April 15, 2013 9:34 AM Subject: RE: [Declude.JunkMail] No one at Declude? What system is that? Our users are getting hammered with spam. Reminds me of the days, many years ago, before I happened upon Declude... Todd -Original Message- On Sunday, April 14, 2013 10:24 PM, John Doyle wrote: >>I have reverted to a system that works. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] No one at Declude?
I noticed today that Declude wasn't processing. I checked the diag file and it has the usual entries at the top plus an entry at the bottom saying that the Sniffer license is invalid. How is that? So then I restarted the Declud service and now the diag file only shows this: Declude 4.12.02 Diagnostics Compilation Platform: SmarterMail Copyright (c) 2000-2013 Declude, Inc. Host Name mail1.bcwebhost.net Declude Key So I have no idea what's going on. Anyone? -Original Message- From: Brian Baker Sent: Tuesday, April 16, 2013 7:09 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] No one at Declude? Looks like tonight we better figure out a new approach. My declude diag file is now reading declude lic as invalid. Anyone else? - Original Message - From: "Todd Richards" To: Sent: Monday, April 15, 2013 9:34 AM Subject: RE: [Declude.JunkMail] No one at Declude? What system is that? Our users are getting hammered with spam. Reminds me of the days, many years ago, before I happened upon Declude... Todd -Original Message- On Sunday, April 14, 2013 10:24 PM, John Doyle wrote: >>I have reverted to a system that works. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] No one at Declude?
Hi Dave, Can you tell us who the owners are of Declude and in what state it is incorporated? We might be able to find out if they’ve filed for bankruptcy or other legal proceedings. Thanks, Ben From: David Barker Sent: Wednesday, April 10, 2013 1:47 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] No one at Declude? No offence taken J Feel free to email Declude or call them. David From: ra...@globalweb.us [mailto:ra...@globalweb.us] Sent: Wednesday, April 10, 2013 4:34 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] No one at Declude? I would like to get an official notice from Declude on what is going on and how it will affect us, like your example of the license server. Sincerely, Randy A. John Dobbin wrote:So it would seem. With all the discussion recently about Declude going down, my concern is more with what happens if/when the licensing server goes away? What are people looking at to migrate to? Has there been any actual confirmation aside from postings from former employees and people's perceptions? (no offence David) -Original Message- From: Herb Guenther [mailto:h...@lanex.com] Sent: Wednesday, April 10, 2013 3:18 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] No one at Declude? --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Re: The Answer
Hi Dave, This sounds great. Do you foresee this being the end of development for Declude? Do you know what happened to the new owners of Declude? Thanks, Ben - Original Message - From: David Barker To: Declude.JunkMail@declude.com Sent: Monday, April 08, 2013 8:35 PM Subject: [Declude.JunkMail] Re: The Answer Declude users, As many of you may already know Linda Pagillo and I left Declude in January of 2013. Long story short they “Killed The Goose That Laid the Golden Egg” … my guess … the end is nigh! However it is not all bad news. We have started a new company called Mail’s Best Friend, not only can we continue to support your Declude product but we have established several strategic relationships that allow us to offer multiple alternate solutions, everything from Message Sniffer, to Cloud based solutions to Hosted Exchange, Mail's Best Friend provides best-of-breed support and integration services for all email solutions. We have always envisioned this as a community effort so the time has come to become independent and build this our way! With that said if you need assistance with Declude please contact us so we can help you either maintain what you have or find you an alternate upgrade path. Same good service, same great people… this time without the corporate interference. Hope to see you soon. Sincerely, David Barker Mail’s Best Friend Email : david.bar...@mailsbestfriend.com Web : www.mailsbestfriend.com Office: 703.988.3605 x7015 Mobile : 978.518.6461 . --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. <>
Re: [Declude.JunkMail] No one at Declude?
So, has no one still heard nothing from Declude? This is my favorite anti-spam service and I would hate to lose them. Ben - Original Message - From: declude To: Declude.JunkMail@declude.com Sent: Wednesday, April 03, 2013 10:21 AM Subject: [Declude.JunkMail] No one at Declude? Last Wednesday (3/27/2013), I renewed my Declude and Messaage Sniffer service agreements. A full week later, they both still come up as expired. All phone calls and emails have gone unanswered. I left voice mails for Tech support, Sales and the phone number previously listed on this list for John. I emailed both support at declude and jprovost at declude.com. I don't know where to go from here. A very sad time for Declude. Don Sent via the WebMail system at net1media.com --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] why have spam scores jumped?
Ahhh, yes, but that’s the answer I don't want. Right now, I could take our existing old authoritative DNS server and make it non-recursive, then put a recursive name server on the mail server itself, but listening only to the internal IP and that would seem to follow your suggestion. Although, when I look at the Interface tab in Properties, I don't see a local or 127.0.0.1 IP. Maybe it's that funny IPv6 string I see? The problem is that we're downsizing and consolidating this stuff, so we'd like to move all the DNS functions over to just the mail server and retire the old DNS server. In that case, of course, we only have one DNS server. I've been looking online to see how others might handle this. It seems that BIND can do this one way or another. You might be able to tell it to listen for recursive requests only on certain IPs or you can disable all recursion for the server but then override it for each of your authoritative zones. Unfortunately, I have yet to find either of those features as part of MS DNS and I'm not about to launch into the world of BIND. The second idea was to consolidate the DNS server onto the mail server, enable recursion, but then block recursive requests from the outside world. For example, use a firewall to block recursive requests (but only those that are recursive) from the outside. I found some online discussion of people trying to do this, possibly using port 53, but no indications that anyone actually succeeded. So for now, I'm still stuck. -Original Message- From: Darin Cox Sent: Friday, March 15, 2013 11:11 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] why have spam scores jumped? Hi Ben, You'll want to set up at least two DNS servers for that. One recursive for mail server lookups, most likely on the mail server. The DNS service on the mail server should not be publicly accessible. The other non-recursive DNS server can be used as your nameserver and, of course, publicly accessible. Since you need multiple nameservers anyway, this is not likely an issue. And you'll want them on separate subnets, network connections, etc... as much separation as you can get to avoid common points of failure. Another reason to separate the nameservers from your web and email services is that if you host any websites that process credit cards, PCI-DSS compliance requires any publicly accessible DNS services on the web or email server to have recursion turned off. Hope this helps, Darin. -Original Message- From: SM Admin Sent: Saturday, March 16, 2013 1:55 AM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] why have spam scores jumped? Thanks, Sandy. Of course, if I had understood everything perfectly (or even reasonably), I wouldn't have had to post my questions here. On our old DNS server that ran under Windows 2000 Advanced Server, you could actually toggle Forwarding and Recursion separately. However, under Windows 2008 server this isn't the case. You are correct that it's not symmetric as I claimed, although I really did no better. Turning off recursion from the Advanced properties tab turns off forwarding. Turning off forwarding I assume is done by just not having any forwarders listed. So what I said previously was wrong, although I don't see where it really changes what I was thinking about. The challenge here is that our DNS server has two purposes: it is the authoritative name server for a bunch of zone and it is also the primary name server used by our mail server. For purposes of being authoritative for our hosted zones we don't need either recursion or forwarding. Requests come to us, get what they need, and then go away. For purposes of our mail server we need our DNS server to be recursive, at the least. We set up forwarding to the Comcast name servers to offload server and network traffic. They can do all the recursion and then pass back the results to our DNS server, which passes the results back to our mail server. So I gather the recommendation here is to skip the forwarding and do all the work ourselves. I don't understand your remark about open resolver because you don't explain where I'm wrong in my understanding. What I understand is that if you have a DNS server that does recursion on a public IP, then it is an open resolver and could be attacked. Is that wrong? And if we turn off forwarding but leave on recursion, then won't our name server still be an open resolver? It needs to be that way so that the mail server can resolve its requests against it. In theory, I only need our name server to be recursive on requests from our mail server and to be non-recursive for everyone else. However, I haven't seen any way to configure that. Thanks, Ben -Original Message- From: Sanford Whiteman Sent: Friday, March 15, 2013 6:08 PM To: Declude.JunkMail@declude.com Subject: Re
Re: [Declude.JunkMail] why have spam scores jumped?
I thought it was a clever observation, too. And it makes me feel better about the wrong-headed idea I had of what MS suggests. -Original Message- From: Sanford Whiteman Sent: Friday, March 15, 2013 10:48 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] why have spam scores jumped? > My experience with MS DNS is that forwarders are setup at > installation because the installer assumes a blank forwarder means > the DNS server will be unable to lookup addresses. Well put. That must explain the feeling that forwarders are recommended -- they've been turned on for so long that they're thought to be the necessary. -- S. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] why have spam scores jumped?
