Greylisting and whitelisting

Similar Messages

• SpamAssassin and whitelisting

  We use several forms on our websites that are processed by a formmailer and then send to us via e-mail. In order to ensure that these forms are reaching us in any case, I want to whitelist my e-mail addresses in SpamAssassin.
  I did so by adding these two lines to /etc/mail/spamassassin/local.cf:
  whitelist_from *@starenterprise.com
  whitelistfromrcvd *@starenterprise.com starenterprise.com
  The first one whitelists all e-mails that come from our domain.
  The second one should ensure that the header domain names are matching the reverse DNS lookup.
  It also requires internal_networks to be specified, alternatively it takes over the values from trusted_networks - see http://spamassassin.apache.org/full/3.1.x/doc/MailSpamAssassin_Conf.html#whitelist_and_blacklistoptions
  So far so good. I don't have internal_networks set, but trusted_networks and therefore believed that anything worked.
  But now I got a spam mail with this header:
  Von: [email protected]
  Betreff: separation; hath brought me? The new wine, that he,
  Datum: 22. November 2006 21:32:56 MEZ
  An: [email protected]
  Return-Path: <[email protected]>
  Received: from murder ([unix socket]) by starenterprise.com (Cyrus v2.2.12-OS X 10.4.8) with LMTPA; Wed, 22 Nov 2006 21:32:54 +0100
  Received: from localhost (localhost [127.0.0.1]) by starenterprise.com (Postfix) with ESMTP id 2D070506E93 for <[email protected]>; Wed, 22 Nov 2006 21:32:54 +0100 (CET)
  Received: from starenterprise.com ([127.0.0.1]) by localhost (dns1.starenterprise.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 06328-01 for <[email protected]>; Wed, 22 Nov 2006 21:32:52 +0100 (CET)
  Received: from 132.248.108.40 (unknown [132.248.108.40]) by starenterprise.com (Postfix) with ESMTP id 86048506E80 for <[email protected]>; Wed, 22 Nov 2006 21:32:49 +0100 (CET)
  Received: from c069we.forpsi.com (port=19458 helo=jiuqhxdyem) by 132.248.108.40 with smtp id NQFD3-kQ1YX8-4Qs for [email protected]; Wed, 22 Nov 2006 14:32:56 -0600
  X-Sieve: CMU Sieve 2.2
  Message-Id: <000a01c70e75$5c801990$062faa3c@jiuqhxdyem>
  Mime-Version: 1.0
  Content-Type: multipart/related; type="multipart/alternative"; boundary="----=NextPart_000_000C01C70E43.11E5A990"
  X-Priority: 3
  X-Msmail-Priority: Normal
  X-Mailer: Microsoft Outlook Express 6.00.2900.2869
  X-Mimeole: Produced By Microsoft MimeOLE V6.00.2900.2962
  X-Spam-Status: No, hits=-85.89 tagged_above=-999 required=5 tests=BAYES_99, HTML8090, HTMLFONTBIG, HTMLIMAGE_ONLY08, HTMLIMAGE_RATIO02, HTML_MESSAGE, MIMEQP_LONGLINE, RCVDBYIP, RCVDIN_BL_SPAMCOPNET, RCVDINXBL, RCVDNUMERICHELO, USERINWHITELIST
  X-Spam-Level:
  Where is the problem that caused this mail being whitelisted and how can I prevent this by improving my settings ?

  I already use a SPF in my domain's DNS records, although I think that I haven't exactly understood their application (even with this information in DNS, why should a spammer care about ?).
  Anyway, I noticed this morning that six spam mails came through, all claimed to be whitelisted. So I have commented out whitelisting in local.cf file.
  I belive the tricky part is if your clients sometimes use their computers
  elsewhere so that the outgoing mail / smtp server might not be your own and
  that might hinder the receiving mailserver from accepting mail from your
  users.
  You mention an interesting part there, I haven't thought about: What happens when I'm using a dial-up ISP and then sending mails via my mail account ? Am I then not whitelisted although I authenticate myself correctly ?
  Alternatively to an other solution someone can provide I also would simply set the score for "USERINWHITELIST" from -100 to let's say -5. Since my intended mails all have scores around two to three maximum, this could also work. Most spam mails came through had around -80 points, so deducting the whitelist score -100 we have +20 points for all other tests; subtracting five points (new whitelist score) we come to +15 - still marked as spam

• Email being blocked and whitelist denied - HELP?

