RE: [Declude.JunkMail] The first time BONDEDSENDER didn't work for me me
My understanding is that CIDR ranges are not supported by IPBYPASS and I wouldn't want the whole Class C, just the part I need. I'm going to start a new thread on the IPBYPASS situation. > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > ISPHuset Nordic > Sent: Saturday, December 06, 2003 10:54 AM > To: [EMAIL PROTECTED] > Subject: RE: [Declude.JunkMail] The first time BONDEDSENDER > didn't work for me me > > > Is it possibble to set an iprange in IFBYPASS ? > > So that all 128 ips are set there ? Instead og using all the > entrys for this ? > > > -Original Message- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of > George Kulman > > Sent: 6. desember 2003 09:49 > > To: [EMAIL PROTECTED] > > Subject: RE: [Declude.JunkMail] The first time BONDEDSENDER > > didn't work for me me > > > > IPBYPASS is great except for the 20 entry limitation. ATT, > > where many of my clients and myself have mailboxes that > > forward to my IMail server has 23 mail forwarders. Then add > > in the secondary MX's, etc. and I have to use multiple hops. > > > > BTW, how do you intend to do "selective use of multiple hop > scanning"? > > > > > -Original Message- > > > From: [EMAIL PROTECTED] > > > [mailto:[EMAIL PROTECTED] On Behalf Of Matthew > > > Bramble > > > Sent: Friday, December 05, 2003 11:34 PM > > > To: [EMAIL PROTECTED] > > > Subject: Re: [Declude.JunkMail] The first time > BONDEDSENDER didn't > > > work for me me > > > > > > > > > That's why you should name it BONDEDSENDER-DYNA and why > it doesn't > > > matter on my system. > > > > > > The trick here is that Declude will skip over the DNS-based > > tests on > > > anything beyond the first hop if the name has DUL or DYNA in it. > > > Someone else is using CBL-DYNA in order to keep that test from > > > throwing FP's when the originating computer's IP address > is on the > > > list, but used a legit mail server to send the E-mail (instead of > > > direct delivery which is the real issue). > > > > > > Scanning multiple hops seems to be mostly useful in places where > > > E-mail is being forwarded, which only exposes the legit > forwarding > > > machine. It would be great if there was some other way > to identify > > > when a message has been forwarded at the server level, > and skip the > > > last hop when that happenes. I kind of doubt that this would be > > > possible. In the mean-time, I am going to try > IPBYPASSing the mail > > > servers that are known to be forwarding to my server which > > should have > > > the same effect as a selective use of multiple hop scanning. > > > > > > Matt > > > > > > > > > > > > George Kulman wrote: > > > > > > >Matt, > > > > > > > >I do scan multiple hops. > > > > > > > >George > > > > > > > > > > > > > > > >>-Original Message- > > > >>From: [EMAIL PROTECTED] > > > >>[mailto:[EMAIL PROTECTED] On Behalf > Of Matthew > > > >>Bramble > > > >>Sent: Friday, December 05, 2003 7:14 PM > > > >>To: [EMAIL PROTECTED] > > > >>Subject: Re: [Declude.JunkMail] The first time > > BONDEDSENDER didn't > > > >>work for me me > > > >> > > > >> > > > >>George, > > > >> > > > >>The suggestion by Andrew to rename the test > > BONDEDSENDER-DYNA would > > > >>definitely prevent it from scanning prior hops. I find > > this test to > > > >>be useful as it is IP based and helps some very > important E-mail > > > >>that tends to have issues with several major RBL's. I haven't > > > >>started to scan on multiple hops yet, so this doesn't come into > > > >>play. > > > >> > > > >>Matt > > > >> > > > >> > > > >> > > > >>George Kulman wrote: > > > >> > > > >> > > > >> > > > >>>Rob, > > > >>> > > > >>>Your backup and gateways should have IPBYPASS entrie
RE: [Declude.JunkMail] The first time BONDEDSENDER didn't work for me me