Very succinct. But I need further explanation... Forget forwarding. We'd like to keep it to off-load the server and network traffic, but we can live without. However, I need one server to be both recursive for our mail server and non-recursive for our authoritative zones. We don't have to worry about our internal workstations because those I can set up to directly use the Comcast DNS servers (small network so I don't need internal DNS). But the mail server presents us the same kind of problem. The perfect solution would be a setting that tells the MS DNS server to accept recursive requests only from specified client IPs, but I don't see any way to do that. Any ideas? Thanks, Ben -Original Message- From: Scott Fosseen Sent: Friday, March 15, 2013 10:33 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] why have spam scores jumped? Another way to look at it. Recursion: Off: DNS server can only answer queries from its local zone files. Queries for any other records returns no results. Used when server is authoritative for Public domains (declude.com, nasa.gov) On: DNS server will try to answer all Queries. If it does not know the answer it will call out to other DNS servers to get the answer. ( I run both. I have 4 non-recursive DNS servers for hosting zone files, and 2 recursive DNS servers for workstations to point to. ) Forwarders: Valid only if Recurion is on. If Forwarder is set and DNS server does not know the answer to a query, the DNS server will ask the Forwarder DNS server for the answer. If no Forwarder is set and the DNS server does not know the answer to a query the DNS server will contact the Root servers and find the answer itself. My experience with MS DNS is that forwarders are setup at installation because the installer assumes a blank forwarder means the DNS server will be unable to lookup addresses. Because DNS works with a forwarder the setting gets left on. About the only time I recommend forwarders is if the site uses something like OpenDNS for Content Filtering, in which case all queries should go tot he OpenDNS servers. -Original Message- From: "Sanford Whiteman" Sent 3/15/2013 8:08:14 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] why have spam scores jumped? > The challenge for me is in not using forwarding. For MS DNS > servers, > forwarding and recursion are tied together; turn off one > and you lose > both. Incorrect. Turning off recursion turns off forwarders, but not vice > versa. You can have a perfectly operating recursive MS DNS server that > does not delegate recursion to any other server (forwarding amounts to > delegating recursion, but the server as a whole is still recursive, thus > the unidirectional relationship between the two settings). You only MUST > use forwarders if you are not allowed to pass DNS requests out past your > ISP's border (similar to when you have to use the ISP's outbound SMTP > gateway). > So if I turn off recursion and forwarding, then all my DNS > requests > will have to go to the root servers for resolution. No, if you > turn off recursion completely, you can't get responses for domains that > aren't on your box. No one is going to do it for you -- the "root servers" > sure won't. > I do understand the dangers of being an open resolver You're > mixing up a lot of terms here. An open resolver is one that will perform > recursive lookups for any address on the open internet. > but I am also > under the impression that resolving only through root > servers is bad. > It's not "bad," it doesn't exist. > Since MS seems to recommend forwarding > I doubt that... > With a stub zone, queries to URIBL.com are resolved > directly through > the URIBL Name servers... ... and there is no reason to > go down this road. If you can get DNS requests past your ISP, there's no > reason to have forwarders. -- S. --- This E-mail came from the > Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to > imail...@declude.com, and type "unsubscribe Declude.JunkMail". The > archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] why have spam scores jumped?
Thanks, Sandy. Of course, if I had understood everything perfectly (or even reasonably), I wouldn't have had to post my questions here. On our old DNS server that ran under Windows 2000 Advanced Server, you could actually toggle Forwarding and Recursion separately. However, under Windows 2008 server this isn't the case. You are correct that it's not symmetric as I claimed, although I really did no better. Turning off recursion from the Advanced properties tab turns off forwarding. Turning off forwarding I assume is done by just not having any forwarders listed. So what I said previously was wrong, although I don't see where it really changes what I was thinking about. The challenge here is that our DNS server has two purposes: it is the authoritative name server for a bunch of zone and it is also the primary name server used by our mail server. For purposes of being authoritative for our hosted zones we don't need either recursion or forwarding. Requests come to us, get what they need, and then go away. For purposes of our mail server we need our DNS server to be recursive, at the least. We set up forwarding to the Comcast name servers to offload server and network traffic. They can do all the recursion and then pass back the results to our DNS server, which passes the results back to our mail server. So I gather the recommendation here is to skip the forwarding and do all the work ourselves. I don't understand your remark about open resolver because you don't explain where I'm wrong in my understanding. What I understand is that if you have a DNS server that does recursion on a public IP, then it is an open resolver and could be attacked. Is that wrong? And if we turn off forwarding but leave on recursion, then won't our name server still be an open resolver? It needs to be that way so that the mail server can resolve its requests against it. In theory, I only need our name server to be recursive on requests from our mail server and to be non-recursive for everyone else. However, I haven't seen any way to configure that. Thanks, Ben -Original Message- From: Sanford Whiteman Sent: Friday, March 15, 2013 6:08 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] why have spam scores jumped? > The challenge for me is in not using forwarding. For MS DNS > servers, forwarding and recursion are tied together; turn off one > and you lose both. Incorrect. Turning off recursion turns off forwarders, but not vice versa. You can have a perfectly operating recursive MS DNS server that does not delegate recursion to any other server (forwarding amounts to delegating recursion, but the server as a whole is still recursive, thus the unidirectional relationship between the two settings). You only MUST use forwarders if you are not allowed to pass DNS requests out past your ISP's border (similar to when you have to use the ISP's outbound SMTP gateway). > So if I turn off recursion and forwarding, then all my DNS requests > will have to go to the root servers for resolution. No, if you turn off recursion completely, you can't get responses for domains that aren't on your box. No one is going to do it for you -- the "root servers" sure won't. > I do understand the dangers of being an open resolver You're mixing up a lot of terms here. An open resolver is one that will perform recursive lookups for any address on the open internet. > but I am also under the impression that resolving only through root > servers is bad. It's not "bad," it doesn't exist. > Since MS seems to recommend forwarding I doubt that... > With a stub zone, queries to URIBL.com are resolved directly through > the URIBL Name servers... ... and there is no reason to go down this road. If you can get DNS requests past your ISP, there's no reason to have forwarders. -- S. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] why have spam scores jumped?
Hi Andrew and thanks! The problem isn't Declude but it is spam related so I'd be interested to see if anyone else has ideas. I spent some time on the SmarterMail forums and this is what it looks like: 1. SM uses a series of built-in tests as well as external tests such as Declude. Among these are a pair of URIBL tests that are based on links embedded in the messages. 2. SM scores a hit for each bad link reported by URIBL and applies the weight score to each hit. With the default weight of 4, a message with five links rejected by URIBL would give a total score of 4 x 5 = 20. 3. Starting some time late 2012, URIBL started rejected some requests based on high volume of calls from a particular server. Various people have experienced this problem at various times over the last three months. Once URIBL starts rejected the requests then every request gets scored as bad. So, for example, every message with five embedded links gets a weight of 20, regardless of the legitimacy of those links. This results in a sudden inflation of spam scores. 4. I don't understand how our mail server would be subject to this. Our volume of mail isn't just small, one might almost call it tiny. The number of calls we make to URIBL are correspondingly very small. 5. The claim made by Those Who Know on the SM forum is that the URIBL rejection is really directed at those who use high volume public DNS servers. I'm not really sure how URIBL even knows which DNS server I use, but that's the claim. Since last year, I have had my SM server configured to use the Comcast national DNS servers (Comcast being my upstream provider). Since that's supposed to be the problem, I switched to our in-house public DNS server, but that didn't help either. Then I tried setting up a private DNS server on the mail server itself and still couldn't get it to work. 6. Then I was told that I need to turn off recursion on the DNS server to be considered acceptable to URIBL. Again, I don't know why. The problem is that I use the MS DNS server (Win 2008) and when you turn off recursion, it forced off forwarding as well. There are many good reasons for not wanting to turn off forwarding (in fact, MS doesn't recommend it). So now I'm stuck between a rock and a hard place. 7. I tried writing to the URIBL abuse administrator but got no response and couldn't find any other contact information. Anyone able to correct or illuminate me? Thanks, Ben - Original Message - From: Colbeck, Andrew To: Declude.JunkMail@declude.com Sent: Wednesday, March 06, 2013 3:27 PM Subject: RE: [Declude.JunkMail] why have spam scores jumped? Ben, check the archive website here http://www.mail-archive.com/declude.junkmail@declude.com/ for the mail you’ve missed. Andrew. From: SM Admin [mailto:imailad...@bcwebhost.net] Sent: Tuesday, March 05, 2013 10:10 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] why have spam scores jumped? Thanks for the heads-up, but I didn’t and still don’t see either my original email or the responses. I just took a look at it via the web interface because sometime Microsoft Live Mail (like Outlook Express before it) will not show some messages where it doesn’t like the header, but I just don’t see either my message or the responses. I’m assuming what happened was exactly what I was asking about – those messages were given him spam scores and deleted. I don’t suppose you could resend those replies to the list? Thanks, Ben From: Randy Armbrecht Sent: Tuesday, March 05, 2013 11:12 AM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] why have spam scores jumped? Your Friday post did show up and already has 2 or 3 responses to it Sincerely, Randy Armbrecht Global Web Solutions, Inc. Office: 804.442.5300 x112 Toll Free: 877.800.4562 24 /7 Tech Support! Your Internet Source.Since 1996! NEW GlobalSync Remote-BackUp Solutions! Web Hosting - E-Mail - Spam/Virus Gateway Services Hi-Speed DSL, Ethernet and Wireless Internet - T-1/T-3's PC Support - Networking - Virus/MalWare Removal 25% discount on most services for Non-Profits! Call us today! From: SM Admin [mailto:imailad...@bcwebhost.net] Sent: Tuesday, March 05, 2013 1:52 PM To: Declude.JunkMail@declude.com Subject: [Declude.JunkMail] why have spam scores jumped? (I sent this message on Friday but it never showed up, so I thought I’d try again.) Hi, I don't know if anyone is still here but I'd like some insights into some strange anti-spam behavior. We have latest SmarterMail and Declude, as well as Sniffer. Over the last few days I noticed a significant drop in email messages. Upon further investigation, I found that messages were being givn much higher spam scores than in the past, with
Re: [Declude.JunkMail] why have spam scores jumped?