  Email to verizon.com (.net too) are being blocked by the anti-spam system. I submitted whitelist requests, but just get automated messages in return saying the IP is dynamically assigned. It's not, I've had the same IP on that server for well over 1 year. No spam is going out from the system, and SPF, PTR records are correct.
  Who can I contact to get mail flowing for customers? One of the sites I host is owned by a local Verizon customer, and he can't even get his own web site emails when someone makes a purchase from him. Very frustrating!
  Any help appreciated.
  Solved!
  Go to Solution.

  Your issue has been escalated to a Verizon agent. Before the agent can begin assisting you, they will need to collect further information from you.Please go to your profile page for the forum, and look in the middle, right at the top where you will find an area titled "My Support Cases". You can reach your profile page by clicking on your name beside your post, or at the top left of this page underneath the title of the board.
  Under “My Support Cases” you will find a link to the private board where you and the agent may exchange information. This should be checked on a frequent basis as the agent may be waiting for information from you before they can proceed with any actions. To ensure you know when they have responded to you, at the top of your support case there is a drop down menu for support case options. Open that and choose "subscribe".
  Please keep all correspondence regarding your issue in the private support portal.

• "Blocked sender" tab and "Whitelist" tab gone

  V blocks entire swaths of my incoming email as spam. The above-mentioned tabs no longer exist in my account since the site was redone. Now I can't even whitelist legit senders. I watched a video about using their spam detector, but it was geared toward the old interface. Mail Options now takes you to the email itself instead of options for email. Oy, vay. Has anyone had any luck by calling their help line? They were useless 2 months ago.

  Outlook Express is not involved here. Verizon blocks spam on their server before it gets to your mailbox. That's not the same as the spam you're
  blocking in OE, which is the next step down the ladder. Think of it as a group of filters, V filtering out the spam first, and then OE filtering out whatever spam gets through
  (if you'tre lucky.)  The issue here is with V's new spam detector.
  Message Edited by Katz on 07-02-2009 09:14 AM

• Milter-greylist and Messaging Server

  I have been using the milter-greylist for a long time on the sendmail servers and relays, and at least with the older releases I thought this milter only supports local sockets to interact with sendmail (and can listen on the network for peering with other milter-greylist instances). I reviewed the recent release's README, there's no notes of non-local sockets either.
  The Wiki [http://msg.wikidoc.info/index.php/About_milter_plugin] suggests, however, that all milters may (and for Messaging Server - must) be configured on a networking socket. It also states that milter-greylist was tested as working with the Sun Messaging Server.
  Can somebody please elaborate (ideally - write up a step-by-step how-to on the Wiki) how to integrate this milter with Sun MS, which versions are supported, where do we configure the network-listening socket (is it greylist config or libmilter config), etc.?
  Thanks in advance :)

  JimKlimov wrote:
  The Wiki [http://msg.wikidoc.info/index.php/About_milter_plugin] suggests, however, that all milters may (and for Messaging Server - must) be configured on a networking socket. It also states that milter-greylist was tested as working with the Sun Messaging Server.
  I hit this very issue when writing up the guide you refer to -- there is little in the way of information on the Internet regarding the sendmail milter library and getting the milter to listen on a non-unix socket.
  Can somebody please elaborate (ideally - write up a step-by-step how-to on the Wiki) how to integrate this milter with Sun MS, which versions are supported, where do we configure the network-listening socket (is it greylist config or libmilter config), etc.?For the milter-greylist I made the following change to the greylist.conf file:
  replace:
  socket "/var/milter-greylist/milter-greylist.sock"
  with:
  socket "inet:19025"This causes the milter to listen on an INET port (19025 in this example) vs. a unix socket. You will find that a similar approach will work with other milters that use the sendmail milter library and this is why I mentioned it in the guide:
  <snip>
  3. Run the milter-server, configure it to run on the INET:<TCP port number> socket.
  </snip>
  As for writing up wiki's on supported versions and what-not (we don't support specific milters rather we support the milter interface) this is something I simply don't have the time to do. Feel free however to update the milter wiki page with your own testing results.
  I did however fix up a number of broken links on the page -- it seems sendmail have moved their milter related information to a new site (milter.org) since I created the page.
  If you are looking at greylisting addresses, I would recommend you consider using the following instead as it is far more efficient then calling out to a milter server for this purpose.
  http://code.google.com/p/gross/wiki/readme
  http://iamthek.com/archives/30
  Regards,
  Shane.