Is it possibble to set an iprange in IFBYPASS ? So that all 128 ips are set there ? Instead og using all the entrys for this ? > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of George Kulman > Sent: 6. desember 2003 09:49 > To: [EMAIL PROTECTED] > Subject: RE: [Declude.JunkMail] The first time BONDEDSENDER > didn't work for me me > > IPBYPASS is great except for the 20 entry limitation. ATT, > where many of my clients and myself have mailboxes that > forward to my IMail server has 23 mail forwarders. Then add > in the secondary MX's, etc. and I have to use multiple hops. > > BTW, how do you intend to do "selective use of multiple hop scanning"? > > > -Original Message- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of Matthew > > Bramble > > Sent: Friday, December 05, 2003 11:34 PM > > To: [EMAIL PROTECTED] > > Subject: Re: [Declude.JunkMail] The first time BONDEDSENDER didn't > > work for me me > > > > > > That's why you should name it BONDEDSENDER-DYNA and why it doesn't > > matter on my system. > > > > The trick here is that Declude will skip over the DNS-based > tests on > > anything beyond the first hop if the name has DUL or DYNA in it. > > Someone else is using CBL-DYNA in order to keep that test from > > throwing FP's when the originating computer's IP address is on the > > list, but used a legit mail server to send the E-mail (instead of > > direct delivery which is the real issue). > > > > Scanning multiple hops seems to be mostly useful in places where > > E-mail is being forwarded, which only exposes the legit forwarding > > machine. It would be great if there was some other way to identify > > when a message has been forwarded at the server level, and skip the > > last hop when that happenes. I kind of doubt that this would be > > possible. In the mean-time, I am going to try IPBYPASSing the mail > > servers that are known to be forwarding to my server which > should have > > the same effect as a selective use of multiple hop scanning. > > > > Matt > > > > > > > > George Kulman wrote: > > > > >Matt, > > > > > >I do scan multiple hops. > > > > > >George > > > > > > > > > > > >>-Original Message- > > >>From: [EMAIL PROTECTED] > > >>[mailto:[EMAIL PROTECTED] On Behalf Of Matthew > > >>Bramble > > >>Sent: Friday, December 05, 2003 7:14 PM > > >>To: [EMAIL PROTECTED] > > >>Subject: Re: [Declude.JunkMail] The first time > BONDEDSENDER didn't > > >>work for me me > > >> > > >> > > >>George, > > >> > > >>The suggestion by Andrew to rename the test > BONDEDSENDER-DYNA would > > >>definitely prevent it from scanning prior hops. I find > this test to > > >>be useful as it is IP based and helps some very important E-mail > > >>that tends to have issues with several major RBL's. I haven't > > >>started to scan on multiple hops yet, so this doesn't come into > > >>play. > > >> > > >>Matt > > >> > > >> > > >> > > >>George Kulman wrote: > > >> > > >> > > >> > > >>>Rob, > > >>> > > >>>Your backup and gateways should have IPBYPASS entries in the > > >>> > > >>> > > >>GLOBAL.CFG. > > >> > > >> > > >>>The BONDEDSENDER should be the originating Server and that > > >>> > > >>> > > >>should be what's > > >> > > >> > > >>>used for this test. > > >>> > > >>>I discontinued use within a few days since was letting spam > > >>> > > >>> > > >>through with it > > >> > > >> > > >>>and there were other ways to handle the valid mail. > > >>> > > >>>George > > >>> > > >>> > > >>> > > >>> > > >>> > > >>>>-Original Message- > > >>>>From: [EMAIL PROTECTED] > > >>>>[mailto:[EMAIL PROTECTED] On Behalf Of Robert > > >>>>Grosshandler >
RE: [Declude.JunkMail] The first time BONDEDSENDER didn't work for me me
IPBYPASS is great except for the 20 entry limitation. ATT, where many of my clients and myself have mailboxes that forward to my IMail server has 23 mail forwarders. Then add in the secondary MX's, etc. and I have to use multiple hops. BTW, how do you intend to do "selective use of multiple hop scanning"? > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Matthew Bramble > Sent: Friday, December 05, 2003 11:34 PM > To: [EMAIL PROTECTED] > Subject: Re: [Declude.JunkMail] The first time BONDEDSENDER > didn't work for me me > > > That's why you should name it BONDEDSENDER-DYNA and why it doesn't > matter on my system. > > The trick here is that Declude will skip over the DNS-based tests on > anything beyond the first hop if the name has DUL or DYNA in it. > Someone else