Andy,
I think there might be some confusion here. If you change the test
names and use the %IP4R%/dnsbl trick, it will always test the first hop
regardless of what the Mail From is, unless of course you are
whitelisting the sender.
You don't have to remove the tests, you just have to rename them. I
renamed mine with DYN, that way Declude doesn't see them as matching
DUL/DYNA/DUHL and therefore will not skip them when the Mail From
matches a local address.
The only drawback that I have found with this work around is when you
try configuring non-DUL tests twice, once only for the first hop, and
once for all hops, in which case the work around will cause some extra
lookups, but that's minor, and I'm only aware of a few people besides
myself that are doing this. Nothing else appears to be a problem in
anyway whatsoever.
Matt
Andy Schmidt wrote:
Then, in either cases, scanning the first hop is a simple matter of
changing the test name to eliminate the reserved string of DUL, DYNA or DUHL
and using the hack which Matt found. <<
NO - removing DUL/DYNA/DUHL is NOT an option. Because MUCH of the private
emails originate from some address that is on that list - but only on the
FIRST hope. Thus, the DUL/DYNA/DUHL skip tests on the FIRST hop!
They can't be omitted - otherwise we'd block most private mail relayed
through other providers SMTP servers.
Best Regards
Andy Schmidt
Phone: +1 201 934-3414 x20 (Business)
Fax: +1 201 934-9206
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Don Brown
Sent: Saturday, May 15, 2004 04:19 PM
To: Matt
Cc: [EMAIL PROTECTED]
Subject: Re: [Declude.JunkMail] DUL skipping was ISBLANK is blank
This wasn't a bug or a larger issue of Declude trust based upon the 'from
Address.' There was no choice but to skip DUL/DYNA/DUHL tests (which were
the only ones skipped) when the 'from address' was spoofed as a local
address. Imail 8 and WHITELIST AUTH help, but they don't solve this issue,
either.
Imail 8 can still be configured where the Client is NOT required to Auth in
order to send. One example of that is 'Relay for Addresses.'
So, if we have IPs on a DUL/DYNA/DUHL list, are using anything but 'No Mail
Relay' in Imail 8 and we run a DYNA/DUL/DUHL test on the first hop, we will
definitely tag our own customers.
So, the way I see it, running DYNA/DUL/DUHL tests on the first hop of ALL
mail, is only safe for those folks who: (1) are sure that none of their IP
addresses are on any DYNA/DUL/DUHL list (and will never be on
one) -OR- (2) run Imail 8, have it configured for 'No Mail Relay' and have
WHITELIST AUTH specified in the Declude's Global.cfg. Then, in either cases,
scanning the first hop is a simple matter of changing the test name to
eliminate the reserved string of DUL, DYNA or DUHL and using the hack which
Matt found. For instance:
Change this:
NJABL-DUL ip4r dnsbl.njabl.org 127.0.0.3 10 0
To this:
NJABL-HOP1 dnsbl %IP4R%.dnsbl.njabl.org 127.0.0.3 10 0
I don't think a switch in Declude is really needed.
Thanks,
Saturday, May 15, 2004, 10:01:11 AM, Matt <[EMAIL PROTECTED]> wrote:
M> Andy,
M> It's only been a matter of months since a realistic work around
M> wasavailable for most users (using WHITELIST AUTH). To the best of
M> myknowledge, I'm the only one of us that has said anything about it
M> onthis list (first time in March, but of course I could be wrong).
M> LikeI indicated though, there is a way to fix the problem using the
M> dnsbltrick, and it works immediately. I would however like to see a
M> switchgiven also, but this seems more like a convenience if you
M> useDUL/DYNA/DUHL the way that they were meant to be used in the
M> firstplace (which I was not), but still, it only means some extra
M> lookups.
M> Matt
M> Andy Schmidt wrote:
M> Thanks - ouch.
M>
M> I'd say that's a bug in design.
M>
M> Since AUTH is supported in Imail 8 and sinceothers may not allow
M> local users to send through their Imail server (myoutbound is going
M> through IIS SMTP with SMTP AUTH), there should be ATLEAST a config
M> option to turn this "spam me by faking sender" featureoff!
M> Best Regards
M> Andy Schmidt
M> Phone: +1 201 934-3414 x20(Business)
M> Fax: +1 201 934-9206
M> -----Original Message-----
M>
M> From:[EMAIL PROTECTED]:Declude.JunkMail-owner
M> @declude.com]
M> On Behalf Of Matt
M> Sent: Saturday, May 15, 2004 01:49 AM
M> To:[EMAIL PROTECTED]
M> Subject: Re: [Declude.JunkMail] DUL skipping was ISBLANK isblank
M> In absentia...
M>
M> http://www.mail-archive.com/[EMAIL PROTECTED]/msg17162.htm
M> l
M> This made a lot of sense before, and it was the only way to disable
M> DULtests for local users prior to IMail 8 and JunkMail ~1.76.
M> Decludewon't disable the tests for gatewayed domains, only where an
M> addressmatches a local account. You can also work around this by
M> using thednsbl trick like so:
M> DNSRBL-DYN dnsbl %IP4R%.dun.dnsrbl.net 127.0.0.3
M> 0 0 NJABL-DYN-A dnsbl %IP4R%.dnsbl.njabl.org
M> 127.0.0.3 0 0 NJABL-DYN-B dnsbl
M> %IP4R%.dynablock.njabl.org 127.0.0.3 0 0 SORBS-DYN
M> dnsbl %IP4R%.dnsbl.sorbs.net 127.0.0.10 0 0
M> Note that I changed the names of the tests to exclude the
M> stringsDUL/DYNA/DUHL. This took me a long time to figure out, so the
M> trickisn't that common, however I started using these strings to
M> limit somenon-DUL tests to just the last hop with higher scoring, and
M> did impactmy ability to block spam on local accounts, however it took
M> me quite awhile to notice that it was going on (several months).
M> Matt
M> Andy Schmidt wrote:
M> Scott (in case you're not gone yet):
M>
M> >> At this moment, Declude will not apply scoresfrom any dnsbl,
M> ip4r or rhsbl tests if they have either DUL, DYNA orDUHL in the name
M> AND the Mail From matches a local user. <<
M>
M> Does Declude REALLY trust the mail from andwill bypass
M> DUL/DYNA/DUHL test just by someone forging the mail from?
M>
M> Never heard about that "bug"/behavior before?
M> Best Regards
M> Andy Schmidt
M> Phone: +1 201 934-3414 x20(Business)
M> Fax: +1 201 934-9206
M> --
M> =====================================================
M> MailPure custom filters for Declude JunkMail
M>
Pro.http://www.mailpure.com/software/=======================================
==============
----
Don Brown - Dallas, Texas USA Internet Concepts, Inc.
[EMAIL PROTECTED] http://www.inetconcepts.net
(972) 788-2364 Fax: (972) 788-5049
----
---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To unsubscribe,
just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe
Declude.JunkMail". The archives can be found at
http://www.mail-archive.com.
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
--
=====================================================
MailPure custom filters for Declude JunkMail Pro.
http://www.mailpure.com/software/
=====================================================
|
