Thanks Sandy, interesting response, it got me thinking a bit
wouldnt the spammer/attacker need to have delegated authority over the source
ip address space and control of DNS infrastructure to forge a PTR record? I
have been doing this a while and I dont recall ever seeing a message
wouldnt the spammer/attacker need to have delegated authority over
the source ip address space and control of DNS infrastructure to
forge a PTR record?
Well, either delegated authority *or* a subscriber agreement with the
ISP that allows PTRs to be requested/modified. For example,
“It is just our way.” That has such a Zen sound to it, like you must find your
own path to enlightenment.
I am still confused by both your suggestion and Randy’s. They both seem to be
based on the From line, which would not be declude.com. Here are the first few
header lines from one of
Why not use the HELO or REVDNS? REVDNS is going to be the safest because of the
difficulty in forging it
HELO -10 CONTAINS smtp.declude.com
or
HELO WHITELIST CONTAINS smtp.declude.com
REVDNS -10 CONTAINS smtp.declude.com
or
REVDNS WHITELIST CONTAINS smtp.declude.com
or even blanket the headers
Why not use the HELO or REVDNS? REVDNS is going to be the safest
because of the difficulty in forging it
Not always... if the domain has a hard-fail SPF record that isn't
*itself* dependent on forgeable records (only uses IPs and forward DNS
entries), then the MAILFROM can't
On my declude config, I set up a GoodMailList test text file, added a negative
point value to this test, and then I add any of my customer’s email lists that
were getting flagged by declude
Sincerely,
Randy Armbrecht
Global Web Solutions, Inc.
Office: 804.442.5300 option 1
Toll
Can you give me the line you used in the config file?
From: Randy A
Sent: Saturday, June 18, 2011 12:18 AM
To: Declude.JunkMail@declude.com
Subject: RE: [Declude.JunkMail] white list or positive weight for a specific To
address?
On my declude config, I set up a GoodMailList test text file,
We scale on a base of mark as Spam at 15; quarantine at 20; delete at 30
In my global.config file I have:
FILTER-GOODMAILINGLISTS fromfileC:\...path to
file…\filter-GoodMailingLists.txt x -20 0
In the default.junkmail file:
An easy way to whitelist these in your global.cfg
WHITELISTFROM@declude.com
-Nick
MadRiverAccess.com|Skywaves.com Tech Support
US/Canada 877-873-6482 or International +1-802-229-6574
Emergency Support 24/7: supp...@skywaves.net
General and Non-Emergency support ticket:
Yes but if I remember correctly there is a limit on the number of whitelist
entries you can have in the cfg file (200 I think – please correct me if I am
wrong) so depending on the number of domains you are hosting email for, this
could fill up at some point. We use the whitelist technique for
I like the idea of reverse weights over whitelisting. The problem with
whitelisting is that the mail is guaranteed to get through. I just want to
counter-weight mail from a list. For example, I have one list that typically
shows up with a weight of 4-6. I can counter that with –4 and then
I’m confused on what part of the envelope this is filtering on. List messages
show up in the mailbox as From Contributor (such as From: Randy A) and To
Listname (such as To: Declude.JunkMail). I want the positive weight to only
apply to list messages, which means the weight has to be filtered
yup there is some sort of cap in global.cfg the around that is with a
whitelist file that would contain entries like:
MAILFROMWHITELISTCONTAINS@declude.com
and clearly implementation technique is a personal thing :)
We use compensatory filters to add/subtract weights as needed,
13 matches
Mail list logo