• Versa Mail "No Such User Here" and "Greylisti​ng"

  I'm new to the community. Usually when I try to reply to an email I get the response "No such user here" or I get a response saying the receiver is "Greylisted" and that I should try back in 300 seconds. What is going on? I couldn't find any info in the VersaMail guide.
  Thanks.
  Post relates to: Treo 755p (Verizon)

  Can you compare your outbound mail settings with those from your mail service provider? In particular, do you have authentication enabled if that is required?
  Post relates to: Treo 800w (Sprint)

• Question about the whitelist and installing a Wireless AC card on a Thinkpad Yoga

  Hi,
  So I'm looking at buying a Thinkpad Yoga, but the model I'm looking at doesn't have AC wireless.  I've read up a bit about FRUs and whitelists, and was just wondering if the same model wireless card with two different Lenovo parts numbers will be compatible with each other or if the bios will block it if I don't buy the specific Lenovo part number.

  Yes, you install grub to sda (master boot record), and add the entry for Windows. In the step where you partition the harddrive, you can choose where to create it. Actually it may not be that much of a problem anymore, my boot is on the third partition, after ~15 GB. You can forget about the bootable flag when using grub, it does not care.

• Whitelist on 10.6?

  I'm wondering if someone could answer a couple of quick whitelist questions as it pertains to 10.6 Server?
  Would adding domains to a whitelist bypass 10.6's greylist? Ensuring that mail received from whitelisted domains is accepted immediately (as opposed to waiting for a resend/greylist training period).
  Is the procedure for creating and managing a whitelist unchanged from 10.5?
  Bonus ?:
  Has anyone done a nice writeup on greylisting and how it functions by default on 10.6? Does it train itself to recognize domains over time? How so? What options are available?
  Thanks!
  - Art

  Please mac people, find away to prevent adobe from forcing us to use reader instead of preview.
  Adobe is doing nothing of the kind. Not intentionally, anyway. They add new features to each release of Acrobat (after all, PDF is their invention). It's then Apple's job to try and figure out how to handle the new features so Preview can open PDF files created with them. Apple is always playing catch-up with Preview with no help from Adobe to figure out how the format was changed/updated.
  It's no different with Office. MS has no need or reason to tell the people who update the free open source Office-like software (Neo Office, Open Office, etc.) what they're going to add to Excel, Word, or PowerPoint. It's up to them to figure out what MS did to change the format to add the new features, and then how to read and write them to be compatible. They too are always playing the game of catch-up.

• ISE 1.2 - External database to use as MAC whitelist ?

  Hi,
  I am just wondering, how can a company can live with ISE 1.2 configured with MAB, and whitelist.
  Senarios is a company hires a IT provider to run and manage the ISE setup.
  so the company itselfs, will not be able to access the ISE for administration. What they can do is manage the AD that ISE integrates to.
  So how is it possible, for the company, to maintain a MAC white-list within the AD, externally to the ISE, so that the company can add new MAC's themselfs without intervention from the IT Provider ?
  I see in the guides that LDAP does "MAC Address Lookup" but cant an AD do the same ?
  Or what is the difference between the two.
  Also any ideas from the real world on how to differentiate access and support "Segregation of Duties" when it comes to roles as grouping etc with ISE
  regards
  Martin

  well you can have a OU specified in the AD for admin PC and all computers in the Admin OU will have full access.so you have mange the access to ISE this way also.
  ********Do rate helpful posts**************

• Whitelist Helpdesk User

  Hey,
  From the interface a user with the permission of "Helpdesk User", is there a way to allow them to add a blocked email to the users whitelist? If we hand out helpdesk user logins to our customer support team, and a subscriber calls in with a request about some blocked mail, the helpdesk user can login and release the message, but that doesn't help the sub for future requests. There needs to be a way for the helpdesk user to add that email to the whitelist as an option. Is there anything like the currently or coming down the road?
  Matt

  I understand that through the end user quarantine, the user can add it to the Safe or Black lists. But having the option for a helpdesk user to login and track messages, but then tell a customer that they need to login and whitelist the email address becomes a burden. There should or needs to be a way for the helpdesk user to add an email to a users whitelist or blacklist when looking through the quarantine. This can easily be done using the quarantine search of a helpdesk user and having the option to whitelist or blacklist a message when it is found through the advanced search. You have the full message, sender, to, etc to do such a function. Any hopes in getting this added into the interface? Maybe a nice needed API to help do this?
  Matt

