Title: Message
I'm impressed who is
already on board:
http://www.dnsstuff.com/tools/lookup.ch?name=altavista.nettype=TXT
http://www.dnsstuff.com/tools/lookup.ch?name=softhome.nettype=TXT
It's been catching a
few spammers already.
Best
RegardsAndy SchmidtPhone: +1 201 934-3414 x20
Title: Message
Hi:
I have lots of SPF
"unknown" in the SPF.log file - most look as if they should have
FAILED:
12.219.157.132 [EMAIL PROTECTED] [family]: UNKNOWN
Here the Imail
log:
12:18 23:10
SMTPD(16C9012A) [63.107.174.78] connect 12.219.157.132 port 449312:18 23:10
SMTPD(16C9012A)
I asked Ameritech - oops SBC to add a reverse dns entry for me, instead it
appears they have delegated rdns to me.
I tried http://www.dnsstuff.com/tools/ptr.ch?ip=65.42.199.3 to see what is
happening.
I don't quite understand the Got CNAME referral to ns2.ostgaard.com (zone
I think whitelisting E-mail based on an SPF PASS probably isn't a wise
idea, but I'm sure that spammers that do use SPF will be much easier to
catch (they are providing a list of IPs that they may be spamming from G).
If I was a spammer, I would use this to my advantage. These guys collect
These lines are not long enough to wrap, so they are correct as listed
below.
Bill
- Original Message -
From: Glenn Brooks [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, December 18, 2003 3:16 PM
Subject: RE: [Declude.JunkMail] HOTMAIL ?
I would like to try the file listed
Scott,
I've been looking over this trying to figure out how to best implement
it for my domains. It seems that since they are all on one class C, I
should do the following:
v=spf1 +a/24 +mx/24 -all
Now three very important questions...
1) If I implement this, will intra-server E-mail
Matt:
That is the conclusion that I have reached ..
Our employees who check messages at home with ISP's blocking SMTP - will
naturally fail this.
Also I am still trying to figure out web responses.
Based on all that I have seen and read it appears a slight negative weight
to reduce FP's is all
I asked Ameritech - oops SBC to add a reverse dns entry for me, instead it
appears they have delegated rdns to me.
I tried http://www.dnsstuff.com/tools/ptr.ch?ip=65.42.199.3 to see what is
happening.
I don't quite understand the Got CNAME referral to ns2.ostgaard.com (zone
I've been looking over this trying to figure out how to best implement it
for my domains. It seems that since they are all on one class C, I should
do the following:
v=spf1 +a/24 +mx/24 -all
Now three very important questions...
1) If I implement this, will intra-server E-mail fail this
Thanks! got it working. Just never saw that before.
-Original Message-
From: R. Scott Perry [mailto:[EMAIL PROTECTED]
Sent: Friday, December 19, 2003 6:49 AM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.JunkMail] Reverse dns help
I asked Ameritech - oops SBC to add a reverse dns entry
Does anyone have any info on this service.
messagescreen.com
Fred
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe
I think SUBJECT added Spam ##
where ## is the Declude weight. Is there a way to add a space between my
message and the Spam ##?
Burzin
At 05:49 PM 12/18/2003, you wrote:
Silly question. I've entered the following action in response to test:
SUBJECT Message Contains Unsafe URL
However,
Thanks for pointing me to the right place.
Burzin
At 05:51 PM 12/18/2003, you wrote:
1. Does anyone have stats. on false positives v. uncaught spam for
various tests. Am I correct in understanding that
tests with ratios closer to zero are more accurate?
Right now, I believe the best source
Scott, I have setup an SPF record for pointshare.com as follows:
TXT v=spf1 ipv4:206.114.136.0/23 ipv4:206.114.143.240/28
a:psmail02.pointshare.com ptr mx/24 -all
I then sent out a test message from at yahoo account with a pointshare.com
e-mail address. Here is a snippet of the log entries for
I think SUBJECT added Spam ##
where ## is the Declude weight. Is there a way to add a space between my
message and the Spam ##?
It shouldn't, unless you had TESTNAME SUBJECT Spam %WEIGHT% in one of
your config files. I would recommend checking all your Declude JunkMail
config files to see
Scott, I have setup an SPF record for pointshare.com as follows:
TXT v=spf1 ipv4:206.114.136.0/23 ipv4:206.114.143.240/28
a:psmail02.pointshare.com ptr mx/24 -all
At first, I thought that was fine -- but it isn't. After checking it at
http://www.dnsstuff.com/pages/spf.htm , it seems that the
R. Scott Perry wrote:
I'm not sure if this is in the RFC, but it would be a lot more
accurate if you could compare the HELO to the SPF data. Some scripts
to also falsify the HELO, but no where near the number of forged
domains in MAILFROM.