is using CBL-DYNA in order to keep that test > from throwing > FP's when the originating computer's IP address is on the > list, but used > a legit mail server to send the E-mail (instead of direct > delivery which > is the real issue). > > Scanning multiple hops seems to be mostly useful in places > where E-mail > is being forwarded, which only exposes the legit forwarding > machine. It > would be great if there was some other way to identify when a message > has been forwarded at the server level, and skip the last hop > when that > happenes. I kind of doubt that this would be possible. In the > mean-time, I am going to try IPBYPASSing the mail servers > that are known > to be forwarding to my server which should have the same effect as a > selective use of multiple hop scanning. > > Matt > > > > George Kulman wrote: > > >Matt, > > > >I do scan multiple hops. > > > >George > > > > > > > >>-----Original Message- > >>From: [EMAIL PROTECTED] > >>[mailto:[EMAIL PROTECTED] On Behalf Of > >>Matthew Bramble > >>Sent: Friday, December 05, 2003 7:14 PM > >>To: [EMAIL PROTECTED] > >>Subject: Re: [Declude.JunkMail] The first time BONDEDSENDER > >>didn't work for me me > >> > >> > >>George, > >> > >>The suggestion by Andrew to rename the test BONDEDSENDER-DYNA would > >>definitely prevent it from scanning prior hops. I find this > >>test to be > >>useful as it is IP based and helps some very important E-mail > >>that tends > >>to have issues with several major RBL's. I haven't started > >>to scan on > >>multiple hops yet, so this doesn't come into play. > >> > >>Matt > >> > >> > >> > >>George Kulman wrote: > >> > >> > >> > >>>Rob, > >>> > >>>Your backup and gateways should have IPBYPASS entries in the > >>> > >>> > >>GLOBAL.CFG. > >> > >> > >>>The BONDEDSENDER should be the originating Server and that > >>> > >>> > >>should be what's > >> > >> > >>>used for this test. > >>> > >>>I discontinued use within a few days since was letting spam > >>> > >>> > >>through with it > >> > >> > >>>and there were other ways to handle the valid mail. > >>> > >>>George > >>> > >>> > >>> > >>> > >>> > >>>>-Original Message- > >>>>From: [EMAIL PROTECTED] > >>>>[mailto:[EMAIL PROTECTED] On Behalf Of > >>>>Robert Grosshandler > >>>>Sent: Friday, December 05, 2003 6:38 PM > >>>>To: [EMAIL PROTECTED] > >>>>Subject: RE: [Declude.JunkMail] The first time BONDEDSENDER > >>>>didn't work for me me > >>>> > >>>> > >>>>Negative weights on last hop only? > >>>> > >>>>How would that affect a gateway (or e-mail that goes to a > >>>> > >>>> > >>backup mail > >> > >> > >>>>server)? > >>>> > >>>>Rob > >>>> > >>>> > >>>> > >>>> > > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] The first time BONDEDSENDER didn't work for me me
That's why you should name it BONDEDSENDER-DYNA and why it doesn't matter on my system. The trick here is that Declude will skip over the DNS-based tests on anything beyond the first hop if the name has DUL or DYNA in it. Someone else is using CBL-DYNA in order to keep that test from throwing FP's when the originating computer's IP address is on the list, but used a legit mail server to send the E-mail (instead of direct delivery which is the real issue). Scanning multiple hops seems to be mostly useful in places where E-mail is being forwarded, which only exposes the legit forwarding machine. It would be great if there was some other way to identify when a message has been forwarded at the server level, and skip the last hop when that happenes. I kind of doubt that this would be possible. In the mean-time, I am going to try IPBYPASSing the mail servers that are known to be forwarding to my server which should have the same effect as a selective use of multiple hop scanning. Matt George Kulman wrote: Matt, I do scan multiple hops. George -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matthew Bramble Sent: Friday, December 05, 2003 7:14 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] The first time BONDEDSENDER didn't work for me me George, The suggestion by Andrew to rename the test BONDEDSENDER-DYNA would definitely prevent it from scanning prior