Agreed. Negative weighting is generally considered better than whitelisting outright.
In your case it may not matter, but may be subject to spoofing. Also, abuse by your users that you may want to be aware of could go straight through with whitelisting, whereas it could still be filtered with a negative weight scenario instead. Darin. ----- Original Message ----- From: "Darrell ([EMAIL PROTECTED])" <[EMAIL PROTECTED]> To: <Declude.JunkMail@declude.com> Sent: Wednesday, September 07, 2005 1:12 PM Subject: Re: [Declude.JunkMail] Why did this fail reverse DNS In your global.cfg you can add an entry like WHITELIST IP 10.0.0.0/27 WHITELIST IP 1.1.1.1 Or you can create a ipfile filter and do negative weight. My personal preference is to whitelist as a last resort. My preference in order is to correct the main issue at hand, than reverse weight by dns, than ip, than whitelist. Darrell ------------------------------------------------------------------------ Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. Sharyn Schmidt writes: > I like the whitelist IP idea. Got an example of the syntax? > > At the moment, I have so few addresses whitelisted that I don't use a from > file, I just have them listed straight in the global config. Hmm..can I just > do that, by subnet? > > You know, it just occured to me that authority for the reverse zone is > hosted on my ISP's nameserver. My server is only authoritative for the > forward zone. (like you suggested earlier, been a long week already) > > An issue on their end would've caused this, correct? > > Sharyn > > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox > Sent: Wednesday, September 07, 2005 12:52 PM > To: Declude.JunkMail@declude.com > Subject: Re: [Declude.JunkMail] Why did this fail reverse DNS > > > Can you do a reverse lookup on your domain from the server? > > Instead of WHITELIST AUTH, you might whitelist (or negative weight) by IP > using an ipfile test. That would allow all mail from your users to go > through without filtering. > > Darin. > > > ----- Original Message ----- > From: Sharyn <mailto:[EMAIL PROTECTED]> Schmidt > To: Declude.JunkMail@declude.com > Sent: Wednesday, September 07, 2005 12:46 PM > Subject: RE: [Declude.JunkMail] Why did this fail reverse DNS > > Hi Darin, > > Thanks for the response. > > I host my own primary nameserver here, which is also the same box as my > IMAIL server. There is no upstream DNS server involved. That's what has me > so puzzled on this. > > I have relay set only for IP addresses, my users don't authenticate. In > order for them to send mail, they must be VPN'd in and receive an IP address > that is reserved for VPN clients only. (Long story on this) In this case, I > don't believe Whitelist Auth will work, unless it can be based on IP > addresses, rather than user authentication. > > Sharyn > > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox > Sent: Wednesday, September 07, 2005 12:38 PM > To: Declude.JunkMail@declude.com > Subject: Re: [Declude.JunkMail] Why did this fail reverse DNS > > > Hi Sharyn, > > How is DNS configured on your server? Are you using upstream DNS servers > that are suddenly not resolving? We've had that problem in the past, and > resolved it by not using forwarders to provider DNS servers in our local DNS > server on the IMail server. > > If you use WHITELIST AUTH in your Global.cfg, you can eliminate a lot of > these problems as well, like CMDSPACE that MS mail clients fail. With that > setting, all users who authenticate when sending will be whitelisted. > > Darin. > > > ----- Original Message ----- > From: Sharyn <mailto:[EMAIL PROTECTED]> Schmidt > To: Declude.JunkMail@declude.com > Sent: Wednesday, September 07, 2005 12:27 PM > Subject: [Declude.JunkMail] Why did this fail reverse DNS > > > Good afternoon, > > Something really odd is going on here. > > All of a sudden, my own users are failing tests that they were passing last > month. > > Here is the spam attachment that Declude adds to our emails, if the weight > is 10. > > You **MAY** have spam! > > Subject: RE: Shakka & Applebees -- Beverage Optimization Initiative > -District Test **URGENT MESSAGE** > From: [EMAIL PROTECTED] > Tests Failed: 10-REVDNS, CMDSPACE, SUBJECTSPACES, SUBJECTCHARS, > WEIGHT10-D02010098024AB4E6.SMD > > [EMAIL PROTECTED] is one of MY users. > > Why in the world did this fail revdns? > > According to DNS report: > > Your 1 MX record is: > 10 mail.cruzaninc.com. [TTL=3600] IP=24.73.160.163 [TTL=3600] [US] > > 163.160.73.24.in-addr.arpa > <http://www.dnsstuff.com/tools/ptr.ch?ip=24.73.160.163> mail.cruzaninc.com. > Thanks, > Sharyn > --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
