RE: [Declude.JunkMail] Backup MX / Spam
Use the IPBYPASS %sec mx ip% feature within the GLOBAL.CFG file. It will skip the ip address of your secondary mx record and run the check on the ip address of the originating server. IPBYPASSxxx.xxx.xxx.xxx -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robert Grosshandler Sent: Thursday, October 02, 2003 11:34 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Backup MX / Spam Hi Some large percentage of the spam we get comes to the backup MX and then is relayed to the primary MX. Using Declude JM Standard, is there some test I can use to add additional weight to any mail routed through my backup MX? Thanks, Rob == Robert N. Grosshandler www.iGive.com Turn shopping into Philanthropy --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Backup MX / Spam
We do that already and it works fine. However, I know that there is a much higher probability that any mail that passes through the backup MX is spam, so I want to add additional weight just because it comes through the backup MX. Rob Jeff wrote: Use the IPBYPASS %sec mx ip% feature within the GLOBAL.CFG file. It will skip the ip address of your secondary mx record and run the check on the ip address of the originating server. IPBYPASS xxx.xxx.xxx.xxx --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Backup MX / Spam
No I don't think that was the intention. I think the intention is that there is no reason for mail to come through the backup MX server during normal operations. The only ones who intentionally contact the backup MX are likely to be viruses and spammers. Best Regards Andy Schmidt HM Systems Software, Inc. 600 East Crescent Avenue, Suite 203 Upper Saddle River, NJ 07458-1846 Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 http://www.HM-Software.com/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jeff Maze - Hostmaster Sent: Thursday, October 02, 2003 11:58 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Backup MX / Spam Use the IPBYPASS %sec mx ip% feature within the GLOBAL.CFG file. It will skip the ip address of your secondary mx record and run the check on the ip address of the originating server. IPBYPASSxxx.xxx.xxx.xxx -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robert Grosshandler Sent: Thursday, October 02, 2003 11:34 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Backup MX / Spam Hi Some large percentage of the spam we get comes to the backup MX and then is relayed to the primary MX. Using Declude JM Standard, is there some test I can use to add additional weight to any mail routed through my backup MX? Thanks, Rob == Robert N. Grosshandler www.iGive.com Turn shopping into Philanthropy --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Backup MX / Spam
You could write a filter that searches the headers for your backup server's IP address. HEADERS 3 CONTAINS x.x.x.x Matt Robert Grosshandler wrote: We do that already and it works fine. However, I know that there is a much higher probability that any mail that passes through the backup MX is spam, so I want to add additional weight just because it comes through the backup MX. Rob Jeff wrote: Use the IPBYPASS %sec mx ip% feature within the GLOBAL.CFG file. It will skip the ip address of your secondary mx record and run the check on the ip address of the originating server. IPBYPASS xxx.xxx.xxx.xxx
RE: [Declude.JunkMail] Backup MX / Spam
You could write a filter that searches the headers for your backup server's IP address. HEADERS 3 CONTAINS x.x.x.x Matt The problem with this is if your primary does go down (rebooting for a patch for example), these points will be added to *all* email until your primary is back up. I posted just a few days ago asking if it was possible for Declude to check that primary was functional. If so, there could be a test that would add points for any mail sent to the secondary when the primary is functional. I realize that this would require a new version of Declude, but I think it could be really worthwhile. Nobody responded to my last post, so I wasn't sure if there is some reason why this wouldn't work or would be too difficult. Paul Navarre --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Backup MX / Spam
I was just suggesting a method of doing what he wanted to try :) I'm not generally a big proponent of indiscriminately adding points to E-mail, and this one falls in the gray area. If your backup in located at the same site, I would imagine that very few E-mails will get tagged improperly (reboots for instance, but many other examples as well), however if you have an off-site backup through a different bandwidth provider, I could see more legit mail coming through this way, which would seem less wise to do. Your suggestion has some merit, however it doesn't account for off-site seconndaries and I can't see how that could be implemented easily without a separate application. I suppose that someone could write one that Declude hands off to which checks your logs for the reboot times and compares that to the time stamp from your backup server. But again, if there was an issue on the Internet between the sender and your primary, and your backup was off site, this wouldn't be a good qualifier for what should have been delivered directly to your primary. Matt Paul Navarre wrote: You could write a filter that searches the headers for your backup server's IP address. HEADERS 3 CONTAINS x.x.x.x Matt The problem with this is if your primary does go down (rebooting for a patch for example), these points will be added to *all* email until your primary is back up. I posted just a few days ago asking if it was possible for Declude to check that primary was functional. If so, there could be a test that would add points for any mail sent to the secondary when the primary is functional. I realize that this would require a new version of Declude, but I think it could be really worthwhile. Nobody responded to my last post, so I wasn't sure if there is some reason why this wouldn't work or would be too difficult. Paul Navarre --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Backup MX / Spam