Thanks for the heads-up, but I didn’t and still don’t see either my original email or the responses. I just took a look at it via the web interface because sometime Microsoft Live Mail (like Outlook Express before it) will not show some messages where it doesn’t like the header, but I just don’t see either my message or the responses. I’m assuming what happened was exactly what I was asking about – those messages were given him spam scores and deleted. I don’t suppose you could resend those replies to the list? Thanks, Ben From: Randy Armbrecht Sent: Tuesday, March 05, 2013 11:12 AM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] why have spam scores jumped? Your Friday post did show up and already has 2 or 3 responses to it Sincerely, Randy Armbrecht Global Web Solutions, Inc. Office: 804.442.5300 x112 Toll Free: 877.800.4562 24 /7 Tech Support! Your Internet Source.Since 1996! NEW GlobalSync Remote-BackUp Solutions! Web Hosting - E-Mail - Spam/Virus Gateway Services Hi-Speed DSL, Ethernet and Wireless Internet - T-1/T-3's PC Support - Networking - Virus/MalWare Removal 25% discount on most services for Non-Profits! Call us today! From: SM Admin [mailto:imailad...@bcwebhost.net] Sent: Tuesday, March 05, 2013 1:52 PM To: Declude.JunkMail@declude.com Subject: [Declude.JunkMail] why have spam scores jumped? (I sent this message on Friday but it never showed up, so I thought I’d try again.) Hi, I don't know if anyone is still here but I'd like some insights into some strange anti-spam behavior. We have latest SmarterMail and Declude, as well as Sniffer. Over the last few days I noticed a significant drop in email messages. Upon further investigation, I found that messages were being givn much higher spam scores than in the past, with the result that they get classified as spam or just outright deleted. Checking the headers, however, I don't see why the scores are coming in so high. Below are a few examples. Does anyone see why the spam scores come out so high? Thanks, Ben *** X-MessageSniffer-Scan-Result: 0 X-MessageSniffer-Rules: 0-0-0-2998-c X-Declude-Sender: mstad...@ghrlawyers.com [70.89.176.73] X-Declude-Spoolname: 195938010.eml X-Declude-RefID: X-Declude-Note: Scanned by Declude 4.11.00 "http://www.declude.com/x-note.htm"; X-Declude-Scan: Incoming Score [0] at 17:26:20 on 01 Mar 2013 X-Declude-Tests: SPFUNKNOWN [1] X-Country-Chain: UNITED STATES->destination X-Declude-Code: e X-HELO: mail.garrettlaw.com X-Identity: 70.89.176.73 | mail.garrettlaw.com | ghrlawyers.com X-SmarterMail-Spam: SPF_SoftFail, ISpamAssassin 0 [raw: 0], DK_None, DKIM_None, URIBL:3, Declude: 0 X-SmarterMail-TotalSpamWeight: 15 * -MessageSniffer-Scan-Result: 0 X-MessageSniffer-Rules: 0-0-0-32767-c X-Declude-Sender: gha...@ghrlawyers.com [70.89.176.73] X-Declude-Spoolname: 159487572.eml X-Declude-RefID: X-Declude-Note: Scanned by Declude 4.11.00 "http://www.declude.com/x-note.htm"; X-Declude-Scan: Incoming Score [-3] at 16:38:51 on 01 Mar 2013 X-Declude-Tests: SPFUNKNOWN [1] X-Country-Chain: UNITED STATES->destination X-Declude-Code: 1e X-HELO: mail.garrettlaw.com X-Identity: 70.89.176.73 | mail.ghrlawyers.com | ghrlawyers.com X-SmarterMail-Spam: SPF_SoftFail, ISpamAssassin 0 [raw: 0], DK_None, DKIM_None, URIBL:7, Declude: -3 X-SmarterMail-SpamDetail: 0.0 TVD_SUBJ_ACC_NUM X-SmarterMail-SpamDetail: 0.0 T_OBFU_PDF_ATTACH X-SmarterMail-TotalSpamWeight: 28 ** X-MessageSniffer-Scan-Result: 0 X-MessageSniffer-Rules: 0-0-0-32767-c X-Declude-Sender: gha...@ghrlawyers.com [70.89.176.73] X-Declude-Spoolname: 159487567.eml X-Declude-RefID: X-Declude-Note: Scanned by Declude 4.11.00 "http://www.declude.com/x-note.htm"; X-Declude-Scan: Incoming Score [-3] at 16:35:50 on 01 Mar 2013 X-Declude-Tests: SPFUNKNOWN [1] X-Country-Chain: UNITED STATES->destination X-Declude-Code: 1e X-HELO: mail.garrettlaw.com X-Identity: 70.89.176.73 | mail.ghrlawyers.com | ghrlawyers.com X-SmarterMail-Spam: SPF_SoftFail, ISpamAssassin 1 [raw: 1], DK_None, DKIM_None, URIBL:10, Declude: -3 X-SmarterMail-TotalSpamWeight: 41 ** Just for comparison, here is an email from the same source from Tuesday (and very typical of past headers): X-MessageSniffer-Scan-Result: 0 X-MessageSniffer-Rules: 0-0-0-27512-c X-Declude-Sender: gha...@ghrlawyers.com [70.89.176.73] X-Declude-Spoolname: 159486224.eml X-Declude-RefID: X-Declude-Note: Scanned by Declude 4.11.00 "http://www.declude.com/x-note.htm"; X-Declude-Scan: Incoming Score [-3] at 17:56:38 on 26 Feb 2013 X-Declude-Tests: SPFUNKNOWN [1] X-Country-Chain: UNITED STATES->destination
[Declude.JunkMail] why have spam scores jumped?
(I sent this message on Friday but it never showed up, so I thought I’d try again.) Hi, I don't know if anyone is still here but I'd like some insights into some strange anti-spam behavior. We have latest SmarterMail and Declude, as well as Sniffer. Over the last few days I noticed a significant drop in email messages. Upon further investigation, I found that messages were being givn much higher spam scores than in the past, with the result that they get classified as spam or just outright deleted. Checking the headers, however, I don't see why the scores are coming in so high. Below are a few examples. Does anyone see why the spam scores come out so high? Thanks, Ben *** X-MessageSniffer-Scan-Result: 0 X-MessageSniffer-Rules: 0-0-0-2998-c X-Declude-Sender: mstad...@ghrlawyers.com [70.89.176.73] X-Declude-Spoolname: 195938010.eml X-Declude-RefID: X-Declude-Note: Scanned by Declude 4.11.00 "http://www.declude.com/x-note.htm"; X-Declude-Scan: Incoming Score [0] at 17:26:20 on 01 Mar 2013 X-Declude-Tests: SPFUNKNOWN [1] X-Country-Chain: UNITED STATES->destination X-Declude-Code: e X-HELO: mail.garrettlaw.com X-Identity: 70.89.176.73 | mail.garrettlaw.com | ghrlawyers.com X-SmarterMail-Spam: SPF_SoftFail, ISpamAssassin 0 [raw: 0], DK_None, DKIM_None, URIBL:3, Declude: 0 X-SmarterMail-TotalSpamWeight: 15 * -MessageSniffer-Scan-Result: 0 X-MessageSniffer-Rules: 0-0-0-32767-c X-Declude-Sender: gha...@ghrlawyers.com [70.89.176.73] X-Declude-Spoolname: 159487572.eml X-Declude-RefID: X-Declude-Note: Scanned by Declude 4.11.00 "http://www.declude.com/x-note.htm"; X-Declude-Scan: Incoming Score [-3] at 16:38:51 on 01 Mar 2013 X-Declude-Tests: SPFUNKNOWN [1] X-Country-Chain: UNITED STATES->destination X-Declude-Code: 1e X-HELO: mail.garrettlaw.com X-Identity: 70.89.176.73 | mail.ghrlawyers.com | ghrlawyers.com X-SmarterMail-Spam: SPF_SoftFail, ISpamAssassin 0 [raw: 0], DK_None, DKIM_None, URIBL:7, Declude: -3 X-SmarterMail-SpamDetail: 0.0 TVD_SUBJ_ACC_NUM X-SmarterMail-SpamDetail: 0.0 T_OBFU_PDF_ATTACH X-SmarterMail-TotalSpamWeight: 28 ** X-MessageSniffer-Scan-Result: 0 X-MessageSniffer-Rules: 0-0-0-32767-c X-Declude-Sender: gha...@ghrlawyers.com [70.89.176.73] X-Declude-Spoolname: 159487567.eml X-Declude-RefID: X-Declude-Note: Scanned by Declude 4.11.00 "http://www.declude.com/x-note.htm"; X-Declude-Scan: Incoming Score [-3] at 16:35:50 on 01 Mar 2013 X-Declude-Tests: SPFUNKNOWN [1] X-Country-Chain: UNITED STATES->destination X-Declude-Code: 1e X-HELO: mail.garrettlaw.com X-Identity: 70.89.176.73 | mail.ghrlawyers.com | ghrlawyers.com X-SmarterMail-Spam: SPF_SoftFail, ISpamAssassin 1 [raw: 1], DK_None, DKIM_None, URIBL:10, Declude: -3 X-SmarterMail-TotalSpamWeight: 41 ** Just for comparison, here is an email from the same source from Tuesday (and very typical of past headers): X-MessageSniffer-Scan-Result: 0 X-MessageSniffer-Rules: 0-0-0-27512-c X-Declude-Sender: gha...@ghrlawyers.com [70.89.176.73] X-Declude-Spoolname: 159486224.eml X-Declude-RefID: X-Declude-Note: Scanned by Declude 4.11.00 "http://www.declude.com/x-note.htm"; X-Declude-Scan: Incoming Score [-3] at 17:56:38 on 26 Feb 2013 X-Declude-Tests: SPFUNKNOWN [1] X-Country-Chain: UNITED STATES->destination X-Declude-Code: 1e X-HELO: mail.garrettlaw.com X-Identity: 70.89.176.73 | mail.garrettlaw.com | ghrlawyers.com X-SmarterMail-Spam: SPF_SoftFail, ISpamAssassin 5 [raw: 3], DK_None, DKIM_None, Declude: -3 X-SmarterMail-TotalSpamWeight: 5 --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] why have spam scores jumped?
