Re[2]: [Declude.JunkMail] No one at Declude?
So, has no one still heard nothing from Declude? This is my favorite anti-spam service and I would hate to lose them. Well, no apologetic post here == bye-bye to the product, IMO. What really irks me when this happens (I've had it happen to two beloved boutique apps in the past) is that no one gives a thought to open-sourcing it, just destroying it. We aren't OS zealots and most of us are sysadmins, but that doesn't mean we couldn't make us of the code. Not to mention the grossly unethical, possibly illegal behavior of abandoning people with active maintenance. -- S. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Whois Tests?
That is/was Day Old Bread's goal. -- S. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] why have spam scores jumped?
Ben, you'd find Simple DNS Plus an easy cross-grade. We have used it exclusively for all user-facing DNS for many years. We only use MS DNS as a stealth primary. Also, as Andy said, it's hard to believe your authoritiative domains require more than a few dollars a month worth of DNS hosting -- some hosts even have a free plan you might fall under. -- S. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] why have spam scores jumped?
The challenge for me is in not using forwarding. For MS DNS servers, forwarding and recursion are tied together; turn off one and you lose both. Incorrect. Turning off recursion turns off forwarders, but not vice versa. You can have a perfectly operating recursive MS DNS server that does not delegate recursion to any other server (forwarding amounts to delegating recursion, but the server as a whole is still recursive, thus the unidirectional relationship between the two settings). You only MUST use forwarders if you are not allowed to pass DNS requests out past your ISP's border (similar to when you have to use the ISP's outbound SMTP gateway). So if I turn off recursion and forwarding, then all my DNS requests will have to go to the root servers for resolution. No, if you turn off recursion completely, you can't get responses for domains that aren't on your box. No one is going to do it for you -- the root servers sure won't. I do understand the dangers of being an open resolver You're mixing up a lot of terms here. An open resolver is one that will perform recursive lookups for any address on the open internet. but I am also under the impression that resolving only through root servers is bad. It's not bad, it doesn't exist. Since MS seems to recommend forwarding I doubt that... With a stub zone, queries to URIBL.com are resolved directly through the URIBL Name servers... ... and there is no reason to go down this road. If you can get DNS requests past your ISP, there's no reason to have forwarders. -- S. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Fw: Deciphering Comcast reply on weird DNS stuff
I should add that the number of erroneous emails sent to the old mail server has decreased. From Thursday through Saturday it went down to zero and I was hoping the problem had gone away. Then it started up again on Sunday, but at lower volume than before. Interestingly, most of the emails now received at the old server are spam. In the last three days, I've only received one email personally that was real mail and that went to the old server. By comparison, a week ago I had to check my account on the old server every hour. B/c we don't know if you accidentally had very long TTL on that bad nameserver (since the RR no longer exists at any of your authorities and we can't wayback it), it could be that that was the underlying problem. Nevertheless, the bizarre thinking of the Comcast person did not help matters. -- S. Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: sa...@cypressintegrated.com SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/ --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Fw: Deciphering Comcast reply on weird DNS stuff
Ben, Thanks for running your questions by me. Feel free to forward this message to your Comcast rep. Even if he is unwilling to help you further, there is information below that will help him be more accurate in future cases, since he currently lacks sufficient understanding of DNS. Mr. Jones is seemingly unaware of the difference between a delegated subdomain and a hostname. This gap in understanding does call the other conclusions into question, and I would not consider his to be an expert-level response. NOTE: I don't know if Comcast is or is not ultimately at fault for your mail delivery problems, but I would advise you to look for more expert testimony. It's perfectly normal for a hostname to be both the label and the value of an MX record (i.e. to be its own MX). In fact, the RFC-specified behavior of SMTP is to connect to the hostname to deliver mail to user@hostname in the absence of an MX record. All you are doing by adding hostname IN MX hostname is specifying that which would already be assumed (and also taking advantage of the MX algorithm). So normal is this configuration that I was able to quickly dig these examples from large, reputable domains: mail.beta.army.mil IN MX 10 mail.beta.army.mil ajax1.rutgers.edu IN MX 10 ajax1.rutgers.edu web.mail.vt.edu IN MX 0 web.mail.vt.edu webmail.uic.edu IN MX 0 webmail.uic.edu mail.messaging.microsoft.com IN MX 10 mail.messaging.microsoft.com webmail.villanova.edu IN MX 0 webmail.villanova.edu smtp01in.umuc.edu IN MX 0 smtp01in.umuc.edu mta4.wiscmail.wisc.edu IN MX 0 mta4.wiscmail.wisc.edu mail.dotster.com IN MX 0 mail.dotster.com Good luck with your continued troubleshooting! -- Sandy --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] MX, DNS and other weird stuff
The link you provide is what I found before: it's a Windows port but it's uncompiled. Lacking a compiler, I was looking for something precompiled. Ah, didn't notice that -- maybe search for a p0f 2.x binary because that's the last time I used it. I have a 2.04 binary that I'll send you off list. -- S. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] MX, DNS and other weird stuff
Update: NetworkMiner (http://sourceforge.net/apps/mediawiki/networkminer/index.php?title=NetworkMiner) uses the p0f OS fingerprint database and should work for you. -- S. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Fw: Deciphering Comcast reply on weird DNS stuff
In the end, he seems to be saying that we have a name server giving wrong results, which would make sense, except I can't figure out which name servers he's referring to. You'll see below where he says the NS0 name server points to NS1 and that will point to mail2.bcwebhost.net and your incorrect IP address, and I don't see that, do you? No. He's so far up his own... something... that he's decided upfront that it cannot be his problem, so he is willfully misreading the actual results. Look at this, from his message: Authority: xname.org.600 NS ns2.xname.org. xname.org.600 NS ns3.xtremeweb.de. xname.org.600 NS ns0.xname.org. xname.org.600 NS ns1.xname.org. He claims to be getting this information from ns1.xname.org. I'm sure he is. The question is WHY he is querying ns1.xname.org, since it does not appear in the parents at gtld-servers.net nor in any NS records returned by your NSs. I think you may have a chicken-egg situation where he is actually using a broken server to check for brokenness! Tell him this: at *..gtld-servers.net, your NSs are NS-record for bcwebhost.net: DNS server = bcw4.bcwebhost.net TTL = 172800 (2 days) NS-record for bcwebhost.net: DNS server = ns1.twisted4life.com TTL = 172800 (2 days) NS-record for bcwebhost.net: DNS server = ns0.xname.org TTL = 172800 (2 days) NS-record for bcwebhost.net: DNS server = ns2.xname.org TTL = 172800 (2 days) *AND* querying each of those NSs directly, the same list of NSs appears. Ask him if he differs with this. He can't. So why would ns1.xname.org even be on his mind? Why would he be hitting this server at all? Answer: he is not actually digging directly into your servers, but trusting his own, broken server. Which means he is not testing properly. What server is he using, anyway (never mind non-Comcast tools)? Now, I grant you, his server wouldn't be broken per se if you had set, say, a 30-day TTL somewhere. That would be your fault. But we don't see that, or at least we can't see it anywhere in his results. Do you see where in the stuff below it says that ns0 is getting its results from ns1? The IP of ns1 is 178.33.255.252 and for ns0 it's 195.234.42.1. No, and I don't even know what it would mean to be getting its results from ns1. ns0 is returning authoritative results. As you said, he seems to be willfully making no sense: getting its results from is useless nonsense. Which is weird because in certain ways he seems to know what he's talking about. At any rate, unless ns0 is really linked to ns1 as this guy claims, then I don't see how ns1 is relevant. It isn't relevant. It isn't in the picture. If it's in the picture for him, he's not testing with working servers. This is a subdomain “ANYTHING.DOMAIN.TLD” is a subdomain and your mail.bcwebhost.net subdomain should NOT have its own MX record. Answer: mail.bcwebhost.net. 43200 A 173.164.65.200 mail.bcwebhost.net. 43200 MX 0 mail.bcwebhost.net. There is absolutely nothing wrong with this setup and I wish you could make this Spencer Jones idiot publish this claim in a DNS-centric place where he will be shamed (as opposed to a pretty dormant ML). Someone like Len Conrad could hand him his -- S. --- Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: sa...@cypressintegrated.com SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/ --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: Fw: [Declude.JunkMail] Fw: Deciphering Comcast reply on weird DNS stuff
To answer Shaun's question, you'll see that we only have ns0 and ns2 for xname.org and ns1.xname.org is removed. So it shouldn't be a problem. It isn't close to a problem. It isn't helping matters to have your ostensible allies misread one hostname as another! Actually, I tried nslookup on ns1.xname.org this afternoon and it just wasn't responding at all. It's probably best to stop even saying ns1.xname.org because it seems to be prompting people to think it's there, when it's not. -- S. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Fw: Deciphering Comcast reply on weird DNS stuff
Actually, you did catch something. The section that starts with Authority. In his email he says Answer ns0.xname.org which I take to mean that he is getting that authorotative response from nso0.xname.org and not ns1.xname.org as you assume below. It means ns0.xname.org is part of the answer(s) to the question he asked, i.e. the A record for ns0.xname.org. Doesn't mean that is/is not the server queried. -- S. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Fw: Deciphering Comcast reply on weird DNS stuff
I remember Len Conrad from way back when, and I believe he could hand him his Where would there be a DNS-centric list or forum where Len hangs out? Maybe the big ISC BIND newsgroup or something? But it doesn't have to be him, it could be someone on the DNSStuff forums, too. -- S. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] MX, DNS and other weird stuff