The original design for SPF allowed for that, but
This is kind of a response to all the follow ups this morning. I can't
afford to use this test on the majority of my domains because I can't
currently make use of WHITELIST AUTH, and I have enough customers that use
third-party outgoing mail servers for one reason or another that this
would
Title: Problem with 1.77i3
Hi Scott:
I think there is an issue with i3.
We are seeing a lot of tests being triggered but no weight is recorded. Several emails have been delivered where in fact they were supposed to be deleted had the weights been added.
X-RBL-Warning: HEUR: Heuristic
Scott,
I just wanted to post and let you know that I started a website
www.adminforums.com and have added a Declude and Imail section, so that
this community can post their configurations without wasting list
bandwidth.
I for one am interested in seeing what is working for people. I would
So I haven't heard anything else back on this .. are you guys all staying
away from Windows 2003 and Imail? I'm having a hard time trying to justify
the risk of running new servers on 2k3 when 2k works just fine .. but then
again, 2k3 seems more stable over time but not if Imail doesn't
Oopps. My apologies.
Thanks,
Burzin
At 09:13 AM 12/19/2003, you wrote:
I think SUBJECT added Spam ##
where ## is the Declude weight. Is there a way to add a space between my
message and the Spam ##?
It shouldn't, unless you had TESTNAME SUBJECT Spam %WEIGHT% in one of
your config files. I
For the majority, W2K3 is the way to go if you are able to. Ipswitch does
support running Imail on W2K3.
There are some possible issues.
1. Running MS DSN service on W2K3 WITH Imail Anti-Spam DNS tests is a
problem.
2. Some issues have been reported on the Imail list when the server
processes a
I was looking at the headers and saw SPAMCOP :
Blocked
Is that how it should be - what it's returning? If not, ideas
on what could be wrong?
X-RBL-Warning: SORBS-SPAM: Spam Received See: http://www.dnsbl.sorbs.net/cgi-bin/lookup?IP=66.111.254.21X-RBL-Warning:
SPAMCOP: Blocked - see
I was looking at the headers and saw SPAMCOP : Blocked
Is that how it should be - what it's returning? If not, ideas on what
could be wrong?
That is what it is returning:
X-RBL-Warning: SPAMCOP: Blocked - see
Hm No sir, I don't like it!
In the end where this is headed is that if you belong to their group
then they will legitimize any messages that you send... then they will
use their combined resources to loby and otherwise make it a bad thing
for you to do any kind of filtering to their messages.
Is there a way that I can setup this test to only check incoming
messages?
I set up the DNS record and it will work fine except when one of my
dial-up users sends an outgoing message. The test does exactly what I
would like it to do. When one of my dial-up users bypasses my SMTP
server, the
Doug,
I don't think anything is wrong. SpamC. is returning a TXT record with
that information.
The link says that's experimental.
Burzin
At 12:22 PM 12/19/2003, you wrote:
I was looking at the headers and saw SPAMCOP : Blocked
Is that how it should be - what it's returning? If not, ideas on
Pete McNeil wrote:
A tip-off is that the counter to this argument is up-front in their
proposal. Specifically that they will create and manage a mechanism that
tracks the end-user's subscrbe/unsubscribe requests... I think this is a
lot like putting the foxes in charge of the hen house.
I
Is there a way that I can setup this test to only check incoming
messages?
No (although you can set it up so that no action would be taken for
outgoing mail, the weight would still be applied).
In this case, WHITELIST AUTH (with works with Declude JunkMail v1.75 and
higher, and IMail v8 and
I have been looking for the syntax for this entry. Can you publish it?
My understanding is that this will whitelist anyone that has
authenticated for SMTP. Is that correct?
Also, what is the entry to stop performing tests if the weight reaches a
certain level?
Thanks,
Todd Holt
Xidix
Hello,
I used the SPF wizard to create the SPF entries. Am I correct in
understanding that I can place the (corrected) Bind version of these
entries into the .domain file on my Windows 2000 DNS server. Does it
matter where the lines go? Any advice?
I tried posting to the SPF forum, but
I found the whitelist auth in the archives. Sorry.
