Panda Consulting S.A.
Luis Alberto Arango E.
Hi. Yesterday (Wednesday)afternoon, I had some false positives from users
that I usually receive mail from, after failing mainly the MailFrom test
Reason:
Domain "name of the domain here" has no MX or A records
Domains are working fine and they have
LOL
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
MattSent: Wednesday, December 08, 2004 4:01 PMTo:
[EMAIL PROTECTED]Subject: Re: [Declude.JunkMail] OT:
Declude Config Files...anyone in the holiday giving mood?
D N
JO T
U G
S
I
created a tool to do just this. Break it for me and I will fix
it.
http://www.ssc-isp.net/HoldAnalyzer/rdnsclassclookup.aspx
Kevin
Bilbee
-Original Message-From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]On Behalf Of
MattSent: Wednesday, December 08, 2004 12:18 PMTo
Rick,
My understanding is if the packet is rejected or allowed before the port
information is needed for comparison Cisco IOS will log it as port 0.
Darrell
Check out http://www.invariantsystems.com for utilities for Decl
D N J
O T U
G S
Y - T
O H
U O C
S H
M T E
E I C
A N K
N G I
. N
C G
O
M
:)
Dan Geiser wrote:
No, that is not the domain name that I am referring to. If you look at my
>From
my apologies...i did not see that anywhere. thank you for all of your help.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Dan Geiser
Sent: Wednesday, December 08, 2004 3:46 PM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.JunkMail] OT: Declude Config Files...
No, that is not the domain name that I am referring to. If you look at my
>From Address you will see it as N T G - H O S T I N G. C O M.
- Original Message -
From: "Che Vilnonis" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, December 08, 2004 3:34 PM
Subject: RE: [Declude.
Well, I do like the name. I'll give it a
shot.
Finding the ranges in dnsstuff.com is too much of a
chore.
- Original Message -
From:
Matt
To: [EMAIL PROTECTED]
Sent: Wednesday, December 08, 2004 2:18
PM
Subject: Re: [Declude.JunkMail] OT -
RevDNS lookups by ra
Dan, I know I am not THAT obtuse. Isn't your domain...
n e x u s t e c h g r o u p -- d o t -- c o m ???
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Dan Geiser
Sent: Wednesday, December 08, 2004 3:23 PM
To: [EMAIL PROTECTED]
Subject:
Che,
NOT the address that I typed in my e-mail. Look at my From Address in my
original post.
Thanks,
Dan
- Original Message -
From: "Che Vilnonis" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, December 08, 2004 3:19 PM
Subject: RE: [Declude.JunkMail] OT: Declude Config Fi
Dan...I am not having any luck. Am I doing something wrong?
I replace the last five chars of your domain.
http://declude.nexustech?.com/
Regards, Che
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Dan Geiser
Sent: Wednesday, December 08, 2004 3:12 PM
To
Does anyone know what traffic uses a destination and source port of 0? Or
what else I should look for? This is a Novell/windows network
I have something odd going on at a large branch office so I added an acl to
log the inbound and outbound traffic
permit ip any any log
permitted tcp 10.10.0.72
Scott,
I've been using a tool called Angry IP Scanner. It sometimes dies on
bad data being returned, but otherwise it is a good tool for querrying
large blocks of IP's for reverse DNS entries. I would strongly suggest
that you turn off the port detection since it really doesn't give
reliable
Che,
You can see everything that I am currently doing here...
http://declude./
Replace with the domain that I use to post to the list.
Please let me know if you have any questions.
Thanks,
Dan Geiser
[EMAIL PROTECTED]
- Original Message -
From: "Che Vilnonis" <[EMAIL PROTECTED]>
To:
IF the log file is locked and declude tried to write to it, what happens if
declude can't?
The log file entry won't be saved. Declude will continue to function as it
normally would, except with one (or more) less log file entries.
-Scott
---
De
Some people do share, other's may not.
I've found specific questions are always better responded to than general
questions.
It all depends on the time you want to spend. Spam chasing can be a time
blackhole, especially if you have perfectionist traits.
1. If you don't want to spend lots of time.
I have 3 inbound relayers running declude and I want to consolidate the log
files to a single system.
I'm planning on using Microsoft's robocopy utility to copy the log files.
I'm not sure if robocopy locks the source file during the copy or not so
here's my question..
IF the log file is locked an
Ok so this is really working how I'd like it to
The rule is defined with a global.cfg weight of -1000
If the domain is whitelisted then the -1000 is applied to any non-filter
type tests and NO other filters are run.
In essence the domain is whitelisted because all of the other non-filter
test
I've got a whitelist filter file where I use the action "STOPALLTESTS":
MAILFROMSTOPALLTESTSCONTAINS@netrends.com
This rule is defined as the first rule in my global.cfg (above all of the
IP4r, Catchall, externals, etc.)
If it trips the WHITELIST filter, why do the other tests
Filters are run last.
- Original Message -
From: "Mark E. Smith" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, December 08, 2004 11:26 AM
Subject: [Declude.JunkMail] Does STOPALLTESTS really stop all tests?
> I've got a whitelist filter file where I use the action "STOPAL
I hope I am posting this in the right place...
Hello all. I've asked this before and had no takers.
I'd like to see some real working examples of how Declude
users have set up their respective config files with weights,
rules, etc.
I'd like to tighten up my Declude settings, but unfortunately
I a
I've got a whitelist filter file where I use the action "STOPALLTESTS":
MAILFROMSTOPALLTESTSCONTAINS@netrends.com
This rule is defined as the first rule in my global.cfg (above all of the
IP4r, Catchall, externals, etc.)
If it trips the WHITELIST filter, why do the other tests
Yes, I have seen more DomainKeys DNS entries lately and DomainKeys
information in headers from Spam.
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of R.
> Scott Perry
> Sent: Wednesday, December 08, 2004 4:15 AM
> To: [EMAIL PROTECTED]
> Subject: R
I like to research a range of Reverse DNS entries
before potentially blocking a IP range.
I'm looking tool (an online one would be fantastic)
where I could type in a range say 209.200.18.0 (today's culprit) and it would
provide a list of Reverse DNS entries for 209.200.18.0 through
209.200
If you just want to turn off virus filtering for a domain, you can do so in
the virus_domains.txt file.
Darin.
- Original Message -
From: "Matt" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, December 07, 2004 11:06 PM
Subject: Re: [Declude.JunkMail] ZIP files
You need Dec
Does Declude support Domain Keys or is there a DomainKeys external test
available?
No, it does not.
When we last researched Domain Keys, it appeared to be quite complex, and
not very popular. It does seem to be gaining some popularity, so we may do
some more research about it in the near futur
26 matches
Mail list logo