So, two questions: first, is there a version of p0f that runs under Windows? I found the Unix version and I found a Windows-port version that is not compiled (and I haven't used a real compiler in at least ten years). http://packetstormsecurity.org/files/download/109101/p0f-3.03b-win.zip Second question: what's the popular recommendation for DNS TTL nowadays? I think I reset mine many years ago after a discussion here among some other people. Universal default TTL? You could say 4 hours. But it depends on the application, the stage you're at with setting up a new host (testing vs. long-term stable), the need for dynamic changes, all, of course, balanced against much load you want/need to shed. I test using 5m TTLs, but also keep 5- and 10-minute TTLs permanently where we have geographic clusters because that's the only way they work. In other cases, I try for one day. Rarely do I use more than a day even when a host has been stable for a long period, even if I could; with our traffic, I don't mind one DNS request per day for each session. For reference, you can look around at high-traffic sites like web analytics. My two analytics packages use 60s and 5m. I think the first one was at my behest because one of their servers kept going down and needing to be null-routed a couple of years ago! -- S. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] MX, DNS and other weird stuff
It's not really a complex setup unless you have (or had) a secondary that is capable of reloading with bad records. It shouldn't be possible to have a proper secondary that does this, as it should use either standard *XFR methods or some proprietary sync mechanism at startup to get the right records (incl serial #) from its primary. Since your tests show all of your possible NSs giving the right results when q'd directly (although you can't be sure it's 100% of the time if the secondaries are outside your control) the good news is now you are justified in using p0f to try to see if something is sitting in-between your Comcast boxes and the outside world. You could set up a box the just sends a barrage of queries to the Comcast NSs and pipes the p0f results to a file, then scan it after a day and see if anything looks amiss. Re: subdomain v. hostname, as mail.bcwebhost.net has an IP address assigned to it, it should be considered a hostname. If the label had only NSs,, it would be considered a subdomain that could have child hostnames. I have no idea what the Comcast dude is saying about subdomain that has an MX. If it were a delegated subdomain, that might be notable, but it's not. One other thing: is it possible that you have a rally long TTL that you set at some point that might still send people to the bad/strange server? You could have mistyped and have 30 days to wait it out -- S. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] MX, DNS and other weird stuff
Second problem: In our new DNS records, I have it set up something like this: two MX records: bcwebhost.net MX mail.bcwebhost.net mail.bcwebhost.net MX mail.bcwebhost.net one A record: mail.bcwebhost.net A (IP.200) Is there any reason I can't have the same name for both an MX and an A record (in this case, mail.bcwebhost.net)? The Comcast people claimed this was wrong and that the MX record should point to an IP address directly instead of a host name (which I'm sure is wrong). Absolutely, without any doubt, they are wrong. MX RRs MUST point to A (hostname) records per RFC. Not to alias (CNAME) records (though this can function 95% of the time, it is an RFC violation). And *definitely* not to IPs. This domain name must have as its value one or more address records. Currently those will be A records, however in the future other record types giving addressing information may be acceptable. The domain name used as the value of a NS resource record, or part of the value of a MX resource record must not be an alias. -- both RFC 2181 They tried to claim that this is the cause of my original problem but even if they're right about this, then it still doesn't explain the original problem. I'll reflect on your first problem later. Do not worry at all that they are right here. -- Sandy --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[2]: [Declude.JunkMail] MX, DNS and other weird stuff
I've been going in circles for about a month with Comcast on this and they don't recall that they're the ones who told me three years ago that they sometimes intercept DNS calls. I was wondering if anyone has any ideas or suggestions on how to track down the errant DNS calls? First, what they say (or said) they do vis-a-vis intercepting a certain % of packets is completely possible: they own all networks in question, so they can skip any anti-spoofing measures. Plus with DNS, you are (usually) using UDP, which is makes it even easier to spoof a reply provided you can drop the original request. The problem for you is that a fully spoofed reply doesn't have to contain any identifying information (by definition) except perhaps inadvertent OS/stack level fingerprints that would, assuming the two packet sources have different OS and/or stack configs, let you sort out the your server from the other mysterious one. I would recommend p0f for this http://lcamtuf.coredump.cx/p0f3/. You might get a result that shows you, for example, a Solaris 2 source box for the old responses. Then you can at least start saying very firmly, What is the Solaris box that is hijacking my packets? Alleging a major security breach might not be a bad idea for escalating your case. Good luck. -- S. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] white list or positive weight for a specific To address?
wouldnt the spammer/attacker need to have delegated authority over the source ip address space and control of DNS infrastructure to forge a PTR record? Well, either delegated authority *or* a subscriber agreement with the ISP that allows PTRs to be requested/modified. For example, I can write to my DSL provider and have the PTRs for my small IP block changed to whatever I want. I don't have a management UI nor delegation to my own NSs, but I can easily get it done. Again, we're talking about a targeted attack. Given sufficient motivation/payoff for such an attack, a forged PTR is going to be a lot easier to make happen than an altered SPF record, let alone a spoofed IP. I have been doing this a while and I dont recall ever seeing a message whitelisted due to forged revdns, I use revdns for whitelisting heavily. Me too, I'm not saying it's commonly abused, but in terms of feasibility I just had to point out that MAILFROM w/forward-only SPF mechanisms is less vulnerable to forgery than MAILFROM w/PTR SPF mechanism or REVDNS alone. -- S. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] white list or positive weight for a specific To address?
Why not use the HELO or REVDNS? REVDNS is going to be the safest because of the difficulty in forging it Not always... if the domain has a hard-fail SPF record that isn't *itself* dependent on forgeable records (only uses IPs and forward DNS entries), then the MAILFROM can't successfully impersonate the protected domain (the envelope sender can still be trivially crafted, of course, but the mail will be rejected). However, in the case under discussion, declude.com's SPF record depends on the forgeable PTR, so in this case the SPF isn't any stronger protection than REVDNS itself. I would hesitate to say that there's any difficulty forging the PTR as part of a targeted attack. @ Ben, the MAILFROM for list messages uses the format declude.junkmail-your_verp...@declude.com, so there is a consistent SMTP (RFC 821) emvelope sender to filter on. -- Sandy --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] OT: ramdisk using Windows Server 2008 64bit
Gary, I think I might have spaced on a similar question you asked a while back. I recommend Starwind Software's RAM disk -- the one that comes with their iSCSI initiator (you don't actually need any iSCSI SAN in place). We use it on 2003 + 2008. -- Sandy --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] SSD vs HDD
I'd second the RAM disk recommendation. You don't need to pay for enterprise-class RAM disk anymore, as the feature is built into Starwind Software's StarPort iSCSI initiator, which is free. We've used it for 2+ years now. -- Sandy --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Idea for new Declude add-on
This product is not ready to be on the market and certainly should not be something someone pays good money to purchase. It has promise, but its not ready yet. Your complaints have to do principally with SmarterMail -- certainly when the product was published and supported I don't recall anything about SmarterMail being advertised. That's an after-the-fact hack, but I don't knw what that has to do with on the market. Autowhite also has a log option. But it won't log without a syslog daemon on the server. IMail had a syslog daemon built-in. That's obviously why it was built to use that functionality. Autowhite needs to have an option to log to a text file -- I wouldn't install anything to support a utility being able to log. Do your firewalls log to text files on the device, then? Sounds like a lot of FUD over a dead product which actually did exactly what it was supposed to do, and with more flexibility than most command-line add-ons. I for one *wish* that everything logged to syslog. I don't want a text file on the local box being written to on every e-mail. SMTP is disk I/O bound already. -- S. --- [This E-mail was scanned by Declude] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Idea for new Declude add-on
AutoWhite doesn't whitelist, it counterweights. Whether you counterweight enough to be tantamount to whitelisting is up to you and your setup. You should read the documentation for AW (if it is still available) before deciding that a base was not covered. -- Sandy --- [This E-mail was scanned by Declude] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Cutting down on DNS
No reason to believe that putting IP addresses in a DNS server would be substantively faster than an optimized local connection-time IP database. The local db itself should be cached in memory, and thus should never be slower when you add in the network overhead of DNS (even on the same box). The advantage of DNS in this case is in sharing the same db across multiple machines, not speed. -- Sandy --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[2]: [Declude.JunkMail] Cutting down on DNS
Probably a crazy question, but if I wrote a script to harvest the current blocks (for e-mail harvesting) out of SmarterMail (if such a thing could be done) would that make a good or a bad local URI? Are you talking about turning a list of IPs into a list of dotted-decimal URIs like http://1.2.3.4 ? That doesn't make sense. --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: sa...@cypressintegrated.com SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/ --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[4]: [Declude.JunkMail] Cutting down on DNS
How does one go about replicating a zone locally to begin with? Can you replicate multiple zones locally? Sure. Should you do this on the machine that is hosting SmarterMail/Declude, or on another? Sniffer is my best test. INVURIBL used to be fantastic, but it doesn't fare quite as well these days. Does anyone recommend anything else? Thanks for the discussion! -- Michael Cummins --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. Mail was checked for spam by the Freeware Edition of No Spam Today! The Freeware Edition is free for personal and non-commercial use. You can remove this notice by purchasing a full licens Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: sa...@cypressintegrated.com SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/ --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[4]: [Declude.JunkMail] Cutting down on DNS
*unsticks Ctrl key* How does one go about replicating a zone locally to begin with? 2 ways, depending on the BL. They could let you use standard DNS zone transfer, or they could make you do an out-of-band HTTP/FTP download of the zone. --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: sa...@cypressintegrated.com SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/ --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[6]: [Declude.JunkMail] Cutting down on DNS
