<Imail 8 can still be configured where the Client is NOT required to Auth in order to send. One example of that is 'Relay for Addresses.'>
If you use 'Relay for Addresses.', you can easily list the same adresses in JunkMail. This is the equivalent of "whitelist auth" ----- Original Message ----- From: "Don Brown" <[EMAIL PROTECTED]> To: "Matt" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Saturday, May 15, 2004 8:19 PM Subject: Re: [Declude.JunkMail] DUL skipping was ISBLANK is blank > This wasn't a bug or a larger issue of Declude trust based upon the > 'from Address.' There was no choice but to skip DUL/DYNA/DUHL tests > (which were the only ones skipped) when the 'from address' was spoofed > as a local address. Imail 8 and WHITELIST AUTH help, but they don't > solve this issue, either. > > Imail 8 can still be configured where the Client is NOT required to > Auth in order to send. One example of that is 'Relay for Addresses.' > > So, if we have IPs on a DUL/DYNA/DUHL list, are using anything but 'No > Mail Relay' in Imail 8 and we run a DYNA/DUL/DUHL test on the first > hop, we will definitely tag our own customers. > > So, the way I see it, running DYNA/DUL/DUHL tests on the first hop of > ALL mail, is only safe for those folks who: (1) are sure that none of > their IP addresses are on any DYNA/DUL/DUHL list (and will never be on > one) -OR- (2) run Imail 8, have it configured for 'No Mail Relay' and > have WHITELIST AUTH specified in the Declude's Global.cfg. Then, in > either cases, scanning the first hop is a simple matter of changing > the test name to eliminate the reserved string of DUL, DYNA or DUHL > and using the hack which Matt found. For instance: > > Change this: > NJABL-DUL ip4r dnsbl.njabl.org 127.0.0.3 10 0 > > To this: > NJABL-HOP1 dnsbl %IP4R%.dnsbl.njabl.org 127.0.0.3 10 0 > > I don't think a switch in Declude is really needed. > > Thanks, > > > Saturday, May 15, 2004, 10:01:11 AM, Matt <[EMAIL PROTECTED]> wrote: > M> Andy, > > M> It's only been a matter of months since a realistic work around > M> wasavailable for most users (using WHITELIST AUTH). To the best of > M> myknowledge, I'm the only one of us that has said anything about it > M> onthis list (first time in March, but of course I could be wrong). > M> LikeI indicated though, there is a way to fix the problem using the > M> dnsbltrick, and it works immediately. I would however like to see > M> a switchgiven also, but this seems more like a convenience if you > M> useDUL/DYNA/DUHL the way that they were meant to be used in the > M> firstplace (which I was not), but still, it only means some extra > M> lookups. > > M> Matt > > > > M> Andy Schmidt wrote: > > > > > M> Thanks - ouch. > M> > M> I'd say that's a bug in design. > M> > M> Since AUTH is supported in Imail 8 and sinceothers may not > M> allow local users to send through their Imail server (myoutbound is > M> going through IIS SMTP with SMTP AUTH), there should be ATLEAST a > M> config option to turn this "spam me by faking sender" featureoff! > > M> Best Regards > M> Andy Schmidt > > M> Phone: +1 201 934-3414 x20(Business) > M> Fax: +1 201 934-9206 > > > M> -----Original Message----- > M> > M> From:[EMAIL PROTECTED]:[EMAIL PROTECTED] e.com] > M> On Behalf Of Matt > M> Sent: Saturday, May 15, 2004 01:49 AM > M> To:[EMAIL PROTECTED] > M> Subject: Re: [Declude.JunkMail] DUL skipping was ISBLANK isblank > > > M> In absentia... > > M> > M> http://www.mail-archive.com/[EMAIL PROTECTED]/msg17162.html > > M> This made a lot of sense before, and it was the only way to > M> disable DULtests for local users prior to IMail 8 and JunkMail > M> ~1.76. Decludewon't disable the tests for gatewayed domains, only > M> where an addressmatches a local account. You can also work around > M> this by using thednsbl trick like so: > > M> DNSRBL-DYN dnsbl %IP4R%.dun.dnsrbl.net 127.0.0.3 0 0 > M> NJABL-DYN-A dnsbl %IP4R%.dnsbl.njabl.org 127.0.0.3 0 0 > M> NJABL-DYN-B dnsbl %IP4R%.dynablock.njabl.org 127.0.0.3 0 0 > M> SORBS-DYN dnsbl %IP4R%.dnsbl.sorbs.net 127.0.0.10 0 0 > > M> Note that I changed the names of the tests to exclude the > M> stringsDUL/DYNA/DUHL. This took me a long time to figure out, so > M> the trickisn't that common, however I started using these strings > M> to limit somenon-DUL tests to just the last hop with higher > M> scoring, and did impactmy ability to block spam on local accounts, > M> however it took me quite awhile to notice that it was going on > M> (several months). > > M> Matt > > > > M> Andy Schmidt wrote: > > > > > > M> Scott (in case you're not gone yet): > M> > M> >> At this moment, Declude will not apply scoresfrom any > M> dnsbl, ip4r or rhsbl tests if they have either DUL, DYNA orDUHL in > M> the name AND the Mail From matches a local user. << > M> > M> Does Declude REALLY trust the mail from andwill bypass > M> DUL/DYNA/DUHL test just by someone forging the mail from? > M> > M> Never heard about that "bug"/behavior before? > > M> Best Regards > M> Andy Schmidt > > M> Phone: +1 201 934-3414 x20(Business) > M> Fax: +1 201 934-9206 > > > M> -- > M> ===================================================== > M> MailPure custom filters for Declude JunkMail > M> Pro.http://www.mailpure.com/software/======================================= ============== > > > > > > ---- > Don Brown - Dallas, Texas USA Internet Concepts, Inc. > [EMAIL PROTECTED] http://www.inetconcepts.net > (972) 788-2364 Fax: (972) 788-5049 > ---- > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. > --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