Yeah, but. Declude Standard - no filters. Otherwise, it would work. The idea is to add enough weight to bring it over the edge. A problem with the primary down test is that Declude is doing its scanning on the primary, and it would never be down when Declude was scanning! So, Declude would have to have logic for keeping track of when the primary was up and down. Becoming a non-trivial task when you add that nuance. Rob Paul wrote: You could write a filter that searches the headers for your backup server's IP address. HEADERS 3 CONTAINS x.x.x.x Matt The problem with this is if your primary does go down (rebooting for a patch for example), these points will be added to *all* email until your primary is back up. I posted just a few days ago asking if it was possible for Declude to check that primary was functional. If so, there could be a test that would add points for any mail sent to the secondary when the primary is functional. I realize that this would require a new version of Declude, but I think it could be really worthwhile. Nobody responded to my last post, so I wasn't sure if there is some reason why this wouldn't work or would be too difficult. Paul Navarre --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Backup MX / Spam
Another 2 cents... I see all too often that mail comes (and goes out) to hosts pointed to by MX records that are not the lowest. Either some SMTP servers take the value of the MX record as a *suggestion*, or their DNS is broken, and take the first MX listed, regardless of the value. I suspect that the definition of is the primary functional is too hard to nail down, and the test possibly too slow, for the value it brings to spam detection. In particular because declude.exe runs and terminates, runs and terminates for each message, that it makes stateful tests difficult. The only way that I could suggest implementing this is to make it an external test of your own design that simply checks the current time against the last e-mail that came directly through the primary mail server. You would then have to decide how long a window qualifies as primary is down. Andrew. -Original Message- From: Paul Navarre [mailto:[EMAIL PROTECTED] Sent: Thursday, October 02, 2003 10:59 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Backup MX / Spam You could write a filter that searches the headers for your backup server's IP address. HEADERS 3 CONTAINS x.x.x.x Matt The problem with this is if your primary does go down (rebooting for a patch for example), these points will be added to *all* email until your primary is back up. I posted just a few days ago asking if it was possible for Declude to check that primary was functional. If so, there could be a test that would add points for any mail sent to the secondary when the primary is functional. I realize that this would require a new version of Declude, but I think it could be really worthwhile. Nobody responded to my last post, so I wasn't sure if there is some reason why this wouldn't work or would be too difficult. Paul Navarre --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Backup MX / Spam
Rob, I have recently discovered that the pro version's filter capabilities are a very important tool for tagging spam that otherwise passes through. I would recommend the upgrade highly, though not specifically for this purpose. I've been able to add points to low scoring spam with a very high degree of accuracy, and I have probably halved what was getting through before while reducing false positives by relying less on scoring from places like SpamCop and MailPolice which are unfortunately prone to FP'ing on legit mail blasts. Matt Robert Grosshandler wrote: Yeah, but. Declude Standard - no filters. Otherwise, it would work. The idea is to add enough weight to bring it over the edge. A problem with the primary down test is that Declude is doing its scanning on the primary, and it would never be down when Declude was scanning! So, Declude would have to have logic for keeping track of when the primary was up and down. Becoming a non-trivial task when you add that nuance. Rob Paul wrote: You could write a filter that searches the headers for your backup server's IP address. HEADERS 3 CONTAINS x.x.x.x Matt The problem with this is if your primary does go down (rebooting for a patch for example), these points will be added to *all* email until your primary is back up. I posted just a few days ago asking if it was possible for Declude to check that primary was functional. If so, there could be a test that would add points for any mail sent to the secondary when the primary is functional. I realize that this would require a new version of Declude, but I think it could be really worthwhile. Nobody responded to my last post, so I wasn't sure if there is some reason why this wouldn't work or would be too difficult. Paul Navarre --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Backup MX / Spam
I'm breaking down and getting Declude Pro. In my back of the napkin analysis of the spam that is weighted in the gray area (HOLD), but it is truly spam, some high percentage of it went straight for my backup MX. By adding a little bit of weight, I'm expecting that the total weight will be sufficient to push it over the edge into (DELETE). (We don't actually delete, but our review is much less thorough than e-mail that gets a HOLD weight). Rob --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.