RE: [IMail Forum] 2million a week
We do about 200,000 incomming messages a day across 3 iMail servers. We don't use them for POP or IMAP, however. The bigest limitation with iMail is the 64 connection limit; iMail can only receive that many emails at once due to a windows threading/socket limitation and poor implimentation. -Chase Chase Seibert| Network and Systems Engineer | Bullhorn Inc | 617.464.2440 x119 | www.bullhorn.com -Original Message-From:(Keif Gwinn) [EMAIL PROTECTED] To: "IMail_Forum@list.ipswitch.com" <IMAIL_FORUM@LIST.IPSWITCH.COM>;Sent: Jul 19, 2005 08:24:06 AMSubject: [IMail Forum] 2million a weekHi, I've been asked to spec out a system to handle 2 million emails a week -. I've currently got an imail system that uses three machines, Network Load Balancing and dual network cards that handles a million or so messages a week comfortably. However it does that as about 150k a day, rather than 750k in a few hours. If I throw some larger hardware (dual proc, lots of memory) into this group cluster and take it to 6 machines do you think IMail will be able to cope. We're looking at up to 6mb a second whilst it's recieving the emails. Anyone have any experience with this level of email provision and IMail ? - Keif Gwinn Hostway, The Hosting Company 6 Harbour Exchange Sq. London E14 9HE Tel / +44 207 538 8000 Fax / +44 207 538 8001 www.hostway.co.uk To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
RE: [IMail Forum] [Declude.JunkMail] custom delivery executable?
FYI - This does not appear to be the case. Program aliases to not appear to be able to execute rules. This is because they are aliases, not users. -Chase Chase Seibert| Network and Systems Engineer | Bullhorn Inc | 617.464.2440 x119 | www.bullhorn.com -Original Message-From:Darin Cox [EMAIL PROTECTED] To: "Declude.JunkMail@declude.com" <DECLUDE.JUNKMAIL@DECLUDE.COM>;Sent: Jun 23, 2005 03:44:13 PMSubject: Re: [Declude.JunkMail] custom delivery executable?? The program alias would not be fired until local mailbox delivery occurs, so that would be after all IMail and Declude processing. Can't speak to imail1.exe replacement, though it sounds a little risky to me. Darin. - Original Message ----- From: Chase Seibert To: Declude.JunkMail@declude.com Sent: Thursday, June 23, 2005 1:25 PM Subject: RE: [Declude.JunkMail] custom delivery executable? Both of your suggestions have merit. Will a program alias execute after iMail has run the message through it's rules? If rules result in the message going to a particular folder, how would that information be preserved in the hand-off to the executable? As for imail1.exe, does anyone know the extent of what that executable does in the stock iMail install? Are rules processed before, after or inside this executable? -Chase Chase Seibert| Network and Systems Engineer | Bullhorn Inc | 617.464.2440 x119 | www.bullhorn.com -Original Message-From: [EMAIL PROTECTED] To: "Declude.JunkMail@declude.com" <DECLUDE.JUNKMAIL@DECLUDE.COM>;Sent: Jun 23, 2005 11:47:35 AMSubject: Re: [Declude.JunkMail] custom delivery executable?Or another thought to try is renaming your custom delivery app to imail1.exe and replacing theirs Althought I am not sure what else this would break. Darrell Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. Darin Cox writes: You could change all email addresses to be program aliases. The batch file run by the program alias could then dump the message into a text file, or even post the message straight into your database. Darin.- Original Message - From: Chase Seibert To: Declude.JunkMail@declude.com Sent: Thursday, June 23, 2005 9:53 AM Subject: [Declude.JunkMail] custom delivery executable?Hey guys, We have a very non-standard iMail/Declude install. Basically, we only us the system for the SMTP protocol, as well as virus and spam filtering. Once a message has passed through those systems, it's delivered to a mailbox as normal. However, we don't allow POP or IMAP access to our systems. Instead, we parse the mailboxes when they change, pull out new mail and insert it into a SQL Server database for access in our web-based CRM. Messed up, huh? We are looking to skip the whole step of delivering the mail to a mailbox and then chunking it out. It's not a speed problem, but rather a reliability concern. Our current solution has about a .1% failure rate, meaning that some messages are not delivered until the next message comes along into that folder to knock it out. Ok, here is my question. I am wondering if there is some way to setup iMail/Declude so that it delivers a message right to a stand alone file, as apposed to a mailbox Qmail, for example, can do this. I doubt there is any out of the box support for this, so I started investigating using a custom Declude filter for this. From the manual: For more flexibility, you can have Declude JunkMail pass parameters to your program, using variables. For example, you can set up the test as 'TESTNAME external returnvalue "filename %INOROUT%"', which would send the %INOROUT% variable as a parameter to your program (which would be "incoming" for an incoming E-mail, or "outgoing" for an outgoing E-mail). Presumably, we could write a custom executable and define a rule for it in Junkmail. The custom executable would get the entire message body and just pipe it to a stand-alone file. If the message was later also delivered to an iMail mailbox, that's fine. However, I think the issue with that idea is that the filters will not have executed when that custom executable is called Accoring to the Declude manaul, the order of execution is: 1. IMail's Control Access file (to block IPs) 2. IMail's Kill List (to block return addresses) 3. IMail v8 anti-spam (most tests) 4. Declude Virus 5. Declude Hijack 6. Declude JunkMail 7. IMail's filters and extra IMail v8 anti-spam tests *we want to insert a custom exectuable here Is this even possible, or should I just start looking as Linux mail systems?-Chase Chase Seibert | Network and Systems Engineer | Bullhorn Inc | 617.464.2440 x119 | www.bullhorn.com --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, j
[IMail Forum] ISP accusing me of relaying
Hey, I have gotten a couple false reports of spam originating from my system over the last few months. These reports are comming from my ISP. I contend that what they have sent me is not proof, because email headers can be forged. I also present a logical argument for why this mail could not have originated from out system, as well as speculation as to what might have happened. Does this make sense to anyone else? My ISP is acting like they don't beleive me, and saying they will cite this as evidence if they ever want to terminate my access. Here is the header then sent me: Received: from vsmtp15.tin.it (192.168.70.119) by ims5b.cp.tin.it (7.0.027) id 4200083A00DEF78F for [EMAIL PROTECTED]; Thu, 21 Apr 2005 10:18:41 +0200 Received: from cpe-68-203-199-222.satx.res.rr.com (68.203.199.222) by vsmtp15.tin.it (7.0.027) id 4227B8750499C924 for [EMAIL PROTECTED]; Thu, 21 Apr 2005 10:18:41 +0200 Received: from grouppowellone.com (mail1.bullhorn.com [209.202.131.100]) by cpe-68-203-199-222.satx.res.rr.com with esmtp id 9B89474B31 for [EMAIL PROTECTED]; Thu, 21 Apr 2005 01:18:56 -0700 Here is my argument. We don't send mail from 209.202.131.100. That's our incomming mail server. We have a seperate cluster for outgoing mail, that communicates on a seperate IP to the external world (209.202.131.98). In fact, our firewall does not ALLOW outgoing port 25 traffic from any IP except 209.202.131.98. Here is what I think happened: 1. Some RoadRunner (rr.com) home PC has been trojaned by a virus. 2. Virus either looks in the local Outlook address book or does a search online and finds a random contact/DNS record with the domain grouppowellone.com. We happen to host this domain. 4. Virus does an MX lookup on the domain it wishes to forge mail from, and gets mail1.bullhorn.com, 209.202.131.100 as the primary MX record. 5. Virus sends a spam message through the local RoadRunner open SMTP relay server, but forges both the sender (which is a common tactic) AND the first hop of the header (which I am seeing more and more). This has the effect of making it look like the message came from a legit email server. The whole in their plan, with respect to us, is that email does not originate from that IP address in our system. We route all outgoing mail through another IP. Just to be sure, I tested out servers. They are not an open relay: telnet mail1.bullhorn.com 25 220 INBOUND4.BULLHORN.COM (IMail 8.05 139897-7) NT-ESMTP Server X1e ehlo 250-INBOUND4.BULLHORN.COM says hello 250-SIZE 0 250-8BITMIME 250-DSN 250-ETRN 250-AUTH LOGIN CRAM-MD5 250-AUTH=LOGIN 250 EXPN mail from: test@test.com 250 ok rcpt to: [EMAIL PROTECTED] 550 not local host virgilio.it, not a gateway Am I in the right here? This is fairly low volume, we get about 1 report a month. Also, we are on no blacklists except SPEWS, which we have been on for more than a year due to some casino website sharing our IP block. -Chase Chase Seibert | Network and Systems Engineer | Bullhorn Inc. | 617.464.2440 x119 | www.bullhorn.com
[IMail Forum] OT: MS SMTP Logging
I'm know this group isn't for MS SMTP issues, but I'm hoping some of you are running it either as a gateway, and outbound sender or a backup server and have run into this issue. I'm having some trouble writing a web-based log viewer for Microsoft SMTP. I have set up SMTP to log to an ODBC database, which is working fine. It's the content of the data that's throwing me for a loop. Basically, when I query that table, I start with a from address. I can pull out the surrounding log entries for that client host (external IP or name), but I have no way of making sure that all the rows that come back are from the session I am looking for. MS MSTP interleaves the log entries. Fine, I have no problem with that. Why don't they provide some kind of session ID? Most MTAs provide some kind of hash value that is specific to a particular session. I don't think any tool could get that information out of MS SMTP. I see this as cripiling their logging. There are definitely interleaving instances for high-traffic servers that that result in ambiguities that are literally unresolvable, leaving the admin unable to prove a message was handled correctly. Surely MS wasn't that dumb? Is there some kind of session logging I'm missing? Again, clienthost/datetime doesn't always cut it, because sessions to the same host can be interleaved in the logs. -Chase Chase Seibert | Network and Systems Engineer | Bullhorn Inc. | 617.464.2440 x119 | www.bullhorn.com
RE: Re[2]: [IMail Forum] Connecting to a MySQL Database that is using Radius Authentication
Hey guys, I recently received an abuse complaint, concerning a message sent from one of our iMail servers. This is very strange, because in our system, those iMail servers are not ever supposed to send mail; they are inbound only. That, and the fact that I have seen this spam message before in the wild leads me to beleive that we are realying, or have been exploited. Those servers obviously have port 25 open to the world, but they are set to "Relay for addresses", which include only 10.10.30.*, 172.16.0.* and 127.0.0.1. The first two are internal IP ranges associated with the trusted and dmz zones of out network. I assume there is nothing there allowing open relaying. Which leaves me with exploit as the only possibility. It looks like the spammer dictionaried a domain which is lexigraphically very early (atlasadvancement.com), and then did a lookup to see what their MX was. This, I assume, is why they attached the inbound servers and not the outbound servers, which thereare no DNS records for. The question is, did they use some iMail exploit I am unaware of, or could they possibly forge the first-hop IP address? I am not aware whether that is currently even possible, or if so if it's in use by spammers currently. Maybe as a tactic to make IP blacklisting unpractical? I have studied out outgoing mail logs, and do not see this message in them at all. Also, a quick audit of our outgoing mail traffic from before and after this report shows no increase in throughput, which would be expected if we were owned. Also, I have not received a single other abuse complaint. Where do I go from here? Thanks! -Chase Chase Seibert| Network and Systems Engineer | Bullhorn Inc. | 617.464.2440 x119 | www.bullhorn.com
[IMail Forum] Have I been owned?
