Hi All,
Last week I was struggling with this mysterious "accidental
whitelisting." Emails addressed to me were whitelisted, even though I
had (to the best of my knowledge) no whitelisting turned on for my own
address. After setting the JM logging to high, I came up with the
following lines:
05/28/2007 17:39:47.568 q764101a6000064c1.smd Past whitelisting
05/28/2007 17:39:47.568 q764101a6000064c1.smd Looping #0 [flags=1]
05/28/2007 17:39:47.568 q764101a6000064c1.smd [EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>
[EMAIL PROTECTED]@mail2.bcwebhost.net] *local*
05/28/2007 17:39:47.568 q764101a6000064c1.smd Opening
HKEY_LOCAL_MACHINE\software\Ipswitch\IMail\Domains for
[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> [0]
05/28/2007 17:39:47.568 q764101a6000064c1.smd
D:\IMail\Users\ben\aliases.txt
05/28/2007 17:39:47.568 q764101a6000064c1.smd Doing whitelist file
D:\IMail\Users\ben\aliases.txt
05/28/2007 17:39:47.568 q764101a6000064c1.smd Using whitelist file
D:\IMail\Users\ben\aliases.txt.
05/28/2007 17:39:47.568 q764101a6000064c1.smd Skipping4 E-mail from
[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> ; whitelisted
[EMAIL PROTECTED] ].
05/28/2007 17:39:47.568 q764101a6000064c1.smd Domain name =
mail2.bcwebhost.net, User name = ben.
So, for reasons I don't understand, Declude is looking at my
aliases.txt file for whitelisting. I couldn't find anywhere in the
configuration files for this to happen, but there it is. I don't even
know how aliases.txt is created, but when I looked inside it, I found
the email addresses for various random people, and also my own address.
My question is: why is Declude using this file for whitelisting? And
why do I have this file anyway?
Thanks,
Ben
----- Original Message -----
*From:* Imail Admin <mailto:[EMAIL PROTECTED]>
*To:* [email protected]
<mailto:[email protected]>
*Sent:* Friday, May 25, 2007 6:01 AM
*Subject:* Re: [Declude.JunkMail] accidental whitelisting
Hi David,
Yup, that was my first check. The address book in question is the
web address book, which you access from the web interface, right?
I checked it and it was empty -- not surprising because I mainly
use Outlook Express in IMAP mode. I did try turning it off
briefly anyway, but then decided it couldn't be the cause of the
problem and turned it back on.
Someone else suggested putting Declude in Debug mode, and I could
try that next. Thing is, I'm not getting a lot of these types of
spam, just a handful in the last couple of days. So I'm concerned
about how big the log files will grow while I wait for another
occurrence.
Thanks,
Ben
----- Original Message -----
*From:* David Barker <mailto:[EMAIL PROTECTED]>
*To:* [email protected]
<mailto:[email protected]>
*Sent:* Friday, May 25, 2007 5:46 AM
*Subject:* RE: [Declude.JunkMail] accidental whitelisting
AUTOWHITELIST ON checks your user address book make sure you
don’t have your own address in your address book.
David Barker
Director of Product Management
Your Email security is our business
978.499.2933 office
978.988.1311 fax
[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
*From:* [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
[mailto:[EMAIL PROTECTED] *On Behalf Of *Imail Admin
*Sent:* Thursday, May 24, 2007 8:42 PM
*To:* [email protected]
*Subject:* [Declude.JunkMail] accidental whitelisting
Hi All,
We're in the process of tesing JM 4.x as an upgrade and I ran
into what I am sure is a minor mis-configuration.
I find that I occassionally get messages that are clearly
spam, but are whitelisted. The common characteristic is that
they are sent with a from line that is my own email address,
such as the following:
X-Declude-Sender: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
[77.85.117.187]
X-Declude-Spoolname: D29db019e00002105.smd
X-Declude-Note: Scanned by Declude 4.2.20 for spam.
"http://www.declude.com/x-note.htm";
X-Declude-Scan: Incoming Score [0] at 17:12:28 on 24 May 2007
X-Declude-Fail: Whitelisted, ZEROHOUR [0]
Now, I checked and I don't see why this is being whitelisted.
We only whitelist a handful of IP addresses, and this isn't
one of them. The whitelist settings in the global.cfg file are:
#========================================= WHITELISTS
=======================================
#WHITELIST HABEAS
#DOMAINWHITELISTS OFF
PREWHITELIST ON
WHITELIST AUTH
AUTOWHITELIST ON
# ----- Domain Example -----
#WHITELIST FROM @declude.com
# ----- User Example -----
#WHITELIST FROM [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
# ----- IP Example -----
WHITELIST IP 63.246.31.248
# ----- REVDNS Example -----
WHITELIST REVDNS .declude.com
These are pretty much the defaults. The Autowhitelist ON
command uses addresses in the web address book, so I checked
those and found nothing (no addresses at all). I'm sure this
is something really obvious, but could someone point it out to me?
Thanks,
Ben
BC Web
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
