I was scratching my head real hard on this one, but found the answer in
the release notes and I think that given changes over time, our friends
at Declude should consider revising how this limiting of the HELOBOGUS
test works.
I noted in the release notes for 1.57 [Beta, 30 Jul 2002] that the
of the job. Or am I just putting words in your mouth?
Andrew 8)
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Matt
Sent: Monday, April 11, 2005 2:54 PM
To: Declude.JunkMail@declude.com
Subject: [Declude.JunkMail] HELOBOGUS only fails with non-local
, and HELOBOGUS
will only do part of the job. Or am I just putting words in your mouth?
Andrew 8)
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Matt
Sent: Monday, April 11, 2005 2:54 PM
To: Declude.JunkMail@declude.com
Subject: [Declude.JunkMail] HELOBOGUS
However, I'm having a problem with Declude triggering on reporting emails
that are generated directly ON the gateway itself:
That's because the gateway is running an MTA that adds very poor Received:
headers.
- Declude parses IP Address 0.0.0.0
- Declude parses HELO string of userid
Here is
Title: Message
Hi
Scott,
I'm colocating a
Postfix gateway for a client - and "external" mail is being routed
fine.
However, I'm having a problem with Declude
triggering on reporting emails that are generated directly ON the gateway
itself:
-I have
IPBYPASS set for 67.132.45.18 (which is
I am using IPBYPASS already for the host IP, but I still get a warning about
the hostNAME.
That is unusual. I would recommend upgrading to the latest interim (at
http://www.declude.com/version/interim ) to see if that fixes the
problem. If not, I can let you know how to use the debug mode,
We are using a 3rd party (offsite) gateway service for our inbound mail
and some of the host servers that we receive mail from fail the HELOBOGUS
test (no MX or A record).
Is ther a way to safely skip the HELOBOGUS test on these known hosts?
Actually, if those are gateways, the best solution
Hello,
We are usinga
3rd party (offsite) gateway service for our inbound mail and some of the host
servers that we receive mail from fail the HELOBOGUS test (no MX or A record).
Is ther a way to
safely skip the HELOBOGUS test on these known hosts?
Thanks.
-Mike
Goran Jovanovic wrote:
This is parts of a header I received and I just want to check a few
things
So the spammer thought that he would use my IP address in the HELO line
205.150.108.8 to identify his domain, even though his real IP address is
220.185.227.109?
Obviously an IP address is not a
OK I think I was somehow reversed in my tinking
Goran Jovanovic
The LAN Shoppe
Goran Jovanovic wrote:
This is parts of a header I received and I just want to check a few
things
So the spammer thought that he would use my IP address in the HELO
line
205.150.108.8 to
: Goran Jovanovic [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, April 21, 2004 2:57 AM
Subject: [Declude.JunkMail] HELOBOGUS, HELOISIP and HELOISIPX questions
This is parts of a header I received and I just want to check a few
things
So the spammer thought that he would use my IP address
Serge,
I use the forgedhelo filter
HELO 0 CONTAINS ip1.ip2.ip3.
HELO 0 ENDSWITH cefib.com
HELO 0 ENDSWITH cefib.net
I assume that this forgedhelo filter is of your own making?
Since I am scanning mail for many domains I could add all their domains
to my list since they are never sending
PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, April 21, 2004 3:41 AM
Subject: RE: [Declude.JunkMail] HELOBOGUS, HELOISIP and HELOISIPX questions
Serge,
I use the forgedhelo filter
HELO 0 CONTAINS ip1.ip2.ip3.
HELO 0 ENDSWITH cefib.com
HELO 0 ENDSWITH cefib.net
I assume that this forgedhelo
Why did this fail HELOBOGUS:
X-RBL-Warning: HELOBOGUS: Domain mail.sbapro.com has no MX or A records
[0301].
Query: sbapro.com. Query type: Any record
Declude JunkMail looks at the host name (mail.sbapro.com), not the parent
(otherwise, it would look for com if the HELO/EHLO was
Any ideas why this email would fail the HELOBOGUS test?
The problem here is that:
Received: from declude.com [24.107.232.14] by mail.tmlp.com with ESMTP
(SMTPD32-7.07) id A7F878950134; Thu, 26 Feb 2004 20:06:00 -0500
Received: from panda.declude.com [192.168.0.4] by declude.com with ESMTP
Scott,
Any ideas why this email would fail
the HELOBOGUS test?
