Re: [Declude.JunkMail] Why did this fail reverse DNS
Title: Why did this fail reverse DNS Hi Sharyn, How is DNS configured on your server? Are you using upstream DNS servers that are suddenly not resolving? We've had that problem in the past, and resolved it by not using forwarders to provider DNS servers in our local DNS server on the IMail server. If you use WHITELIST AUTH in your Global.cfg, you can eliminate a lot of these problems as well, like CMDSPACE that MS mail clients fail. With that setting, all users who authenticate when sending will be whitelisted. Darin. - Original Message - From: Sharyn Schmidt To: Declude.JunkMail@declude.com Sent: Wednesday, September 07, 2005 12:27 PM Subject: [Declude.JunkMail] Why did this fail reverse DNS Good afternoon, Something really odd is going on here. All of a sudden, my own users are failing tests that they were passing last month. Here is the spam attachment that Declude adds to our emails, if the weight is 10. You **MAY** have spam! Subject: RE: Shakka Applebees -- Beverage Optimization Initiative -District Test **URGENT MESSAGE** From: [EMAIL PROTECTED] Tests Failed: 10-REVDNS, CMDSPACE, SUBJECTSPACES, SUBJECTCHARS, WEIGHT10-D02010098024AB4E6.SMD [EMAIL PROTECTED] is one of MY users. Why in the world did this fail revdns? According to DNS report: Your 1 MX record is:10 mail.cruzaninc.com. [TTL=3600] IP=24.73.160.163 [TTL=3600] [US]163.160.73.24.in-addr.arpa mail.cruzaninc.com. Thanks, Sharyn
RE: [Declude.JunkMail] Why did this fail reverse DNS
Sharyn, 1. What is the test you have defined for 10-REVDNS ? 2. Do you have WHITELIST AUTH enabled in your global.cfg ? David B www.declude.com From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sharyn Schmidt Sent: Wednesday, September 07, 2005 12:28 PM To: Declude.JunkMail@declude.com Subject: [Declude.JunkMail] Why did this fail reverse DNS Good afternoon, Something really odd is going on here. All of a sudden, my own users are failing tests that they were passing last month. Here is the spam attachment that Declude adds to our emails, if the weight is 10. You **MAY** have spam! Subject:RE: Shakka Applebees -- Beverage Optimization Initiative -District Test **URGENT MESSAGE** From: [EMAIL PROTECTED] Tests Failed: 10-REVDNS, CMDSPACE, SUBJECTSPACES, SUBJECTCHARS, WEIGHT10-D02010098024AB4E6.SMD [EMAIL PROTECTED] is one of MY users. Why in the world did this fail revdns? According to DNS report: Your 1 MX record is: 10 mail.cruzaninc.com. [TTL=3600] IP=24.73.160.163 [TTL=3600] [US] 163.160.73.24.in-addr.arpa mail.cruzaninc.com. http://www.dnsstuff.com/tools/ptr.ch?ip=24.73.160.163 Thanks, Sharyn --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Why did this fail reverse DNS
Title: Message Hi Darin, Thanks for the response. I host my own primary nameserver here, which is also the same box as my IMAIL server. There is no upstream DNS server involved. That's what has me so puzzled on this. I have relay set only for IP addresses, my users don't authenticate. In order for them to send mail, they must be VPN'd in and receive an IP address that is reserved for VPN clients only. (Long story on this) In this case, I don't believe Whitelist Auth will work, unless it can be based on IP addresses, rather than user authentication. Sharyn -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin CoxSent: Wednesday, September 07, 2005 12:38 PMTo: Declude.JunkMail@declude.comSubject: Re: [Declude.JunkMail] Why did this fail reverse DNS Hi Sharyn, How is DNS configured on your server? Are you using upstream DNS servers that are suddenly not resolving? We've had that problem in the past, and resolved it by not using forwarders to provider DNS servers in our local DNS server on the IMail server. If you use WHITELIST AUTH in your Global.cfg, you can eliminate a lot of these problems as well, like CMDSPACE that MS mail clients fail. With that setting, all users who authenticate when sending will be whitelisted. Darin. - Original Message - From: Sharyn Schmidt To: Declude.JunkMail@declude.com Sent: Wednesday, September 07, 2005 12:27 PM Subject: [Declude.JunkMail] Why did this fail reverse DNS Good afternoon, Something really