Hi, I don't know if anyone is still here but I'd like some insights into some strange anti-spam behavior. We have latest SmarterMail and Declude, as well as Sniffer. Over the last few days I noticed a significant drop in email messages. Upon further investigation, I found that messages were being givn much higher spam scores than in the past, with the result that they get classified as spam or just outright deleted. Checking the headers, however, I don't see why the scores are coming in so high. Below are a few examples. Does anyone see why the spam scores come out so high? Thanks, Ben *** X-MessageSniffer-Scan-Result: 0 X-MessageSniffer-Rules: 0-0-0-2998-c X-Declude-Sender: mstad...@ghrlawyers.com [70.89.176.73] X-Declude-Spoolname: 195938010.eml X-Declude-RefID: X-Declude-Note: Scanned by Declude 4.11.00 "http://www.declude.com/x-note.htm"; X-Declude-Scan: Incoming Score [0] at 17:26:20 on 01 Mar 2013 X-Declude-Tests: SPFUNKNOWN [1] X-Country-Chain: UNITED STATES->destination X-Declude-Code: e X-HELO: mail.garrettlaw.com X-Identity: 70.89.176.73 | mail.garrettlaw.com | ghrlawyers.com X-SmarterMail-Spam: SPF_SoftFail, ISpamAssassin 0 [raw: 0], DK_None, DKIM_None, URIBL:3, Declude: 0 X-SmarterMail-TotalSpamWeight: 15 * -MessageSniffer-Scan-Result: 0 X-MessageSniffer-Rules: 0-0-0-32767-c X-Declude-Sender: gha...@ghrlawyers.com [70.89.176.73] X-Declude-Spoolname: 159487572.eml X-Declude-RefID: X-Declude-Note: Scanned by Declude 4.11.00 "http://www.declude.com/x-note.htm"; X-Declude-Scan: Incoming Score [-3] at 16:38:51 on 01 Mar 2013 X-Declude-Tests: SPFUNKNOWN [1] X-Country-Chain: UNITED STATES->destination X-Declude-Code: 1e X-HELO: mail.garrettlaw.com X-Identity: 70.89.176.73 | mail.ghrlawyers.com | ghrlawyers.com X-SmarterMail-Spam: SPF_SoftFail, ISpamAssassin 0 [raw: 0], DK_None, DKIM_None, URIBL:7, Declude: -3 X-SmarterMail-SpamDetail: 0.0 TVD_SUBJ_ACC_NUM X-SmarterMail-SpamDetail: 0.0 T_OBFU_PDF_ATTACH X-SmarterMail-TotalSpamWeight: 28 ** X-MessageSniffer-Scan-Result: 0 X-MessageSniffer-Rules: 0-0-0-32767-c X-Declude-Sender: gha...@ghrlawyers.com [70.89.176.73] X-Declude-Spoolname: 159487567.eml X-Declude-RefID: X-Declude-Note: Scanned by Declude 4.11.00 "http://www.declude.com/x-note.htm"; X-Declude-Scan: Incoming Score [-3] at 16:35:50 on 01 Mar 2013 X-Declude-Tests: SPFUNKNOWN [1] X-Country-Chain: UNITED STATES->destination X-Declude-Code: 1e X-HELO: mail.garrettlaw.com X-Identity: 70.89.176.73 | mail.ghrlawyers.com | ghrlawyers.com X-SmarterMail-Spam: SPF_SoftFail, ISpamAssassin 1 [raw: 1], DK_None, DKIM_None, URIBL:10, Declude: -3 X-SmarterMail-TotalSpamWeight: 41 ** Just for comparison, here is an email from the same source from Tuesday (and very typical of past headers): X-MessageSniffer-Scan-Result: 0 X-MessageSniffer-Rules: 0-0-0-27512-c X-Declude-Sender: gha...@ghrlawyers.com [70.89.176.73] X-Declude-Spoolname: 159486224.eml X-Declude-RefID: X-Declude-Note: Scanned by Declude 4.11.00 "http://www.declude.com/x-note.htm"; X-Declude-Scan: Incoming Score [-3] at 17:56:38 on 26 Feb 2013 X-Declude-Tests: SPFUNKNOWN [1] X-Country-Chain: UNITED STATES->destination X-Declude-Code: 1e X-HELO: mail.garrettlaw.com X-Identity: 70.89.176.73 | mail.garrettlaw.com | ghrlawyers.com X-SmarterMail-Spam: SPF_SoftFail, ISpamAssassin 5 [raw: 3], DK_None, DKIM_None, Declude: -3 X-SmarterMail-TotalSpamWeight: 5 --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Declude subscription valid but IS EXPIRED KEY in diags.txt
Shock for me too. I hope John will keep it up and that the whole thing won't
fold away.
- Original Message -
From: Dean Lawrence
To: Declude.JunkMail@declude.com
Sent: Wednesday, January 30, 2013 4:13 PM
Subject: Re: [Declude.JunkMail] Declude subscription valid but IS EXPIRED KEY
in diags.txt
Wow, that comes as a bit of a shock! Like I said, I just worked with David a
couple of weeks ago. Thanks for the information Steve.
On Wed, Jan 30, 2013 at 6:14 PM, Steve Cirivello
wrote:
I did hear from Declude yesterday afternoon and again this morning. John
reports our IS EXPIRED KEY problem is finally repaired (on the 9th day after
the initial voice/email inquiries.)
He also wrote: "David and Linda have both left our company and I will be
your primary contact. We are experiencing overload on our virtual call machine
for receiving calls and are in the process of correcting all calls forwarding."
You might email jprovost at the declude.com domain. 603 479 7640 was also
contained in his message. It's not clear if support@ is being monitored, or,
David's and Linda's addresses.
David/Linda - thank you for many years of excellent customer service.
Steve
- Original Message -
From: Dean Lawrence
To: Declude.JunkMail@declude.com
Sent: Wednesday, January 30, 2013 9:52 AM
Subject: Re: [Declude.JunkMail] Declude subscription valid but IS EXPIRED
KEY in diags.txt
Steve, were you able to get ahold of anyone at Declude? I need to reach
them as well and am running into similar issues as you. The odd thing is, is
that I Dave Barker a couple of weeks ago.
On Mon, Jan 28, 2013 at 5:22 PM, Steve Cirivello
wrote:
Thank you Ben for your suggestions. The CODE/key as shown in our
account on declude.com is identical to the value that's been in our declude.cfg
file for some time. Our account page shows valid through Jan 2014, but,
there's a red circle (not the usual greeen circle) in the upper left corner of
the product/subscription status display box.
John (a new voice) fixed the subscription date last Wednesday morning.
After the call, I bounced decludeproc, and, IS EXPIRED KEY is still in
diags.txt.
Since that call with John last Wednesday morning, email messages to the
usual addresses (including supp...@declude.com) are unanswered. Phone calls to
Declude are not answered (except the auto-attendant) - 1 for sales now rolls
to a Skype authentication, and 2 for support rolls to voice mail.
I've bounced decludeproc several times a day since last Wednesday
morning - no change. Daily emails and voice messages remain unanswered.
This is very unusual. Maybe it's just this customer?
Steve
----- Original Message -
From: SM Admin
To: Declude.JunkMail@declude.com
Sent: Monday, January 28, 2013 10:29 AM
Subject: Re: [Declude.JunkMail] Declude subscription valid but IS
EXPIRED KEY in diags.txt
Is it possible that they issued you a new key when you renewed?
And what emails did you write to?