Sorry for the repost, I didn't change the subject last time. Also, I forgot to mention I'm on the last release of iMail before ICS. Also, this version is in plaintext... thanks! Hey guys, I recently received an abuse complaint, concerning a message sent from one of our iMail servers. This is very strange, because in our system, those iMail servers are not ever supposed to send mail; they are inbound only. That, and the fact that I have seen this spam message before in the wild leads me to beleive that we are realying, or have been exploited. Those servers obviously have port 25 open to the world, but they are set to Relay for addresses, which include only 10.10.30.*, 172.16.0.* and 127.0.0.1. The first two are internal IP ranges associated with the trusted and dmz zones of out network. I assume there is nothing there allowing open relaying. Which leaves me with exploit as the only possibility. It looks like the spammer dictionaried a domain which is lexigraphically very early (atlasadvancement.com), and then did a lookup to see what their MX was. This, I assume, is why they attached the inbound servers and not the outbound servers, which there are no DNS records for. The question is, did they use some iMail exploit I am unaware of, or could they possibly forge the first-hop IP address? I am not aware whether that is currently even possible, or if so if it's in use by spammers currently. Maybe as a tactic to make IP blacklisting unpractical? I have studied out outgoing mail logs, and do not see this message in them at all. Also, a quick audit of our outgoing mail traffic from before and after this report shows no increase in throughput, which would be expected if we were owned. Also, I have not received a single other abuse complaint. Where do I go from here? Thanks! -Chase Chase Seibert | Network and Systems Engineer | Bullhorn Inc. | 617.464.2440 x119 | www.bullhorn.com
RE: [IMail Forum] Have I been owned?
Here are the headers, un-obfuscated. One thing I just noticed: Received: from atlasadvancement.com (mail1.bullhorn.com = [209.202.131.100]) My server would not identify itself as atlasadvancement.com, even if it was owned. It's internal name is INBOUND2.BULLHORN.COM... proof? Return-path: [EMAIL PROTECTED] Received: from sprite.orange.co.uk (sprite.orange.co.uk [193.36.79.39]) by mail2.orange.net (iPlanet Messaging Server 5.2 HotFix 1.23 (built Nov 19 2003)) with ESMTP id [EMAIL PROTECTED] for = [EMAIL PROTECTED]; Fri, 04 Mar 2005 20:52:52 + (GMT) Received: from mail03-orange.uk.cleanport.com (mail03-orange.uk.cleanport.com [212.79.238.82]) by sprite.orange.co.uk (iPlanet Messaging Server 5.2 (built Feb 21 = 2002)) with ESMTP id [EMAIL PROTECTED] for = [EMAIL PROTECTED] (ORCPT [EMAIL PROTECTED]); Fri, 04 Mar 2005 20:52:52 + (GMT) Received: from eforward5.name-services.com ([212.118.243.116] HELO=3Deforward5.name-services.com) by mail03-orange.uk.cleanport.com (CleanSMTPd 1.5.4) with ESMTP id 4228CA13-0 for [EMAIL PROTECTED]; Fri, 04 Mar 2005 21:52:24 +0100 Received: from adsl-3-163-8.mia.bellsouth.net ([65.3.163.8]) by eforward5.name-services.com with Microsoft SMTPSVC(5.0.2195.6747); = Fri, 04 Mar 2005 12:46:39 -0800 Received: from atlasadvancement.com (mail1.bullhorn.com = [209.202.131.100]) by adsl-3-163-8.mia.bellsouth.net with esmtp id 1AB305A188 for [EMAIL PROTECTED]; Fri, 04 Mar 2005 12:52:17 -0800 Date: Fri, 04 Mar 2005 12:52:17 -0800 From: Renumbering O. Samoyed [EMAIL PROTECTED] Subject: Have at you! To: Marc [EMAIL PROTECTED] Message-id: [EMAIL PROTECTED] MIME-version: 1.0 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1081 X-Mailer: Microsoft Outlook Express 6.00.2800.1437 Content-type: multipart/alternative; boundary=3D=3D_NextPart_000_0022_ECAFA535.E8408095 X-Priority: 3 X-MSMail-priority: Normal X-Kaspersky-Antivirus: passed Original-recipient: rfc822;[EMAIL PROTECTED] X-OriginalArrivalTime: 04 Mar 2005 20:46:39.0453 (UTC) FILETIME=3D[43B1C0D0:01C520FB] -Chase Chase Seibert | Network and Systems Engineer | Bullhorn Inc. | 617.464.2440 x119 | www.bullhorn.com -Original Message- From: [EMAIL PROTECTED] To: IMail_Forum@list.ipswitch.com ; Sent: Mar 17, 2005 03:20:33 PM Subject: [IMail Forum] Have I been owned? Hey guys, I recently received an abuse complaint, concerning a message sent from one of our iMail servers. This is very strange, because in our system, those iMail servers are not ever supposed to send mail; they are inbound only. That, and the fact that I have seen this spam message before in the wild leads me to beleive that we are realying, or have been exploited. Those servers obviously have port 25 open to the world, but they are set to Relay for addresses, which include only 10.10.30.*, 172.16.0.* and 127.0.0.1. The first two are internal IP ranges associated with the trusted and dmz zones of out network. I assume there is nothing there allowing open relaying. Which leaves me with exploit as the only possibility. It looks like the spammer dictionaried a domain which is lexigraphically very early (atlasadvancement.com), and then did a lookup to see what their MX was. This, I assume, is why they attached the inbound servers and not the outbound servers, which there are no DNS records for. The question is, did they use some iMail exploit I am unaware of, or could they possibly forge the first-hop IP address? I am not aware whether that is currently even possible, or if so if it's in use by spammers currently. Maybe as a tactic to make IP blacklisting unpractical? I have studied out outgoing mail logs, and do not see this message in them at all. Also, a quick audit of our outgoing mail traffic from before and after this report shows no increase in throughput, which would be expected if we were owned. Also, I have not received a single other abuse complaint. Where do I go from here? Thanks! -Chase Chase Seibert | Network and Systems Engineer | Bullhorn Inc. | 617.464.2440 x119 | www.bullhorn.com
RE: [IMail Forum] Have I been owned?
We don'thave the POP or IMAP ports open to this server. It's just for inbound email. We feed the email into aSQLbased website front-end outside of iMail. -Chase Chase Seibert| Network and Systems Engineer | Bullhorn Inc | 617.464.2440 x119 | www.bullhorn.com -Original Message-From:Tom Grady [EMAIL PROTECTED] To: "IMail_Forum@list.ipswitch.com" <IMAIL_FORUM@LIST.IPSWITCH.COM>;Sent: Mar 17, 2005 03:28:49 PMSubject: RE: [IMail Forum] Have I been owned?Have you upgraded to protect against the IMAP exploit? Sincerely, Tom Grady General Manager - eBASE, LLC www.ebaseweb.com ::hosting.design.email:: [EMAIL PROTECTED] 2550 Belle Chasse Hwy, Suite 170 Gretna, LA 70053 504.368.2236 office 504.400.2236 mobile 425.790.2766 fax -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chase Seibert Sent: Thursday, March 17, 2005 2:19 PM To: IMail_Forum@list.ipswitch.com Subject: [IMail Forum] Have I been owned? forgot to mention I'm on the last release of iMail before ICS. Also, this version is in plaintext... thanks! Hey guys, I recently received an abuse complaint, concerning a message sent from one of our iMail servers. This is very strange, because in our system, those iMail servers are not ever supposed to send mail; they are inbound only That, and the fact that I have seen this spam message before in the wild leads me to beleive that we are realying, or have been exploited. Those servers obviously have port 25 open to the world, but they are set to "Relay for addresses", which include only 10.10.30.*, 172.16.0.* and 127.0.0.1. The first two are internal IP ranges associated with the trusted and dmz zones of out network. I assume there is nothing there allowing open relaying. Which leaves me with exploit as the only possibility. It looks like the spammer dictionaried a domain which is lexigraphically very early (atlasadvancement.com), and then did a lookup to see what their MX was. This, I assume, is why they attached the inbound servers and not the outbound servers, which there are no DNS records for. The question is, did they use some iMail exploit I am unaware of, or could they possibly forge the first-hop IP address? I am not aware whether that is currently even possible, or if so if it's in use by spammers currently. Maybe as a tactic to make IP blacklisting unpractical? I have studied out outgoing mail logs, and do not see this message in them at all. Also, a quick audit of our outgoing mail traffic from before and after this report shows no increase in throughput, which would be expected if we were owned. Also, I have not received a single other abuse complaint. Where do I go from here? Thanks! -Chase Chase Seibert | Network and Systems Engineer | Bullhorn Inc. | 617.464.2440 x119 | www.bullhorn.com To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
RE: [IMail Forum] Have I been owned?