...Declude just does a DNS lookup on the defined server and checks to see if it returns an authoritative or non-authoritative response for the host name of the e-mail address, and then pass/fails on that? Yes, same way DSBLs usually work, only when you replicate the zone, your DNS server is authoritative, so there is no outside lookup. I Googled a few of the more useful RBLs on my list. So far, they all want you to contact them for pricing. That sounds scary. Does anyone know how much this kind of thing usually runs? UCEPROTECT is free to replicate locally (HTTP or RSYNC) http://www.uceprotect.net/en/index.php?m=6s=0 Note that the resulting downoaded file is in RBLDNS format. So you would convert it to a standard zone file. What DNS server do you use? Considering that UCEPROTECT folks say a maximum of 1,000 (!) direct requests per day are supported, you would be well advised to replicate this one. --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: sa...@cypressintegrated.com SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/ --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[2]: [Declude.JunkMail] Cutting down on DNS
Just glancing around their website, I see that they recommend RSYNC to RBLDNSD formatted files. The Invaluement people here recommend Simple DNS Plus as a replacement for Windows DNS. Would most people here make the same recommendation? I really have nothing against Windows DNS, no security/stability FUD or anything. *But* I always use SimpleDNS Plus for anything other than Active Directory because of its feature set. For a relevant example here, SDNS has a utility to parse down RBLDNS formatted files into its own native blacklist format. I also like SDNS' NAT recognition feature -- I have probably saved days upon days of configuration/replication hell because of that. But you can continue to use Windows DNS and DNSCMD and be fine for this purpose. --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: sa...@cypressintegrated.com SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/ --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Cutting down on DNS
My declude boxes are really driving DNS traffic up, loads. As in humans notice or as in my SNMP monitors notice... is this actually negatively impacting performance of DNS or any other service? Do you run local caching DNS (I hope so)? The other thing to look into is zone transfers for eligible BLs. --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: sa...@cypressintegrated.com SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/ --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[2]: [Declude.JunkMail] Cutting down on DNS
Humans notice, because the traffic runs through a perimeter firewall that checks port 53 traffic against its Intrusion Protection profiles (amongst other things). Lately, during periods of heavy activity it's been ramping up the CPU and memory of the perimeter firewall. I've noticed moments of sluggishness as a result. If you have 250,000 messages, each one does 10 lookups -- 2.5 million remote lookups on its own is not overwhelming (of course, depending on your raw upstream/downstream bandwidth, but I presume you have that limit covered.) But 250,000 daily queries to an individual BL will likely exceed their limits if they have one: overages may be timed out or throttled down, adversely (and purposely) affecting the number of attempted and simultaneous outbound connections. What is the firewall model? What's the rated max UDP connections? The rated max for wire-speed IPS inspection? Do these effects, in other words, simply jibe with your use of a lowish-end firewall to do egress filtering on some rather chatty servers? If the results are not what you would expect from your hardware, do you have some setting that is leaving connections open for too long? An too-deep inspection profile being applied to these servers? If push comes to shove, what about giving these machines their own dedicated IPS and not filtering on the main unit? My two declude servers probably handle about 250k messgaes per day, but around 90% of that is eliminated as waste. This waste still consumes bandwidth and DNS connections. Well, of course... if it didn't take DNS connections, you wouldn't know it's waste (with the exception of those BL lookups which are redundant with other tests or which rarely find listings -- and those are lookups you should eliminate). Yes, I run local DNS on the Declude Machines, but I've notcied that the caching isn't all that effective. To the perimeter firewall, a lookup is a lookup, not matter what resource asked for it. When a result is in the local DNS cache, there is no remote lookup, so nothing goes through the firewall. Can you check the size of the cache throughout the day and verify that you haven't turned something off so that lookups are being passed through and not cached? It is of course possible that you have few IPs that reconnect before their TTLs expire, but that should be verified. And my other recommendation stands -- look into which BLs will let you replicate their zone/s locally. --Sandy --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] CommTouch ZeroHour
If my memory serves me correctly, there were some licensing limitations for using the CommTouch tests which is why I have not activated it in the past. Has this changed? I was trying to find it on my account page but could not. The list archives show that as of the last public communication, CommTouch is allowed for [a] people who are not considered service providers or [b] people who are service providers, but who are legacy Declude customers holding a perpetual license prior to the integration of CT. I host mail for my clients (we are not an ISP though), so can you clarify if I am able to use the CommTouch feature? It's my understanding from David's remarks in the past that if you perform store-and-forward between your organization and another (which seems to apply to you) and you are not a legacy customer, you are not allowed to use CT. Though perhaps if you charge nothing for the service on paper (not just a loss leader, but a non-item) then maybe you still aren't a service provider? I presume, though it is far from clear, that when David refers to eating the cost of CT it is that he is eating the cost only for the legacy customers who operate service providers. If in fact Declude is absorbing the service provider sublicensing cost for all legacy customers, regardless of how each customer actually deploys Declude, that is unfortunate but certainly not the fault of people whose real use of Declude should *not* legally trigger an associated Declude payment to CommTouch. Or if Declude has been absorbing the service provider sublicense for *all* current customers -- that is, that anyone can now use ZEROHOUR regardless of when they bought and how they use Declude -- that certainly was not well-presented to the community. --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: sa...@cypressintegrated.com SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/ --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] AOL - AIM Spam
HEADERS 20 PCRE (X-Spam-Flag: YES) A problem with doing this as a single (non-combo) filter is that you are using a trusting a common x-header regardless of source and/or documentation. This allows for pretty easy poisoning of a weighted system. If anybody should be, y'know, malicious out there --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: sa...@cypressintegrated.com SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/ --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Errorlevel not working
IMO, no reason to use the shortcut IF ERRORLEVEL when the regular IF %ERRORLEVEL% allows you to do the = comparison and more. --Sandy --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Negative Weight an IP
Thanks for your suggestions! Um, fix the PTR? --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/ --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[2]: [Declude.JunkMail] Negative Weight an IP
Sandy, I guess that was a question that was on my mind. We've never had anything set up for the web server before - only the REVDNS for the mail server itself. In order to set up a valid PTR (that is, canonically accurate) for the webserver as queried by your mailserver, you need to have a DNS server that is capable of returning PTR data for your private IP range. Note that this is actually reason #nnn to not rely solely on external DNS servers (viz. the debate from a few weeks ago), since those servers cannot return records for your internal IPs. It is true that in very simple networks, one rarely needs internal reverse DNS resolution; it is admitted that maintaining in-addr.arpa zones is indeed a step up from the pure, demonstrated simplicity of running a caching-only recursive DNS server. Nonetheless, if you have more than one internal machine *and* maintain a Declude installation, I remain firm in my belief that you should be able to maintain a DNS server. The other way around it is to use whitelisting, etc., but I really like to have my machines know each other. Maybe that's just my thing. --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/ --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Negative Weight an IP
While any server doing direct delivery to remote MXs must have a PTR, I got the impression that Todd's box sends to the Declude box only, making the PTR somewhat more optional (until, of course, your anti-spam gateway looks for a PTR...). --Sandy --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[2]: [Declude.JunkMail] Negative Weight an IP
I can easily get a REVDNS through my ISP. Not for your private IP range, you can't. However, I'm not sure what I would get it as. Obviously my mail server was easy (mail.domain.com). However, with a web server that hosts many sites, do I have to have a REVDNS for each domain name? No, you decide the single most appropriate canonical hostname for the box and point the IP to that hostname. --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/ --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[6]: [Declude.JunkMail] DNS Changes
/IP, SMTP, MIME, and DNS. Otherwise, they should be outsourcing -- perhaps to a Declude-powered provider. I will say it again: if you're outsourcing everything else, by all means use OpenDNS. But if you are keeping your anti-abuse and mailbox solutions on-premises, and you are using as technical a solution as Declude for the former, running away from DNS is plain foolish. I will always disagree with your steering people to always use OpenDNS the moment they encounter a DNS problem. how many people i speak with who do not have the recursive option set on their DNS servers... Yeah, that would surprise me utterly, since they wouldn't be able to do _anything else_ with said servers that would lead them to believe they were suitable for Declude's use. ... even more so, they are using their ISP's DNS server and the ISP does not allow recursive lookups because of the high traffic. Very well, in these cases the problem is not that they can't keep their own DNS up, it's that _they haven't tried_. And they won't ever try if they skip to OpenDNS. We have no bearing on how people choose to run their business or educate their employees. Of course you do! The way internal IT people interact with product support, and vice versa, is absolutely part of the definition of IT competence. Everyone who has seen the pros and cons of reliance on outside support knows this. Every single blithering, delusional fake that I have had the misfortune of dealing with in this industry has a characteristic tic: they will not learn for themselves what should be their core competencies. I will work on getting a few articles together next week. If you would like to contribute your extensive knowledge of DNS, shoot me an email at [EMAIL PROTECTED] and i will glady add your information. I may do that. --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/ --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[8]: [Declude.JunkMail] DNS Changes