I still want to know how to stop performing tests after a certain weight
level.
Thanks,
Todd Holt
Xidix Technologies, Inc
Las Vegas, NV USA
www.xidix.com
702.319.4349
-Original Message-
From: [EMAIL PROTECTED]
I can not find this in the archive . . .
I have a mail domain with three different domain names:
Official Host Name: TripleBDomain.com
Host Aliases: 3BDomain.com, 3BD.com
Do I need to set up Decule Virus and Junk Mail for each domain name?
[EMAIL PROTECTED]
---
[This E-mail was scanned for
|Pete McNeil wrote:
|
|A tip-off is that the counter to this argument is up-front in their
|proposal. Specifically that they will create and manage a mechanism
|that tracks the end-user's subscrbe/unsubscribe requests... I think
|this is a lot like putting the foxes in charge of the hen house.
Are the tests performed in the order listed in the global.cfg?
Todd Holt
Xidix Technologies, Inc
Las Vegas, NV USA
www.xidix.com
702.319.4349
---
[This E-mail scanned for viruses by Declude Virus (http://www.declude.com)]
---
[This E-mail was scanned for viruses by Declude Virus
There is some potential with this as a negative weight test, however once
the spammers catch on, the value would be diminished greatly, and of
course legit mail servers are sources of spam, just not as often as the
illegitimate ones, and I don't see the need to credit senders based only
on
Hello,
We have Declude/Imail setup as a gateway and I have a couple customers using
the ROUTETO action. The problem is email that is sent to bogus addresses at
the domain and are marked as SPAM automatically go to the specified ROUTETO
mailbox. Is it possible to setup a test that queries a text
Are the tests performed in the order listed in the global.cfg?
No.
Declude JunkMail has a hard-coded for the test types. However, for each
test type, the tests will be run in the order that they are listed in the
global.cfg file.
So if you have an ip4r test and a filter test, the order they
I still want to know how to stop performing tests after a certain weight
level.
Unfortunately, that isn't possible. There are a number of problems with
this (negative weights that would have been added after processing stops,
the order of tests, etc.).
I have a mail domain with three different domain names:
Official Host Name: TripleBDomain.com
Host Aliases: 3BDomain.com, 3BD.com
Do I need to set up Decule Virus and Junk Mail for each domain name?
That depends on what you are doing. For a default installation, you don't
need to do anything
Burzin, it doesn't matter where in the zone file the txt record goes. You
could simply added it via the GUI, as well, since txt records are supported
by W2K DNS.
Bill
- Original Message -
From: Burzin Sumariwalla [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, December 19, 2003
Scott,
It looks as if IpSwitch may have fixed the issue in 8.05 that
keeps Declude from being called.
Taken from 8.05 Release Notes...
o Queuemgr: Decreased the possibility that during a queue run the
queuemgr might process files before a third party process
locks the message.
Keith
This could be a very useful feature. I could define my negative weight
tests first, then the high probability/high weight tests next. Then
if the weight exceeds my delete weight quickly, Declude could stop
spending cycles/bandwidth on the other tests. Admittedly, I would
require the admin to
It looks as if IpSwitch may have fixed the issue in 8.05 that
keeps Declude from being called.
You beat me to it -- I was just about to post about that, but saw yours
first. :)
I quick thank you to Ipswitch for taking care of this so quickly. This
was a big concern for many of our
I have lots of SPF unknown in the SPF.log file - most look as if they
should have FAILED:
12.219.157.132 mailto:[EMAIL PROTECTED][EMAIL PROTECTED]
[family]: UNKNOWN
This definitely should have been a fail. I haven't been able to reproduce
this, however, There is a new interim release
Todd,
You can control this to some degree in your filters with
SKIPIFWEIGHT and
MAXWEIGHT
Also I believe the filters run in order of listing in global config. I suggest you
list your neg filters first and your largest filters last.
Hope this helps
-Nick Hayer
-- Original Message
I'm confused.
I have :
Official Host Name: TripleBDomain.com
Host Aliases: 3BDomain.com, 3BD.com
Some users use the TripleBDomain.com domain name for their email
([EMAIL PROTECTED] and [EMAIL PROTECTED])
Other users use the 3BD.com domain name:
([EMAIL PROTECTED])
Yet another uses [EMAIL
Do I need to set up Decule for each domain name or does setting Declude up
on the Official Host Name cover them all?
