RE: [Declude.JunkMail] WinTail
For those of us using WinTail to view your log files in real time, the developer has released a new version called BareTail with some very useful features (pause,highlighting, etc..) http://www.baremetalsoft.com/baretail/index.php Great tool! --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] DNS Warnings
I noticed in our Declude Log (running MID) that we have numerous of the below message (different domains). Is this telling me that there was no MX or A record listed for the lookup domain? I pretty sure, however, just wanted to check, thanks for the aid. Keith WARNING: DNS server 10.10.50.31 returned a SERVER FAILURE error for MX or A for srvrdasdsmmkva06k.xp4y.net j)pjjyu+*7^V*m^r[yNfy^ %yj)fj)b b{.n+lzwZI[hfu%fvz %yj)Srzjmj)Zb(
Re: [Declude.JunkMail] DNS Warnings
I noticed in our Declude Log (running MID) that we have numerous of the below message (different domains). Is this telling me that there was no MX or A record listed for the lookup domain? I pretty sure, however, just wanted to check, thanks for the aid. It is saying that your DNS server reported a server failure - which technically means that *your* server failed. However, many DNS servers will return a server failure response when a remote DNS server returns a server failure. So the chances are that the remote DNS server is the one with the problem. Declude JunkMail will not fail the test if a server failure is returned. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] DNS Warnings
Scott, Thanks for the aid. I'm with you on the second point, I think our DNS server (Bind 8.4.3) attempted to verify the domain (all of them look spam in nature) and couldn't find an A or MX listed for them and returned back to Declude that warning. I appreciate the speedy response, have a good weekend. Keith -Original Message- From: R. Scott Perry [mailto:[EMAIL PROTECTED] Sent: Sun 1/25/2004 9:28 AM To: [EMAIL PROTECTED] Cc: Subject: Re: [Declude.JunkMail] DNS Warnings I noticed in our Declude Log (running MID) that we have numerous of the below message (different domains). Is this telling me that there was no MX or A record listed for the lookup domain? I pretty sure, however, just wanted to check, thanks for the aid. It is saying that your DNS server reported a server failure - which technically means that *your* server failed. However, many DNS servers will return a server failure response when a remote DNS server returns a server failure. So the chances are that the remote DNS server is the one with the problem. Declude JunkMail will not fail the test if a server failure is returned. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. winmail.dat
RE: [Declude.JunkMail] DNS Warnings
Thanks for the aid. I'm with you on the second point, I think our DNS server (Bind 8.4.3) attempted to verify the domain (all of them look spam in nature) and couldn't find an A or MX listed for them and returned back to Declude that warning. Actually, the server failure should indicate that your DNS server is broken, so it definitely should *not* return the server failure unless it is broken, or *perhaps* if it receives a server failure from the remote DNS server. Declude JunkMail is asking BIND if the domain has an MX or A record -- so if it returns a server failure when it should not, it is hurting your spam control. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] DNS Warnings
Scott, A took some time and went through the log and found that the following was true on all the ones I checked (around 50) entries, the following examples were found using dnsreport.com about the Warnings: Getting MX record for mail3b-better-health.wsol8423.com... Received an NXDOMAIN response OR Getting MX record for atkingroup.co.uk... Received a response code of 2. This should be treated as an ERROR (per RFC974), and the E-mail delivery should PROBABLY be retried later I found 1 or 2 that did show an entry listed in dnsreport, however, I could not connect to them via telnet or nslookup's Keith -Original Message- From: R. Scott Perry [mailto:[EMAIL PROTECTED] Sent: Sun 1/25/2004 10:44 AM To: [EMAIL PROTECTED] Cc: Subject: RE: [Declude.JunkMail] DNS Warnings Thanks for the aid. I'm with you on the second point, I think our DNS server (Bind 8.4.3) attempted to verify the domain (all of them look spam in nature) and couldn't find an A or MX listed for them and returned back to Declude that warning. Actually, the server failure should indicate that your DNS server is broken, so it definitely should *not* return the server failure unless it is broken, or *perhaps* if it receives a server failure from the remote DNS server. Declude JunkMail is asking BIND if the domain has an MX or A record -- so if it returns a server failure when it should not, it is hurting your spam control. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. winmail.dat
RE: [Declude.JunkMail] DNS Warnings