Here are the headers. It looks like we are the bottom received header item, not the top. It looks like the address who reported it was [EMAIL PROTECTED] I don't see anything in the headers from their domain, but their MX records point to eforward3.name-services.com. This IS on the received headers list, the hop right before: adsl-3-163-8.mia.bellsouth.net. That looks to me like a trojaned home dsl machine. Issue solved? Return-path: [EMAIL PROTECTED] Received: from sprite.orange.co.uk (sprite.orange.co.uk [193.36.79.39]) by mail2.orange.net (iPlanet Messaging Server 5.2 HotFix 1.23 (built Nov 19 2003)) with ESMTP id [EMAIL PROTECTED] for = [EMAIL PROTECTED]; Fri, 04 Mar 2005 20:52:52 + (GMT) Received: from mail03-orange.uk.cleanport.com (mail03-orange.uk.cleanport.com [212.79.238.82]) by sprite.orange.co.uk (iPlanet Messaging Server 5.2 (built Feb 21 = 2002)) with ESMTP id [EMAIL PROTECTED] for = [EMAIL PROTECTED] (ORCPT [EMAIL PROTECTED]); Fri, 04 Mar 2005 20:52:52 + (GMT) Received: from eforward5.name-services.com ([212.118.243.116] HELO=3Deforward5.name-services.com) by mail03-orange.uk.cleanport.com (CleanSMTPd 1.5.4) with ESMTP id 4228CA13-0 for [EMAIL PROTECTED]; Fri, 04 Mar 2005 21:52:24 +0100 Received: from adsl-3-163-8.mia.bellsouth.net ([65.3.163.8]) by eforward5.name-services.com with Microsoft SMTPSVC(5.0.2195.6747); = Fri, 04 Mar 2005 12:46:39 -0800 Received: from atlasadvancement.com (mail1.bullhorn.com = [209.202.131.100]) by adsl-3-163-8.mia.bellsouth.net with esmtp id 1AB305A188 for [EMAIL PROTECTED]; Fri, 04 Mar 2005 12:52:17 -0800 Date: Fri, 04 Mar 2005 12:52:17 -0800 From: Renumbering O. Samoyed [EMAIL PROTECTED] Subject: Have at you! To: Marc [EMAIL PROTECTED] Message-id: [EMAIL PROTECTED] MIME-version: 1.0 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1081 X-Mailer: Microsoft Outlook Express 6.00.2800.1437 Content-type: multipart/alternative; boundary=3D=3D_NextPart_000_0022_ECAFA535.E8408095 X-Priority: 3 X-MSMail-priority: Normal X-Kaspersky-Antivirus: passed Original-recipient: rfc822;[EMAIL PROTECTED] X-OriginalArrivalTime: 04 Mar 2005 20:46:39.0453 (UTC) FILETIME=3D[43B1C0D0:01C520FB] -Chase Chase Seibert | Network and Systems Engineer | Bullhorn Inc. | 617.464.2440 x119 | www.bullhorn.com -Original Message- From:Scott Perry [EMAIL PROTECTED] To: IMail_Forum@list.ipswitch.com ; Sent: Mar 17, 2005 03:38:55 PM Subject: Re: [IMail Forum] Have I been owned? I recently received an abuse complaint, concerning a message sent from one of our iMail servers. This is very strange... One question: Was there a Received: header added by the complainer's mailserver (or another mailserver they trust), that has your IP as the source of the E-mail? If not, the complaint is not valid. If they can't answer that question, the complaint is probably not valid. In the second case, it would probably be worth investigating a bit just to be sure, if you have the time. If the *top* Received: header has your IP in it, there is a good chance that the E-mail came from your server -- but that isn't certain (spamware could identify itself as HELO [192.0.2.25], in which case the Received: header might have from [192.0.2.25] [127.0.0.1] where 127.0.0.1 is the true source of the E-mail. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
RE: [IMail Forum] OT: How to specify outgoing IP in MS SMTP
I assume you mean you have two IP addresses assigned to the server, but you want to send using just one, for blacklist/RDNS purposes. One thing you can do is change the routing tables on that server. Try route and route print from the command line to get started. -Chase Chase Seibert | Network and Systems Engineer | Bullhorn Inc. | 617.464.2440 x119 | www.bullhorn.com -Original Message- From:Matt [EMAIL PROTECTED] To: IMail_Forum@list.ipswitch.com ; Sent: Jan 7, 2005 02:41:52 PM Subject: [IMail Forum] OT: How to specify outgoing IP in MS SMTP I was hoping that someone here had an answer for this after I came up with nothing even remotely related through extensive googling. Basically, MS SMTP will use the machine's default IP address when sending E-mail (unless you specify another SMTP server as the Smart Host, which doesn't apply). I would like to have MS SMTP send E-mail using the same IP address that it is bound to for listening. I have have found nothing that even indicates that this is a limitation, so I'm not sure if it is possible, or if there is a metabase hack for this. Any help would be appreciated. Thanks, Matt -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
[IMail Forum] OT: PST to MBX or eml files
Hye guys, I'm starting a project to import PST files into our backend system. I know that you can use IMAP to do this pretty easily, which is actually what we have been doing for such conversions in the past. However, I'm looking for a more automated solution, because we have to do about 200 different PST files. We are not strictly iMail on the backend, so I can deal with the export in a few different formats. Ideally, I would like them to end up in seperate EML files with the MIME attachments embeded. However, I could go to MBX first, and then convert them myself or use iMail. Does anyone know of good PST - EML/MBX software? I've seen a few open source tools, but they have given me problems. I also looked at Mozilla Thunderbird, which can convert PSTs to MBX, but this is just slightly more automated than IMAP. Any other solutions? We are not averse to paying for a good COM object or utility. Thanks! -Chase Chase Seibert | Network and Systems Engineer | Bullhorn Inc. | 617.464.2440 x119 | www.bullhorn.com
RE: [IMail Forum] Collaboration is now available :(
I for one will be the first to welcome our new sendmail overlords. Seriously, this sucks. -Chase Chase Seibert | Network and Systems Engineer | Bullhorn Inc. | 617.464.2440 x119 | www.bullhorn.com
RE: [IMail Forum] Declude Support for another platform
Why not something free and open-source like sendmail/postfix? That way they are exempt from future corporate changes, and their code would not have to be released if they run the MTA as a seperate service. Declude does all the hard stuff anyway, the gateway is just a standards-compliant session negotiator. Are there Win32 compiles available? Scott, let us know before we all jump ship for another product! -Chase Chase Seibert | Network and Systems Engineer | Bullhorn Inc. | 617.464.2440 x119 | www.bullhorn.com
RE: [IMail Forum] Continue Processing Rules?
Very cool, that's exactly what I wanted. Now to build an interface... Thanks a lot! -Chase Chase Seibert| Network and Systems Engineer | Bullhorn Inc | 617.464.2440 x119 | www.bullhorn.com -Original Message-From:Sanford Whiteman [EMAIL PROTECTED] To: "Chase Seibert" <[EMAIL PROTECTED]>;Sent: Oct 17, 2004 04:24:03 PMSubject: Re: [IMail Forum] Continue Processing Rules? I know I could forward via another mechanism besides a rule to side-step this, but that would forward ALL mail; I just want to forward mail that is addresses to me specifically (ie, not mailing lists, like this one). A per-mailbox forwarding rule is accomplished by creating a .FWD file with the same syntax as FORWARD.IMA. --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.mailmage.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.mailmage.com/products/software/freeutils/exchange2aliases/download/release/ http://www.mailmage.com/products/software/freeutils/ldap2aliases/download/release/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
[IMail Forum] Continue Processing Rules?
I have a question about iMail rules. Is it possible to have a message fire multiple rules? Normally, once iMail finds a rule that matches, it stops. However, I would like to flag some rules so that after they match a message, the remaining rules would still be run through. Here is my situation: My highest priority rule simply forwards a subset of my mail to a handheld device. It looks like: iMail:[EMAIL PROTECTED]:[EMAIL PROTECTED] However, I have a whole slew of other rules that I would like to process after this COPY rule forwards the message out. Typically, these remaining rules filter mail into folders in my local mailbox. Right now, if the COPY rule is fired, the message dumps into my local inbox, regardless of whether it matches another folder rule. This is particularly bothersome for spam messages. I know I could forward via another mechanism besides a rule to side-step this, but that would forward ALL mail; I just want to forward mail that is addresses to me specifically (ie, not mailing lists, like this one). Am I missing some syntax that would do what I want? Thanks! -Chase Chase Seibert | Network and Systems Engineer | Bullhorn Inc. | 617.464.2440 x119 | www.bullhorn.com
RE: [IMail Forum] DNS Blacklist Speed
FYI- This turned out to be a couple of different problems. 1. Of the14 DNS blacklists I was using, 4 of them were routinely slow, even to the point of timing out. I ditched them. 2. The iMail drivehad 45% file fragmentation. I had thought that this wouldn't be an issue, because in our system, the iMail data files are blown away every week (we insert them into a database in real-time). Boy, was I wrong on that one. Even after a weekly deletion, the file fragmentation was this in the 40s. Running a defrag solved it (8 hours later), andI added the defrag to our weekly downtime batch. After taking these steps, we got the lag down from 30-60 seconds to 2-3 seconds. Each step appeared to account for about half of the slowdown. Thanks! -Chase Chase Seibert| Network and Systems Engineer | Bullhorn Inc. | 617.464.2440 x119 | www.bullhorn.com -Original Message-From: [EMAIL PROTECTED] To: [EMAIL PROTECTED];Sent: Oct 5, 2004 10:36:45 AMSubject: DNS Blacklist Speed We are seeing a slight 30-60 second delay on incomming email, which I've tracked down to the DNS blacklist lookups. I have a couple of questions regarding how to fix this, if possible. Granted, I do have 14 rules, which I suppose I could cut back on. 1. Why aren't these queries done in parallel? Could they be? I suspect this would speed them up by a factor of 10. 2. Is 14 rules too many, or do I just have to live with a 30 delay at this number? 3. Would caching speed this up? I have the iMail DNS cache set to 200. Does this get used for blacklists? Should I up it? 4. Has anyone implimented some kind of caching on their local DNS server that would speed this up? We run MS DNS, not sure what the caching is like. I know a 30-60 second delay is not that bad; email is not IM after all. However, prior to having spam filtering, it was virtually instantaneous (1-2 seconds). The clients are givin us a hard time about it, even though they love the spam filtering. Thanks! -Chase Chase Seibert| Network and Systems Engineer | Bullhorn Inc. | 617.464.2440 x119 | www.bullhorn.com
[IMail Forum] DNS Blacklist Speed
We are seeing a slight 30-60 second delay on incomming email, which I've tracked down to the DNS blacklist lookups. I have a couple of questions regarding how to fix this, if possible. Granted, I do have 14 rules, which I suppose I could cut back on. 1. Why aren't these queries done in parallel? Could they be? I suspect this would speed them up by a factor of 10. 2. Is 14 rules too many, or do I just have to live with a 30 delay at this number? 3. Would caching speed this up? I have the iMail DNS cache set to 200. Does this get used for blacklists? Should I up it? 4. Has anyone implimented some kind of caching on their local DNS server that would speed this up? We run MS DNS, not sure what the caching is like. I know a 30-60 second delay is not that bad; email is not IM after all. However, prior to having spam filtering, it was virtually instantaneous (1-2 seconds). The clients are givin us a hard time about it, even though they love the spam filtering. Thanks! -Chase Chase Seibert | Network and Systems Engineer | Bullhorn Inc. | 617.464.2440 x119 | www.bullhorn.com