odd is going on here. All of a sudden, my own users are failing tests that they were passing last month. Here is the spam attachment that Declude adds to our emails, if the weight is 10. You **MAY** have spam! Subject: RE: Shakka Applebees -- Beverage Optimization Initiative -District Test **URGENT MESSAGE** From: [EMAIL PROTECTED] Tests Failed: 10-REVDNS, CMDSPACE, SUBJECTSPACES, SUBJECTCHARS, WEIGHT10-D02010098024AB4E6.SMD [EMAIL PROTECTED] is one of MY users. Why in the world did this fail revdns? According to DNS report: Your 1 MX record is:10 mail.cruzaninc.com. [TTL=3600] IP=24.73.160.163 [TTL=3600] [US]163.160.73.24.in-addr.arpa mail.cruzaninc.com. Thanks, Sharyn
RE: [Declude.JunkMail] Why did this fail reverse DNS
Hi David, The 10 is a combination of all those failed tests. I have this set up so even if my users fail tests like cmdspace and those others, they should still come in under Weight 10. It's the revdns that put this particular user over the top, and he shouldn't have failed it. This has been running fine for a really long time so I'm just puzzled as to what could've changed. My firewall prevents users from authenticating (done purposely, long story)I relay by IP address only. Sharyn -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Wednesday, September 07, 2005 12:40 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] Why did this fail reverse DNS Sharyn, 1. What is the test you have defined for 10-REVDNS ? 2. Do you have WHITELIST AUTH enabled in your global.cfg ? David B www.declude.com From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sharyn Schmidt Sent: Wednesday, September 07, 2005 12:28 PM To: Declude.JunkMail@declude.com Subject: [Declude.JunkMail] Why did this fail reverse DNS Good afternoon, Something really odd is going on here. All of a sudden, my own users are failing tests that they were passing last month. Here is the spam attachment that Declude adds to our emails, if the weight is 10. You **MAY** have spam! Subject:RE: Shakka Applebees -- Beverage Optimization Initiative -District Test **URGENT MESSAGE** From: [EMAIL PROTECTED] Tests Failed: 10-REVDNS, CMDSPACE, SUBJECTSPACES, SUBJECTCHARS, WEIGHT10-D02010098024AB4E6.SMD [EMAIL PROTECTED] is one of MY users. Why in the world did this fail revdns? According to DNS report: Your 1 MX record is: 10 mail.cruzaninc.com. [TTL=3600] IP=24.73.160.163 [TTL=3600] [US] 163.160.73.24.in-addr.arpa mail.cruzaninc.com. http://www.dnsstuff.com/tools/ptr.ch?ip=24.73.160.163 Thanks, Sharyn --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Why did this fail reverse DNS
Title: Message Can you do a reverse lookup on your domain from the server? Instead of WHITELIST AUTH, you might whitelist (or negative weight) by IP using an ipfile test. That would allow all mail from your users to go through without filtering. Darin. - Original Message - From: Sharyn Schmidt To: Declude.JunkMail@declude.com Sent: Wednesday, September 07, 2005 12:46 PM Subject: RE: [Declude.JunkMail] Why did this fail reverse DNS Hi Darin, Thanks for the response. I host my own primary nameserver here, which is also the same box as my IMAIL server. There is no upstream DNS server involved. That's what has me so puzzled on this. I have relay set only for IP addresses, my users don't authenticate. In order for them to send mail, they must be VPN'd in and receive an IP address that is reserved for VPN clients only. (Long story on this) In this case, I don't believe Whitelist Auth will work, unless it can be based on IP addresses, rather than user authentication. Sharyn -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin CoxSent: Wednesday, September 07, 2005 12:38 PMTo: Declude.JunkMail@declude.comSubject: Re: [Declude.JunkMail] Why did this fail reverse DNS Hi Sharyn, How is DNS configured on your server? Are you using upstream DNS servers that are suddenly not resolving? We've had that problem in the past, and resolved it by not using forwarders to provider DNS servers in our local DNS server on the IMail server. If you use WHITELIST AUTH in your Global.cfg, you can eliminate a lot of these problems as well, like CMDSPACE that MS mail clients fail. With