hops. I find this test to be useful as it is IP based and helps some very important E-mail that tends to have issues with several major RBL's. I haven't started to scan on multiple hops yet, so this doesn't come into play. Matt George Kulman wrote: Rob, Your backup and gateways should have IPBYPASS entries in the GLOBAL.CFG. The BONDEDSENDER should be the originating Server and that should be what's used for this test. I discontinued use within a few days since was letting spam through with it and there were other ways to handle the valid mail. George -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robert Grosshandler Sent: Friday, December 05, 2003 6:38 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] The first time BONDEDSENDER didn't work for me me Negative weights on last hop only? How would that affect a gateway (or e-mail that goes to a backup mail server)? Rob --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] The first time BONDEDSENDER didn't work for me me
Matt, I do scan multiple hops. George > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Matthew Bramble > Sent: Friday, December 05, 2003 7:14 PM > To: [EMAIL PROTECTED] > Subject: Re: [Declude.JunkMail] The first time BONDEDSENDER > didn't work for me me > > > George, > > The suggestion by Andrew to rename the test BONDEDSENDER-DYNA would > definitely prevent it from scanning prior hops. I find this > test to be > useful as it is IP based and helps some very important E-mail > that tends > to have issues with several major RBL's. I haven't started > to scan on > multiple hops yet, so this doesn't come into play. > > Matt > > > > George Kulman wrote: > > >Rob, > > > >Your backup and gateways should have IPBYPASS entries in the > GLOBAL.CFG. > > > >The BONDEDSENDER should be the originating Server and that > should be what's > >used for this test. > > > >I discontinued use within a few days since was letting spam > through with it > >and there were other ways to handle the valid mail. > > > >George > > > > > > > >>-Original Message----- > >>From: [EMAIL PROTECTED] > >>[mailto:[EMAIL PROTECTED] On Behalf Of > >>Robert Grosshandler > >>Sent: Friday, December 05, 2003 6:38 PM > >>To: [EMAIL PROTECTED] > >>Subject: RE: [Declude.JunkMail] The first time BONDEDSENDER > >>didn't work for me me > >> > >> > >>Negative weights on last hop only? > >> > >>How would that affect a gateway (or e-mail that goes to a > backup mail > >>server)? > >> > >>Rob > >> > >> > >> > > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] The first time BONDEDSENDER didn't work for me me
George, The suggestion by Andrew to rename the test BONDEDSENDER-DYNA would definitely prevent it from scanning prior hops. I find this test to be useful as it is IP based and helps some very important E-mail that tends to have issues with several major RBL's. I haven't started to scan on multiple hops yet, so this doesn't come into play. Matt George Kulman wrote: Rob, Your backup and gateways should have IPBYPASS entries in the GLOBAL.CFG. The BONDEDSENDER should be the originating Server and that should be what's used for this test. I discontinued use within a few days since was letting spam through with it and there were other ways to handle the valid mail. George -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robert Grosshandler Sent: Friday, December 05, 2003 6:38 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] The first time BONDEDSENDER didn't work for me me Negative weights on last hop only? How would that affect a gateway (or e-mail that goes to a backup mail server)? Rob --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] The first time BONDEDSENDER didn't work for me me
