Matt, (pause while I put on my iron codpiece) this sounds like a good
place for an IMail implementation to use SPF records as self-defense.
It sounds like what you're looking for is a two-fer that maps valid
client space with valid domain names to detect spoofing, and HELOBOGUS
will only do part
Andrew,
I think that you misunderstood.
If you have a local domain of example.com and an E-mail comes in with
a Mail From of [EMAIL PROTECTED] with a HELO of
asdfdfasdfsafdsafd.asddsfadfas.asddfs, then HELOBOGUS will not trigger
even though this is a bogus HELO. This isn't a bug, this was by
However, I'm having a problem with Declude triggering on reporting emails
that are generated directly ON the gateway itself:
That's because the gateway is running an MTA that adds very poor Received:
headers.
- Declude parses IP Address 0.0.0.0
- Declude parses HELO string of userid
Here is
I am using IPBYPASS already for the host IP, but I still get a warning about
the hostNAME.
That is unusual. I would recommend upgrading to the latest interim (at
http://www.declude.com/version/interim ) to see if that fixes the
problem. If not, I can let you know how to use the debug mode,
We are using a 3rd party (offsite) gateway service for our inbound mail
and some of the host servers that we receive mail from fail the HELOBOGUS
test (no MX or A record).
Is ther a way to safely skip the HELOBOGUS test on these known hosts?
Actually, if those are gateways, the best solution
Goran Jovanovic wrote:
This is parts of a header I received and I just want to check a few
things
So the spammer thought that he would use my IP address in the HELO line
205.150.108.8 to identify his domain, even though his real IP address is
220.185.227.109?
Obviously an IP address is not a
OK I think I was somehow reversed in my tinking
Goran Jovanovic
The LAN Shoppe
Goran Jovanovic wrote:
This is parts of a header I received and I just want to check a few
things
So the spammer thought that he would use my IP address in the HELO
line
205.150.108.8 to
I use the forgedhelo filter
checks that remote server helo is neither your hostname nor your host IP
you can score this test realy high since no server should use the above.
HELO 0 CONTAINS ip1.ip2.ip3.
HELO 0 ENDSWITH cefib.com
HELO 0 ENDSWITH cefib.net
- Original Message -
From:
Serge,
I use the forgedhelo filter
HELO 0 CONTAINS ip1.ip2.ip3.
HELO 0 ENDSWITH cefib.com
HELO 0 ENDSWITH cefib.net
I assume that this forgedhelo filter is of your own making?
Since I am scanning mail for many domains I could add all their domains
to my list since they are never sending
PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, April 21, 2004 3:41 AM
Subject: RE: [Declude.JunkMail] HELOBOGUS, HELOISIP and HELOISIPX questions
Serge,
I use the forgedhelo filter
HELO 0 CONTAINS ip1.ip2.ip3.
HELO 0 ENDSWITH cefib.com
HELO 0 ENDSWITH cefib.net
I assume that this forgedhelo
Why did this fail HELOBOGUS:
X-RBL-Warning: HELOBOGUS: Domain mail.sbapro.com has no MX or A records
[0301].
Query: sbapro.com. Query type: Any record
Declude JunkMail looks at the host name (mail.sbapro.com), not the parent
(otherwise, it would look for com if the HELO/EHLO was
Any ideas why this email would fail the HELOBOGUS test?
The problem here is that:
Received: from declude.com [24.107.232.14] by mail.tmlp.com with ESMTP
(SMTPD32-7.07) id A7F878950134; Thu, 26 Feb 2004 20:06:00 -0500
Received: from panda.declude.com [192.168.0.4] by declude.com with ESMTP
Add the appropriate records in your DNS.
John Tolmachoff MCSE, CSSA
IT Manager, Network Engineer
RelianceSoft, Inc.
Fullerton, CA 92835
www.reliancesoft.com
-Original Message-
From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
[EMAIL PROTECTED]] On Behalf Of Troy Hilton
Sent:
I've got a problem with Declude catching mail from my web server. The web
server is sending mail from web forms that customers fill out to users
hosted on my email server. I'm getting HELOBOGUS and MAILFROM warnings,
stating that the domain server_name does not have any MX/A records. How
can I
I was wondering if someone can has experienced a error in helobogus. For
some weird reason, I consistantly get a error with helobogus like
hotmail.com with the msg failed. For some reason cs.com does not resolve
either.
11/19/2002 00:05:07 Q0cd19bfb002cf91d Msg failed HELOBOGUS (Domain
[EMAIL
Recap - In three days, I've only had one message trip the HELOBOGUS test.