I have a suggestion since DNS is so critical to Declude. A secure recursive bind implementation can be setup in less than 5 minutes. Kevin, thank you very much for proving the absurd ease with which this one (of many) DNS servers can be set up for this purpose, and to everybody else who voiced their agreement. I expect the voices of the qualified sysadmins here are unified. --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/ --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[8]: [Declude.JunkMail] DNS Changes
Yeah, that would surprise me utterly, since they wouldn't be able to do _anything else_ with said servers that would lead them to believe they were suitable for Declude's use. I worked for an ISP for a long time before joining Declude. DNS servers are NOT useless without the recursive DNS option turned on. I don't know where you're getting your information, but it is incorrect. What I said was (it's right there above, please reread) there is nothing else they could do with said servers _that would lead them to believe they were suitable for Declude's use_. That is obvious. There is no reason anyone should think that authoritative-only nameservers are their DNS servers. Such servers could not be the servers they use to surf the web, for example. The only reason they would enter such a server into the Declude config is because they have not been sufficiently briefed on the characteristics of the server that is suitable for Declude vs. one that may not be used. The test can you run 'nslookup -q=mx gmail.com 1.2.3.4' is enough to tell people that the 1.2.3.4 is or isn't valid. --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/ --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: Re[8]: [Declude.JunkMail] DNS Changes
Thanks, K. ipconfig from a mailserver that can surf the net is another duh quickie... . --Sandy --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[2]: [Declude.JunkMail] DNS Changes
Also, we suggest that you use the following DNS server with Declude 208.67.220.220. This is an OpenDNS server and it is extremely reliable. Sorry to be meddlesome, but recommending that a single, remote, uncontrolled DNS server always be used for Declude's RBL lookups kinda flies in the face of best practices. The very reason people run their own recursive DNS servers is to increase performance, and in 2008, if you can't install and support one of the several high-performance DNS servers out there (Simple DNS, PowerDNS, BIND, MS DNS) for recursive use only, chances are you should be outsourcing your anti-spam measures as well. From experience, I'm sure Todd has the skills to support his own DNS, so it seems defeatist to suggest he do otherwise after this migration period. --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/ --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[4]: [Declude.JunkMail] DNS Changes
Kevin, in our experience, the two OpenDNS servers (208.67.220.220 and 208.67.222.222) that we suggest be used with Declude, work wonderfully and the uptime is excellent. Uptime should be 100% on DNS servers. It's 2008! This should not even be a consideration. No matter how wonderfully they work, a high-traffic mail server will _always_ be slowed down by using DNS servers over a WAN. Like i said earlier, we here in support see a lot of problems from our customer's in-house DNS servers failing to do recursive lookups. Well... anyone running a help desk for an otherwise stable product/environment sees the majority of questions for stupid stuff that is not your fault. Does that mean that corporate help desks, which are constantly saddled with password resets and access requests, should just tell users to share the same user account + password? (Some do: bad ones.) Giving our customers the suggestion and the option to use the OpenDNS server(s) is exactly that, a suggestion and an option. Actually, what you said was I suggest always using 208.67.220.220 because you will never have to rely on your internal DNS -- that is not an idle option but a pretty firm prescription from the company. Guess it depends on whether suggest beats always or vice versa. You can use any DNS server that does recursive lookups. The problem is, most of the people we come across on a daily basis do not have recursive lookup option set up on their local DNS servers. All companies either have an internal recursive DNS server (maybe they don't know its IP?) or already use their ISPs DNS or some other remote DNS service like OpenDNS. Are you talking about people who have a DNS server running on localhost, but not a recursive server, and have deliberately set Declude to use this server instead of the fully functioning one they must have in order to send mail? G-d help us if these people are blithely switching to OpenDNS instead of taking their DNS illiteracy seriously! I would submit that you are both (a) doing your own product a disservice by hampering its performance AND (b) doing your client a disservice by treating their management like It's okay that your IT person doesn't know how to configure/locate the simplest possible DNS setup, he/she can still be a responsible mail admin. This may be a good way to grab more Declude users who would otherwise outsource all of their anti-spam, but it is unethical to suggest that anyone so unqualified should be in charge of their company's anti-spam defenses. Sorry if anyone's feelings are hurt by that. You may have lots of other skills we mail people don't. But if you don't know DNS, you don't know SMTP. And if you don't know SMTP, you don't know e-mail. Why not just post/reprint some articles on your site about setting up recursion (presumably in MS DNS) and point them there? Or put together a HOWTO for PowerDNS or BIND, both free? It is so ridiculously easy that I shudder to imagine are people trying to make use of such a techies' product as Declude (sorry, it is, I've been using it since 1.x) who can't handle this. --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/ --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[3]: [Declude.JunkMail] SPF Issue
The mx should not be naked. Actually, naked mx mechanism is fine. So is -all (deny-all being preferable to anything looser). The cefib.com TXT record is a valid SPF record. The problem is likely to be an NXDOMAIN received by DNSStuff, perhaps due to routing problems. Other remote tests such as Men and Mice's DIG online work fine. --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/ --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] SPF Issue
I have som SPF issues What issues? Did you validate your TXT record at openspf? --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/ --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[6]: [Declude.JunkMail] Blackice Server EndOfLife - need replacement
I placed on a test machine and then trial on a production IMail server. I really want this thing to work, but as I train and set-up, found that the SMTP service stops and will not restart and getting a cannot find DLL and SMTP. Sandy - have you experienced anything along this line? Nothing like that exactly, no. But you must make sure that anti-virus/anti-malware software is off during the install, and that you exempt the eEye folders and apps from heuristic scanning + detection after restart. NOD32 and AVG will both be hypersensitive to Blink; Blink's EXEs and DLLs may end up in quarantine unless they are excluded. Also -- the usual concept of no more than one memory-resident AV at once -- you should make sure Blink's anti-virus module is off. Off-list, let's work together to get it up. --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/ --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[2]: [Declude.JunkMail] Blackice Server EndOfLife - need replacement
To replace blackice functions as to load on a server and monitor and block what applications sends out on individual ports. I have an offending app or task that trying to send out on random ports , I am trying to find it and block it Yep, a HIPS like BlackIce can't be replaced by a separate firewall. I have kind of been holding in reserve my newfound love for eEye's Blink, but there it is -- pls contact me off-list for more info if you want. I'm currently rolling it out to 125 stations and find it more than able. I have no relationship to the vendor. --Sandy --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[2]: [Declude.JunkMail] Blackice Server EndOfLife - need replacement
We too use Black Ice with great success (except Windows 2003R2 will not install and run). The replacement is IMP Proventia and very expensive at about $700 per server. We are also looking for a more cost-effective replacement. Blink again -- cost is insanely reasonable. --Sandy --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] OT: Use MS IIS SMTP server as a gateway
A little off topic but i was wondering if anyone can help me find a tutorial on how to set up my IIS server running Imail 8.15 and Declude to use the MS IIS SMTP server as a gateway. [I am assuming that you will still be using your IMail box as MX and using IIS only for outbound.] Set up your IIS SMTP virtual server to accept relay only from your IMail server's IP (Access-Relay-Only the list below). Override external DNS A resolution for your MX box by mod'ing the HOSTS file on the gateway. This ensures that the gateway can send NDRs back to the mailbox server over the local LAN and won't try to loop back through your firewall. (If you have a split DNS setup with private IPs served up internally, you won't need to worry about this step.) Ensure that your gateway passes a PTR-HELO-A roundtrip test (just as you would with an IMail box making direct connections to remote servers). The FQDN of the virtual server will be the HELO. That's a nutshell version. --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/ --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: AW: Re[2]: [Declude.JunkMail] frustration