Rob, Your backup and gateways should have IPBYPASS entries in the GLOBAL.CFG. The BONDEDSENDER should be the originating Server and that should be what's used for this test. I discontinued use within a few days since was letting spam through with it and there were other ways to handle the valid mail. George > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Robert Grosshandler > Sent: Friday, December 05, 2003 6:38 PM > To: [EMAIL PROTECTED] > Subject: RE: [Declude.JunkMail] The first time BONDEDSENDER > didn't work for me me > > > Negative weights on last hop only? > > How would that affect a gateway (or e-mail that goes to a backup mail > server)? > > Rob > > > > --- > [This E-mail scanned for viruses by Declude Virus] > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] The first time BONDEDSENDER didn't work for me me
I meant negative weights on last hop for the RBL's. There are only a few popular ones out there. Gateways should be IPBYPASsed. Matt Robert Grosshandler wrote: Negative weights on last hop only? How would that affect a gateway (or e-mail that goes to a backup mail server)? Rob --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] The first time BONDEDSENDER didn't work for me me
Negative weights on last hop only? How would that affect a gateway (or e-mail that goes to a backup mail server)? Rob --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] The first time BONDEDSENDER didn't work for me
Andrew, I think you have a very good idea, in fact, all negative weight tests should probably be limited to just the last hop since they are typically designed to only apply to the last hop. It might be a good idea for Scott to limit BONDEDSENDER to the last hop by default, and maybe give us another prefix/suffix to use for this purpose instead of DYNA or DUL since that might not be easily understood by some. Matt Colbeck, Andrew wrote: Check out these received lines: Received: from h24-87-101-24.vs.shawcable.net [24.87.101.24] by mail.bentall.com (SMTPD32-8.02) id A3A4A8B007C; Thu, 04 Dec 2003 22:20:20 -0800 Received: from ebay.com (lore.ebay.com [66.135.195.181]) by h24-87-101-24.vs.shawcable.net (Postfix) with ESMTP id 5CE7E8F5E3 for ; Fri, 05 Dec 2003 00:20:20 -0600 Date: Fri, 05 Dec 2003 00:20:20 -0600 From: "Snapper S. Perseid" <[EMAIL PROTECTED]> X-Mailer: The Bat! (v2.00.7) Personal X-Priority: 3 Message-ID: <[EMAIL PROTECTED]> To: snip Subject: [Msg Track# snip] Your billing profile on ebay.com MIME-Version: 1.0 Content-Type: text/html Content-Transfer-Encoding: 7bit The Shaw Cable address is for a home user and e-mail directly from it would be suspect. In fact, it is heavily listed in static and dynamic ip4r databases, spamdomains, etc. and that would put it well over my hold weight. The line with lore.ebay.com is entirely fake, but the address for lore.ebay.com is correct, and BONDEDSENDER had a high enough negative weight that this phishing spam got through. So, I'm thinking of renaming my test to BONDEDSENDER-DYNA so that Declude will only check the bondedsender ip4r test against the first hop. Does anybody see a problem with doing that? Andrew 8) --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] The first time BONDEDSENDER didn't work for me
Check out these received lines: Received: from h24-87-101-24.vs.shawcable.net [24.87.101.24] by mail.bentall.com (SMTPD32-8.02) id A3A4A8B007C; Thu, 04 Dec 2003 22:20:20 -0800 Received: from ebay.com (lore.ebay.com [66.135.195.181]) by h24-87-101-24.vs.shawcable.net (Postfix) with ESMTP id 5CE7E8F5E3 for ; Fri, 05 Dec 2003 00:20:20 -0600 Date: Fri, 05 Dec 2003 00:20:20 -0600 From: "Snapper S. Perseid" <[EMAIL PROTECTED]> X-Mailer: The Bat! (v2.00.7) Personal X-Priority: 3 Message-ID: <[EMAIL PROTECTED]> To: snip Subject: [Msg Track# snip] Your billing profile on ebay.com MIME-Version: 1.0 Content-Type: text/html Content-Transfer-Encoding: 7bit The Shaw Cable address is for a home user and e-mail directly from it would be suspect. In fact, it is heavily listed in static and dynamic ip4r databases, spamdomains, etc. and that would put it well over my hold weight. The line with lore.ebay.com is entirely fake, but the address for lore.ebay.com is correct, and BONDEDSENDER had a high enough negative weight that this phishing spam got through. So, I'm thinking of renaming my test to BONDEDSENDER-DYNA so that Declude will only check the bondedsender ip4r test against the first hop. Does anybody see a problem with doing that? Andrew 8) --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.