that setting, all users who authenticate when sending will be whitelisted. Darin. - Original Message - From: Sharyn Schmidt To: Declude.JunkMail@declude.com Sent: Wednesday, September 07, 2005 12:27 PM Subject: [Declude.JunkMail] Why did this fail reverse DNS Good afternoon, Something really odd is going on here. All of a sudden, my own users are failing tests that they were passing last month. Here is the spam attachment that Declude adds to our emails, if the weight is 10. You **MAY** have spam! Subject: RE: Shakka Applebees -- Beverage Optimization Initiative -District Test **URGENT MESSAGE** From: [EMAIL PROTECTED] Tests Failed: 10-REVDNS, CMDSPACE, SUBJECTSPACES, SUBJECTCHARS, WEIGHT10-D02010098024AB4E6.SMD [EMAIL PROTECTED] is one of MY users. Why in the world did this fail revdns? According to DNS report: Your 1 MX record is:10 mail.cruzaninc.com. [TTL=3600] IP=24.73.160.163 [TTL=3600] [US]163.160.73.24.in-addr.arpa mail.cruzaninc.com. Thanks, Sharyn
RE: [Declude.JunkMail] Why did this fail reverse DNS
Title: Message I like the whitelist IP idea. Got an example of the syntax? At the moment, I have so few addresses whitelisted that I don't use a from file, I just have them listed straight in the global config. Hmm..can I just do that, by subnet? You know, it just occured to me that authority for the reverse zone is hosted on my ISP's nameserver. My server is only authoritative for the forward zone. (like you suggested earlier, been a long week already) An issue on their end would've caused this, correct? Sharyn -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin CoxSent: Wednesday, September 07, 2005 12:52 PMTo: Declude.JunkMail@declude.comSubject: Re: [Declude.JunkMail] Why did this fail reverse DNS Can you do a reverse lookup on your domain from the server? Instead of WHITELIST AUTH, you might whitelist (or negative weight) by IP using an ipfile test. That would allow all mail from your users to go through without filtering. Darin. - Original Message - From: Sharyn Schmidt To: Declude.JunkMail@declude.com Sent: Wednesday, September 07, 2005 12:46 PM Subject: RE: [Declude.JunkMail] Why did this fail reverse DNS Hi Darin, Thanks for the response. I host my own primary nameserver here, which is also the same box as my IMAIL server. There is no upstream DNS server involved. That's what has me so puzzled on this. I have relay set only for IP addresses, my users don't authenticate. In order for them to send mail, they must be VPN'd in and receive an IP address that is reserved for VPN clients only. (Long story on this) In this case, I don't believe Whitelist Auth will work, unless it can be based on IP addresses, rather than user authentication. Sharyn -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin CoxSent: Wednesday, September 07, 2005 12:38 PMTo: Declude.JunkMail@declude.comSubject: Re: [Declude.JunkMail] Why did this fail reverse DNS Hi Sharyn, How is DNS configured on your server? Are you using upstream DNS servers that are suddenly not resolving? We've had that problem in the past, and resolved it by not using forwarders to provider DNS servers in our local DNS server on the IMail server. If you use WHITELIST AUTH in your Global.cfg, you can eliminate a lot of these problems as well, like CMDSPACE that MS mail clients fail. With that setting, all users who authenticate when sending will be whitelisted. Darin. - Original Message - From: Sharyn Schmidt To: Declude.JunkMail@declude.com Sent: Wednesday, September 07, 2005 12:27 PM Subject: [Declude.JunkMail] Why did this fail reverse DNS Good afternoon, Something really odd is going on here. All of a sudden, my own users are failing tests that they were passing last month. Here is the spam attachment that Declude adds to our emails, if the weight is 10. You **MAY** have spam! Subject: RE: Shakka Applebees -- Beverage Optimization Initiative -District Test **URGENT MESSAGE** From: [EMAIL PROTECTED] Tests Failed: 10-REVDNS, CMDSPACE, SUBJECTSPACES, SUBJECTCHARS, WEIGHT10-D02010098024AB4E6.SMD [EMAIL PROTECTED] is one of MY users. Why in the world did this fail revdns? According to DNS report: Your 1 MX record is:10 mail.cruzaninc.com. [TTL=3600] IP=24.73.160.163 [TTL=3600] [US]163.160.73.24.in-addr.arpa mail.cruzaninc.com. Thanks, Sharyn