Scott, I took some time and went through the log and found that the following was true on all the ones I checked (around 50) entries, the following examples were found using dnsreport.com about the Warnings: Getting MX record for mail3b-better-health.wsol8423.com... Received an NXDOMAIN response OR Getting MX record for atkingroup.co.uk... Received a response code of 2. This should be treated as an ERROR (per RFC974), and the E-mail delivery should PROBABLY be retried later I found 1 or 2 that did show an entry listed in dnsreport, however, I could not connect to them via telnet or nslookup's Keith -Original Message- From: R. Scott Perry [mailto:[EMAIL PROTECTED] Sent: Sun 1/25/2004 10:44 AM To: [EMAIL PROTECTED] Cc: Subject: RE: [Declude.JunkMail] DNS Warnings Thanks for the aid. I'm with you on the second point, I think our DNS server (Bind 8.4.3) attempted to verify the domain (all of them look spam in nature) and couldn't find an A or MX listed for them and returned back to Declude that warning. Actually, the server failure should indicate that your DNS server is broken, so it definitely should *not* return the server failure unless it is broken, or *perhaps* if it receives a server failure from the remote DNS server. Declude JunkMail is asking BIND if the domain has an MX or A record -- so if it returns a server failure when it should not, it is hurting your spam control. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. Nf_ynub! 0u%dj)\jgr[xf)+-Nrz;uj)l^r[yjwmmr[x8^j!qy.i0f+r
RE: [Declude.JunkMail] Imail - DecludeJunkmail/Virus Gateway
You may want to do more; the most important areas to separate in your setup are the logs and the mail spool. You can't separate Declude logs, just minimize them, but using IMail's Syslog option you can relocate the IMail logs (and should); they can even go to another box entirely. Location of Declude logs is configured in the .cfg files. :) John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Imail - DecludeJunkmail/Virus Gateway
First off I would like to say thanks to you and thanks to the others on this list and the Imail list that put effort and time in to helping people. If you don't mind me asking I am assuming that you do consulting for companies that run Imail at high volumes. Do you have any example setups of a typical Gateway (Imail/Declude) that sees high volume? Typical is a very obscure word. You can some what describe typical ISP or typical educational, but other than that, each configuration can be different based on the end users. Example, I operate/consult on 5 Imail/Declude servers. Each one is different. 2 are a major regional ISPs, another is a corporate server for a financial company, another is a coporate server for a real estate company, and one is a small ISP which includes a client that deals in electronic parts, hence gets a lot of e-mail from the far east. The one server that I consult on that is high volume is not a gateway, but the actual mail box server. I can not directly share their configuration, but if you read the archives on this list, you will see a lot of work that has gone into optimizing filters. Hopefully soon, I will have a site up and running for members to share filters and such. John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Imail - DecludeJunkmail/Virus Gateway
Sorry what I meant by example setups was the hard drive configuration and what type of hardware. I should have explained myself a little more clearly. Kris -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Sunday, January 25, 2004 10:34 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Imail - DecludeJunkmail/Virus Gateway First off I would like to say thanks to you and thanks to the others on this list and the Imail list that put effort and time in to helping people. If you don't mind me asking I am assuming that you do consulting for companies that run Imail at high volumes. Do you have any example setups of a typical Gateway (Imail/Declude) that sees high volume? Typical is a very obscure word. You can some what describe typical ISP or typical educational, but other than that, each configuration can be different based on the end users. Example, I operate/consult on 5 Imail/Declude servers. Each one is different. 2 are a major regional ISPs, another is a corporate server for a financial company, another is a coporate server for a real estate company, and one is a small ISP which includes a client that deals in electronic parts, hence gets a lot of e-mail from the far east. The one server that I consult on that is high volume is not a gateway, but the actual mail box server. I can not directly share their configuration, but if you read the archives on this list, you will see a lot of work that has gone into optimizing filters. Hopefully soon, I will have a site up and running for members to share filters and such. John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.