Received: from declude.com
[24.107.232.14] by mail.tmlp.com with ESMTP (SMTPD32-7.07) id
A7F878950134; Thu, 26 Feb 2004 20:06:00 -0500Received: from
panda.declude.com [192.168.0.4] by declude.com with ESMTP
(SMTPD32-8.05) id
I had this piece of mail fail the helobogus test. I am wondering why?
Here are the message headers.
Received: from babel.avstarnews.com [12.24.201.132] by
mail1.gannett-tv.com
with ESMTP
(SMTPD32-7.12) id A6A397880132; Wed, 08 Jan 2003 17:30:59 -0500
Received: by BABEL with Internet Mail
Hello All,
I've got a problem with Declude catching mail from my web server. The web
server is sending mail from web forms that customers fill out to users
hosted on my email server. I'm getting HELOBOGUS and MAILFROM warnings,
stating that the domain server_name does not have any MX/A records.
, January 07, 2003 6:06 AM
To: Declude Junkmail Forum (E-mail)
Subject: [Declude.JunkMail] HELOBOGUS MAILFROM warnings on legit server
Hello All,
I've got a problem with Declude catching mail from my web server. The web
server is sending mail from web forms that customers fill out to users
I've got a problem with Declude catching mail from my web server. The web
server is sending mail from web forms that customers fill out to users
hosted on my email server. I'm getting HELOBOGUS and MAILFROM warnings,
stating that the domain server_name does not have any MX/A records. How
can I
Hi All,
I was wondering if someone can has experienced a error in helobogus. For
some weird reason, I consistantly get a error with helobogus like
hotmail.com with the msg failed. For some reason cs.com does not resolve
either.
11/19/2002 00:05:07 Q0cd19bfb002cf91d HELOBOGUS:8 REVDNS:4 .
I was wondering if someone can has experienced a error in helobogus. For
some weird reason, I consistantly get a error with helobogus like
hotmail.com with the msg failed. For some reason cs.com does not resolve
either.
11/19/2002 00:05:07 Q0cd19bfb002cf91d Msg failed HELOBOGUS (Domain
[EMAIL
Recap - In three days, I've only had one message trip the HELOBOGUS test.
Here's the recap:
1) I'm catching lots of spam with other tests
2) Scott checked the header of a message (see posting at Thu 10/24/2002 2:17
PM) and didn't note any problems
New information:
1) I'm running Declude 1.60
2)
Recap - In three days, I've only had one message trip the HELOBOGUS test.
Here's the recap:
1) I'm catching lots of spam with other tests
2) Scott checked the header of a message (see posting at Thu 10/24/2002 2:17
PM) and didn't note any problems
New information:
1) I'm running Declude 1.60
: Re: [Declude.JunkMail] HELOBOGUS not working: follow-up
Recap - In three days, I've only had one message trip the HELOBOGUS test.
Here's the recap:
1) I'm catching lots of spam with other tests
2) Scott checked the header of a message (see posting at Thu 10/24/2002
2:17
PM) and didn't note any
When I reviewed the debug log, I found that I was actually running v1.53 - I
had never copied 1.60 to the \IMail folder (I had just copied it to
\Imail\Declude).
I had thought of double-checking that, but since an E-mail had failed the
test, I figured you were using 1.60. :)
I'm going to
Sent: Thursday, October 24, 2002 2:17 PM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.JunkMail] HELOBOGUS Question
The header info you requested is listed below.
Received: from declude.com [66.189.58.123] by mail.jamesoninns.com with
ESMTP
(SMTPD32-7.13) id A01E19250134; Thu, 24 Oct 2002 13:38
I've had declude junkmail pro running well for a few months now...Just
bumped up declude.exe to 1.60 last night. Seemed to be receiving things
normally and didn't notice an immediate change in filter
characteristics. But just this morning, round 11:00, noticed most if
not all messages started
OK, well, not 'all messages' but many legit messages which had not previously been
caught. Perhaps the version I had in place previously didn't support this test? (was
using previous release, not beta) I'll dig through the release notes.
Thanks.
-- Original Message
The header info you requested is listed below.