Is there an easy guide to create a windows version of SpamAssasin? Or is there a precompiled windows version? SA comes in two fundamentally different forms. At the primitive level, there are all-in-one processes: spamassassin.pl (interpreted by the ActivePerl script engine) and spamassassin.exe (actually a perl2exe bundle with the Perl runtime module inside, since the base language of SA is always Perl). I've found that neither of these are suitable for Windows mail servers over a few thousand messages per day. The main reason is startup overhead. Each process runs independently -- just like old Declude and Sniffer before they introduced their persistent processes -- and so your system endures loading Perl, the regex rulesets, the add-ons, etc. with every message, even before *running* the rules. It's notable that Windows is relatively poor at such process-based architectures, regardless of the application; there are *nix users who use spamassassin.pl who are able to handle much higher loads. However, any platform is handicapped by the process-per-message overhead as load grows. The alternative to process-per-message is SPAMD, the SA persistent process. With SPAMD, the rules are loaded only once, so there is no repetition of this step for every message, giving vast increases in performance. Better yet, SPAMD is a TCP/IP server that doesn't have to run on the same box as your mailserver. Your mailserver only needs to run SPAMC32 (the client portion), which has 0% overhead after it spools the message over to SPAMD -- it spends the rest of its time waiting silently for a response from SPAMD. If you run multiple SPAMD servers, SPAMC32 can load-balance requests among them, so you can continually shed load off your mailserver (obvs. especially valuable if it is also a mailbox server). I answered in such an extended fashion because it's vital to know _which_ SpamAssassin you are trying to find/compile/run. If you want to run SA in process-per-message mode, you want spamassassin.exe. If you want to run SPAMD on Windows, Google 'spamd cygwin'. If you have a spare workstation, though, I would recommend that your very first step be finding a *nix distro on CD that includes SPAMD. SPAMC32 can connect to a remote SPAMD regardless of platform. I am _never_ one to claim that a Windows shop can support a production *nix install at the same level that they support their Windows servers. But using a CD-based *nix to get SPAMD running quickly is likely the best way to test the functionality, instead of (a) getting lost in the admittedly complex setup of SPAMD on Windows, or (b) using process-per-message SA and finding its performance unacceptable. --Sandy -- Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. mailto:[EMAIL PROTECTED] -- --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[2]: [Declude.JunkMail] frustration
But I get new hope now. Obviously with Declude alone (We run Smartermail 3.x) we can't catch them all. I will try Sniffer, invURIBL and Commtouch. I hope they all run with SM. Allow me to recommend the addition of SpamAssassin (through our SPAMC32). I use the commercial products as well, so this isn't a plug for FOSS. I've always enjoyed the native regex support in SA, its built-in support for URIBLs, and its client-server architecture (which means your mailserver need not take on any more CPU load). --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/ --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[2]: [Declude.JunkMail] Bulk Outbound Mailer
We're really happy with gammadyne mailer. www.gammadyne.com Ditto for me re: Gammadyne, though I have just switched a longtime Gammadyne user to GroupMail. The reason -- perhaps irrelevant for most -- is that the latter supports OLEDB in addition to ODBC. Client has a CRM database that has an OLEDB-only reporting interface. --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/ --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[4]: [Declude.JunkMail] Using Footer32 in per domain configuration
I never thought to check that since it was a Declude external test, but thanks for that info. I was referring to your announcement notes that detailed the switches. Gotcha. I always implement command-line help switches for my command-line apps, FTR, even if they are meant to be forked silently from another process. --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/ --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[2]: [Declude.JunkMail] Using Footer32 in per domain configuration
I found the problem. It seems there is an additional undocumented command line switch that needs to be added to the end of the line for it to work. I think it's documented -- considering that the /? is the only documentation, and it's in there. :) --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/ --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] OT: server monitoring
I am doing research on purchasing/open source server monitoring and would like to know what Declude administrators recommend. I am in the midst of a two-week (so far) product survey of exactly that sort. One of the sites I manage has a need for granular SNMP and SQL monitoring and reporting across thousands of different metrics, although the number of physical machines is just three! Rather than roll my own solution by augmenting the web application with all kinds custom logging, I'd much prefer to use a third-party platform with its own scheduler, aging, graphical reports, etc. But it's been frustrating so far that I haven't found anything at my price point ($Free through $999) that has quite hit everything I want. I am currently most putting Intellipool, OpUtils, and Zenoss through to the second round. There have been others that I simply haven't gotten to install for the first 15 minutes, so I've just had to move on (Up.Time, SysOrb) even though they looked promising. Some just suck. But I don't want to call them out just yet. My reqs are likely different from yours, though. How many devices are you monitoring, and how many monitors do you expect to have per device (this is closely tied to pricing for the non-free options). Do you need to be able to query the monitoring database from outside applications? Are you going to concentrate on SNMP monitoring, or do you share a LAN with your Windows devices, making WMI and direct OS monitoring more feasible? Do you need an agentless architecture because you don't control your monitored hosts, or could you install helper agents on your devices when applicable? Are you going to fully dedicate a machine to this function, meaning that an ISO-based distribution that happens to load a non-Windows OS is a non-hassle; similarly, does the machine you are using have enough power to run a VM image of another OS, rather than supporting that OS down to the bare metal? [FYI, I have had nothing but great experiences with IPCheck Server Monitor, which is my current platform (along with SNMP Helper). The problem is that their pricing is at odds with my new requirement that I have unlimited monitors and a small number of physical devices; their pricing is more balanced, so they come in a bit too high.] --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/ --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[2]: [Declude.JunkMail] OT: server monitoring
I guess I should have given more information. Things I want to do. Monitor our web and SMTP applications and send text message notifications to a cell phone and email address concurrently. I don't how many devices or monitored apps you're talking about, but if both are 10 or so, you should be able to use the no-cost version of a nice commercial app. Many of the vendors offer such teasers. So, how many monitors, and how many hosts? --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/ --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[4]: [Declude.JunkMail] OT: server monitoring
I just found this open source alternative. It comes prebuilt as a VMware virtual Appliance. http://www.groundworkopensource.com/ It also seems to have an active community. Yes, as do Zabbix and Zenoss. FOSS monitoring is a growing field. I personally prefer an ISO or the true OS when running something like this. Good way to learn VMWare, though. :) Also bear in mind that they are usually bundling preexisting FOSS tools, such as RRDtool and MRTG, etc., with a unified GUI. They're not built from scratch. Anyway, they may fill the bill just fine for you, as would the Lite versions of commercial tools. You didn't spell out your technical requirements, so I wouldn't know --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/ --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Header Information Util...
I am looking for a script/utility to pull the header information out of every email in an Outlook/Exchange inbox. If you choose to use MAPI (one of your many choices), extract the property PR_TRANSPORT_MESSAGE_HEADERS (0x007D001E) from each message. This is a string property that contains all of the RFC 822 message headers in original form. --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/ --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[2]: [Declude.JunkMail] Vulnerability in RPC on Windows DNS Server Could Allow Remote Code Execution
It is also odd and possibly grossly incompetent of Microsoft to choose to use ports 1024+ for such purposes, but I'm thinking that they have some weakly justifiable reason to do this as a feature. RPC endpoints always choose dynamic ports in the customary ephemeral range, not the reserved range. This is by definition and common sense. RPC is not a Microsoft invention. It was pioneered by Xerox Sun and was implemented using the same basic model across many OSs. --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/ --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] SNMP / Smarter Mail 4
I'll probably get ridiculed but I recently discovered the joys of SNMP and I found myself thinking wouldn't it be cool if I could use SNMP to keep track Declude performance? You know: queue sizes, number of threads, memory used, all that. I second Matt's recommendation of IPCheck for things like file counts, service uptime, etc. For number of threads, memory used and other process information, you can do that by using Microsoft's perfmib.dll, which is essentially an SNMP proxy for the Performance Counter functionality. Any element you can create a Counter Log for in Perfmon (such as Thread Count for an EXE image) you should be able to also query using SNMP. I'm not sure if perfmib is supported anymore, but it does work. Alternately, you can try SNMP Informant or other third-party bridges between PerfMon and SNMP. FTR, I use OpManager for agentless SNMP-based monitoring, while IPCheck is better for its proprietary -- and I find more reliable -- suite of both agent-driven and agentless monitors. YMMV. --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/ --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[2]: [Declude.JunkMail] PCRE FILTERING
Hopefully at some point Declude will post a list of good examples on their web site. I hope people aren't ignoring the ridiculously profuse SpamAssassin Rules Emporium, SA built-in rules, etc. --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/ --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[2]: [Declude.JunkMail] Image spam
How is this licensed? Dunno, but if it costs you an ORF license to use it under Declude, it's still very cheap. It appears that ORF is needed to use it legitimately -- is that correct? Well, it's not in their customer-only area, so you can draw whatever conclusion you want from that. Also, can this be configured to be called only when an image attachment is detected? I don't believe so, but redecoding the MIME within the external process should add very minimal overhead. --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/ --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[2]: [Declude.JunkMail] OT: SPF record question
To me this indicates that SPF doesn't help you if your users are not using webmail. Is this correct? No, the connecting IP seen by remote servers will still be the last hop on your network, not the authenticating IP that submitted the mail. While this is thus an irrelevant concern for remote mail, it is true that you must exempt authenticated sessions from *your own* SPF lookups, or else you will reject your own users. You do this either by (a) turning on such an exemption in your MTA for the primary port, (b) having users submit through an authenticated-only port and/or different authenticated-only MTA that doesn't do any SPF checks, or, least desirable, (c) using a spoofed internal SPF TXT record for your own domain that has a looser policy. --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/ --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Outlook SCL X-header