Here's the recap:
1) I'm catching lots of spam with other tests
2) Scott checked the header of a message (see posting at Thu 10/24/2002 2:17
PM) and didn't note any problems
New information:
1) I'm running Declude 1.60
: Re: [Declude.JunkMail] HELOBOGUS not working: follow-up
Recap - In three days, I've only had one message trip the HELOBOGUS test.
Here's the recap:
1) I'm catching lots of spam with other tests
2) Scott checked the header of a message (see posting at Thu 10/24/2002
2:17
PM) and didn't note any
When I reviewed the debug log, I found that I was actually running v1.53 - I
had never copied 1.60 to the \IMail folder (I had just copied it to
\Imail\Declude).
I had thought of double-checking that, but since an E-mail had failed the
test, I figured you were using 1.60. :)
I'm going to
Sent: Thursday, October 24, 2002 2:17 PM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.JunkMail] HELOBOGUS Question
The header info you requested is listed below.
Received: from declude.com [66.189.58.123] by mail.jamesoninns.com with
ESMTP
(SMTPD32-7.13) id A01E19250134; Thu, 24 Oct 2002 13:38
I've had declude junkmail pro running well for a few months now...Just
bumped up declude.exe to 1.60 last night. Seemed to be receiving things
normally and didn't notice an immediate change in filter
characteristics. But just this morning, round 11:00, noticed most if
not all messages started
OK, well, not 'all messages' but many legit messages which had not previously been
caught. Perhaps the version I had in place previously didn't support this test? (was
using previous release, not beta) I'll dig through the release notes.
Thanks.
-- Original Message
The header info you requested is listed below.
Received: from declude.com [66.189.58.123] by mail.jamesoninns.com with ESMTP
(SMTPD32-7.13) id A01E19250134; Thu, 24 Oct 2002 13:38:38 -0400
X-Declude-Sender: [EMAIL PROTECTED] [66.189.58.123]
These two headers show that Declude did use the
We do not have a backup mailserver or gateway - any other ideas?
Could you post the complete headers of this E-mail? That may provide some
clues.
-Scott
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from
We do not have a backup mailserver or gateway - any other ideas?
-Bill
-Original Message-
From: [EMAIL PROTECTED]
[mailto:Declude.JunkMail-owner;declude.com]On Behalf Of R. Scott Perry
Sent: Thursday, October 24, 2002 1:01 PM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.JunkMail
I've just recently put junkmail into a test phase on my server and have
noticed that I am getting almost no hits on the HELOBOGUS test -
specifically one hit over a three day/10,000 message period.
From what I've been reading on this forum, I'd expect more than that and was
wondering what might
Yup, very typical in MS exchange setups where the Exchange server is running on a
Win2K box with some internal naming convention or the like. Thanks, Declude's working
just fineand I actually read the release notes now! ;)
-- Original Message --
Should this not have triggered HELOBOGUS as it normally does?
Received: from name2.sunbeach.net [205.214.199.131] by sunbeach.net with ESMTP
(SMTPD32-6.06) id A2C44EDE0148; Sat, 14 Sep 2002 23:47:16 -0400
name2.sunbeach.net does have an A record, so it should not trigger the
HELOBOGUS test.
PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of R. Scott Perry
Sent: Tuesday, September 17, 2002 8:39 AM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.JunkMail] HELOBOGUS
Should this not have triggered HELOBOGUS as it normally does?
Received: from name2.sunbeach.net [205.214.199.131] by sunbeach.net
I spoke in haste, that all makes sense. I am having a tough time with
spammers using the mailfrom or return address of the recipient and a wetware
problem on the customer end. Is there any way I can stop this? I know, it
seems like a catch 22.
Unfortunately, there isn't any easy way to stop the
I spoke in haste, that all makes sense. I am having a tough time with
spammers using the mailfrom or return address of the recipient and a
wetware
problem on the customer end. Is there any way I can stop this? I know, it
seems like a catch 22.
Unfortunately, there isn't any easy way to
Unfortunately, there isn't any easy way to stop the E-mail that has the
same return address as the recipient's address ...
I would believe that there has to be a way to look at the return address
and the recipient's address.
Yes, that part is easy. :)
If they match then compare the
| Sent: Tuesday, September 17, 2002 10:00 AM
| To: [EMAIL PROTECTED]
| Subject: RE: [Declude.JunkMail] HELOBOGUS
|
|
|
| I spoke in haste, that all makes sense. I am having a tough
| time with
| spammers using the mailfrom or return address of the recipient and a
| wetware problem on the customer
I'm getting the HELOBOGUS failure if I send any email to another domain on
our server. It's pulling my machine name.Is their any way to fix this or
should I not use the helobogus test? It does it with 155i and 156 (I
haven't gone back to 155 yet to see if that helps. Here's the warning:
33 matches
Mail list logo
