[EMAIL PROTECTED]
sent a message to a bunch of people including [EMAIL PROTECTED] using his dial-up att
global account. I didn’t know there was a limit to the number of
addresses in a send list. If our users aren’t using our
distribution lists, but instead their own address lists, and send to all the
locals, they’ll have at least 51 addresses.
[EMAIL PROTECTED]
is not coming from att global, the first guy is using att global.
I’ve dropped the MXRATE-BLOCK to
half its original value.
I have seen any more caught mail that
should not have been, but I’m still not clear on why I had two messages
which should have been whitelisted, get caught.
-----Original
Message-----
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt
Sent: June 7, 2005 11:27 AM
To: [email protected]
Subject: Re: [Declude.JunkMail]
X-RBL-Warning // Whitelisted but not
Just a little follow up
about this.
The first E-mail appears to be sent from your server in some sort of automated
fashion (denoted by the GSC extension on the Q file). These are either
postmaster messages, or some message created by calling imail1.exe directly
(probably some bulk-mail script in this case, maybe even the listserv).
It comes from the address [EMAIL PROTECTED]
and was sent to a long list of addresses (too long for IMail not to throw an
error). It was whitelisted on the way out.
Then, one of the addresses on attglobal.net that it is sent to is apparently
forwarding back to [EMAIL PROTECTED].
It is natural that it gets scanned coming back in, creating a second set of
headers and a different spool file name. Your logs show the connecting
hop as 32.97.166.48 which is in8.prserv.net and is used by AT&T for
sending/forwarding E-mail.
The E-mail was being blocked because of a combination of primarily two
things. First, your DNS setup was initially not allowing your server to
resolve your own MX records causing a failure in the MAILFROM test when this
came in from the other server with a Mail From domain of ute-sei.org.
Secondly, you are using MXRATE-BLOCK which has issues with tagging legitimate
servers with high volume that allow forwarding (and some that are just simply
high volume). To this blacklist, when spam is received by an AT&T
hosted account that is then forwarded to an account on a different provider's
machine that is sourced for data to generate MXRATE-BLOCK, it ends up tagging
the forwarding server instead of the actual source. I stopped using
MXRATE because of their issues with such things, in addition to them tagging a
lot of legitimate bulk-mail that many blacklists have issues with and I didn't
want to compound such issues further on my system. I don't know what you
score MXRATE-BLOCK at, but you might consider dropping the score a bit if you
weight it heavily
Matt
Matt wrote:
Susan Duncan wrote:
That still doesn’t
explain why someone who is whitelisted still has some of their email
caught.
That's not the issue,
they aren't actually both happening at the same time. It's being double
scanned, and it is only being whitelisted when it is being sent, but not when
it is received (over one minute later according to your logs). The full
headers should have showed the complete path that the E-mail took and it would
be easier to diagnose if they were shared (the Received lines). I'm
thinking that maybe this E-mail was sent from your server to an address on
another server that was actually forwarded back to her address on your
server. That's the only way that I can think of that would generate two
different spool file names, and cause it to be scanned twice by Declude in this
way; adding headers each time.
Matt
--
=====================================================
MailPure custom filters for Declude JunkMail Pro.
http://www.mailpure.com/software/
=====================================================
--
=====================================================
MailPure custom filters for Declude JunkMail Pro.
http://www.mailpure.com/software/
=====================================================