You do not need to do anything -- Declude JunkMail (and Declude Virus) will
scan all the mail.
You will only need to do something special if you set up per-user or
per-domain
Thanks Bill!
B
At 02:08 PM 12/19/2003, you wrote:
Burzin, it doesn't matter where in the zone file the txt record goes. You
could simply added it via the GUI, as well, since txt records are supported
by W2K DNS.
Bill
- Original Message -
From: Burzin Sumariwalla [EMAIL PROTECTED]
To:
Unfortunately, there were only 176 responses, mostly from small to mid size
setups. Therefore, the results were not reliable.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-Original Message-
From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
[EMAIL PROTECTED] On Behalf
Scott,
Thanks for the quick reply. The message I'm concerned with is process
E9380148 and it just appears to stop with no more entries right at the point
of those mx failure entries. But, like you pointed out these mx failure
entries are for a different process. I do have a ROUTETO action in
Thanks for the quick reply. The message I'm concerned with is process
E9380148 and it just appears to stop with no more entries right at the point
of those mx failure entries.
The catch here is that you are just looking at the SMTPD entries (the
process identifier changes for the SMTP or SMTP-
Yes, I have per-domain settings.
I do not scan their mail for spam unless they pay for it. So, I turn the
domains on individually.
I assume I need to set up each individual domain in Declude.
[EMAIL PROTECTED]
You will only need to do something special if you set up per-user or
Yes, I have per-domain settings.
I do not scan their mail for spam unless they pay for it. So, I turn the
domains on individually.
I assume I need to set up each individual domain in Declude.
With per-domain settings, you'll need to either list all the domains that
you want enabled (and have
John,
Are you saying that small servers are not reliable?? :))
Todd Holt
Xidix Technologies, Inc
Las Vegas, NV USA
www.xidix.com
702.319.4349
-Original Message-
From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
[EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists)
Sent: Friday,
Scott, I updated to v1.77i4 for the added logging, however, now SPF appears
not to be working at all. Logging shows up in spf.none, but no logging
shows up in spf.log any longer. I sent a test message through that failed
SPF on v1.77i3, but passed right through without notice with v1.77i4.
Bill
No. I am saying that only 176 responses to the survey does not give a
reliable survey result when there are clearly at least 10 times that many
out there, if not way more.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-Original Message-
From: [EMAIL PROTECTED]
I'm just giving you a hard time, John. I appreciate your effort to
collate some data on the subject.
Todd Holt
Xidix Technologies, Inc
Las Vegas, NV USA
www.xidix.com
702.319.4349
-Original Message-
From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
[EMAIL PROTECTED] On Behalf Of
Hey John they do samples in surveys of less that of your sample as compared
to the number of Imail servers.
If you consider the number of people that watch TV and the small sample of
people that NEILSON users to rate a shows popularity. I bet you have a
better sampling than they do.
Kevin
Statistically, a random 10% sample is sufficient on a lot of things.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kevin Bilbee
Sent: Saturday, December 20, 2003 2:50 AM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.JunkMail] Windows Server 2003
Hey
Here is a couple of quick stats from the responses:
Of those using Windows Server 2003 at the time;
0-5K messages per day 4
5K-10K messages per day 2
10K-20K messages per day2
20K-30K messages per day1
30K-50K messages per day0
50K-75K messages per day
This is off topic, but I need some help in a bad way to figure out a DNS problem I am
having that is preventing one of our sites from receiving mail and thier web site from
loading.
We recently (this week) switched the name servers from our current provider to another
provider. The zone
I was able to resolve wltx.com just fine.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Darrell LaRock
Sent: Saturday, December 20, 2003 3:59 AM
To: [EMAIL PROTECTED]
Subject: [Declude.JunkMail] OT: DNS Issue (HELP)
This is off topic, but I need some
Hello Darrell,
Working from here. Denver, CO area.
Scott
Friday, December 19, 2003, 6:59:06 PM, you wrote:
Darrell This is off topic, but I need some help in a bad way to figure out a DNS
problem I am having that is preventing one of our sites from receiving mail and thier
web site from
Hello Darrell,
Email works too:
12:19 19:41 SMTP-(07540069) [x] Connecting socket to service SMTP on host wltx.com
using protocol tcp
12:19 19:41 SMTP-(07540069) [x] using source IP for arvadafire.com [65.125.147.225]
12:19 19:41 SMTP-(07540069) Info - Found wltx.com in DNS Cache
12:19 19:41
I am absolutly baffled.