[IMail Forum] OT: Lotus notes TO fields
This is not strictly iMail related, but rather a general email question. We have a client sending email from Lotus Notes. Sometimes the TO fields come in with the following format: To: [EMAIL PROTECTED], John Doe/[EMAIL PROTECTED] They are sending to two addresses, and Lotus notes has prepended the user's real name in the second case. I don't think I've seen this before (with the forward slash), and it's causing some problems with a custom .exe for auto-responses. The client claims this is RFC-821 compliant. Not sure if it is, or even if that is a current/standard RFC. Can anyone shed some light on this? I imagine we will end up supporting it because it's not that much work. I just want to know the real deal. Thanks! -Chase Chase Seibert | Network and Systems Engineer | Bullhorn Inc. | 617.464.2440 x119 | www.bullhorn.com
[IMail Forum] iMail Rules - Copy Another Address
I am trying to set up some rules on our email server, and running into a few problems. I have tried both setting these rules by hand and through the GUI. Basically, I need all incomming emails on this one account to get copied to another address, unless there are certain things in the header (like the spam tokens). The problem appears to be that Does Not Contain for headers doesn't work. Ie, H!~token seems to match everything, even messages with the token in them. Example: H!~X-IMAIL-SPAM:[EMAIL PROTECTED] Again, this seems to forward EVERYTHING, even items with spam tokens. Anyone else run into this? Is my syntax correct? -Chase Chase Seibert | Network and Systems Engineer | Bullhorn Inc. | 617.464.2440 x119 | www.bullhorn.com
[IMail Forum] a smaller/different(?) Win2003 + Anti-spam latency issue
I know there has been a lot of discussion about Win2003 and iMail's Anti-Spam checks lasting minutes or even hours when using DNS in 2003. This is not my problem. Our iMail runs on a Windows 2003 server, but DNS is pointed to a Windows 2000 machine. My spam checks slowed down considerably when I moved to 2003, but not to the extent of minutes or hours. Rather, by 10 blacklists now take 20-30 seconds to check, whereas before they were in the 2-3 second range. Not a big annoyance;I personally don't see any problem with email being delayed by half a minute. However, I want to understand why this is happening. Is anyone else hacing this experience? I'm wondering if perhaps one or more of the blacklists I am using is slowing it down. Perhaps they are non-existant. How do I check this from the command line? Here is my current list: spamhaus*sbl.spamhaus.orgDTF SpamCop*bl.spamcop.netDTF dsbl*list.dsbl.orgDTF njabl*dnsbl.njabl.orgDTF Spews*spews.bl.reynolds.net.auDTF reynolds*t1.bl.reynolds.net.auDTF Orid*dnsbl.antispam.or.idDTF easynet-dyna*ynablock.easynet.nlDTF easynet-bl*blackholes.easynet.nlDTF Any one of these suspect? -Chase Chase Seibert| Network and Systems Engineer | Bullhorn Inc. | 617.464.2440 x119 | www.bullhorn.com -Original Message-From:Greg Foulks [EMAIL PROTECTED] To: "IMail_Forum" <[EMAIL PROTECTED]>;Sent: Jun 22, 2004 10:45:57 AMSubject: [IMail Forum] Anyone have peering working?In my quest to setup mirroring Imail servers in version 6 I can't seem to find the configuration for peering. I'm following the manuals directions however I do not see anything that suggests that I can add peering Imail servers to this installation as the manual describes. Anyone? Thanks, Greg To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
[IMail Forum] iMail outgoing rule to smarthost to another server?
Some of our clients want their outgoing email smart hosted through an outside SMTP server. We are using iMail as the backend for a web based solution, so they can't configure Outlook to talk to this outside SMTP server. What I am investigating is whether it's possible to set an outgoing rule in iMail to act on mail with a specified header item and smarthost all that mail to an outside server. I know, for example, that I could redirect to an outside email address. Can I just put an smtp server IP/DNS name in that redirect field? Any other ideas? Does declude/something else allow this? -Chase Chase Seibert | Network and Systems Engineer | Bullhorn Inc. | 617.464.2440 x119 | www.bullhorn.com
RE: [IMail Forum] iMail outgoing rule to smarthost to another server?
Yes, I do think there is a legitimate need for this. More and more of our outgoing email is getting caught in spam filters. Some of our customers want to send the mail through their servers because they do less traffic, and beleive they would be able to get the messages through. -Chase Chase Seibert | Network and Systems Engineer | Bullhorn Inc. | 617.464.2440 x119 | www.bullhorn.com -Original Message- From:Sanford Whiteman [EMAIL PROTECTED] To: Chase Seibert ; Sent: May 25, 2004 01:39:11 PM Subject: Re: [IMail Forum] iMail outgoing rule to smarthost to another server? What I am investigating is whether it's possible to set an outgoing rule in iMail to act on mail with a specified header item and smarthost all that mail to an outside server. No, you cannot smarthost based on sender information. I know, for example, that I could redirect to an outside email address. Can I just put an smtp server IP/DNS name in that redirect field? Nope. Any other ideas? Does declude/something else allow this? In theory, you could write a SendName that appends '@[1.1.1.1]' to the recipients of selected messages, using the 'percent hack' to create a source-routing setup. But do these people really have a need for this? Why send wildcard outgoing mail through another hop? Do they need a copy (if so, that can be accomplished through other means)? --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.mailmage.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange Addresses into IMail Aliases! http://www.mailmage.com/products/software/freeutils/exchange2aliases/download/release/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
RE: [IMail Forum] iMail outgoing rule to smarthost to another server?
By and large we are not getting caught by content filtering, but by DNS blacklists. For a while some sites were rejecting us because we were in the same IP block as a casino website. We have been getting blocked for not having a RDNS entry on outbound3.bullhorn.com [209.202.131.98], which is not true but no one seems to care. Either that, or they have some alternate definition of RDNS that doesn't allow us to send from a different server than we receive email into. Right nowwe are not listed on anyDNS blacklist I know of, but stupid ass sites like RR.comcontinue to home brew spam filtering schemes that make no sense. I surecould try to work it out with them, if they everpicked up thephone. How am Isupposed toinvestigateissues when 25% of the people who are blocking usnow refuse to even send an NDR. It's insane! The bottom line is that it's getting harder to send email on the internet. I accept that. One simple solution is to let our clients send the email themselves. They don't do enough traffic by themselves to get blacklisted, and even if they do it's 100% their fault. Right now, any one of our clients can blacklist the whole lot. From a design standpoint, it does make sense. They are prepared to take that responsibility. It's not like we're an ISP; email is a small part of our service. I was looking for more of a technical solution and less of a moral reproach. In an age when the email server you are sending from can be blacklisted for the actions of a single user, yes it does make sense to compartimentalize outgoing email. -Chase Chase Seibert| Network and Systems Engineer | Bullhorn Inc | 617.464.2440 x119 | www.bullhorn.com -Original Message-From:Travis Rabe [EMAIL PROTECTED] To: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]>;Sent: May 25, 2004 01:56:04 PMSubject: RE: [IMail Forum] iMail outgoing rule to smarthost to another server?-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Chase Seibert Sent: Tuesday, May 25, 2004 10:43 AM To: [EMAIL PROTECTED] Subject: RE: [IMail Forum] iMail outgoing rule to smarthost to another server? Yes, I do think there is a legitimate need for this. More and more of our outgoing email is getting caught in spam filters. Some of our customers want to send the mail through their servers because they do less traffic, and beleive they would be able to get the messages through. Ahh..then this would be the wrong approach to fixing the problem. Examine why they are getting caught. If it's due to content filtering - then it won;t matter how it is sent or from where. If it is becasue you are blacklistedmaybe you should determine why and then fix the problem. Your solution is similar to asking a friend of your to deliver junk mail for you toa housebottom line is it's going to get tossed aside either way. Travis -Chase Chase Seibert | Network and Systems Engineer | Bullhorn Inc. | 617.464.2440 x119 | www.bullhorn.com-Original Message- From:Sanford Whiteman [EMAIL PROTECTED] To: "Chase Seibert" ; Sent: May 25, 2004 01:39:11 PM Subject: Re: [IMail Forum] iMail outgoing rule to smarthost to another server? What I am investigating is whether it's possible to set an outgoing rule in iMail to act on mail with a specified header item and smarthost all that mail to an outside server. No, you cannot smarthost based on sender information. I know, for example, that I could redirect to an outside email address. Can I just put an smtp server IP/DNS name in that redirect field? Nope. Any other ideas? Does declude/something else allow this? In theory, you could write a SendName that appends '@[1.1.1.1]' to the recipients of selected messages, using the 'percent hack' to create a source-routing setup. But do these people really have a need for this? Why send wildcard outgoing mail through another hop? Do they need a copy (if so, that can be accomplished through other means)? --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.mailmage.com/products/software/freeutils/SPAMC32/downl oad/release/ Defuse Dictionary Attacks: Turn Exchange Addresses into IMail Aliases! http://www.mailmage.com/products/software/freeutils/exchange2aliases/downloa d/release/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
[IMail Forum] OT: Basic email RFCs?
After asking some admittedly basic questions about DNS on this list and reading the responses, it seems that I have some homework to do in order to become a more knowledgeable well-behaved email server administrator. My question is, which RFC documents should I start with to learn about standard practices for DNS setup on a mailserver, as well as basic SMTP practices of not blocking null senders, sending NDRs, etc. Which RFCs are out there but no longer valid? Which have been usurped by a new RFC, etc? Thanks guys, -Chase Network and Systems Engineer Bullhorn, Inc. 125 B St. Boston, MA 02127 p. 617.464.2440 ex 119 m. 617.512.0326 www.bullhornstaffing.com
[IMail Forum] OT: Outgoing email service?