Ben
From: Steve Cirivello
Sent: Monday, January 28, 2013 7:18 AM
To: Declude.JunkMail@declude.com
Subject: SPAM-LOW: [Declude.JunkMail] Declude subscription valid but
IS EXPIRED KEY in diags.txt
Hello,
We've been a Declude customer for many years. We renewed the annual
subscription last Monday, and, on Tuesday, Declude (for IMail) stopped working
with IS EXPIRED KEY in diags.txt
We've been unable to reach anyone at Declude by phone or email since
last Wednesday morning. Has anyone contacted Declude recently and received a
reply?
Also, any suggestions for temporarily working around the IS EXPIRED
KEY error. Our customer/partner login on declude.com shows our subscription is
valid until Jan 2014. (We've considered purchasing a new subscription to get a
new CODE/key, but if the purchase and CODE delivery process isn't completely
automated we'd still be stuck.)
Thanks.
Steve
--- This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe
Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
--- This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe
Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
--- This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to imail...@declude.com, and
Re: [Declude.JunkMail] Declude subscription valid but IS EXPIRED KEY in diags.txt
Hi Steve, I'll admit this is worrisome. My most recent declude contacts were with David Barker and his contact info is: VP Operations Declude Your Email security is our business 978.499.2933 office 978.988.1311 fax dbar...@declude.com I also got a few messages from: Linda Pagillo Declude Technical Support Engineer 866-332-5833 Ext. 2 lpagi...@declude.com Post again if you have any update on reaching them or not. Thanks, Ben - Original Message - From: Steve Cirivello To: Declude.JunkMail@declude.com Sent: Monday, January 28, 2013 2:22 PM Subject: SPAM-LOW: Re: [Declude.JunkMail] Declude subscription valid but IS EXPIRED KEY in diags.txt Thank you Ben for your suggestions. The CODE/key as shown in our account on declude.com is identical to the value that's been in our declude.cfg file for some time. Our account page shows valid through Jan 2014, but, there's a red circle (not the usual greeen circle) in the upper left corner of the product/subscription status display box. John (a new voice) fixed the subscription date last Wednesday morning. After the call, I bounced decludeproc, and, IS EXPIRED KEY is still in diags.txt. Since that call with John last Wednesday morning, email messages to the usual addresses (including supp...@declude.com) are unanswered. Phone calls to Declude are not answered (except the auto-attendant) - 1 for sales now rolls to a Skype authentication, and 2 for support rolls to voice mail. I've bounced decludeproc several times a day since last Wednesday morning - no change. Daily emails and voice messages remain unanswered. This is very unusual. Maybe it's just this customer? Steve - Original Message - From: SM Admin To: Declude.JunkMail@declude.com Sent: Monday, January 28, 2013 10:29 AM Subject: Re: [Declude.JunkMail] Declude subscription valid but IS EXPIRED KEY in diags.txt Is it possible that they issued you a new key when you renewed? And what emails did you write to? Ben From: Steve Cirivello Sent: Monday, January 28, 2013 7:18 AM To: Declude.JunkMail@declude.com Subject: SPAM-LOW: [Declude.JunkMail] Declude subscription valid but IS EXPIRED KEY in diags.txt Hello, We've been a Declude customer for many years. We renewed the annual subscription last Monday, and, on Tuesday, Declude (for IMail) stopped working with IS EXPIRED KEY in diags.txt We've been unable to reach anyone at Declude by phone or email since last Wednesday morning. Has anyone contacted Declude recently and received a reply? Also, any suggestions for temporarily working around the IS EXPIRED KEY error. Our customer/partner login on declude.com shows our subscription is valid until Jan 2014. (We've considered purchasing a new subscription to get a new CODE/key, but if the purchase and CODE delivery process isn't completely automated we'd still be stuck.) Thanks. Steve --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Declude subscription valid but IS EXPIRED KEY in diags.txt
Is it possible that they issued you a new key when you renewed? And what emails did you write to? Ben From: Steve Cirivello Sent: Monday, January 28, 2013 7:18 AM To: Declude.JunkMail@declude.com Subject: SPAM-LOW: [Declude.JunkMail] Declude subscription valid but IS EXPIRED KEY in diags.txt Hello, We've been a Declude customer for many years. We renewed the annual subscription last Monday, and, on Tuesday, Declude (for IMail) stopped working with IS EXPIRED KEY in diags.txt We've been unable to reach anyone at Declude by phone or email since last Wednesday morning. Has anyone contacted Declude recently and received a reply? Also, any suggestions for temporarily working around the IS EXPIRED KEY error. Our customer/partner login on declude.com shows our subscription is valid until Jan 2014. (We've considered purchasing a new subscription to get a new CODE/key, but if the purchase and CODE delivery process isn't completely automated we'd still be stuck.) Thanks. Steve --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Fw: Deciphering Comcast reply on weird DNS stuff
Hi Sandy, I forwarded your last reply to Comcast but haven't heard from anyone there since that last message where the tech says he can't help me any further. At this point, I'd sure like to fight with them some more just because of the obnoxious replies by Mr. Jones, but I'm not sure it's worth the time. What I've notice is that while I continue to get a trickle of messages showing up at the old mail server, since last weekend they've only been spam. I'm not sure how, but it seems that some spammers are still latched on to the wrong (out of date) DNS information. Strange, huh? Thanks again for all your help and the same for Shaun. Ben - Original Message - From: Sanford Whiteman To: Declude.JunkMail@declude.com Sent: Wednesday, November 28, 2012 7:24 PM Subject: Re: [Declude.JunkMail] Fw: Deciphering Comcast reply on weird DNS stuff Ben, Thanks for running your questions by me. Feel free to forward this message to your Comcast rep. Even if he is unwilling to help you further, there is information below that will help him be more accurate in future cases, since he currently lacks sufficient understanding of DNS. Mr. Jones is seemingly unaware of the difference between a delegated subdomain and a hostname. This gap in understanding does call the other conclusions into question, and I would not consider his to be an expert-level response. NOTE: I don't know if Comcast is or is not ultimately at fault for your mail delivery problems, but I would advise you to look for more expert testimony. It's perfectly normal for a hostname to be both the label and the value of an MX record (i.e. to "be its own MX"). In fact, the RFC-specified behavior of SMTP is to connect to the hostname to deliver mail to user@hostname in the absence of an MX record. All you are doing by adding IN MX is specifying that which would already be assumed (and also taking advantage of the MX algorithm). So normal is this configuration that I was able to quickly dig these examples from large, reputable domains: mail.beta.army.mil IN MX 10 mail.beta.army.mil ajax1.rutgers.edu IN MX 10 ajax1.rutgers.edu web.mail.vt.edu IN MX 0 web.mail.vt.edu webmail.uic.edu IN MX 0 webmail.uic.edu mail.messaging.microsoft.com IN MX 10 mail.messaging.microsoft.com webmail.villanova.edu IN MX 0 webmail.villanova.edu smtp01in.umuc.edu IN MX 0 smtp01in.umuc.edu mta4.wiscmail.wisc.edu IN MX 0 mta4.wiscmail.wisc.edu mail.dotster.com IN MX 0 mail.dotster.com Good luck with your continued troubleshooting! -- Sandy --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Fw: Deciphering Comcast reply on weird DNS stuff
I should add that the number of erroneous emails sent to the old mail server has decreased. From Thursday through Saturday it went down to zero and I was hoping the problem had gone away. Then it started up again on Sunday, but at lower volume than before. Interestingly, most of the emails now received at the old server are spam. In the last three days, I've only received one email personally that was real mail and that went to the old server. By comparison, a week ago I had to check my account on the old server every hour. Ben -Original Message- From: Sanford Whiteman Sent: Tuesday, November 27, 2012 6:09 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] Fw: Deciphering Comcast reply on weird DNS stuff > Actually, you did catch something. The section that starts with > "Authority". In his email he says "Answer ns0.xname.org" which I > take to mean that he is getting that authorotative response from > nso0.xname.org and not ns1.xname.org as you assume below. It means "ns0.xname.org" is part of the answer(s) to the question he asked, i.e. the A record for ns0.xname.org. Doesn't mean that is/is not the server queried. -- S. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Fw: Deciphering Comcast reply on weird DNS stuff
Just for your amusement, here is my latest exchange with Comcast (read the Comcast email first, then my response). ** Dear Mr. Jones, It does not surprise me that refuse to provide any further help. Your previous emails displayed a dismissive and confrontational attitude with a lack of any real interest in finding an answer. Your responses included technical errors, contradictory statements, and failed to address some of my key questions. As near as I can tell, you are claiming that Comcast cannot be responsible by simple proclamation. Unfortunately, the evidence continues to indicate that Comcast is in same way responsible. The volume of erroneous emails has decreased, so perhaps this was a temporary result of your recent change in DNS systems that is slowly improving – one can only hope. In the meanwhile, I would like a referral to someone else at Comcast who has both technical knowledge and some skill at customer relations. Perhaps you or one of the others CC’d on this email can provide that referral. Sincerely, Ben From: Jones, Spencer Sent: Wednesday, November 28, 2012 8:10 AM As I stated before good luck. I can help you no more. Spencer Jones Engineer II Enterprise Technical Support 7150 S. Fulton St, Centennial, CO 80112 -Original Message- From: Sanford Whiteman Sent: Tuesday, November 27, 2012 6:09 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] Fw: Deciphering Comcast reply on weird DNS stuff > Actually, you did catch something. The section that starts with > "Authority". In his email he says "Answer ns0.xname.org" which I > take to mean that he is getting that authorotative response from > nso0.xname.org and not ns1.xname.org as you assume below. It means "ns0.xname.org" is part of the answer(s) to the question he asked, i.e. the A record for ns0.xname.org. Doesn't mean that is/is not the server queried. -- S. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Fw: Deciphering Comcast reply on weird DNS stuff