Does anyone know if there's a valid X-note header that can be placed in the message body that will cause Outlook to automatically route emails to the Junk-email folder? Assuming you are talking about Outlook *without* Exchange: AFAIK, there is no built-in header rule that is recognized on the client side. While it is relatively simple to hook into the IMF chain *within* an Exchange server and simulate a message that has a high SCL (or relocate messages to subfolders regardless of user rules, etc.), Outlook's Junk E-Mail folder and Exchange's Junk E-Mail folder are only unified if the user connects via MAPI. If it's running standalone (POP/IMAP), Outlook 2003 uses its own version of (or subset of?... not sure of its relative breadth) the IMF to move messages into Junk E-Mail. Note that when you are using MAPI, the exposed plain-text X-SCL header is not what's used to determine the folder re/location. X-SCL is just a representation of the MAPI SCL property, which, for example, is passed between Exchange servers using proprietary ESMTP extensions and only over an authenticated server-to-server connection, rather than passing a visible RFC 822 header over a generic RFC 821 connection. When you're not using MAPI, the standalone Outlook IMF doesn't bother with an RFC 822 header, either. All the logic is internal. You might think about just exporting the appropriate Outlook rule to a file and distributing the file with quick instructions on how to import. It's not too tough for the end-user if they're on your side, though not as foolproof as the server-side solution, of course. There are ways to script the rule creation, too, I think, but it might be harder to distribute an zipped/renamed EXE/VBS than a relatively harmless RWZ (rules export file). --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/ --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Windows 2003 X64 Operating System
We are looking at replacing our current Imail server. I am looking at the choice of the Windows 2003 x64 platform and I am wondering if anyone on this list is running Imail/Declude/Sniffer on that platform? Yes, w/IMail 8.22 Declude 2-0-whatever. If so have you encountered any problems due to the 64bit architecture? Nope. --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/ --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] fuzzyOCR
Is there some equivalent of fuzzyOCR that can be used with Declude? http://www.vamsoft.com/vsimagespam/ No vouchers for performance, etc.. I plan to put this in the lab soon. --Sandy --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] mailbox command
Can anyone see an easy solution to this? I could setup a junkmail file for each user but that would be a huge undertaking Thank you Don't use FORWARD.IMA; use MAIN.FWD. This will make any special submailboxes excluded from forwarding. Of course, the prob is that the web interface makes it easy to make entries in FORWARD.IMA, while manipulating MAIN.FWD really takes power-user knowledge. I'm not aware of a public hack to make user-specified forwards apply to MAIN.FWD. You could write an external ASP/PHP/etc. script, though, or probably do some crazy stuff within the web templates to make it work (like what I used to do with the unused Finger settings file). Could also rename FORWARD.IMA to MAIN.FWD every hour or whatever... but then they won't see their forwarding settings in the same place when they look back, though they will still be in effect. Hmm. --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/ --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[2]: [Declude.JunkMail] Valid Senders - Best Declude Practices
This sounds like an interesting tool. What if I can only apply it to some domains though? That's totally fine. You're not required to have a complete recipient list for all domains from the get-go. You simply enter wildcard-type domain names like so, alongside the e-mail addresses: @example.com [EMAIL PROTECTED] @example.net [EMAIL PROTECTED] The wildcard domain names function like your standard/existing store-and-forward setup, with all the attendant backscatter and scanning overhead... you won't get anything special out of them, but you'll be able to pass the traffic with no probs. I'm pretty sure that Declude processes the traffic before the IMail product, so I need to nab it before it gets to Declude if I'm going to trim my resources. I'm not sure about SmarterMail, but I suspect the same. MSG gets handed to Declude, which calls up Sniffer and invURIBL, and then tosses it back into the MTA queue for mail handling. Unless I'm wrong, in which case I'll get tapped back in line. :) It's not that you're wrong, that's just the dumb -- albeit traditional, and advised by Ipswitch -- way to do it. The smart way to do it, avoiding all the processing overhead and backscatter, is to use true domains in your MTA, rather than non-recipient-aware forwarding domains, creating a user alias forwarding to each user on the remote mailbox server. My exchange2aliases and ldap2aliases scripts (see my sig) are intended for the above setup, though both use LDAP to get the addresses from the mailbox server (either Active Directory LDAP or IMail's bundled OpenLDAP) and therefore are better suited to a controlled environment where the IMail MX and the mailbox server are on the same company LAN. If you're forwarding for a bunch of remote servers, and can only count on plain text files, you could either (a) use 5XXSink; (b) toss together your own version of ldap2aliases using ASCII input instead of LDAP; or (c) my preference before (b): import your ASCII files into an OpenLDAP install and run ldap2aliases against it. The reason I prefer (c) to (b) is that having your recipient list served up by a proper LDAP directory service allows you to access that same service in future from any LDAP client, such as Postfix, et al. MXs, and with LDAP, caching and indexing are all built-in. --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/ --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Valid Senders - Best Declude Practices
I wrote a Cold Fusion script that looks for these silly text files every so many minutes and then parses the crappy, cluttered thing into a nice clean CSV for me, and now I can do anything I want with it. I imagine that someday I'll use it in conjunction with the gateway, but hey, I have this information right now. What would be the best way to use this information with Declude? I'll answer your query without padding your stated needs. 5XXSink is a connection-time event sink for MS SMTP (that is, a plug-in written to the MS API) expressly designed for high-performance recipient validation against a text file, with changes taking effect immediately. Simple to operate: you maintain lists of valid recipient domains and users, it rejects anything not on that list. You can set up an MS SMTP instance as your MX, same-box, forwarding to SmarterMail. Whatever else you do with MS SMTP is up to you, 5XXSINK is just built for it because it's a highly reliable and OS-bundled MTA. 5XXSINK is free. It is in prod at numerous sites with no reported problems. (I'm the primary developer of this tool, and all of our downloadable tools are free software.) http://www.imprimia.com/products/software/freeutils/5xxsink/download/release Later, when it comes to building your gateway, you know you'll have a plethora of options across OSs and vendors/communities. For now, 5XXSINK is the fastest existing method I know of directly. OTOH, if you were using IMail as the MTA wrapper for Declude, it would be possible to do all this stuff natively within IMail by using a smart store-and-forward setup and some sync scripts for your SF domains. The same logic seems possible for SM, and would certainly be the best way in theory; but if you've already probed their forums, I assume there's no established cookbook from that side. Note that there are many other products basically equivalent to MS SMTP + 5XXSINK insofar as this need is concerned: they're easy-to-maintain, lightweight Windows-based MTAs that perform recipient validation from text files and thus can serve the same purpose as an MX running on the same box as your mailbox server. Mind you, their *additional* features, footprint, and scaleability vary enormously, but here they would all fill the bill. Mercury/32's SMTP module is one I can def'ly vouch for. --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/ --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[2]: [Declude.JunkMail] Cosmetic Bug or Buffer Overrun?
The Return-Path is not added by Declude. It is added by the email client that receives the email. Not by the client, but by the server application performing final delivery to the mailbox, signifying that the message has left the SMTP stream. --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/ --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[2]: [Declude.JunkMail] WAY OT: Registry Repair
When I access the permissions of the parent key and try to reset the child permissions (or just Child ownership) - I get an error when indicating that it can't do so for Run. Try GBTools' REGACL (http://www.gbordier.com/gbtools/index.htm). A recent very similar nightmare scenario (ownership locked, permissions fried) was fixable by repeated runs/drilldowns with this tool. Whatever you're trying, it's faster than with a GUI. Having an unfortunate testbed, I also found that TorchSoft's commercial GUI editor (http://www.torchsoft.com/en/download.html) was able to traverse ACLs 100s of times faster than RegEdt32 (this was a 2000 machine). --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/ --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[2]: [Declude.JunkMail] OT: Message Storage
/snip In summary: you still don't know about e-mail archival for compliance purposes. Thanks for sharing. --Sandy --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[2]: [Declude.JunkMail] OT: Message Storage
I still believe that a smaller public company can be fully compliant by merely archiving all incoming, outgoing and internal E-mail into capture accounts, and archiving those capture accounts in a way that they can reasonably pull any data required of them as a result of an official action. Your insistence that the size (in personnel?) of a company has anything to do with their compliance burden is a fantasia. Call Global Relay and they will tell you that companies as small as 2 employees use their service to ensure proper oversight! To insist otherwise is to be blind to the capacity for abuse, collusion, and fraud -- yes, alongside the capacity for imagination, honesty and great mutual profit -- that is inherent in any single entity managing billions of other people's money. --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/ --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[2]: [Declude.JunkMail] OT: Message Storage
I would be interested in a paid solution though if there is one out there. We use Global Relay (www.globalrelay.com) for our regulated/public clients. They're really cool, customer service like you'd get from a boutique shop, but with real heavy-hitting systems. They simply charge by message volume, and frankly I think anyone who really needs archiving should understand the direct relationship between these factors. You can contact me off-list about them if you want. --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/ --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[2]: [Declude.JunkMail] OT: Message Storage
... and it should be acceptable to the feds. Which feds? The regulatory agencies I know would scoff at such a solution. But the OP didn't mention this being done for external regulatory reasons, anyway. --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/ --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[2]: [Declude.JunkMail] Why are these being whitelisted?