• Regexp and performance

  ahoj!
  i want to create an index on a column that i query via an regular expression, for example ...where regexp_like(phone.extension_col, whitelist.extension_col)...
  phone.extension_col is the column with the phonenumber-extensions i want to query and whitelist.extension_col is a list of extension that are allowed. whitelist contains extensions like 2450 AND extensions as regular expressions like ^8...$!
  i tried to create an index on phone.extension, but it doesn't work:
  create index idx_extension on phone (regexp_like(extension_col, '^8...$'));
  -> ORA-00904 column name not valid
  someone can help me? thx!
  bye,
  christian

  hi,
  i think u have given a wrong column name,
  create index idx_extension on phone (regexp like('phone.extension_col', 'whitelist.extension_col'));
  I dont know above would work or not, but u havae to look for correct column name by looking at the error
  http://download.oracle.com/docs/cd/B19306_01/server.102/b14200/statements_5010.htm
  regards
  Jafar

• Spam Filtering Key words or Whitelisting

  I would appreciate any help.
  We are running a mail server on an Intel xserve with 10.4.11 server.
  Spam trainer and RBL's are set up to block spam.
  Is there a way to block key words and Whitelist domains?
  I would like to customize some of the parameters for filtering.
  Thanks

  For information on whitelisting see here
  Keywords can be blocked through curstom rules. That said, this is a lost battle, you'll never catch all iterations of a word and will just waste time. Make sure you add some generic rules ("spamtrainer -a" will do this for you) and fine tune your postfix and amavis settings. You will have much better results.

• ASM and Multipathing

  Hi
  I have a 2node RAC Setup 10gR2.
  I have three ASM Volumes configured, out of devices sdb2, sdb3, sdb4
  /etc/init.d/oracleasm createdisk VOL1 /dev/sdb2
  /etc/init.d/oracleasm createdisk VOL2 /dev/sdb3
  /etc/init.d/oracleasm createdisk VOL3 /dev/sdb4.
  where VOL1 & VOL2 belong to the Disk Group ORCL_DATA1 and Vol3 to the group FLASH_RECOVERY_AREA.
  I want to use the multipath disks namely /dev/multipath/sdb2, /dev/multipath/sdb3 and /dev/multipath/sdb4 for asm volumes.
  I created the multipath disks on node1 and edited the file /etc/sysconfig/oracleasm and set ORACLEASM_SCANORDER="multipath" and
  ORACLEASM_SCANEXCLUDE="sdb2 sdb3 sdb4".
  After a Reboot, the crs_stat shows
  On Node1
  Name Type Target State Host
  ora....SM1.asm application ONLINE ONLINE linux1
  ora....X1.lsnr application ONLINE ONLINE linux1
  ora.linux1.gsd application ONLINE ONLINE linux1
  ora.linux1.ons application ONLINE ONLINE linux1
  ora.linux1.vip application ONLINE ONLINE linux1
  ora....SM2.asm application ONLINE ONLINE linux2
  ora....X2.lsnr application ONLINE ONLINE linux2
  ora.linux2.gsd application ONLINE ONLINE linux2
  ora.linux2.ons application ONLINE ONLINE linux2
  ora.linux2.vip application ONLINE ONLINE linux2
  ora.orcl.db application ONLINE ONLINE linux1
  ora....l1.inst application ONLINE OFFLINE
  ora....l2.inst application ONLINE ONLINE linux2
  ora....test.cs application ONLINE ONLINE linux2
  ora....cl1.srv application ONLINE OFFLINE
  ora....cl2.srv application ONLINE ONLINE linux2
  [oracle@linux1 ~]$ sqlplus "/ as sysdba"
  SQL*Plus: Release 10.2.0.1.0 - Production on Tue Dec 8 12:04:53 2009
  Copyright (c) 1982, 2005, Oracle. All rights reserved.
  Connected to an idle instance.
  SQL> select name, path from v$asm_disk;
  select name, path from v$asm_disk
  ERROR at line 1:
  ORA-01034: ORACLE not available
  I try to start the instance manually,
  [oracle@linux1 ~]$ srvctl start instance -d orcl -i orcl1
  PRKP-1001 : Error starting instance orcl1 on node linux1
  CRS-0215: Could not start resource 'ora.orcl.orcl1.inst'.
  Also from sql
  SQL> startup
  ORA-01078: failure in processing system parameters
  ORA-01565: error in identifying file '+ORCL_DATA1/orcl/spfileorcl.ora'
  ORA-17503: ksfdopn:2 Failed to open file +ORCL_DATA1/orcl/spfileorcl.ora
  ORA-15077: could not locate ASM instance serving a required diskgroup
  On Node2
  [oracle@linux2 ~]$ sqlplus "/ as sysdba"
  SQL*Plus: Release 10.2.0.1.0 - Production on Tue Dec 8 11:56:13 2009
  Copyright (c) 1982, 2005, Oracle. All rights reserved.
  Connected to:
  Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production
  With the Partitioning, Real Application Clusters, OLAP and Data Mining options
  SQL> select name, path from v$asm_disk;
  NAME
  PATH
  VOL1
  ORCL:VOL1
  VOL2
  ORCL:VOL2
  VOL3
  ORCL:VOL3
  Plz note, that I have the multipath devices only on one node currently.
  I am new to the multipathing concept. Plz advise, on what (above) steps are wrong and what additional things are to be taken care of.
  And the causes/solutions to the errors.
  Edited by: whatis on Dec 7, 2009 11:47 PM