Does anyone know of a good service for outsourcing your outgoing mail? Basically what we are looking for is a service that we can smarthost all out outgoing mail to. We need a company who is in the bussiness of making sure they are compliant with current spam regulations and unofficial spam filter methodologies. Ideally, we would like all non-spam messages to be delivered if at all humanly possible. We would also like someone to take charge of blocking spam out users are trying to send, possibly producing detailed reports we can use to police the offenders. Does such a service even exist? For a company such as ourselves who specialize in a particular niche of software but have been roped into being mail administrators for our users, such a service would be well worth paying for. -Chase Network and Systems Engineer Bullhorn, Inc. 125 B St. Boston, MA 02127 p. 617.464.2440 ex 119 m. 617.512.0326 www.bullhornstaffing.com
RE: [IMail Forum] AOL - Reverse DNS Rejections
I was merely hoping that the problem was something we could directly effect, like a missing RDNS entry. AOL users complaining that our customers are spamming them is probably not unfounded or unwarrented, unfortunately. We provide a web based Outlook replacement for recruiting companies. Our clients commonly email candidates telling them about new jobs, etc. I'm sure their email borders on spam, and I'm sure they are not great about taking people off their lists when they actually land a job. If I were one of their candidates, I would probably block them as spammers, too. I just wish that AOL would not block the message, in favor of delivering it to a special spam folder. At least this would allow the user to choose whether they wanted to see it. Anyone else have to deal with a customer base in the spamming grey area? -Chase Network and Systems EngineerBullhorn, Inc.125 B St.Boston, MA 02127 p. 617.464.2440 ex 119 m. 617.512.0326www.bullhornstaffing.com -Original Message-From:R. Scott Perry [EMAIL PROTECTED] To: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]>;Sent: Apr 20, 2004 07:12:32 AMSubject: RE: [IMail Forum] AOL - Reverse DNS RejectionsSo are you saying that the RDNS results at dnsstuff for bullhorn.com don't matter? They do indeed generate a failure, but I'm unclear as to whether this is a test an actual mail server would use. That is correct, in this case. Specifically, the E-mail is being sent from an IP other than the one(s) in the MX record. If the IP address(es) that are actually sending the mail have reverse DNS, AOL will happily accept the mail. Unless there is another problem, as is the case here (AOL apparently received spam complaints from users). All our mail comes from outbound3.bullhorn.com, but this is not a registered mail server for bullhorn.com. This is because we have seperate incomming and outgoing mail servers. Would AOL look at our connecting mailserver (outbound3.bullhorn.com) and do an MX lookup for bullhorn.com? No. If so, outbound3.bullhorn.com would not be one of the servers that came back. Is this what they mean by a RDNS failure? No. Is it ok to have seperate incomming and outgoing email servers in general? Yes. However, it does worry me that you are completely overlooking this: Diagnostic-Code: smtp;554-: (RLY:BD) http://postmaster.aol.com/guidelines/bulk_email.html The mail server you are using to send mail to AOL has been identified as a source of spam. If you believe this message is in error, please have your mail administrator contact AOL at 888-212-5537. AOL is telling you that your IP has been identified as a source of spam. That's the problem. AOL you identified you as a spammer, yet all you seem to be concerned about is your reverse DNS entry. Please re-read and then re-read again the above details. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
RE: [IMail Forum] AOL - Reverse DNS Rejections
Where did you come up with this domain name? We do indeed own it, but we don't send or receive mail with it. -Chase Network and Systems EngineerBullhorn, Inc.125 B St.Boston, MA 02127 p. 617.464.2440 ex 119 m. 617.512.0326www.bullhornstaffing.com -Original Message-From:Matrosity Tech Support [EMAIL PROTECTED] To: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]>;Sent: Apr 20, 2004 09:15:55 AMSubject: RE: [IMail Forum] AOL - Reverse DNS RejectionsThere are more problems on the ponderosa: http://www.dnsreport.com/tools/dnsreport.ch?domain=bullhornstaffing.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Larry Coker Sent: Tuesday, April 20, 2004 8:08 AM To: [EMAIL PROTECTED] Subject: RE: [IMail Forum] AOL - Reverse DNS Rejections -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chase Seibert Sent: Monday, April 19, 2004 5:58 PM To: [EMAIL PROTECTED] Subject: [IMail Forum] AOL - Reverse DNS RejectionsI am going nuts trying to figure out this RDNS issue with AOL. They are routinely blocking our mail because they say we don't have a reverse DNS entry for our mail server. I think we do.I sent a message out from our system which was then relayed back to us. It looks like our IP address is 209.202.131.98. Here is the relavant header tidbit:Received: from outbound3.bullhorn.com [209.202.131.98] by chekov.myinternetwebhost.com with ESMTP (SMTPD32-7.15) id A8BA27B0154; Mon, 19 Apr 2004 14:46:34 -0700So, I assume AOL wants to see a reverse DNS entry for 209.202.131.98 pointing back to outbound3.bullhorn.com. According to: http://remote.12dtcom/rns/, there is!The error AOL comes back with is:Diagnostic-Code: smtp;554-: (RLY:BD) http://postmaster.aol.com/guidelines/bulk_email.html The mail server you are using to send mail to AOL has been identified as a source of spam. If you believe this message is in error, please have your mail administrator contact AOL at 888-212-5537. 554 TRANSACTION FAILED no reverse-DNS (PTR record) assigned. which 220 have no reverse-DNS (PTR record) assigned. ions from IP addresses which 220 have no reverse-DNS (PTR record) assigned.What am I missing? -ChaseNetwork and Systems Engineer Bullhorn, Inc. 125 B St. Boston, MA 02127 p. 617.4642440 ex 119 m. 617.512.0326 www.bullhornstaffing.com For more information on getting email into the AOL network go here: http://postmaster.info.aol.com/ I checked the error with AOL and it appears that they have black listed your IP address. This actually is not a reverse PTR problem. I would recommend contacting them to sort out th problem. Larry Coker [EMAIL PROTECTED] Development Team 1-866-434-0212 x401 To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
[IMail Forum] Outgoing: Smart Smarthosting?
Related to a recent thread regarding outgoing email being blocked, some of our clients have requested that we allow them to host their own SMTP servers for outgoing email only. Right now, the code that generates an outgoing email file places this file in the MS SMTP Queue directory. This could easily be modified to dump the file to a special directory per client if they are doing their own sending. My question is: does anyone know of a good outgoing SMTP sever that could be configured to watch a bunch of folders and forward all mail in a particular folder via a particular smarthost? I don't beleive MS SMTP can do this because it only watches one directory and cannot do smarthosting to various servers based on content. Perhaps it would be easier to just write a piece of code in .NET to do this... Anyone have a pre-built solution? -Chase Network and Systems Engineer Bullhorn, Inc. 125 B St. Boston, MA 02127 p. 617.464.2440 ex 119 m. 617.512.0326 www.bullhornstaffing.com
[IMail Forum] AOL - Reverse DNS Rejections
I am going nuts trying to figure out this RDNS issue with AOL. They are routinely blocking our mail because they say we don't have a reverse DNS entry for our mail server. I think we do. I sent a message out from our system which was then relayed back to us. It looks like our IP address is 209.202.131.98. Here is the relavant header tidbit: Received: from outbound3.bullhorn.com [209.202.131.98] by chekov.myinternetwebhost.com with ESMTP (SMTPD32-7.15) id A8BA27B0154; Mon, 19 Apr 2004 14:46:34 -0700 So, I assume AOL wants to see a reverse DNS entry for 209.202.131.98 pointing back to outbound3.bullhorn.com. According to: http://remote.12dt.com/rns/, there is! The error AOL comes back with is: Diagnostic-Code: smtp;554-: (RLY:BD) http://postmaster.aol.com/guidelines/bulk_email.html The mail server you are using to send mail to AOL has been identified as a source of spam. If you believe this message is in error, please have your mail administrator contact AOL at 888-212-5537. 554 TRANSACTION FAILED no reverse-DNS (PTR record) assigned. which 220 have no reverse-DNS (PTR record) assigned. ions from IP addresses which 220 have no reverse-DNS (PTR record) assigned. What am I missing? -Chase Network and Systems Engineer Bullhorn, Inc. 125 B St. Boston, MA 02127 p. 617.464.2440 ex 119 m. 617.512.0326 www.bullhornstaffing.com
RE: [IMail Forum] AOL - Reverse DNS Rejections
I suppose this makes sense. It looks like they are looking at the IP addresses for mail1.bullhorn.com and mail2.bullhorn.com, our INCOMMING mail servers. One problem is that our mail goes out from differentservers. -Chase Network and Systems EngineerBullhorn, Inc.125 B St.Boston, MA 02127 p. 617.464.2440 ex 119 m. 617.512.0326www.bullhornstaffing.com -Original Message-From:Brad Morgan [EMAIL PROTECTED] To: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]>;Sent: Apr 19, 2004 06:17:53 PMSubject: RE: [IMail Forum] AOL - Reverse DNS Rejections I am going nuts trying to figure out this RDNS issue with AOL. They are routinely blocking our mail because they say we don't have a reverse DNS entry for our mail server. I think we do.I sent a message out from our system which was then relayed back to us. It looks like our IP address is 209.202.131.98. Here is the relavant header tidbit:Received: from outbound3.bullhorn.com [209.202.131.98] by chekov.myinternetwebhost.com with ESMTP (SMTPD32-7.15) id A8BA27B0154; Mon, 19 Apr 2004 14:46:34 -0700 Chase, If I use www.dnsreport.com and enter bullhorn.com, I get a couple of failures including no reverse DNS entries for the MX records. I can't remember if the problems I was having were with AOL, but a similar problem I had was fixed when I fixed the MX record reverse DNS problem. Regards, Brad To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
RE: [IMail Forum] AOL - Reverse DNS Rejections
So are you saying that the RDNS results at dnsstuff for bullhorn.com don't matter? They do indeed generate a failure, but I'm unclear as to whether this is a test an actual mail server would use. All our mail comes from outbound3.bullhorn.com, but this is not a registered mail server for bullhorn.com. This is because we have seperate incomming and outgoing mail servers. Would AOL look at our connecting mailserver (outbound3.bullhorn.com) and do an MX lookup for bullhorn.com? If so, outbound3.bullhorn.com would not be one of the servers that came back. Is this what they mean by a RDNS failure? Is it ok to have seperate incomming and outgoing email servers in general? -Chase Network and Systems EngineerBullhorn, Inc.125 B St.Boston, MA 02127 p. 617.464.2440 ex 119 m. 617.512.0326www.bullhornstaffing.com -Original Message-From:R. Scott Perry [EMAIL PROTECTED] To: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]>;Sent: Apr 19, 2004 06:44:59 PMSubject: Re: [IMail Forum] AOL - Reverse DNS RejectionsI am going nuts trying to figure out this RDNS issue with AOL. They are routinely blocking our mail because they say we don't have a reverse DNS entry for our mail server. I think we do. This isn't an RDNS issue: Diagnostic-Code: smtp;554-: (RLY:BD) http://postmaster.aol.com/guidelines/bulk_email.html The mail server you are using to send mail to AOL has been identified as a source of spam. If you believe this message is in error, please have your mail administrator contact AOL at 888-212-5537. AOL is telling you that your IP has been identified as a source of spam. That's the problem. 554 TRANSACTION FAILED no reverse-DNS (PTR record) assigned. which 220 have no reverse-DNS (PTR record) assigned. ions from IP addresses which 220 have no reverse-DNS (PTR record) assigned Those are just the tail end of the standard disclaim that AOL servers report in their SMTP greeting. If you read the complete thing, it says stuff about how they may block E-mail from IPs with no reverse DNS In this case, it is just misleading, as it is not the cause of the problem. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitchcom/support/IMail/
RE: [IMail Forum] Theory behind bouncing spam...