Hi Sandy, Actually, you did catch something. The section that starts with "Authority". In his email he says "Answer ns0.xname.org" which I take to mean that he is getting that authorotative response from nso0.xname.org and not ns1.xname.org as you assume below. Which doesn't make sense to me because I just ran the DNSStuff tool against ns0.xname.org and came up with the correct results. ns0.xname.org. [195.234.42.1] (124ms) Response from ns0.xname.org. [195.234.42.1] Results found: 8 Domain Type Class TTL Response time Answer Answer section: bcwebhost.net. NS IN 43200 124ms ns1.twisted4life.com. bcwebhost.net. NS IN 43200 124ms ns2.xname.org. bcwebhost.net. NS IN 43200 124ms bcw4.bcwebhost.net. bcwebhost.net. NS IN 43200 124ms ns0.xname.org. Additional section: ns0.xname.org. A IN 600 124ms 195.234.42.1 ns2.xname.org. A IN 600 124ms 88.191.64.64 bcw4.bcwebhost.net. A IN 43200 124ms 173.164.65.197 ns2.xname.org. IN 600 124ms 2a01:e0b:1:64:240:63ff:fee8:6155 And those servers all report the correct NS records, as well as all the gtld servers report the correct results. So how did he get bad results? Thanks, Ben - Original Message - From: Sanford Whiteman To: Declude.JunkMail@declude.com Sent: Tuesday, November 27, 2012 4:36 PM Subject: Re: [Declude.JunkMail] Fw: Deciphering Comcast reply on weird DNS stuff > In the end, he seems to be saying that we have a name server > giving wrong results, which would make sense, except I can't figure > out which name servers he's referring to. You'll see below where he > says "the NS0 name server points to NS1 and that will point to > mail2.bcwebhost.net and your incorrect IP address," and I don't see > that, do you? No. He's so far up his own... something... that he's decided upfront that it cannot be his problem, so he is willfully misreading the actual results. Look at this, from his message: > Authority: >xname.org.600 NS ns2.xname.org. >xname.org.600 NS ns3.xtremeweb.de. >xname.org.600 NS ns0.xname.org. >xname.org.600 NS ns1.xname.org. He claims to be getting this information from ns1.xname.org. I'm sure he is. The question is WHY he is querying ns1.xname.org, since it does not appear in the parents at gtld-servers.net nor in any NS records returned by your NSs. I think you may have a chicken-egg situation where he is actually using a broken server to check for brokenness! Tell him this: at *..gtld-servers.net, your NSs are NS-record for bcwebhost.net: DNS server = bcw4.bcwebhost.net TTL = 172800 (2 days) NS-record for bcwebhost.net: DNS server = ns1.twisted4life.com TTL = 172800 (2 days) NS-record for bcwebhost.net: DNS server = ns0.xname.org TTL = 172800 (2 days) NS-record for bcwebhost.net: DNS server = ns2.xname.org TTL = 172800 (2 days) *AND* querying each of those NSs directly, the same list of NSs appears. Ask him if he differs with this. He can't. So why would ns1.xname.org even be on his mind? Why would he be hitting this server at all? Answer: he is not actually digging directly into your servers, but trusting his own, broken server. Which means he is not testing properly. What server is he using, anyway (never mind "non-Comcast tools")? Now, I grant you, his server wouldn't be "broken" per se if you had set, say, a 30-day TTL somewhere. That would be your fault. But we don't see that, or at least we can't see it anywhere in his results. > Do you see where in the stuff below it says that ns0 is getting its > results from ns1? The IP of ns1 is 178.33.255.252 and for ns0 it's > 195.234.42.1. No, and I don't even know what it would mean to be "getting its results from ns1." ns0 is returning authoritative results. As you said, he seems to be willfully making no sense: "getting its results from" is useless nonsense. Which is weird because in certain ways he seems to know what he's talking about. > At any rate, unless ns0 is really linked to ns1 as this guy claims, > then I don't see how ns1 is relevant. It isn't relevant. It isn't in the picture. If it's in the picture for him, he's not testing with working servers. > This is a subdomain > “ANYTHING.DOMAIN.TLD” is a subdomain and your mail.bcwebhost.net > subdomain should NOT have its own MX record. > Answer: >mail.bcwebhost.net. 43200 A 173.164.65.200 > mail.bcwebhost.net. 43200 MX 0 mail.bcwebhost.net. There is absolutely nothing wrong with this setup and I wish you could make this Spencer Jones idiot publish this claim in a DNS-centric place where he will be shamed (as opposed to a pretty
Re: [Declude.JunkMail] Fw: Deciphering Comcast reply on weird DNS stuff
Hi Sandy, Actually, you did catch something. The section that starts with "Authority". In his email he says "Answer ns0.xname.org" which I take to mean that he is getting that authorotative response from nso0.xname.org and not ns1.xname.org as you assume below. Which doesn't make sense to me because I just ran the DNSStuff tool against ns0.xname.org and came up with the correct results. ns0.xname.org. [195.234.42.1] (124ms) Response from ns0.xname.org. [195.234.42.1] Results found: 8 Domain Type Class TTL Response time Answer Answer section: bcwebhost.net. NS IN 43200 124ms ns1.twisted4life.com. bcwebhost.net. NS IN 43200 124ms ns2.xname.org. bcwebhost.net. NS IN 43200 124ms bcw4.bcwebhost.net. bcwebhost.net. NS IN 43200 124ms ns0.xname.org. Additional section: ns0.xname.org. A IN 600 124ms 195.234.42.1 ns2.xname.org. A IN 600 124ms 88.191.64.64 bcw4.bcwebhost.net. A IN 43200 124ms 173.164.65.197 ns2.xname.org. IN 600 124ms 2a01:e0b:1:64:240:63ff:fee8:6155 And those servers all report the correct NS records, as well as all the gtld servers report the correct results. So how did he get bad results? Thanks, Ben - Original Message - From: Sanford Whiteman To: Declude.JunkMail@declude.com Sent: Tuesday, November 27, 2012 4:36 PM Subject: Re: [Declude.JunkMail] Fw: Deciphering Comcast reply on weird DNS stuff > In the end, he seems to be saying that we have a name server > giving wrong results, which would make sense, except I can't figure > out which name servers he's referring to. You'll see below where he > says "the NS0 name server points to NS1 and that will point to > mail2.bcwebhost.net and your incorrect IP address," and I don't see > that, do you? No. He's so far up his own... something... that he's decided upfront that it cannot be his problem, so he is willfully misreading the actual results. Look at this, from his message: > Authority: >xname.org.600 NS ns2.xname.org. >xname.org.600 NS ns3.xtremeweb.de. >xname.org.600 NS ns0.xname.org. >xname.org.600 NS ns1.xname.org. He claims to be getting this information from ns1.xname.org. I'm sure he is. The question is WHY he is querying ns1.xname.org, since it does not appear in the parents at gtld-servers.net nor in any NS records returned by your NSs. I think you may have a chicken-egg situation where he is actually using a broken server to check for brokenness! Tell him this: at *..gtld-servers.net, your NSs are NS-record for bcwebhost.net: DNS server = bcw4.bcwebhost.net TTL = 172800 (2 days) NS-record for bcwebhost.net: DNS server = ns1.twisted4life.com TTL = 172800 (2 days) NS-record for bcwebhost.net: DNS server = ns0.xname.org TTL = 172800 (2 days) NS-record for bcwebhost.net: DNS server = ns2.xname.org TTL = 172800 (2 days) *AND* querying each of those NSs directly, the same list of NSs appears. Ask him if he differs with this. He can't. So why would ns1.xname.org even be on his mind? Why would he be hitting this server at all? Answer: he is not actually digging directly into your servers, but trusting his own, broken server. Which means he is not testing properly. What server is he using, anyway (never mind "non-Comcast tools")? Now, I grant you, his server wouldn't be "broken" per se if you had set, say, a 30-day TTL somewhere. That would be your fault. But we don't see that, or at least we can't see it anywhere in his results. > Do you see where in the stuff below it says that ns0 is getting its > results from ns1? The IP of ns1 is 178.33.255.252 and for ns0 it's > 195.234.42.1. No, and I don't even know what it would mean to be "getting its results from ns1." ns0 is returning authoritative results. As you said, he seems to be willfully making no sense: "getting its results from" is useless nonsense. Which is weird because in certain ways he seems to know what he's talking about. > At any rate, unless ns0 is really linked to ns1 as this guy claims, > then I don't see how ns1 is relevant. It isn't relevant. It isn't in the picture. If it's in the picture for him, he's not testing with working servers. > This is a subdomain > “ANYTHING.DOMAIN.TLD” is a subdomain and your mail.bcwebhost.net > subdomain should NOT have its own MX record. > Answer: >mail.bcwebhost.net. 43200 A 173.164.65.200 > mail.bcwebhost.net. 43200 MX 0 mail.bcwebhost.net. There is absolutely nothing wrong with this setup and I wish you could make this Spencer Jones idiot publish this claim in a DNS-centric place where he will be shamed (as opposed to a pretty
Re: [Declude.JunkMail] Fw: Deciphering Comcast reply on weird DNS stuff