Received: from declude.com [66.189.58.123] by mail.jamesoninns.com with ESMTP
(SMTPD32-7.13) id A01E19250134; Thu, 24 Oct 2002 13:38:38 -0400
X-Declude-Sender: [EMAIL PROTECTED] [66.189.58.123]
These two headers show that Declude did use the
We do not have a backup mailserver or gateway - any other ideas?
Could you post the complete headers of this E-mail? That may provide some
clues.
-Scott
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from
We do not have a backup mailserver or gateway - any other ideas?
-Bill
-Original Message-
From: [EMAIL PROTECTED]
[mailto:Declude.JunkMail-owner;declude.com]On Behalf Of R. Scott Perry
Sent: Thursday, October 24, 2002 1:01 PM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.JunkMail
I've just recently put junkmail into a test phase on my server and have
noticed that I am getting almost no hits on the HELOBOGUS test -
specifically one hit over a three day/10,000 message period.
From what I've been reading on this forum, I'd expect more than that and was
wondering what might
I've just recently put junkmail into a test phase on my server and have
noticed that I am getting almost no hits on the HELOBOGUS test -
specifically one hit over a three day/10,000 message period.
From what I've been reading on this forum, I'd expect more than that and was
wondering what might
Yup, very typical in MS exchange setups where the Exchange server is running on a
Win2K box with some internal naming convention or the like. Thanks, Declude's working
just fineand I actually read the release notes now! ;)
-- Original Message --
To: [EMAIL PROTECTED]
Subject: Re: SPAMCOP:Re: [Declude.JunkMail] HELOBOGUS
The problems here are that you have to enter your IP ranges (so the test
wouldn't work automatically), and that some people will send mail from
the
Internet (especially in the case of sending test messages
Should this not have triggered HELOBOGUS as it normally does?
Craig.
Received: from name2.sunbeach.net [205.214.199.131] by sunbeach.net with
ESMTP
(SMTPD32-6.06) id A2C44EDE0148; Sat, 14 Sep 2002 23:47:16 -0400
Received: from host242-39.pool80205.interbusiness.it
Should this not have triggered HELOBOGUS as it normally does?
Received: from name2.sunbeach.net [205.214.199.131] by sunbeach.net with ESMTP
(SMTPD32-6.06) id A2C44EDE0148; Sat, 14 Sep 2002 23:47:16 -0400
name2.sunbeach.net does have an A record, so it should not trigger the
HELOBOGUS test.
PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of R. Scott Perry
Sent: Tuesday, September 17, 2002 8:39 AM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.JunkMail] HELOBOGUS
Should this not have triggered HELOBOGUS as it normally does?
Received: from name2.sunbeach.net [205.214.199.131] by sunbeach.net
I spoke in haste, that all makes sense. I am having a tough time with
spammers using the mailfrom or return address of the recipient and a wetware
problem on the customer end. Is there any way I can stop this? I know, it
seems like a catch 22.
Unfortunately, there isn't any easy way to stop the
I spoke in haste, that all makes sense. I am having a tough time with
spammers using the mailfrom or return address of the recipient and a
wetware
problem on the customer end. Is there any way I can stop this? I know, it
seems like a catch 22.
Unfortunately, there isn't any easy way to
Unfortunately, there isn't any easy way to stop the E-mail that has the
same return address as the recipient's address ...
I would believe that there has to be a way to look at the return address
and the recipient's address.
Yes, that part is easy. :)
If they match then compare the
| Sent: Tuesday, September 17, 2002 10:00 AM
| To: [EMAIL PROTECTED]
| Subject: RE: [Declude.JunkMail] HELOBOGUS
|
|
|
| I spoke in haste, that all makes sense. I am having a tough
| time with
| spammers using the mailfrom or return address of the recipient and a
| wetware problem on the customer
The problems here are that you have to enter your IP ranges (so the test
wouldn't work automatically), and that some people will send mail from the
Internet (especially in the case of sending test messages).
If the IP block is setup up in the Global.cfg like
Netblock
I'm getting the HELOBOGUS failure if I send any email to another domain on
our server. It's pulling my machine name.Is their any way to fix this or
should I not use the helobogus test? It does it with 155i and 156 (I
haven't gone back to 155 yet to see if that helps. Here's the warning:
45 matches
Mail list logo