I disagree with the previous response. If you use DNS blacklists, you are essentially daming a certain percentage of connecting email serversas spammers. If you are comfortable about which emails are being filtered using these blacklists, then stopping the emails before they get into your system is the most efficient option. Severing the incomming connection before the spam is even received is not really boucing the message. Indeed, YOUR server does not generate the NDR; the connecting server is. If you believe they are an open relay or they house spammers internally, screw 'em. -Chase Network and Systems Engineer Bullhorn, Inc. 125 B St. Boston, MA 02127 p. 617.464.2440 ex 119 m. 617.512.0326 www.bullhornstaffing.com -Original Message- From:R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] ; Sent: Apr 6, 2004 05:33:51 PM Subject: Re: [IMail Forum] Theory behind bouncing spam... So, as a general rule, we intend to BOUNCE anything that gets identified as spam via the blacklists and the phase filtering. No, no, no. Please do not. Here's the question about the theory: Spammer sends spam to invaliduser(at)domain.com. iMail bounces it back to the sender... -- theoretically confirming that invaliduser(at)domain.com is a valid user --- Thereby inviting more spam to the invaliduser(at) account... ... which would eventually eat up all the bandwidth in the universe and it will start raining frogs. I've heard that this type of unintentional confirmation of a valid account is an urban myth - but who knows? From what we have seen, that is indeed an urban myth. However, the main reason *not* to bounce spam is that by doing so *you* become a spammer! Specifically, about 99% of all spam is sent with a fake return address. So you simply end up sending the spam to someone else. If you think it is wrong for someone to send you spam, then bouncing spam is wrong. It's kind of like putting up a sign on the door of your business We have an alarm system -- but the guy two doors down does not. Worse, it is much harder to detect bounced spam than real spam (since the bounced spam often comes from a good source). If too many people start intentionally bouncing spam, blacklists will get created to list the mailservers doing this -- which means that your good mail could start to get blocked. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
[IMail Forum] Good outgoing mail server logging?
We are currently using MS SMTP for all outgoing email in our system, and iMail for incomming mail. We are slowly experiencing more and more support complaints regarding outgoing email delivery. In all cases I can investigated by hand, it seems that we are passing off the message, but an NDR is never being generated. What we really need is an SMTP server that has great outgoing mail session logging. I basically want to be able to quickly get a transcript of the outgoing session for any message. Does anyone know of a product that will record this information? -Chase Network and Systems Engineer Bullhorn, Inc. 125 B St. Boston, MA 02127 p. 617.464.2440 ex 119 m. 617.512.0326 www.bullhornstaffing.com
RE: [IMail Forum] SPAM filtering with 8.1
I do not beleive that this is true. We use iMail as a backend component of a website, and our users receive email ONLY via aliases. The SPAM filter has been working properly. -Chase Network and Systems Engineer Bullhorn, Inc. 125 B St. Boston, MA 02127 p. 617.464.2440 ex 119 m. 617.512.0326 www.bullhornstaffing.com -Original Message- From:Remo Pistor [EMAIL PROTECTED] To: [EMAIL PROTECTED] ; Sent: Apr 2, 2004 12:54:38 PM Subject: [IMail Forum] SPAM filtering with 8.1 Is it true that pre-8.1 versions of Imail's SPAM filter did not work on aliases? And if this is true, does the SPAM filter in 8.1 now work for aliases? To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
[IMail Forum] Custom Antivirus Bounce Messages?
Is it possible to customize the messages iMail Antivirus gererates on a bounced message. For example, right now the body of the bounced message is identical whether the message was bounced due to a virus versus due to having a attachment that was too large. The message in either case leads novice user (who don't know to check the *.DAT attachment) to think that there was a virus. In fact, 90% of the cases are due to message size. -Chase Network and Systems Engineer Bullhorn, Inc. 125 B St. Boston, MA 02127 p. 617.464.2440 ex 119 m. 617.512.0326 www.bullhornstaffing.com
[IMail Forum] OT: AOL Says I don't have RDNS
AOL is rejecting some email from my system saying that it does not have a reverse DNS entry. I'm not totally sure I understand RDNS, but basically I assume that if I have an IP that matches the EHLO domain, I'm ok. Connecting to the outside world, my server comes from 209.202.128.38. The email server identifies itself as outbound2.bullhorn.com, which maps to the said IP. Is this enough? Also, has anyone else noticed that AOL has begun accepting email, deciding to reject it as spam and then not sending an NDR? Very annoying... Thanks, -Chase
RE: [IMail Forum] DNS Blacklist failure
I have also been having this problem for months. We've decided to stop and start the
QueueMgr service every 15 minutes. We also turned DNS caching off This seems to work.
Maybe I'll turn off monitoring as well, as others have suggested.
-Chase
Network and Systems Engineer
Bullhorn, Inc.
125 B St.
Boston, MA 02127
p. 617.464.2440 ex 119
m. 617.512.0326
www.bullhornstaffing.com
-Original Message-
From:paul [EMAIL PROTECTED]
To: [EMAIL PROTECTED] [EMAIL PROTECTED];
Sent: Dec 8, 2003 09:40:33 AM
Subject: Re: [IMail Forum] DNS Blacklist failure
@font-face {
font-family: Tahoma;
}
@font-face {
font-family: Verdana;
}
@page Section1 {size: 8.5in 11.0in; margin: 1.0in 1.25in 1.0in 1.25in; }
P.MsoNormal {
FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: Times New Roman
}
LI.MsoNormal {
FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: Times New Roman
}
DIV.MsoNormal {
FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: Times New Roman
}
A:link {
COLOR: blue; TEXT-DECORATION: underline
}
SPAN.MsoHyperlink {
COLOR: blue; TEXT-DECORATION: underline
}
A:visited {
COLOR: purple; TEXT-DECORATION: underline
}
SPAN.MsoHyperlinkFollowed {
COLOR: purple; TEXT-DECORATION: underline
}
P.MsoPlainText {
FONT-SIZE: 10pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: Courier New
}
LI.MsoPlainText {
FONT-SIZE: 10pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: Courier New
}
DIV.MsoPlainText {
FONT-SIZE: 10pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: Courier New
}
SPAN.EmailStyle17 {
COLOR: windowtext; FONT-FAMILY: Arial
}
SPAN.EmailStyle18 {
COLOR: navy; FONT-FAMILY: Arial
}
SPAN.EmailStyle19 {
COLOR: navy; FONT-FAMILY: Arial
}
DIV.Section1 {
page: Section1
}
Hmmm,
I'm seeing the same thing going on here. First Imail stopped delivering once every
2 weeks or so, now it's almost every 2-3 days. Stopping/starting Queue Manager + SMTP
services fixes it and the backlog is delivered. I've not seen any instances of Declude
being skipped, BUT if everyone else here has seen it, I'm sure it's happening here as
well. I don't have any monitoring running, just logging. We learned how that monitor
service can mess you up. I DID just clear the DNS Cache check this morning, just to
see if that has any effect. Imail 8.03 here + Declude 1.76.
It's frustrating
Paul
Also, if you are using the Queue Manager DNS Cache feature, I would recommend
disabling it, it caused similar problems for us until we disabled it, and no problems
sense (for at least 6 months).
Bill
- Original Message -
From: Kevin Bilbee
To: [EMAIL PROTECTED]
Sent: Saturday, December 06, 2003 1:11 PM
Subject: RE: [IMail Forum] DNS Blacklist failure
Kami,
If you are having hte problem about every two days you may want to look at The imail
Monitor service. Turn off onitoring of the WWW service and your problem should go
away. The Monitor service has an issue not letting go of the outgoing TCP port.
If you look at your Imail server and run a netstat you will see many outgoing ports in
a wait state. If this is the case the you need to definatly stop the minitor service
from monitoring the WWW service. I went arround and arround with IPSwitch and they
blamed it on our NIC our NIC drivers our DNS our Router our hub. I finaly figured out
what it was by a process of elimination of turning off one service at a time.
When I let IpSwitch know the problem they told me they new about it and were working
on a fix. I guess it still is not fixed.
We are running 8.03 and win2k
Kevin Bilbee
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Kami Razvan
Sent: Saturday, December 06, 2003 10:05 AM
To: [EMAIL PROTECTED]
Subject: RE: [IMail Forum] DNS Blacklist failure
Hi Paul:
We have the same issue.. but when we reboot all goes well for 2 days and then it
happens again.
Our problem is also that the mail does not go out.. when this happens the server can
not resolve any name. Our other servers have no problem .. the only one that has
issue is the one running IMail.
Contacted IPSwitch about it: Response.. we are not aware of this issue have not
heard of this.. I think they don't watch this list.. since it has been a topic of
discussion more than a hundred times.
We have done several suggestions on the list with no resolution.
For now-- reboot every other day.
Regards,
Kami
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists)
Sent: Saturday, December 06, 2003 12:56 PM
To: [EMAIL PROTECTED]
Subject: RE: [IMail Forum] DNS Blacklist failure
Search the archives for problems noted with Imail DNS tests and Windows 2003 server.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Paul
Sent:
RE: [IMail Forum] IMail Antispam not filtering emails forwarded between domains.