Eathlink Dial-up - Does not work
Charter Cable Connection - Does not work
ATT T1 using local bind server - Works
Roadrunner Cable - Does not work
AOL - Intermittent.
Several users who replied - Works
Darrell
-- Original Message --
I'd say that the domain is fine at its new home; the question is what was
the TTL on the domain before it was moved?
I would go very little out on a limb and say that the folks with trouble to
wltx.com were cacheing the DNS for longer than the TTL on the domain, or it
was really high before the
I ran the SPF setup wizard from the spf.pobox.com site and it resulted
in the following lines to be inserted into DNS:
las-DSL224-cust088.mpowercom.net. IN TXT v=spf1 a -all
mail.xidix.com. IN TXT v=spf1 a -all
mail2.xidix.com. IN TXT v=spf1 a -all
wsip-24-234-126-147.lv.lv.cox.net. IN TXT v=spf1
Andrew,
One question that I have is the TTL stuff shouldnt matter since the zone files that
were moved over are the same. All we are doing is switching DNS providers right now.
Darrell
-- Original Message --
From: Colbeck, Andrew [EMAIL PROTECTED]
It would appear that I could this single line in the zone file:
v=spf1 ip4:208.57.224.88 -all
and that would specify that all valid mail from the domain originates
from this IP address.
Is this correct?
Todd Holt
Xidix Technologies, Inc
Las Vegas, NV USA
www.xidix.com
702.319.4349
From an earthlink dsl user
Ping test
1 wltx.com 56 60 Success
2 wltx.com 56 60 Success
3 wltx.com 56 60 Success
4 wltx.com 56 60 Success
5 wltx.com 56 60 Success
trace rt
1 0 0 172.16.0.254
2 35 35 172.31.255.251
3 30 -5 192.168.5.53
4 30 0 209.247.34.177 ge-8-0-131.ipcolo1.Chicago1.Level3.net
5
Yes, Todd, that should work just fine. If you would like to test it after
implementing, let me know and I will forge your domain and send you an
e-mail from a yahoo.com account.
Bill
- Original Message -
From: Todd Holt [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, December 19,
OK, thanks. We have a hosted DNS and I'm getting the entries done now.
I'll let you know.
Todd Holt
Xidix Technologies, Inc
Las Vegas, NV USA
www.xidix.com
702.319.4349
-Original Message-
From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
[EMAIL PROTECTED] On Behalf Of Bill Landry
Thank you for the explanation. The message was getting deleted as an outlook
blank folding vulnerability. I have read up on what this is, and I do not
want to disable checking for vulnerabilities altogether. Is there any way
for me to allow these messages to this one user?
If you are using
Yep - 1.77i4 definitely broke SPF entirely. The spf.log has not been
updated since the new build when in.
I just sent a test message through my cable provider (should have failed),
instead:
67.80.42.251 [EMAIL PROTECTED] [andyshome]: UNKNOWN: SPF not
supported (the HM-Software.com TXT
Title: Message
Hi
Scott:
I assume the FOOTER
action only works for the "plain-text" version of an email? Since most
SPAM is using HTML, the footer will never be visible to the
viewer?
Sample:
12/19/2003 17:31:29
Q7c3f039300ba7da8 Msg failed WEIGHTFOOTER (Total weight between 5 and 7.).
Scott,
We duplicated the zone files between both providers. So all records are identical.
If the zone files are the same than all of the timeouts should not matter.
Check this out
1.) Do a direct query against ns1.loudcloud.com for wltx.com - Returns 66.54.32.202.
2.) Do a direct query
Scott,
On the DNSSTUFF, I used the cached ISP report looking at the NS record. What does it
mean when an ISP has the name server set to ns92.worldnic.com? Does this mean at one
time when the domain was looked up it was not resolved from the root servers?
ATT Worldnet #1
Darrell,
It looks like your name server records were maybe munged for a period of
time from a root update that is now fixed. Those munged records though
are being cached and they should get a good copy once they expire. This
might explain why all of us seem to be able to resolve your domain,
...or at least one of them. There's no way this guy gets past Elliot
Spitzer. I hope they take away his passport for obvious reasons.
Target Spam: NY AG, Microsoft File $38M Suits
http://www.spamhaus.org/rokso/evidence.lasso?rokso_id=ROK2985
This sounds a lot like the guy (ring) with the
81 matches
Mail list logo