Re: [Declude.JunkMail] Why did this fail reverse DNS
In your global.cfg you can add an entry like WHITELIST IP 10.0.0.0/27 WHITELIST IP 1.1.1.1 Or you can create a ipfile filter and do negative weight. My personal preference is to whitelist as a last resort. My preference in order is to correct the main issue at hand, than reverse weight by dns, than ip, than whitelist. Darrell Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. Sharyn Schmidt writes: I like the whitelist IP idea. Got an example of the syntax? At the moment, I have so few addresses whitelisted that I don't use a from file, I just have them listed straight in the global config. Hmm..can I just do that, by subnet? You know, it just occured to me that authority for the reverse zone is hosted on my ISP's nameserver. My server is only authoritative for the forward zone. (like you suggested earlier, been a long week already) An issue on their end would've caused this, correct? Sharyn -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Wednesday, September 07, 2005 12:52 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] Why did this fail reverse DNS Can you do a reverse lookup on your domain from the server? Instead of WHITELIST AUTH, you might whitelist (or negative weight) by IP using an ipfile test. That would allow all mail from your users to go through without filtering. Darin. - Original Message - From: Sharyn mailto:[EMAIL PROTECTED] Schmidt To: Declude.JunkMail@declude.com Sent: Wednesday, September 07, 2005 12:46 PM Subject: RE: [Declude.JunkMail] Why did this fail reverse DNS Hi Darin, Thanks for the response. I host my own primary nameserver here, which is also the same box as my IMAIL server. There is no upstream DNS server involved. That's what has me so puzzled on this. I have relay set only for IP addresses, my users don't authenticate. In order for them to send mail, they must be VPN'd in and receive an IP address that is reserved for VPN clients only. (Long story on this) In this case, I don't believe Whitelist Auth will work, unless it can be based on IP addresses, rather than user authentication. Sharyn -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Wednesday, September 07, 2005 12:38 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] Why did this fail reverse DNS Hi Sharyn, How is DNS configured on your server? Are you using upstream DNS servers that are suddenly not resolving? We've had that problem in the past, and resolved it by not using forwarders to provider DNS servers in our local DNS server on the IMail server. If you use WHITELIST AUTH in your Global.cfg, you can eliminate a lot of these problems as well, like CMDSPACE that MS mail clients fail. With that setting, all users who authenticate when sending will be whitelisted. Darin. - Original Message - From: Sharyn mailto:[EMAIL PROTECTED] Schmidt To: Declude.JunkMail@declude.com Sent: Wednesday, September 07, 2005 12:27 PM Subject: [Declude.JunkMail] Why did this fail reverse DNS Good afternoon, Something really odd is going on here. All of a sudden, my own users are failing tests that they were passing last month. Here is the spam attachment that Declude adds to our emails, if the weight is 10. You **MAY** have spam! Subject:RE: Shakka Applebees -- Beverage Optimization Initiative -District Test **URGENT MESSAGE** From: [EMAIL PROTECTED] Tests Failed: 10-REVDNS, CMDSPACE, SUBJECTSPACES, SUBJECTCHARS, WEIGHT10-D02010098024AB4E6.SMD [EMAIL PROTECTED] is one of MY users. Why in the world did this fail revdns? According to DNS report: Your 1 MX record is: 10 mail.cruzaninc.com. [TTL=3600] IP=24.73.160.163 [TTL=3600] [US] 163.160.73.24.in-addr.arpa http://www.dnsstuff.com/tools/ptr.ch?ip=24.73.160.163 mail.cruzaninc.com. Thanks, Sharyn --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Why did this fail reverse DNS
Thanks for your help! Sharyn --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Why did this fail reverse DNS