My guess here is that you are using DNS blacklists to do most of the filtering. The problem is that for forwarded mail, the last IP address on the message is the forwarding server, NOT the spammer's server. We have this same problem in house. I wish there was a way to scan ALL the IP addresses in the message, not just the connecting server. Does Declude do this? -Chase Network and Systems Engineer Bullhorn, Inc. 125 B St. Boston, MA 02127 p. 617.464.2440 ex 119 m. 617.512.0326 www.bullhornstaffing.com -Original Message- From:Samuel J Stanaitis [EMAIL PROTECTED] To: [EMAIL PROTECTED] [EMAIL PROTECTED]; Sent: Nov 19, 2003 01:40:36 PM Subject: [IMail Forum] IMail Antispam not filtering emails forwarded between domains. Afternoon, all I have a weird problem. I am running IMail 8.03 and am using the built in anti-spam feature. Overall it is working well, but there is one bug Ive run into that I cant quite figure out. The server is hosting several different email domains, and in some cases emails destined for one domain are automatically forwarded to another domain (ie an email comes in for [EMAIL PROTECTED], and is forwarded to [EMAIL PROTECTED]). When one of these emails arrives and is a SPAM email, it does get processed by the anti-spam, but instead of being forwarded to the account I have configured to receive all blocked spam emails, it is instead forwarded on to the user. I cant quite figure it out, would enabling Content Filtering for Authenticated Users make a difference? I do have an email in to IMail tech support on this but I figured I would cover all the bases. Thanks in advance, Sam --- [This E-mail scanned for viruses by Information Boulevard's Virus Scanning] To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
[IMail Forum] DNS Blacklists fail to connect
I am unable to use the DNS blacklist feature. I have verified that the email server can resolve this query domain. For example, I know that IP 200.95.95.243 is a spam IP address in Spamcop. From the email server I can run: nslookup 243.95.95.200.bl.spamcop.net This returns: Name:243.95.95.200.bl.spamcop.net Address: 127.0.0.2 However, I am getting an error in the log every time it tried to do a DNS blacklist check: 11:18 10:59 SMTPD(0042004C) [3496] COOTER.BULLRICA.BULLHORN.COM BLACKLIST: connecting to service (SpamCop:*:bl.spamcop.net) 11:18 10:59 SMTPD(0042004C) [3496] COOTER.BULLRICA.BULLHORN.COM BLACKLIST: retrying service (SpamCop:*:bl.spamcop.net) 11:18 10:59 SMTPD(0042004C) [3496] COOTER.BULLRICA.BULLHORN.COM BLACKLIST: failed to connect to service (SpamCop:*:bl.spamcop.net) I don't think this could be a firewall issue, because iMail is using the default DNS server (*), which is the same DNS server that nslookup is using. Anyone else having this problem? -Chase Network and Systems Engineer Bullhorn, Inc. 125 B St. Boston, MA 02127 p. 617.464.2440 ex 119 m. 617.512.0326 www.bullhornstaffing.com
RE: [IMail Forum] DNS Blacklists fail to connect
Nope. The iMail server and all DNS servers are Windows 2000 Server. -Chase Network and Systems Engineer Bullhorn, Inc. 125 B St. Boston, MA 02127 p. 617.464.2440 ex 119 m. 617.512.0326 www.bullhornstaffing.com -Original Message- From:John Tolmachoff \(Lists\) [EMAIL PROTECTED] To: [EMAIL PROTECTED] [EMAIL PROTECTED]; Sent: Nov 18, 2003 11:47:57 AM Subject: RE: [IMail Forum] DNS Blacklists fail to connect Is Imail running on Windows Server 2003? If so, it is a known problem. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:IMail_Forum- [EMAIL PROTECTED] On Behalf Of Chase Seibert Sent: Tuesday, November 18, 2003 8:07 AM To: [EMAIL PROTECTED] Subject: [IMail Forum] DNS Blacklists fail to connect I am unable to use the DNS blacklist feature. I have verified that the email server can resolve this query domain. For example, I know that IP 200.95.95.243 is a spam IP address in Spamcop. From the email server I can run: nslookup 243.95.95.200.bl.spamcop.net This returns: Name: 243.95.95.200.bl.spamcop.net Address: 127.0.0.2 However, I am getting an error in the log every time it tried to do a DNS blacklist check: 11:18 10:59 SMTPD(0042004C) [3496] BLACKLIST: connecting to service (SpamCop:*:bl.spamcop.net) 11:18 10:59 SMTPD(0042004C) [3496] BLACKLIST: retrying service (SpamCop:*:bl.spamcop.net) 11:18 10:59 SMTPD(0042004C) [3496] BLACKLIST: failed to connect to service (SpamCop:*:bl.spamcop.net) I don't think this could be a firewall issue, because iMail is using the default DNS server (*), which is the same DNS server that nslookup is using. Anyone else having this problem? -Chase Network and Systems Engineer Bullhorn, Inc. 125 B St. Boston, MA 02127 p. 617.464.2440 ex 119 m. 617.512.0326 www.bullhornstaffing.com To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
[IMail Forum] addalias.exe with program aliases
Is there a way to programatically add program aliases? In other words, I want to be able to automate the addition of program aliases (the ones that run the message through an external exe). I noticed there was an old thread on this, but no resolution. Anyone have a solution? -Chase Network and Systems Engineer Bullhorn, Inc. 125 B St. Boston, MA 02127 p. 617.464.2440 ex 119 m. 617.512.0326 www.bullhornstaffing.com
RE: [IMail Forum] Imail open relay?
After I reset smtp this morning, it stopped relaying Did you forget to restart SMTP after you made the original change to no relay? AFAIK, the service must be rolled upon any significant changes. -Chase Network and Systems Engineer Bullhorn, Inc. 125 B St. Boston, MA 02127 p. 617.464.2440 ex 119 m. 617.512.0326 www.bullhornstaffing.com -Original Message- From:Imail Tom [EMAIL PROTECTED] To: [EMAIL PROTECTED] [EMAIL PROTECTED]; Sent: Oct 3, 2003 09:06:09 AM Subject: Re: [IMail Forum] Imail open relay? Eric: Thanks for the response. No, I do not host that domain on any mail server. Again, I have no domains set up on this spare mail server except for the root host, where there are no users set up. One additional note. After I reset smtp this morning, it stopped relaying email. Could there be a problem with that Imail setting? I've never seen this problem before. Tom - Original Message - From: Eric Carr To: Sent: Friday, October 03, 2003 8:35 AM Subject: SV: [IMail Forum] Imail open relay? Just the basic checks; - You are not hosting the hinet.net domain ofcourse? - Is there a user authenticated, session treated as local line before the log snippet you included? That could mean they authenticated via SMTP AUTH. Eric -Opprinnelig melding- Fra: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] vegne av Imail Tom Sendt: 3. oktober 2003 13:57 Til: [EMAIL PROTECTED] Emne: [IMail Forum] Imail open relay? I set up a new mail server about 3 weeks ago. The mail server has 8.02 on it, and has no domains, or users whatsoever on it (it's a standby server). This morning, I was notified that the server is blacklisted. http://www.spamcop.net/w3m?i=z426724149z9c8ba7a2efb69a94cd4d8e6af748896ez Upon further investigation, I see that it's been doing this for 3 days. I manage several mail servers, I understand what open relay is, and, I have it set to no relay of course, it's been set that way since I set the server up 3 weeks ago. When I test it at : http://members.iinet.net.au/~remmie/relay/ it says The host machine does not relay. Why did my mail server relay all this mail? Here is a snip from my smtp log. Thanks Tom 10:03 07:09 SMTP-(04680D14) MAIL FROM: 10:03 07:09 SMTP-(04680D14) 250 ... Sender ok 10:03 07:09 SMTP-(04680D14) RCPT To: 10:03 07:09 SMTPD(032C0070) [210.58.40.56] RCPT TO: 10:03 07:09 SMTP-(04680D14) 250 ... Recipient ok 10:03 07:09 SMTP-(04680D14) RCPT To: 10:03 07:09 SMTPD(01CA0068) [210.58.40.56] RCPT TO: 10:03 07:09 SMTP-(04680D14) 250 ... Recipient ok 10:03 07:09 SMTP-(04680D14) RCPT To: 10:03 07:09 SMTPD(032C0070) [210.58.40.56] RCPT TO: 10:03 07:09 SMTP-(04680D14) 250 ... Recipient ok 10:03 07:09 SMTP-(04680D14) RCPT To: 10:03 07:09 SMTP-(04680D14) 250 ... Recipient ok 10:03 07:09 SMTP-(04680D14) RCPT To: 10:03 07:09 SMTPD(01CA0068) [210.58.40.56] RCPT TO: 10:03 07:09 SMTPD(023C0072) [216.26.191.1] connect 210.58.40.56 port 2558 10:03 07:09 SMTP-(04680D14) 250 ... Recipient ok 10:03 07:09 SMTP-(04680D14) DATA 10:03 07:09 SMTPD(032C0070) [210.58.40.56] RCPT TO: 10:03 07:09 SMTP-(04680D14) 354 Enter mail, end with . on a line by itself 10:03 07:09 SMTPD(01CA0068) [210.58.40.56] RCPT TO: 10:03 07:09 SMTP-(04680D14) . 10:03 07:09 SMTP-(047C07DC) 421 Too many SMTP sessions for this host 10:03 07:09 SMTP-(047C07DC) SMTP_DELIV_FAILED 10:03 07:09 SMTP-(047C07DC) QUIT 10:03 07:09 SMTP-(047C07DC) 10:03 07:09 SMTP-(047C07DC) requeuing M:\IMail\spool\Q58320329007018ea.SMD R0 T2 10:03 07:09 SMTP-(047C07DC) finished M:\IMail\spool\Q58320329007018ea.SMD status=3 10:03 07:10 SMTP-(04680D14) 250 TAA23357 Message accepted for delivery 10:03 07:10 SMTP-(04680D14) rdeliver ms17.hinet.net multiple (5) 16210 10:03 07:10 SMTP-(04680D14) QUIT 10:03 07:10 SMTP-(04800792) 421 Too many SMTP sessions for this host 10:03 07:10 SMTP-(04800792) SMTP_DELIV_FAILED 10:03 07:10 SMTP-(04800792) QUIT 10:03 07:10 SMTP-(04800792) 10:03 07:10 SMTP-(04800792) requeuing M:\IMail\spool\Q585c0392005cbdc5.SMD R0 T2 10:03 07:10 SMTP-(04800792) finished M:\IMail\spool\Q585c0392005cbdc5.SMD status=3 10:03 07:10 SMTP-(04780845) 421 Too many SMTP sessions for this host 10:03 07:10 SMTP-(04780845) SMTP_DELIV_FAILED 10:03 07:10 SMTP-(04780845) QUIT 10:03 07:10 SMTP-(04780845) 10:03 07:10 SMTP-(04780845) requeuing M:\IMail\spool\Q586701c80068e765.SMD R0 T2 10:03 07:10 SMTP-(04780845) finished M:\IMail\spool\Q586701c80068e765.SMD status=3 10:03 07:10 SMTP-(04680D14) 221 ms17.hinet.net closing connection 10:03 07:10 SMTP-(04640F10) 421 Too many SMTP sessions for this host 10:03 07:10 SMTP-(04640F10) SMTP_DELIV_FAILED 10:03 07:10 SMTP-(04640F10) QUIT 10:03 07:10 SMTP-(04640F10) 10:03 07:10 SMTP-(04640F10) requeuing M:\IMail\spool\Q5883032a007053eb.SMD R0 T2 10:03 07:10 SMTP-(04640F10) finished
[IMail Forum] Spam filtering options I would like to see
I think the rule system and spam filtering could stand a few upgrades in next release. Here are my ideas: Allow a rule to result in a specified header being added. Allow a rule to result the generation of a new rule. Allow a rule to result in the sender being whitelisted. Allow a rule to result in an executable being run on the message. Allow Bayesian spam filter to check header information. Differentiate Bayesian spam tokens based on puncuation and capitilization. Insert alternate spam tokens for header and subject tokens. For example, free in the subject line would insert two tokens into antispam-table.txt, free and S~free. Allow antispam-table.txt files to be kept by user, and by virtual domain. -Chase Network and Systems Engineer Bullhorn, Inc. 125 B St. Boston, MA 02127 p. 617.464.2440 ex 119 m. 617.512.0326 www.bullhornstaffing.com
[IMail Forum] Where can I get spam?
