Hi Corby,
The best way to determine explicitly what it's
using is to add custom header to the email. There are several you may
find useful, but the one I'm referring to can be added by adding a line
like
XINHEADER X-Note: FROM:
%MAILFROM%
to your Global.cfg file. We add several
headers for diagnostic purposes...
XINHEADER X-Note: Total spam weight of this
E-mail is %WEIGHT%.
XINHEADER X-Note: Spam Tests Failed:
%TESTSFAILEDWITHWEIGHTS%
XINHEADER X-Note: REMOTEIP:
%REMOTEIP%
XINHEADER X-Note: REVDNS:
%REVDNS%
XINHEADER X-Note: FROM: %MAILFROM%
XINHEADER X-Note:
TO: %RECIPHOST%
The FROM address that will be reported there
is exactly what Declude would use when checking against your
whitelists.
REVDNS is almost always a different domain than
the sending address, since most email domains are hosted on common
servers. While you may have reason to block or whitelist on REVDNS,
which would be a different test completely, the FROM whitelist would only need
the two entries you specify.
BTW, though we've been calling it whitelisting,
it is generally recommended to use the "whitelists" as negative weights
instead of true whitelists. That way if something is really bad (i.e.
bad enough that your negative weight doesn't keep it from being tagged, held,
or deleted), then it is still detected. True whitelisting would let it
through no matter how bad it was.
We hold on a weight of 100 and delete on 300, and
have three FROM "whitelists" defined like
FROMWHITELIST_LOW fromfile C:\IMail\Declude\fromwhitelist_low.txt x -100 0
FROMWHITELIST_MED fromfile C:\IMail\Declude\fromwhitelist_med.txt x -200 0
FROMWHITELIST_HIGH fromfile C:\IMail\Declude\fromwhitelist_high.txt x -500 0
We also have FROM blacklists, IP white and black
lists, content-based white and black lists, and test-specific counterweights
that match against MAILFROM and/or REVDNS. We favor adding to
the counterweight tests first, then FROM whitelists, and finally IP
whitelists, though you could argue the order of the last two.
Just another list
member..been using IMail for 5 years or so, and Declude for about 3.5 years
now.
Thanks, man.
Darin.
----- Original Message -----
Sent: Friday, September 02, 2005 3:03 PM
Subject: RE: [Declude.JunkMail] What Header does Whitelist file
use?
Darin,
I'm still confused on what part of the message
converstation would be compared to the whitelist entry. A message
often has a different values for the From Header and the envelope (not
sure if I'm using the correct terms). The Reverse DNS is also different
from the other two. Using the format of .sub.domain.com and
@sub.domain.com, I would have to make six entries to cover all the bases, when
probably the correct two would take care of it.
Suggestions?
BTW,
are you with Declude or a helpful bystander?
Thanks again for your help and hope you are feeling
better.
Corby
Sorry, you're right... Sometimes when I'm under
the weather I switch things around...
Have you checked the other suggestion... making
sure the last line has a carriage return afterwards?
Darin.
----- Original Message -----
Sent: Thursday, September 01, 2005 6:26 PM
Subject: RE: [Declude.JunkMail] What Header does Whitelist file
use?
Hi Darin,
I just checked the manual regarding
the SWITCHRECIP ON. The description sounds like it
affects who the message is addressed to rather than where it comes
from. Am I missing something?
Corby
This may be an issue where the FROM listed in
the email is different from the MAILFROM address found in the
envelope.
If so, putting SWITCHRECIP ON in your
Declude Global.cfg should fix it. You can read more about this
config option in the Declude Junkmail manual.
Darin.
----- Original Message -----
Sent: Thursday, September 01, 2005 12:09 PM
Subject: [Declude.JunkMail] What Header does Whitelist file
use?
Hello,
I'm still having trouble whitelisting a few
incoming messages. Can you tell me, what part of incoming mail
does the whitelist trigger on? Should the reverse DNS" domain
or the mail header, or the address listed in the To: list be used, or
perhaps the helo information.
Below is an example of diagnostic from a
message recently received along with my whitelist entry. Do I
need to whitelist the reverse DNS (lunarpages.com) instead?
My current whitelist entry:
@tempager.com
HeaderCode:
c020020c
ReverseDNS: draco.lunarpages.com
RemoteIP:
216.193.215.150
Testname: WEIGHT10-29B
MessageID:
<[EMAIL PROTECTED]>
Quename:
D5b4810be01c401ae.SMD
Sniffer:
Headers: Received: from
draco.lunarpages.com [216.193.215.150] by msx.renoairport.com with
ESMTP
(SMTPD32-8.15) id
AB4810BE01C4; Mon, 29 Aug 2005 12:00:24 -0700
Received: from localhost.int.lunarpages.com
([127.0.0.1] helo=draco.lunarpages.com)
by draco.lunarpages.com with esmtp (Exim 4.50)
id 1E9orj-00075B-Vq; Mon, 29 Aug 2005 12:00:19 -0700
From:
[EMAIL PROTECTED]
Subject: TemPageR_Users Digest, Vol 7, Issue 5
To: [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
MIME-Version: 1.0
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-BeenThere: [EMAIL PROTECTED]
X-Mailman-Version: 2.1.5p1
Precedence: list
List-Id: TemPageR User Group
<tempager_users_tempager.com.tempager.com>
List-Unsubscribe: <http://tempager.com/mailman/listinfo/tempager_users_tempager.com>,
<mailto:[EMAIL PROTECTED]>
List-Archive: </pipermail/tempager_users_tempager.com>
List-Post: <mailto:[EMAIL PROTECTED]>
List-Help: <mailto:[EMAIL PROTECTED]>
List-Subscribe: <http://tempager.com/mailman/listinfo/tempager_users_tempager.com>,
<mailto:[EMAIL PROTECTED]>
Sender: [EMAIL PROTECTED]
Errors-To:
[EMAIL PROTECTED]
X-AntiAbuse: This header was added to track abuse, please include
it with any abuse report
X-AntiAbuse: Primary Hostname - draco.lunarpages.com
X-AntiAbuse: Original Domain -
renoairport.com
X-AntiAbuse:
Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain -
tempager.com
X-Source:
X-Source-Args:
X-Source-Dir:
Message-Id:
<[EMAIL PROTECTED]>