I remember Len Conrad from way back when, and I believe he could "hand him his" Where would there be a DNS-centric list or forum where Len hangs out? Thanks, Ben - Original Message - From: Sanford Whiteman To: Declude.JunkMail@declude.com Sent: Tuesday, November 27, 2012 4:36 PM Subject: Re: [Declude.JunkMail] Fw: Deciphering Comcast reply on weird DNS stuff > In the end, he seems to be saying that we have a name server > giving wrong results, which would make sense, except I can't figure > out which name servers he's referring to. You'll see below where he > says "the NS0 name server points to NS1 and that will point to > mail2.bcwebhost.net and your incorrect IP address," and I don't see > that, do you? No. He's so far up his own... something... that he's decided upfront that it cannot be his problem, so he is willfully misreading the actual results. Look at this, from his message: > Authority: >xname.org.600 NS ns2.xname.org. >xname.org.600 NS ns3.xtremeweb.de. >xname.org.600 NS ns0.xname.org. >xname.org.600 NS ns1.xname.org. He claims to be getting this information from ns1.xname.org. I'm sure he is. The question is WHY he is querying ns1.xname.org, since it does not appear in the parents at gtld-servers.net nor in any NS records returned by your NSs. I think you may have a chicken-egg situation where he is actually using a broken server to check for brokenness! Tell him this: at *..gtld-servers.net, your NSs are NS-record for bcwebhost.net: DNS server = bcw4.bcwebhost.net TTL = 172800 (2 days) NS-record for bcwebhost.net: DNS server = ns1.twisted4life.com TTL = 172800 (2 days) NS-record for bcwebhost.net: DNS server = ns0.xname.org TTL = 172800 (2 days) NS-record for bcwebhost.net: DNS server = ns2.xname.org TTL = 172800 (2 days) *AND* querying each of those NSs directly, the same list of NSs appears. Ask him if he differs with this. He can't. So why would ns1.xname.org even be on his mind? Why would he be hitting this server at all? Answer: he is not actually digging directly into your servers, but trusting his own, broken server. Which means he is not testing properly. What server is he using, anyway (never mind "non-Comcast tools")? Now, I grant you, his server wouldn't be "broken" per se if you had set, say, a 30-day TTL somewhere. That would be your fault. But we don't see that, or at least we can't see it anywhere in his results. > Do you see where in the stuff below it says that ns0 is getting its > results from ns1? The IP of ns1 is 178.33.255.252 and for ns0 it's > 195.234.42.1. No, and I don't even know what it would mean to be "getting its results from ns1." ns0 is returning authoritative results. As you said, he seems to be willfully making no sense: "getting its results from" is useless nonsense. Which is weird because in certain ways he seems to know what he's talking about. > At any rate, unless ns0 is really linked to ns1 as this guy claims, > then I don't see how ns1 is relevant. It isn't relevant. It isn't in the picture. If it's in the picture for him, he's not testing with working servers. > This is a subdomain > “ANYTHING.DOMAIN.TLD” is a subdomain and your mail.bcwebhost.net > subdomain should NOT have its own MX record. > Answer: >mail.bcwebhost.net. 43200 A 173.164.65.200 > mail.bcwebhost.net. 43200 MX 0 mail.bcwebhost.net. There is absolutely nothing wrong with this setup and I wish you could make this Spencer Jones idiot publish this claim in a DNS-centric place where he will be shamed (as opposed to a pretty dormant ML). Someone like Len Conrad could hand him his -- S. --- Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: sa...@cypressintegrated.com SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/ --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The a
Re: [Declude.JunkMail] MX, DNS and other weird stuff
Hi Sandy, Thanks for the info on TTL. We don't change very often and we're pretty low volume, so 4 hours would be fine. The link you provide is what I found before: it's a Windows port but it's uncompiled. Lacking a compiler, I was looking for something precompiled. Thanks, Ben -Original Message- From: Sanford Whiteman Sent: Monday, November 26, 2012 7:20 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] MX, DNS and other weird stuff > So, two questions: first, is there a version of p0f that runs under > Windows? > I found the Unix version and I found a Windows-port version that is not > compiled (and I haven't used a real compiler in at least ten years). http://packetstormsecurity.org/files/download/109101/p0f-3.03b-win.zip > Second question: what's the popular recommendation for DNS TTL nowadays? I > think I reset mine many years ago after a discussion here among some other > people. "Universal" default TTL? You could say 4 hours. But it depends on the application, the stage you're at with setting up a new host (testing vs. long-term stable), the need for dynamic changes, all, of course, balanced against much load you want/need to shed. I test using 5m TTLs, but also keep 5- and 10-minute TTLs permanently where we have geographic clusters because that's the only way they work. In other cases, I try for one day. Rarely do I use more than a day even when a host has been stable for a long period, even if I could; with our traffic, I don't mind one DNS request per day for each session. For reference, you can look around at high-traffic sites like web analytics. My two analytics packages use 60s and 5m. I think the first one was at my behest because one of their servers kept going down and needing to be null-routed a couple of years ago! -- S. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] MX, DNS and other weird stuff
Hi Guys, So, two questions: first, is there a version of p0f that runs under Windows? I found the Unix version and I found a Windows-port version that is not compiled (and I haven't used a real compiler in at least ten years). Second question: what's the popular recommendation for DNS TTL nowadays? I think I reset mine many years ago after a discussion here among some other people. Thanks, Ben -Original Message- From: Sanford Whiteman Sent: Friday, November 23, 2012 6:01 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] MX, DNS and other weird stuff It's not really a complex setup unless you have (or had) a secondary that is capable of reloading with bad records. It shouldn't be possible to have a proper secondary that does this, as it should use either standard *XFR methods or some proprietary sync mechanism at startup to get the right records (incl serial #) from its primary. Since your tests show all of your possible NSs giving the right results when q'd directly (although you can't be sure it's 100% of the time if the secondaries are outside your control) the "good" news is now you are justified in using p0f to try to see if something is sitting in-between your Comcast boxes and the outside world. You could set up a box the just sends a barrage of queries to the Comcast NSs and pipes the p0f results to a file, then scan it after a day and see if anything looks amiss. Re: subdomain v. hostname, as mail.bcwebhost.net has an IP address assigned to it, it should be considered a hostname. If the label had only NSs,, it would be considered a subdomain that could have child hostnames. I have no idea what the Comcast dude is saying about "subdomain that has an MX." If it were a delegated subdomain, that might be notable, but it's not. One other thing: is it possible that you have a rally long TTL that you set at some point that might still send people to the bad/strange server? You could have mistyped and have 30 days to wait it out -- S. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] MX, DNS and other weird stuff
Hi, I just now did an nslookup mail.bcwebhost.net on each of our DNS servers, including the now no longer used ns1.xname.org. They all, even that last one, gave the correct IP address of .200. My observations about ns1.xname.org from last week was that sometimes it had the right serial number and sometimes not. I got the impression that someone was reloading it with old records, possibly due to hardware crashing. Anyway, we no longer use that server. So what is the extra complexity that you think we have in our DNS configuration? I wasn't intending to make anything complicated. I have the MX records pointing to A record mail, which points to the .200 IP address. I also have a second A I record mail1 pointing to the same IP. I don't see why any of this should be a problem? Also, did you understand the Comcast guy's reference to subdomain? I know an address such as mail.bcwebhost.net can be a host or a subdomain, but I didn't consider the two phrases to be synonymous. And we don't have any subdomains. Thanks, Ben -Original Message- From: SM Admin Sent: Thursday, November 22, 2012 12:22 PM To: Declude.JunkMail@declude.com Subject: Fw: [Declude.JunkMail] MX, DNS and other weird stuff -Original Message- From: Sanford Whiteman Sent: Thursday, November 22, 2012 11:55 AM To: imailad...@bcwebhost.net Subject: Re: [Declude.JunkMail] MX, DNS and other weird stuff [I'm not subscribed using this address, but it's the only one on my mobile. Pls feel free to forward to the list.] This guy's idea that IN MX is incorrect and "will cause issues" should really get him fired if he's the highest-level tech on this. When you want to set up a proper MX record to catch replies to postmas...@mysmtpserver.example.com, you of course do this by setting up such a record. Otherwise the implication would be that you can never receive mail at the same machine that originated it, but have to come up with some fake additional hostname? Ridiculous. Servers have been set up this way since the old days, when it was common to see addresses like u...@host.example.com (as opposed to just @example.com). Likewise, the idea that an intermediate host that is exempt from anti-spoofing measures can't reroute DNS requests is ridic. This is how our egress filters work: a machine listens using a network monitoring port and sends synthesized replies back if a website is in the block list. (The machine isn't a proxy, it's just listening to the switch's mirroring port in promiscuous mode). However, it is true that you have some complexity in your NSs that you need to work out. If you hadn't asked about interception it wouldn't have been my first guess. When you directly query each NS, what do you get? -- S. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Fw: [Declude.JunkMail] MX, DNS and other weird stuff