I'm afraid that your reading of SOX compliance is not widely practiced. If you block an E-mail, and it is never received by a person covered by SOX, then there is no reason to archive it. You're correct. The goal of e-mail archival for public companies is not to create an audit trail of all *attempted* communication, but to monitor the endpoints and content of successful electronic communication. Only messages delivered to a user-facing message store need to be archived. If a company has user-facing spam quarantine into which users can log in with individual accounts and read full messages, this does need to be archived under the law. On the other hand, (a) if such a quarantine only shows message metadata, or if it's available only to administrative personnel (both of these necessitating that messages be moved into a user-facing store before reading); (b) if you delete messages immediately after acceptance; or, most obviously, (c) if you reject messages at connection time -- you are not required to archive related data. There are plenty of other circumstances in which logs of attempted communication would be requested and/or required, but not under SOX and NASD/SEC regs. --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/ --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[2]: [Declude.JunkMail] OT: Message Storage
Brand it with a fancy name and they should be happy. Who should be happy? IMail stores messages in an open format, and as long as you catch all of it, and archive it as required, that should be all that counts. Well, it's not. Maybe it should be, but that's immaterial. Naturally I'm simplifying, but in reality, all of these other products are programmed by people too. Not in 10 hours. Unlike... um, anyone on this list, it seems... I know firsthand what SEC and NASD think of homegrown compliance solutions. --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/ --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[2]: [Declude.JunkMail] OT: Message Storage
Unlike... um, anyone on this list, it seems... I know firsthand what SEC and NASD think of homegrown compliance solutions. That's why you pay someone else to do it and insist that they slap on a fancy name like Perfect Super Uber E-mail Compliance Archive System. If it's hosted in-house, it's easy to tell that it's homegrown (because the fact that it's in-house alone is often illegal). Really, I get the feeling you don't really know what passes muster and what doesn't, but you're frustrated that a big (biggish, they're really quite small in personnel) company like GlobalRelay might be getting some props. I know you're healthily skeptical of big shops hosting ostensibly premium software, because of your hosting business and boutique approach. But that doesn't let you blindly extend your dismissive brush to other lines of business. Some other people know much more about compliance, and they sure ain't using VBScript to do it. 10 hours? You must be smokin' that good-good! ...no one should invest in something that doesn't meet regulations. Yeah! I do have some experience with the feds, and I did work for a multi-billion dollar corporation where my immediate boss was in charge of E-mail for the entire company, and we were always being sued by someone. Well, if you haven't been a primary participant in a compliance audit/investigation *specifically* of e-mail archives, you aren't speaking from experience. I have been part of several such processes. That experience is where I've always been coming from on this issue: I wouldn't raise a peep if I hadn't been much more intimately involved than anyone else here. That was pre-SOX though, but we all knew it was coming and that it mostly just clarified retention policies by better defining what was classified as a covered communication. If everyone's best guesses were accurate, there wouldn't be million-dollar fines handed out for inadequate archiving. I also have a good friend deals with bank audits on a regular basis as well as SOX compliance. When audited, they will always point a list of things out, and they can find fault with anything that they choose to find fault with. The real trick is ensuring that you aren't grossly negligent. The real trick is not trying to do compliance on the cheap, but understanding why it exists. Know your history. If one can't handle the budgetary heat of being in a regulated business, but one is a somewhat honest person, get out of the kitchen. On the other hand, if one is dishonest -- if one doesn't think late trading and market timing are as immoral as non-violent business gets, and if you don't think it's worth fighting for fair business practices, even if that means you make some sacrifices because of others' evils -- do everyone a favor and just walk off a cliff. Also note that congress didn't even specify retention periods within SOX or methods of retention, this was all inferred after the fact by combining aspects of various laws and regulations, and they certainly didn't endorse a particular product for providing a solution. Yeah, that's why my involvement in ACTUAL audits -- the law as applied -- is what I draw on in my responses. With all of that said, I believe that what one does should be compatible with the dynamics of one's business. For a single location entity with less than 200 employees, clearly a less robust solution could manage the task, and it could be home grown. You seem to think that # of locations or # of employees is relevant. That's a joke! Look at the mutual fund scandals of a couple of a few years ago, which led to many e-mail audits. Do you understand how many single locations with 50 heads were involved? Didn't think so. And have you pieced together why late trading was worth every penny spent on its investigation and prosecution, and subsequent tighter regulation? Here's one way of looking at it: Ever see the show Early Edition? Now, imagine if the everyday hero if that show had instead been the Eye of Sauron. --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/ --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] OT: Interesting Discussions
I actually miss the twice annual entertaining discussions on the Imail forum between Scott and Len with Sandy added for spice. Ah, olden tymes... me, I'm just waiting for the final showdown with BRUCE BARNES. --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/ --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[2]: [Declude.JunkMail] OT: Interesting Discussions
Have you been eating some slightly pungent, soggy cornflakes, Sandy? You seem to be spoiling... g Well, I did post that *here*, which was pretty cowardly! --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/ --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] MimeOLE
Does outlook produce this or is this added by a MS tool? X-MimeOLE is the mark of the Microsoft MIME parsing engine; the mark is shared across products. You'll see it used (various versions) by Outlook, Exchange, Outlook Express, CDO for IIS, etc. --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/ --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Declude and Bayesian Filtering
...any third-party products available? Likely the easiest way to integrate a well-regarded and widely-implemented Bayesian system is to fork standalone SpamAssassin processes from Declude, running them against an SA ruleset that only has Bayes rules active. For higher capacity, use SpamAssassin's SPAMD server and run the SPAMC32 client (see my sig) from Declude. --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/ --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[10]: [Declude.JunkMail] OT: Clustering solution
There are some big differences between clustering and database mirroring... Yeaahhh... er... was that in question? The point of the e-mail you just responded to was you *do not* need more than one licensed copy of SQL Server to use database mirroring. The passive server does not need to be licensed; the witness server can use Express. Q.E.D. Plus, this is all irrelevant to the OP. --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/ --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[6]: [Declude.JunkMail] OT: Clustering solution
SQL Database Mirroring is available in their Standard Edition, and I believe that in a Active / Passive architecture, only one license is required. Strange but true, from what I can see! This convo has stirred my interest in this thing, though I'll stick with the app-independent Double-Take by default. --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/ --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[8]: [Declude.JunkMail] OT: Clustering solution
Not correct. Database mirroring is supported in Std Edition, but you need two licenses. Hmm, the Hor$e's Mouth disagrees: http://www.microsoft.com/sql/howtobuy/passive-server-failover-support.mspx The third server, the witness server can be an XP OS and SQL Server 2005 Express (Free version) can be used on the witness server since it does a crucial function but doesn't do any heavy processing. A regrettably complex architecture, compared to the simplicity of clustering. Kind of crazy, actually. Seems perhaps you can run the witness server as a different instance, or at least in a VM, instead of ponying up for a 3rd piece of hardware... ? Yuck, no matter what. And of course, you need to be using the new SQL server 2005 native client libraries on the client stations for transparent/automatic failover. Sounds like another reason this is not necessarily implementable in full, depending on your client layout, fixed commercial applications, and so on. BUT overall, we're comparing apples and oranges. OP (Serge) is talking about clustering Hyper File (the proprietary WINDEV back end), which means he needs an application-agnostic solution: Double-Take, eCluster, Microsoft clusters, etc. --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/ --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[4]: [Declude.JunkMail] OT: Clustering solution
An advantage of using Microsoft Database Mirroring is that you can remain on a 100% Microsoft supported solution. Sure, but for the cost, you can have a full-time NSI engineer instead (who by necessity and experience knows their supported MS apps like the back of her/his hand). Many 24/7 enterprises leave the PSS fine print behind to use third-party clustering solutions that better fit their needs. Bottom line is you have to do your homework in all areas to be able to support geoclusters or local clusters. [Also, to be frank about these things, there's nothing forcing you divulge an underlying clustering scenario to PSS. There's a difference between trying to fool them into a wild goose chase, and knowing from experience -- and comparison with a cluster-free lab -- that an issue is 99.999% likely to be observed even if the cluster is taken down and uninstalled, and thus acting in good faith in concentrating on the issue at hand.] I'd be curious to hear if Sandy or anyone has compared db mirroring to double-take and other solutions that made sense before this feature was available but may be less desirable now. I haven't, mostly due to the cost, but also because I more often find myself clustering apps that wouldn't apply (Sybase, Exchange, nonupgradeable MSSQL 2000, mailbox storage back ends and filesystems, MySQL, and so on). Someday, if somebody's really running the table with MS products and has overflowing pockets, I'd be interested in looking into it. --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/ --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] OT: Clustering solution
I am looking for a low cost clustering sw/solution for our database server (Hyperfile C/S) Seriously, what's low? --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/ --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[2]: [Declude.JunkMail] OT: Clustering solution
Seriously, what's low? ...I ask because clustering's ROI is kind of a hard target. Unfortunately, I almost always find it easier to justify clustering solutions for my clients *after* they haven't heeded an initial clustering suggestion and have had outages and/or data loss (or if I get them as I clients after such an incident). We use Double-Take as a pseudo-standard, as it has broad industry support and works equally well over the local and wide area. It's going to run you upwards of $3500 for one two-server cluster. Is that low? I'vedemoedandamintriguedbyXGForce's eCluster http://www.xgforce.com/news_eCluster.html, which has much more accessible pricing. I plan to purchase it in place of DT for my next rollout and see if I can trust it. But for now, I can't vouch for it, though if you get into it, please let me know. :) --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/ --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Verification
I use Declude to filter emails for several domains that are behind our main email box and it has worked well. In this configuration does anyone have a quick solution for Email Account Verification for the servers behind IMail/Declude? See my sig. --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/ --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[2]: [Declude.JunkMail] Buffer overflow in Ipswitch products
