>> So, if we have IPs on a DUL/DYNA/DUHL list, are using anything but 'No Mail Relay' in Imail 8 and we run a DYNA/DUL/DUHL test on the first hop, we will definitely tag our own customers. <<
Only if you are not using Imail 8 with AUTH and only if you are using Imail for outbound mail relaying. Neither is true in my case. It should be an option. Those who need to bypass the DYNA tests on the first hop should be able to - those who don't need to should not lose those tests! Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax: +1 201 934-9206 -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Don Brown Sent: Saturday, May 15, 2004 04:19 PM To: Matt Cc: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] DUL skipping was ISBLANK is blank This wasn't a bug or a larger issue of Declude trust based upon the 'from Address.' There was no choice but to skip DUL/DYNA/DUHL tests (which were the only ones skipped) when the 'from address' was spoofed as a local address. Imail 8 and WHITELIST AUTH help, but they don't solve this issue, either. Imail 8 can still be configured where the Client is NOT required to Auth in order to send. One example of that is 'Relay for Addresses.' So, if we have IPs on a DUL/DYNA/DUHL list, are using anything but 'No Mail Relay' in Imail 8 and we run a DYNA/DUL/DUHL test on the first hop, we will definitely tag our own customers. So, the way I see it, running DYNA/DUL/DUHL tests on the first hop of ALL mail, is only safe for those folks who: (1) are sure that none of their IP addresses are on any DYNA/DUL/DUHL list (and will never be on one) -OR- (2) run Imail 8, have it configured for 'No Mail Relay' and have WHITELIST AUTH specified in the Declude's Global.cfg. Then, in either cases, scanning the first hop is a simple matter of changing the test name to eliminate the reserved string of DUL, DYNA or DUHL and using the hack which Matt found. For instance: Change this: NJABL-DUL ip4r dnsbl.njabl.org 127.0.0.3 10 0 To this: NJABL-HOP1 dnsbl %IP4R%.dnsbl.njabl.org 127.0.0.3 10 0 I don't think a switch in Declude is really needed. Thanks, Saturday, May 15, 2004, 10:01:11 AM, Matt <[EMAIL PROTECTED]> wrote: M> Andy, M> It's only been a matter of months since a realistic work around M> wasavailable for most users (using WHITELIST AUTH). To the best of M> myknowledge, I'm the only one of us that has said anything about it M> onthis list (first time in March, but of course I could be wrong). M> LikeI indicated though, there is a way to fix the problem using the M> dnsbltrick, and it works immediately. I would however like to see a M> switchgiven also, but this seems more like a convenience if you M> useDUL/DYNA/DUHL the way that they were meant to be used in the M> firstplace (which I was not), but still, it only means some extra M> lookups. M> Matt M> Andy Schmidt wrote: M> Thanks - ouch. M> M> I'd say that's a bug in design. M> M> Since AUTH is supported in Imail 8 and sinceothers may not allow M> local users to send through their Imail server (myoutbound is going M> through IIS SMTP with SMTP AUTH), there should be ATLEAST a config M> option to turn this "spam me by faking sender" featureoff! M> Best Regards M> Andy Schmidt M> Phone: +1 201 934-3414 x20(Business) M> Fax: +1 201 934-9206 M> -----Original Message----- M> M> From:[EMAIL PROTECTED]:Declude.JunkMail-owner M> @declude.com] M> On Behalf Of Matt M> Sent: Saturday, May 15, 2004 01:49 AM M> To:[EMAIL PROTECTED] M> Subject: Re: [Declude.JunkMail] DUL skipping was ISBLANK isblank M> In absentia... M> M> http://www.mail-archive.com/[EMAIL PROTECTED]/msg17162.htm M> l M> This made a lot of sense before, and it was the only way to disable M> DULtests for local users prior to IMail 8 and JunkMail ~1.76. M> Decludewon't disable the tests for gatewayed domains, only where an M> addressmatches a local account. You can also work around this by M> using thednsbl trick like so: M> DNSRBL-DYN dnsbl %IP4R%.dun.dnsrbl.net 127.0.0.3 M> 0 0 NJABL-DYN-A dnsbl %IP4R%.dnsbl.njabl.org M> 127.0.0.3 0 0 NJABL-DYN-B dnsbl M> %IP4R%.dynablock.njabl.org 127.0.0.3 0 0 SORBS-DYN M> dnsbl %IP4R%.dnsbl.sorbs.net 127.0.0.10 0 0 M> Note that I changed the names of the tests to exclude the M> stringsDUL/DYNA/DUHL. This took me a long time to figure out, so the M> trickisn't that common, however I started using these strings to M> limit somenon-DUL tests to just the last hop with higher scoring, and M> did impactmy ability to block spam on local accounts, however it took M> me quite awhile to notice that it was going on (several months). M> Matt M> Andy Schmidt wrote: M> Scott (in case you're not gone yet): M> M> >> At this moment, Declude will not apply scoresfrom any dnsbl, M> ip4r or rhsbl tests if they have either DUL, DYNA orDUHL in the name M> AND the Mail From matches a local user. << M> M> Does Declude REALLY trust the mail from andwill bypass M> DUL/DYNA/DUHL test just by someone forging the mail from? M> M> Never heard about that "bug"/behavior before? M> Best Regards M> Andy Schmidt M> Phone: +1 201 934-3414 x20(Business) M> Fax: +1 201 934-9206 M> -- M> ===================================================== M> MailPure custom filters for Declude JunkMail M> Pro.http://www.mailpure.com/software/======================================= ============== ---- Don Brown - Dallas, Texas USA Internet Concepts, Inc. [EMAIL PROTECTED] http://www.inetconcepts.net (972) 788-2364 Fax: (972) 788-5049 ---- --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