-Original Message- From: Sanford Whiteman Sent: Thursday, November 22, 2012 11:55 AM To: imailad...@bcwebhost.net Subject: Re: [Declude.JunkMail] MX, DNS and other weird stuff [I'm not subscribed using this address, but it's the only one on my mobile. Pls feel free to forward to the list.] This guy's idea that IN MX is incorrect and "will cause issues" should really get him fired if he's the highest-level tech on this. When you want to set up a proper MX record to catch replies to postmas...@mysmtpserver.example.com, you of course do this by setting up such a record. Otherwise the implication would be that you can never receive mail at the same machine that originated it, but have to come up with some fake additional hostname? Ridiculous. Servers have been set up this way since the old days, when it was common to see addresses like u...@host.example.com (as opposed to just @example.com). Likewise, the idea that an intermediate host that is exempt from anti-spoofing measures can't reroute DNS requests is ridic. This is how our egress filters work: a machine listens using a network monitoring port and sends synthesized replies back if a website is in the block list. (The machine isn't a proxy, it's just listening to the switch's mirroring port in promiscuous mode). However, it is true that you have some complexity in your NSs that you need to work out. If you hadn't asked about interception it wouldn't have been my first guess. When you directly query each NS, what do you get? -- S. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] MX, DNS and other weird stuff
Hi, First, I want to thank Shaun and Sandy for truly useful replies. Next, below is a response from someone at Comcast – presumably an engineer of some sort. I’m trying to fit together his comments (I find his tone pretty argumentative) with the points made here. For examples, Shaun seems to have shown that Comcast can intercept A-calls and I know that Comcast told me three years ago they intercept some calls, and yet here is this guy claiming it’s impossible. One thing Spencer has correct is a problem with ns1.xname.org. I have secondary DNS services set up with xname and twisted4life and I noticed last week that of the three xname servers (ns0, ns1, ns2), ns1 frequently had an old serial number. One day it would be 131 or something similar, which is about correct, and then the next day it would be 120, which is old. So last weekend I removed all references to ns1 (but kept ns0 and ns2 as secondaries) from our server and the registrar accounts. Really, by the time Spencer wrote to me yesterday afternoon, he shouldn’t have seen any references to ns1.xname.org. Any comments? Thanks, Ben From: Jones, Spencer Sent: Wednesday, November 21, 2012 2:39 PM To: b...@bcwebhost.net Cc: Self, Andrew Subject: FW: DNS zone files for BC Web LLC (Ben Bednarz) Sir, As to what you have below. Your MX record does point to a host name, but then that subdomain that does point to an A record and should ONLY point to an A record has an MX record of its own. This is NOT set up correctly, and WILL create issues. As far as our DNS servers intercepting DNS request traffic. That is not possible. If I make a DNS request it will go to 8.8.8.8, and if that server does not know the answer it goes to one of the 13 ROOT servers, then if the root server does not know the IP it goes to the TLD servers, they know the NS of the domain and go to that IP to get the answer if they do not know it. That is it, our servers can not and would have no way to know what traffic is going across the Comcast network, and then pull in packets that are DNS requests. Tens of thousands of people on Comcast’s network run DNS servers, including me and I do not have an issue. I bind to NASA’s ROOT server and everything pulls from there. I also host a Name Server on the network and never have I had a request answered by another NS. How do you suspect that our servers intercept traffic meant for your IP address, but only yours and only if it is a DNS request, and not any other traffic? Please show the 2 domain query’s below to your DNS expert and see if he feels that is correct that the subdomain points to itself. I am sorry you are having this issue but forward records of zone files we do not host CAN NOT be our issue, and in no way can ANY DNS server intercept a packet meant for another IP address. I see five name servers below for this domain and when I look up mail.bcwebhost.net on ns1.xname.org it gives me the answer of mail2.bcwebhost.net. So I found your issue and as I said it is NOT a Comcast one. Query: bcwebhost.net. Query type: Any record Recursive query: Yes Authoritative answer: Yes Query time: 188 ms. Server name: n/a Answer: bcwebhost.net. 43200 A 173.164.65.201 bcwebhost.net. 43200 NSbcw4.bcwebhost.net. bcwebhost.net. 43200 NSns0.xname.org. bcwebhost.net. 43200 NSns2.xname.org. bcwebhost.net. 43200 NSns1.twisted4life.com. bcwebhost.net. 43200 SOA bcw4.bcwebhost.net. administrator.bcwebhost.net. 133 ; serial 21600 ; refresh (6 hours) 3600 ; retry (1 hour) 2419200 ; expire (28 days) 43200 ; minimum (12 hours) bcwebhost.net. 43200 MX0 mail.bcwebhost.net. bcwebhost.net. 43200 TXT "v=spf1 a mx a:bcw5, a:bcw6, a:mail1 ip4:73.164.65.192/28 -all" Additional: bcw4.bcwebhost.net.43200 A 173.164.65.197 ns2.xname.org. 19A 88.191.64.64 ns1.tw
Re: [Declude.JunkMail] MX, DNS and other weird stuff
Hi Shaun, Thank you for a helpful response. I am CC'ing the list with this so I can get your response posted there. Thanks, Ben -Original Message- From: Shaun Sturby Sent: Wednesday, November 21, 2012 9:01 AM To: imailad...@bcwebhost.net Subject: RE: [Declude.JunkMail] MX, DNS and other weird stuff Hello Ben, (I get Declude mailing list messages but can't reply for some reason) I used the DNSStuff ISP Cached DNS records tester for mail.bcwebhost.net and all the records came back with the 173.164.65.200 IP EXCEPT for Comcast (NJ) which came back with "mail.bcwebhost.net. 0 IN A 68.87.92.78". Note that this is a very short TTL If you connect to that IP address you will see that the URL changes to 'http://selfinstall1.comcast.com/captiveportal/index.html'. Yet a DNS Cache Check using http://dns.comcast.net/ shows the correct .200 IP address. They did change DNS recently as this announcement shows. Comcast recursive resolver IPs (68.87.64.146, 68.87.64.150, and 68.87.64.196) will no longer be supported after October 12, 2012. If you manually configured any of these IPs on your device, please allow DHCP to update your DNS resolver IP addresses or update manually with 75.75.75.75 and 75.75.76.76. It looks like they intercept all A records to allow them to re-direct people to their management portal. I have seen this done before with ISP's like Telus when you need to register the MAC address of your router with your account but typically this uses a RFC 1918 private IP space and not live IP addresses. This is not the solution to your problem but is additional information to help you when you deal with ComCast. Shaun Sturby Technical Services Manager sh...@optrics.com Optrics Engineering | www.Optrics.com Canada: 6810 - 104 Street, Edmonton, AB, T6H 2L6 TF: 877-463-7638Fax: 780-432-5630 USA: 1740 S 300 West #10, Clearfield, UT, 84015 TF: 877-386-3763Fax: 801-705-3150 This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. From: Imail Admin [mailto:imailad...@bcwebhost.net] Sent: Tuesday, November 20, 2012 5:05 PM To: Declude.JunkMail@declude.com Subject: [Declude.JunkMail] MX, DNS and other weird stuff Hi, This is a question about DNS records and MX records and how I'm getting some weird behavior. It's not strictly speaking Declude issue, but I have a lot of respect for the people that used to hang out here and I'm hoping there's someone around who can give me some insights. Original problem: We use Comcast for our upstream provider. A few years ago, when we switched to them from our telecom provider, they told us that their DNS servers would sometimes intercept DNS calls even though we have our own DNS server. This was supposedly because we only rent a small IP subnet from them. At the time, they had us send copies of our zone records to them so that their DNS servers would have the same information as our DNS server. This worked fine until this fall, when we installed a new mail server on a new IP address. Our DNS server, of course, was updated to reflect this change. However, mail sometimes shows up at the old mail server anyway, in a more or less random pattern. It apprears to me that most of the time when people send mail to us, their mail servers correctly getting the IP address resolved by our DNS server. However, about 25% of the time, it appears that the DNS request from those sending mail servers receives an outdated response from some unidentified Comcast DNS server, resulting in the wrong IP address and the mail ends up going to our old mail server. Suppose, for example, that you send a message to imailad...@bcwebhost.net (the address I'm using here, which is a misnomer since our new mail server is running SmarterMail). The MX records for bcwebhost.net points to mail.bcwebhost.net and the A record mail.bcwebhost.net points to our new server IP (ending in .200). So your email should arrive at our new mail server. However, sometimes it will arrive at the old mail server named mail2.bcwebhost.net (IP ending in .193). The old DNS records had the bcwebhost.net MX record pointing to mail2.bcwebhost.net, for which the A record pointed to .193 (the old server). I've been going in circles for about a month with Comcast on this and they don't recall that they're the ones who told me three years ago th
Re: [Declude.JunkMail] MX, DNS and other weird stuff
Thanks! -Original Message- From: Sanford Whiteman Sent: Tuesday, November 20, 2012 10:37 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] MX, DNS and other weird stuff > Thanks for the info. Is there any problem with using the same host name > for > both MX record and A record? None at all. It is arguably redundant, as the host name will be tried in the absence of an A record, but it is best to keep your zones self-explanatory and not rely on fallback mechanisms. IN MX is fine. -- S. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
