[Declude.JunkMail] BADHEADERS fix in 2.x too aggressive?

[Colbeck, Andrew]

Title: Message

I've noticed quite a few spams, possibly from the same outfit, that are including an old date in the header, which is possibly static:   Received: from minusplus.com [83.195.193.238] by mail.bentall.com   (SMTPD32-8.14) id A3013C2E00CE; Sat, 26 Feb 2005 15:15:13 -0800 Date: 1 Dec 2004 10:42:52 -0500 Content-type: text/plain From: Lisa Stuart <[EMAIL PROTECTED]> To: <munged> Message-ID: <[EMAIL PROTECTED]> Subject: R0lex for $200 I'm pretty sure that the old versions of declude triggered BADHEADERS if the date was too far out of alignment with the current date.  I checked the Release Notes web page to get the right version of Declude for my subject line, but that page makes no mention of the fix that was released just after the new year when a fix for a hardcoded "2004" was causing a false positive in BADHEADERS.   Andrew 8( -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Scott Fisher Sent: Friday, February 25, 2005 6:41 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] Spammed on port 2525 I'd picked 2525 before I really knew about 25.   What really irks me is that Imail has made no provisions to accomodate a port 587. It can't be two hard to accomodate another SMTP port... most of the code is that same as the port 25 code... This has been an issue for over a year and no word from Ipswitch.   I was very surprised to see spam coming in on the port 2525. It looked to be from Zombie proxies at least 15 different. So somebody out there is trying different port numbers. ----- Original Message ----- From: Matt To: Declude.JunkMail@declude.com Sent: Friday, February 25, 2005 7:22 PM Subject: Re: [Declude.JunkMail] Spammed on port 2525 SMTP AUTH on port 587 isn't required by the RFC...it just simply makes a whole ton of sense in most setups.  Considering that this is a standard port, and it will most likely find its way through broadband provider's blocks since it is reserved for this use and likely to be restricted to authenticated E-mail in most cases in the near future, it is advisable to use it all other things being equal.  Considering that Scott is already promoting port 2525 and having configured some of his clients for that, there is no harm in continuing the practice in lieu of support for SMTP AUTH-only connections on this port in his mail server.  I am guessing that in the future we will also see E-mail clients fail over from port 25 to 587 automatically, making support for this transparent and hands-free.  That is not likely at all to happen with port 2525, and it would seem that port 2525 is more likely to be blocked as a security measure. The choice is really about what you already have and how far into the future you wish to plan for/speculate about. Matt John Tolmachoff (Lists) wrote: See my thoughts on the Imail forum on 587.   John Tolmachoff Engineer/Consultant/Owner eServices For You   -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Matt Sent: Friday, February 25, 2005 4:50 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] Spammed on port 2525   Here's what I am using for a mail server located at 192.168.1.1 for this example.  IMail is configured to listen on port 587, but to the outside world it appears as both port 25 and 587.  Even though one would think that you didn't have to NAT 587 to 587, in this case you do because of the other rules for that IP (or so I was told).  I assume that you are configured differently and that does matter, so you might want to share that before making the edits yourself.  ip nat inside source static tcp 192.168.1.1 25 192.168.1.1 25 extendable no-alias ip nat inside source static tcp 192.168.1.1 587 192.168.1.1 25 extendable no-alias ip nat inside source static tcp 192.168.1.1 587 192.168.1.1 587 extendable no-alias I assume that you know how to config term your router.  If not, it won't be straight forward without a crib sheet or experienced help to guide you through it rather than risk messing it up. Matt Scott Fisher wrote: I use port 2525 to bypass port 25 blocking for my employees. I was just checking my logs and I've been receiving spam on port 2525   Can anyone share the necessary Cisco IOS commands to let the Cisco router do port translation? P.S. IOS isn't my primary language... -- ===================================================== MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ ===================================================== -- ===================================================== MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =====================================================