  We use multipath extensively on our Linux clusters - but do not use ASM itself to blacklist and whitelist devices. And we use the actual multipath (logical) device as the device for ASM to use - not the physical device and not the multipath +/dev/dm+ devices.
  The black and white listing of LUNs are done using multipath. The multipath config is duplicated on each node - and each node should see the exact same devices.
  You can ensure consistency in device names across the cluster by using the ww identifier of the LUN. In +/etc/multipath.conf+, you can define a mpath device for a LUN as follows, e.g.
  multipaths {                                                   
      multipath {                                                
          wwid    36006048000028775044553594d303439              
          alias   mpath0                                         
      ..etc..
  }For example, multipath will lists the following mpath devices:
  root@dev3: /root> multipath -l
  mpath9 (xxxxIBLUN5_5e3d014a9cb2f25eb1a38704) dm-3 xxxxIB,LUN5
  [size=1000G][features=0][hwhandler=0][rw]                                            
  \_ round-robin 0 [prio=0][active]                                                    
  \_ 10:0:0:4 sdad 65:208 [active][undef]                                             
  \_ 12:0:0:4 sdbx 68:176 [active][undef]                                             
  \_ 13:0:0:4 sdby 68:192 [active][undef]                                             
  \_ 11:0:0:4 sdz  65:144 [active][undef]                                             
  mpath8 (xxxxIBLUN1_5e3d014a9cb2f25e78ba1532) dm-13 xxxxIB,LUN1
  [size=1000G][features=0][hwhandler=0][rw]                                             
  \_ round-robin 0 [prio=0][active]                                                     
  \_ 12:0:0:0 sdbp 68:48  [active][undef]                                              
  \_ 13:0:0:0 sdbq 68:64  [active][undef]                                              
  \_ 10:0:0:0 sdk  8:160  [active][undef]                                              
  \_ 11:0:0:0 sdl  8:176  [active][undef]  
  ..snipped.We then assign the mpath device to ASM, e.g. +/dev/mpath/mpath8+ and +/dev/mpath/mpath9+ are then used for creating (external redundancy) ASM disk groups.
  So we basically stick to the o/s toolset provided for dealing with multipath devices and then use ASM on top of the logical multipath device. Our primary reason is that this is the same config and commands used by some of the largest clusters in the world - and if it works for these, then we will rather follow suite than use ASM features to do the same (such as black and white listing).

• Block spam and junk TLDs

  I seem to be noticing a growing amount of spam from TLDs like .work and review. Some are getting blocked in out spam system, but some still seem to get through. Right now I block TLDs (like .work) when they cause an issue, but it seems that the issue pops up later again with different domains after some amount of time. We also have a mechanism in place for blocking snowshoe spam so it's not an issue there.
  I was just wondering how other people are handling this as it becomes a problem. We're also using several blacklists, greylisting and other tests on Exchange using Vamsoft ORF. Any thoughts? I've noticed that this is an issue on other systems as well...
  This topic first appeared in the Spiceworks Community

  Hi,
  I recommend you select different agents depending on the junk mails type to achieve your goals.
  1.Sender Filter agent   
  2.Recipient Filter agent 
  3.Sender ID agent   
  4.Content Filter agent   
  5.Protocol Analysis agent
  The following article for your reference:
  Anti-Spam Protection
  Hope it helps!
  Thanks.
  Niko Cheng
  TechNet Community Support

• How do I get to my Whitelist or add to my Whitelist

  In a previous version of Firefox I would click tools, options,general,manage add ons,options and whitelist would appear!! This no longer works! How do I add a website so I don't
  have to go to Internet Explorer just to go to a secure website. While
  dealing w/1 site I had to click help,restart w/add-ons Disabled, restart,continue in safe mode! That helper said an add-on was blocking my script or no-script! This is 1 problem w/2?s

  You should be able to edit the contacts that you have on the iPad via the Contacts app :