Here ya go Matt. The Headers as they come out of the email. It's like the
pitcher covering his mouth with his glove when talking on the mound. Old
habits die hard <G> Thank you for the detailed info. It is appreciated.
This is the IP that had been in CBL 216.74.167.74. And you will see in my
later reply that this IP was listed incorrectly. IE no virus was ever on
that machine and the mail it detected and determined was a virus smtp engine
was in fact a valid mail verifier program. (But can you really say that Is
there such a thing as a VALID Mail verifier? I think not now)
Return-Path: <[EMAIL PROTECTED]> Sun Jun 12 19:02:39 2005
Received: from photoadmin1.photograsupport.com [64.15.255.100] by
photoimail1.photogra.com with SMTP;
Sun, 12 Jun 2005 19:02:39 -0400
Received: from mail.inetservers.com [64.15.252.17] by
photoadmin1.photograsupport.com with SMTP;
Sun, 12 Jun 2005 19:02:06 -0400
Received: from UnknownHost [216.74.167.74] by mail.inetservers.com with
SMTP;
Sun, 12 Jun 2005 16:00:38 -0400
From: "douglas cohn" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Subject: Test inetservers
Date: Sun, 12 Jun 2005 16:00:32 -0400
MIME-Version: 1.0
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook, Build 11.0.6353
Thread-Index: AcVviWNwVbHTbsZpSuy0Fh8yTDTA0w==
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
X-Declude-Sender: [EMAIL PROTECTED] [216.74.167.74]
X-Declude-Spoolname: 37291275.EML
X-Declude-Scan: Score [10] at 16:00:47 on 12 Jun 2005
X-Declude-Fail: CBL, WEIGHT10
X-Country-Chain: UNITED STATES->destination
X-SmarterMail-Spam: SPF_None
X-Rcpt-To: <[EMAIL PROTECTED]>
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Matt
Sent: Monday, June 13, 2005 9:14 PM
To: Declude.Virus@declude.com
Subject: Re: [Declude.Virus] Declude using CBL to block users sending
mail?????
Andrew,
Just to clear up any confusion, this message was sent by Doug through his
own SmarterMail/Declude server, so his IP was the connecting hop and the
DYNA/hop limiting tricks won't have an effect here.
I think it might be valuable if people resisted the temptation of removing
IP's from headers when shared because those that might help out would often
benefit from this information. Sometimes it doesn't really matter of
course, and Doug did give enough information to figure this out, but the
three received headers were confusing without a careful read.
Matt
Colbeck, Andrew wrote:
>Doug, you're probably scoring on multiple hops by setting your HOPHIGH
>in global.cfg ...
>
>If you don't want RBLs to score on multiple hops, just comment out that
>HOPHIGH line.
>
>Alternatively, rename your CBL test to CBL-DYNA (don't forget to change
>the global.cfg definition plus the action line wherever it appears in
>your configuration files (e.g. CBL WARN to CBL-DYNA WARN).
>
>Andrew 8)
>
>p.s. Is your own machine's address on the Internet, or was CBL listing
>an internal, non-routable IP address like 192.168.1.1 ?
>
>
>-----Original Message-----
>From: [EMAIL PROTECTED]
>[mailto:[EMAIL PROTECTED] On Behalf Of Douglas Cohn
>Sent: Monday, June 13, 2005 5:03 PM
>To: Declude.Virus@declude.com
>Subject: [Declude.Virus] Declude using CBL to block users sending
>mail?????
>
>
>My desktop IP was erroneously listed on CBL. It seems that declude is
>checking autheticated users sending mail for CBL and according to CBL
>this is wrong. SEE below
>
>Here is the header showing what went on with the actual Ips removed to
>proect the innocent (ME). But it sure seems that my desktop machine is
>the one being checked and shown as on CBL. Had 10 points been enough I
>would not have been able to send mail. The ONLY address within the
>below HEADER that was actually listed in the CBL is the HOST machine
>sending the email. NOT the MAIL servers but MY DESKTOP of which I am an
>authenticated sender.
>
>Why would declude check an authenticated sender on the CBL list?
>
>This all started because Smartermails SPAM does NOT check the
>authenticated senders and this is what confused me intially. IE I
>thought Smartermails SPAM was not working properly on another server
>where I do NOT have declude ANTISPAM installed. BUT as you see
>according to CBL it should NOT detect CBL on an autheticated senders IP.
>
>According to CBL this is not how the list is designed.
>
>
>Return-Path: <[EMAIL PROTECTED]> Sun Jun 12 18:35:56 2005
>Received: from forwardeddestinationmailserver [123.123.123.123] by
>forwardeddestinationmailserver with SMTP;
> Sun, 12 Jun 2005 18:35:56 -0400
>Received: from decludesmtpserver [456.456.456.456] by
>destinationmailserver with SMTP;
> Sun, 12 Jun 2005 18:35:20 -0400
>Received: from UnknownHost [IP-in-CBL=MY DESKTOP] by decludesmtpserver
>with SMTP;
> Sun, 12 Jun 2005 18:34:59 -0400
>From: "douglas cohn" <[EMAIL PROTECTED]>
>To: <[EMAIL PROTECTED]>
>Cc: <[EMAIL PROTECTED]>
>Subject: Test cbl
>Date: Sun, 12 Jun 2005 18:34:52 -0400
>MIME-Version: 1.0
>Content-Type: text/plain;
> charset="us-ascii"
>Content-Transfer-Encoding: 7bit
>X-Mailer: Microsoft Office Outlook, Build 11.0.6353
>Thread-Index: AcVvnvNNt9F+fMW3RTWO2wS4w3LH6A==
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
>X-Declude-Sender: [EMAIL PROTECTED] [IPinCBL=MY DESKTOP]
>X-Declude-Spoolname: 37296653.EML
>X-Declude-Scan: Score [10] at 18:35:09 on 12 Jun 2005
>X-Declude-Fail: CBL, WEIGHT10
>X-Country-Chain: UNITED STATES->destination
>X-SmarterMail-Spam: SPF_None
>X-Rcpt-To: <[EMAIL PROTECTED]>
>
>
>http://cbl.abuseat.org/
>
>We're getting a lot of reports of spurious blocking caused by sites
>using the CBL to block authenticated access to smarthosts / outgoing
>mail servers. THE CBL is only designed to be used on INCOMING mail, i.e.
>on the hosts that your MX records point to.
>
>If you use the same hosts for incoming mail and smarthosting, then you
>should always ensure that you exempt authenticated clients from CBL
>checks, just as you would for dynamic/dialup blocklists.
>
>Another way of putting this is: "Do not use the CBL to block your own
>users".
>
>---
>[This E-mail scanned for viruses by Declude Virus]
>
>
>---
>This E-mail came from the Declude.Virus mailing list. To unsubscribe,
>just send an E-mail to [EMAIL PROTECTED], and
>type "unsubscribe Declude.Virus". The archives can be found
>at http://www.mail-archive.com.
>---
>This E-mail came from the Declude.Virus mailing list. To unsubscribe,
>just send an E-mail to [EMAIL PROTECTED], and
>type "unsubscribe Declude.Virus". The archives can be found
>at http://www.mail-archive.com.
>
>
>
>
--
=====================================================
MailPure custom filters for Declude JunkMail Pro.
http://www.mailpure.com/software/
=====================================================
---
This E-mail came from the Declude.Virus mailing list. To unsubscribe, just
send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus". The archives can be found
at http://www.mail-archive.com.
---
[This E-mail scanned for viruses by Declude Virus]
---
[This E-mail scanned for viruses by Declude Virus]
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus". The archives can be found
at http://www.mail-archive.com.