The SMTP engine is largely unchanged since 8.0 was released. Geez, man, that is completely untrue. If that's your premise, sorry, that debate is on your planet, I'm not going there Safari support is in 2001.1 for the first time. Then it's pretty strange how there's not a single post that I can find that suggests so on _any_ official level. Rather, only the opposite, such as Kevin's we are now working on IMail 2006.1.1 (safari support, web messaging performance, instant messaging and a few other areas) (7/28) and of course the quote I posted yesterday in which he mentions that they are _not_ supporting Safari at present, but _will_ in 2006.1.1. I think you might be confused because on 7/28 Kevin casually says he's tested (presumably speaking of 2006.1, and not speaking of an organized unit test) with Safari _2.0.3_; he claims only some dropdowns that don't work (not that people like to roll out software with non-working Bcc: and Cc:, but whatever). He's speaking of 2.03 specifically, which only runs on OS X Tiger. OS X Panther users are forced to stay in the 1.x stream. If you are a hosting service supporting Safari, you are supporting both. It's like not supporting 5.x browsers on PC. --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/ --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[2]: [Declude.JunkMail] Buffer overflow in Ipswitch products
My reading of Kevin Gills' message on 9/11 was that most everything but rich text editing now works, and that rich text support will be in the next release. Not my reading... Yes, we have added Safari support (all but the rich text editor) in the last sprint. This will be available in an expert user program in sept/oct and to the general public in the next release. He is referring to the last sprint toward 2006.1.1's release, i.e. the last sprint in current development before 2006.1.1 goes public beta. Darin's reading of it agrees with mine, at least. It is not the most straightforward post from Kevin. If 2006.1 were officially alleged to have Safari support, I would expect that it would be in the release notes, but nope: http://www.ipswitch.com/support/imail/guide/2006/2006_1/IMail_RelNotes.htm --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/ --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[3]: [Declude.JunkMail] Buffer overflow in Ipswitch products
Confirming my take on the situation, Kevin just posted this to IMail_Forum: Thanks for your feedback and yes, Safari is a bit cantankerous. Firefox/Mac has been okay but not Safari. It turns out we just fixed (in the last few business days) the last known issue with Safari. We were going to demo at the last IMail Sprint last week but webex and Safari do not get along! This will be released in 2006.2. We will have it up and running on webdemo.ipswitch.com in the coming weeks and you can contact me offline to gain access and use. By the way, what version of Safari are you using? General Availability is still being set for the 2006.2 release. --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/ --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[2]: [Declude.JunkMail] Buffer overflow in Ipswitch products
On the IMail list they indicated that IMail 8.x is also affected and possibly older versions as well. A non-Ipswitch poster said that an anonymous tech indicated so. We all know that if that was a first-level tech... their word is not exactly gold. True, the IMail product manager chimed in to say that no patches of any kind are offered for older versions, but did not own up to this vulnerability, AFAICS. Not encouraging either way. It is notable that the various third-party advisories (most of them reprints, to be sure) specify: Ipswitch Collaboration 2006 Suite Premium Edition Ipswitch Collaboration 2006 Suite Standard Edition Ipswitch IMail 2006 Ipswitch IMail Plus 2006 Ipswitch IMail Secure 2006 If script kiddie code were in the wild, an upgrade-or-get-owned vulnerability in the thousands of IMail 6.x, 7.x, and 8.x MXs still in use is a MAJOR problem! But don't you think some white hat would've tested 8.x in the process of checking the proof-of-concept? Not necessarily, but it would be traditional. The biggest issue here is that the first version with rudimentary Safari support in webmail happens to be the latest with the patch...? Hmm, I kinda saw the opposite, in that Kevin said of Safari support today (9/11), This will be available in an expert user program in sept/oct and to the general public in the next release. It would, of course, behoove him to lightly imply (somewhere else?) that (a) the patched 2006.1 supports Safari and (b) 8.22's SMTPD is subject to the new vulnerability, but I don't believe either of these are true. --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/ --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Gateway question
I know this has come up in the past several times, but I'm looking for a recommendation by someone who has actually used it. Well, I've used it. Though I did write it. :) The free ldap2aliases script in my sig is designed to sync IMail users and aliases on one server into corresponding aliases on an upstream (IMail) MX. --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/ --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[2]: [Declude.JunkMail] Yahoo.com Resources temporarily unavailable
We have the customer (holisticmoms.org) set-up as a Virtual Domain under IMail. The DNS for their MX record we have set-up pointing to our e-mail server IP number which is 65.57.241.194 (our mail server name = sneezy.xerocom.net, however our router at the data center replies vacant.compbiz.net. According to DNSReport.com, the reverse DNS passes. DNS Report can't know if there's a conflict between the source IP address presented, the PTR for that IP, the A for that PTR, and the HELO presented. All four of those elements must exist in holistic harmony to empower your messages toward successful delivery. A common issue with virtual hosting environments is that different HELO hostnames are presented for the same source IP. By definition, only one of those hostnames can pass the round-trip test described above. I am not aware of ways to fix this problem within the current version of IMail; I know it can't be fixed within older versions. The solution, cumbersome though it may be, is to gateway your mail through another MTA that presents a single HELO/IP/PTR/A set to the outside. --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/ --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[4]: [Declude.JunkMail] Yahoo.com Resources temporarily unavailable
Set the MX to point to the server reported by the HELO statement Holisticmoms.org MX sneezy.xerocom.net That doesn't solve the roundtrip failure. If the receiving server checks the roundtrip, it needs an IP-PTR-HELO-A sync. It doesn't care what the MX is for the purposes of that test. --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/ --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[6]: [Declude.JunkMail] Yahoo.com Resources temporarily unavailable
Thanks to all for the replies. I use Enom registrar for customer domains and their DNS tools. Instead of DNS MX setting to the simple IP (65.57.241.194) of the email server, if I change to the MX to the hostname of the server (sneezy.xerocom.net) would this solve this roundtrip failure issue and still using Virtual domain name for holisticmoms.org under IMail? No, you're confusing (relatively) unrelated issues. MX records MUST point to A records, not IPs. That is a certain misconfiguration right there. But that's not part of the IP-PTR-HELO-A roundtrip. --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/ --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Razor
Do you need SA or something similar to invoke Razor or does it come into play more directly? As I was mentioning in my exchange with Bill, the Razor client portion is distributed as a few Perl apps (separate ones for checking, reporting, whitelisting, etc.) with numerous supporting .pm modules; the heavy-lifting is done in the .pms, which can also be called directly. As a clearly Perl-centric suite, it fits naturally into SpamAssassin, where it is, by far, most often deployed; SA users are assumed to be using Razor, or are told to do so before complaining about their catch rates! Under Unix variants, the apps such as razor-check can also be forked on their own, and wrapper scripts can be written to return results to a variety of calling MTAs. Unfortunately, it is not at all easy to get razor-check to work on Windows Perl interpreters; I think I'm one of the few to have gotten it working at all, but its reliability is still questionable (i.e. it frequently times out, though it does return correct results whenever it connects). I think this has to do with Perl's socket support, which is not equivalent on Windows and *nix (even though a vast number of other Perl areas work just as well on either platform). So the only reliable way that I know of to run Razor on Windows is to use one of the compiled (really, more like assembled) spamassassin.exe binaries that have the socket issues fixed up and Razor support inside. These exes, however, are necessarily bloated with Perl runtimes and the whole SpamAssassin enchilada, which means you are talking _major_ scan times per fork, even with all other SA tests turned off except for the Razor interface. Spamassassin.exe is simply a wrapped-up executable assembly of spamassassin.pl, and will not execute any faster than the .pl (it's just easier to roll out). Spamassassin.pl/.exe is the a standalone version of SA -- where a new spamassassin process is forked for every incoming mail -- which is not the way it should be run, even on Unix, though it appears to be even worse on Windows. Rather, SA should be launched via spamd, the client-server daemon, since that eliminates the huge overhead of Perl startup and module and rulebase loads; spamd is the only way to scale SA (okay, there are also third-party filtering daemons that support SA as well as other scanners, and replicate spamd's preloading functionality, but that's a whole other topic and completely on the *nix side). SPAMC32, a free Declude external test whose URL is in my sig, is a Windows client for spamd that was designed especially for Declude integration. It requires that you have a spamd running somewhere, and if you're going to need Razor support in your spamd, that somewhere is going to have to be a *nix box, as far as I know. OTOH, you could certainly demo Razor's accuracy by forking a bulky spamassassin.exe only against a corpus of false negatives. There are also a couple of (to my mind) dubious, low-adoption open-source SMTP proxies that claim to integrate Razor without SpamAssassin, but those are unproven in my book, and are likely too competitive to be appropriate on this list if they even work... but those might be another way to at least preview accuracy. HTH. --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/ --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[2]: [Declude.JunkMail] How to configure per-domain file for gateway domains
I'm sure that Sandy would recommend his free Exchange to Aliases scripting, but I would recommend either ORF, or Alligate Gateway for this... But neither of your suggestions constitute adding address validation as a single function. They are standalone commercial products. Of course I would recommend using the *free* ldap2aliases, which couldn't be easier to run on an existing IMail server with absolutely zero overhead, or if one wanted to dip into rolling out a gateway, I would recommend the *free* 5XXSINK plug-in for IIS SMTP, rather than spending money on competitive products whose functions are well in excess of the address validation specification. --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/ --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[2]: [Declude.JunkMail] Declude 4.3 - Commtouch trial ?
I guess what I am getting at here is that there are lots of free choices/options/solutions available out there without having to resort to pricey and convoluted options like CommTouch. Bill, to be fair, DCC is plenty convoluted itself, if you follow the requirement to run your own DCC daemon when passing hosting-level traffic. Razor only became acceptable for hosting/reseller use extremely recently. And free use of Razor, i.e. using the razor-clients package instead of using a commercial Cloudmark product, either requires facility with *nix, or a full-fledged, non-spamd SpamAssassin fork (because I think there is no standalone razor-client package for Windows, though there is now a compiled SA binary that embeds a working Razor... but which has only a crippled/experimental Win32 spamd). Legally embedding or linking these products into a commercial engine such as Declude is next to impossible compared to using a product designed to be static-linked into commercial products. You probably know I already rely on SPAMC32/spamd for all content checks and I really enjoy having Razor and DCC in the mix (haven't dipped into iXHash yet, but I saw the announcement). But I think it's misleading to imply that CommTouch is convoluted in any technical way, compared to the learning curve of a Declude user going fully with SA. On the contrary: the reason this kind of commoditized, Windows-client distributed system is attractive is precisely _because_ getting dccd, razor-client, and so on working and performing well on Windows is very difficult. Same reason Sniffer is attractive: cross-platform, no dependencies or interpreters, etc. What _is_ convoluted and now-typically insulting is the introduction of an ambiguous, and certainly ominous-sounding, licensing system without feeling out the user base. I refer people to the fact that Declude is said to have made many new hires of late -- without once posting a job opening on a list composed of expert users of the product. And, um, the fact that Declude was for a time censoring (deleting without notice) posts to the list that even alluded to support failures, *and without later apology*, was a pretty big signal. But no one seemed to care about that but me (or perhaps everyone's agreement was similarly squelched, I guess). But now people are shocked, *shocked* that their input wasn't deemed valid on this latest dropped bomb. Gee, ya think? --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/ --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.