I have what may seem like a humerous question, at first. I was wondering if anyone knew of a mailing list that receives only spam.. The purpose would be to treat this list as a corpus for training the Bayesian filters. Right now, I am having a hard time convincing our 1,000 or so users to put the time and effort into classifying email as spam. The next best this, I figure, is to get novel spam pre-classified from an outside source. I have found a great website http://www.spamarchive.org/dedicated to collecting spam, but currently you have to download the 5,000 messages per day via FTP and then get them into iMail. A mailing list would be so much easier. What do you guys think? If no one knows of anything like this, I might be willing to set something up. I'm sure many of us have old unused email accounts that receive nothing but spam. It should not be hard to set those to auto-forward to a particular address. -Chase Network and Systems EngineerBullhorn, Inc.125 B St.Boston, MA 02127 p. 617.464.2440 ex 119 m. 617.512.0326www.bullhornstaffing.com
RE: [IMail Forum] Rules...
AFAIK, you can just escape the colon like \: to specify a literal colon. That's the way most regex implimentations work. -Chase
[IMail Forum] Rule Wildcard Question
Hey guys,
Following my suggestion last week that '.*' was not implemented the way
I expected, I have resigned to the fact that either it IS implemented
wrong, or rather I still don't understand the logic.
Regardless, I do require a work around. I allow people to enter rules on
a website in the form of Block anything with subject '*money*.
Alternatively, they can say Block anything with subject 'money'. In
other words, I need to transform these rules with common DOS wild-cards
into iMail style regular expression rules.
So, I can translate '*money*' into just Contains money', but what if
the rule entered is free*stuff. If I translate this into Contains
'free.*stuff' it will catch free stuff but NOT freestuff, which I
want it to catch.
I have tried rules like 'free.*stuff' (as previously discussed I think
this SHOULD work, but doesn't). I have also tried 'free.{0,1000}stuff'
(which I also think SHOULD work, but doesn't). What else can I do?
My only recourse at this point it to translate 'free*stuff' into:
S=freestuff!OR!S~freestuff!OR!S~free.*stuff
This is clumsy, but works. I would be MUST nicer if I have a series of
symbols that translated into zero or more occurrences of ANY character
which actually matched to the nothing string between 'free' and 'stuff'
in freestuff.
Barring this, I can't even THINK about translating 'free*stuff*is*good',
which will expand into an exponential number of sub-rules to cover all
the cases I want.
Any other ideas? Thanks,
-Chase
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
[IMail Forum] Enforce IMAP/POP as read-only?
Does anyone know of a way of enforcing a "read-only" POP or IMAP session via iMail? What I want to do is allow users to log in via IMAP, but not alter the *.mbx files at all. Ideally, this would include setting message status headers, and especially not allowing messages to be moved between imap folders. I don't care if they get a local copy or not. I was thinking of using file properties on the mbx files, but I believe that iMail uses the same user account for message queuing delivery and imap/POP access. Is this true? Any other ideas? Thanks, -Chase Network and Systems EngineerBullhorn, Inc.125 B St.Boston, MA 02127 p. 617.464.2440 ex 119 m. 617.512.0326www.bullhornstaffing.com
[IMail Forum] Regular Expression Bug?
I'm using iMail 8.02. Either there is a bug in the regular _expression_ parser for message rules, or I am missing something. I allow for either... I think that the operators '.' and '*' are not handled as specified in the documentation. From: http://support.ipswitch.com/kb/IM-19980116-DD08.htm '.' is described as "Any character" '*' is described as "Zero or more" I am assuming that "Zero or more" means zero or more occurances of the previous character. This is consistent with my understanding of regular expressions in general. Thus, by my understanding "foo.*bar" should match "fooanythingbar" AND just "foobar". In iMail, it does not appear to match the later. Having worked with regular expressions a lot on other plaforms, I am surprised. Again, my understanding is that ".*" matches ANY string, incuding nothing, because it essentially reads "any character, zero or more times". This SHOULD match zero characters. Try it out in perl, or C#'s Text.RegularExpressions. It works. Is this a bug? -Chase Network and Systems EngineerBullhorn, Inc.125 B St.Boston, MA 02127 p. 617.464.2440 ex 119 m. 617.512.0326www.bullhornstaffing.com
RE: [IMail Forum] mailbox size
IMHO, I think this involves the difference between the bytes in the file and the size on disk, which can differ because of such settings as cluster size. See this googles article for a quick explination: http://forums.aliensoup.com/archive/topic/6985-1.html -Chase Network and Systems EngineerBullhorn, Inc.125 B St.Boston, MA 02127 p. 617.464.2440 ex 119 m. 617.512.0326www.bullhornstaffing.com -Original Message-From:"IMail Admin" [EMAIL PROTECTED] To: "[EMAIL PROTECTED]" [EMAIL PROTECTED];Sent: Aug 28, 2003 12:10:06 PMSubject: [IMail Forum] mailbox sizeWe have an inhouse app that we use that goes through our customers, figures out their total mailbox size, and then issues them warnings as they get close to full. The strange part that I've noticed is that IMail doesn't seem to accurately track the size of mailboxes. In one case, we had a single mailbox with one main.mbx file. IMail Admin reports that this mailbox has 84 messages with no attachments and a total file size of 9,998,937 bytes. However, when I look at the actual file size, I get 10,003,817 bytes. I've seen this repeatedly with a number of other mailboxes. They're all small discrepencies, and it's not always the same amount or same percentage. Can anyone give us some insight into this? We're using V.7.15. Thanks, Ben To Unsubscribe: http://www.ipswitchcom/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
RE: [IMail Forum] Regular Expression Bug?
This is the way every other regular expression parser I know works. Not just perl, but C#, Java and php to name a few. As you say, '.' should not match no characters. However, '.*' SHOULD match no characters. Here is my reasoning... You say '*' means zero or more characters, when in reality even iMail defines it as zero or more occurrances of the PREVIOUS character. This is illustrated by the fact that foob* matches foo. I tried it with iMail's rule tester. This is the CORRECT behavior, because the 'b' character occurs directly previous to '*', and can thus accur ZERO times and still match. I maintain that if foob* matches foo, then foo.* should match foo too. After all, '.' should be MORE general than a specific character (it's a wild card!). But as it is, .* is not correctly matched to nothing. -Chase Network and Systems Engineer Bullhorn, Inc. 125 B St. Boston, MA 02127 p. 617.464.2440 ex 119 m. 617.512.0326 www.bullhornstaffing.com -Original Message- From:[EMAIL PROTECTED] To: [EMAIL PROTECTED] [EMAIL PROTECTED]; Sent: Aug 28, 2003 03:09:30 PM Subject: RE: [IMail Forum] Regular Expression Bug? Works just fine. Read the rules you typed: . is any character (not, NO characters * is zero or more characters therefore foo.*bar requires at least one character after foo and before bar, but may contain any number of additional characters after that first character. foobar does not match, as it does not contain a character between the two parts. In essence, .* is identical to +, which means one or more characters. If perl does it that way, it is WRONG -- as in, per the definition of ANY CHARACTER (which is not the same as optionally, any character) -- at least where regular expressions were taught as a structured class, not as how some particular implementation worked. I have several other tools that use expressions, none consider any character to be the same as nothing. For example: if you set up a password rule that it must start with a character, allowing nothing as the character would allow easy bypassing of the rule. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Chase Seibert Sent: Thursday, August 28, 2003 12:15 PM To: [EMAIL PROTECTED] Subject: [IMail Forum] Regular Expression Bug? I'm using iMail 8.02. Either there is a bug in the regular expression parser for message rules, or I am missing something. I allow for either... I think that the operators '.' and '*' are not handled as specified in the documentation. From: http://support.ipswitch.com/kb/IM-19980116-DD08.htm '.' is described as Any character '*' is described as Zero or more I am assuming that Zero or more means zero or more occurances of the previous character. This is consistent with my understanding of regular expressions in general. Thus, by my understanding foo.*bar should match foobar AND just foobar. In iMail, it does not appear to match the later. Having worked with regular expressions a lot on other plaforms, I am surprised. Again, my understanding is that .* matches ANY string, incuding nothing, because it essentially reads any character, zero or more times. This SHOULD match zero characters. Try it out in perl, or C#'s Text.RegularExpressions. It works. Is this a bug? -Chase Network and Systems Engineer Bullhorn, Inc. 125 B St. Boston, MA 02127 p. 617.464.2440 ex 119 m. 617.512.0326 www.bullhornstaffing.com --- [This E-mail scanned for viruses by Declude Virus] To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
[IMail Forum] How extensive is the Bayesian filtering?
This is my first iMail Forum post. Good to be aboard! Now, down to business... I spent my lastfour months in school writing a Bayesian spam filtering web-service using procmail andC#. After a few revisions, I was sold on statistical filtering for individuals. It worked like gang-busters for my personal email, hitting over 99% accuracy at the end with no false positives for two straight months. However, I am less sure about its ability to filter for large groups of people. I wanted to start this discussion by finding out what is known about iMail's Bayesian filtering. I have a few questions stemming from my own work. In addition, I have rated the importance of these items from 1-10, corresponding with my own experiences. Any anwsers the list or IPswitch itself has would be invaluable. 1. Arethe headers and bodies scanned, or just the bodies? (10) (don't throw valuable header information away!) 2. Are tokens delimited by non-word characters, or does punctuation come into play? (8) (ie, "Free" is different from "Free!", which is different from "Free!!!") 3. Is punctuation preserved in the token list? (8) 4. Why aretoken listshost/IP-based insteadof per-user? (10) (I assume this is a limitation of the existing iMail architecture) 5. Are base64 bodies decoded and then scanned for tokens? (3) 6. Why do you have to pass a *.mbx file to antispamseeder? (1) (any file with tokens should be fine) Thanks guys, I think you will all be a great resource. -Chase Seibert Network and Systems EngineerBullhorn, Inc.125 B St.Boston, MA 02127 p. 617.464.2440 ex 119 m. 617.512.0326www.bullhornstaffing.com