Agreed. Negative weighting is generally considered better than whitelisting outright. In your case it may not matter, but may be subject to spoofing. Also, abuse by your users that you may want to be aware of could go straight through with whitelisting, whereas it could still be filtered with a negative weight scenario instead. Darin. - Original Message - From: Darrell ([EMAIL PROTECTED]) [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Wednesday, September 07, 2005 1:12 PM Subject: Re: [Declude.JunkMail] Why did this fail reverse DNS In your global.cfg you can add an entry like WHITELIST IP 10.0.0.0/27 WHITELIST IP 1.1.1.1 Or you can create a ipfile filter and do negative weight. My personal preference is to whitelist as a last resort. My preference in order is to correct the main issue at hand, than reverse weight by dns, than ip, than whitelist. Darrell Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. Sharyn Schmidt writes: I like the whitelist IP idea. Got an example of the syntax? At the moment, I have so few addresses whitelisted that I don't use a from file, I just have them listed straight in the global config. Hmm..can I just do that, by subnet? You know, it just occured to me that authority for the reverse zone is hosted on my ISP's nameserver. My server is only authoritative for the forward zone. (like you suggested earlier, been a long week already) An issue on their end would've caused this, correct? Sharyn -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Wednesday, September 07, 2005 12:52 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] Why did this fail reverse DNS Can you do a reverse lookup on your domain from the server? Instead of WHITELIST AUTH, you might whitelist (or negative weight) by IP using an ipfile test. That would allow all mail from your users to go through without filtering. Darin. - Original Message - From: Sharyn mailto:[EMAIL PROTECTED] Schmidt To: Declude.JunkMail@declude.com Sent: Wednesday, September 07, 2005 12:46 PM Subject: RE: [Declude.JunkMail] Why did this fail reverse DNS Hi Darin, Thanks for the response. I host my own primary nameserver here, which is also the same box as my IMAIL server. There is no upstream DNS server involved. That's what has me so puzzled on this. I have relay set only for IP addresses, my users don't authenticate. In order for them to send mail, they must be VPN'd in and receive an IP address that is reserved for VPN clients only. (Long story on this) In this case, I don't believe Whitelist Auth will work, unless it can be based on IP addresses, rather than user authentication. Sharyn -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Wednesday, September 07, 2005 12:38 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] Why did this fail reverse DNS Hi Sharyn, How is DNS configured on your server? Are you using upstream DNS servers that are suddenly not resolving? We've had that problem in the past, and resolved it by not using forwarders to provider DNS servers in our local DNS server on the IMail server. If you use WHITELIST AUTH in your Global.cfg, you can eliminate a lot of these problems as well, like CMDSPACE that MS mail clients fail. With that setting, all users who authenticate when sending will be whitelisted. Darin. - Original Message - From: Sharyn mailto:[EMAIL PROTECTED] Schmidt To: Declude.JunkMail@declude.com Sent: Wednesday, September 07, 2005 12:27 PM Subject: [Declude.JunkMail] Why did this fail reverse DNS Good afternoon, Something really odd is going on here. All of a sudden, my own users are failing tests that they were passing last month. Here is the spam attachment that Declude adds to our emails, if the weight is 10. You **MAY** have spam! Subject:RE: Shakka Applebees -- Beverage Optimization Initiative -District Test **URGENT MESSAGE** From: [EMAIL PROTECTED] Tests Failed: 10-REVDNS, CMDSPACE, SUBJECTSPACES, SUBJECTCHARS, WEIGHT10-D02010098024AB4E6.SMD [EMAIL PROTECTED] is one of MY users. Why in the world did this fail revdns? According to DNS report: Your 1 MX record is: 10 mail.cruzaninc.com. [TTL=3600] IP=24.73.160.163 [TTL=3600] [US] 163.160.73.24.in-addr.arpa http://www.dnsstuff.com/tools/ptr.ch?ip=24.73.160.163 mail.cruzaninc.com. Thanks, Sharyn --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com