Hector this is probably addressed mainly to you but anyone is welcome to comment if they have an answer.
Implementing wcSAP and it works pretty well, blobking and returning a signifcant number of emails.
Questions. Is there a way to customize the return message as to why the sender's email is returned.
For example, some systems such as aol and such tack on a website
address or email address that can be used if a legitimate email is
returned so that they can be whitelisted or at least have a chance
to be recognized. I would like to be able to append a spam@
email address that I have place as "accept all" exception in the
SAP file. This way a person who is having trouble sending email
can have a means to have their email received by recipient.
Greg
On 2007-12-26 11:42 AM, GREG MARLER wrote to All:
Hector this is probably addressed mainly to you but anyone is welcome to comment if they have an answer.
Implementing wcSAP and it works pretty well, blobking and returning a signifcant number of emails.
Questions. Is there a way to customize the return message as to why the sender's email is returned.
For example, some systems such as aol and such tack on a website
address or email address that can be used if a legitimate email is returned so that they can be whitelisted or at least have a chance
to be recognized. I would like to be able to append a spam@
email address that I have place as "accept all" exception in the
SAP file. This way a person who is having trouble sending email
can have a means to have their email received by recipient.
Greg
Hi Greg,
First let me explain why it is like it currently is.
Overall, I fundamentally believe the less clue you give the bad guys the better.
This premise works when the FALSE positives are low. In other words, when the majority is expected only to be the "bad guys" to see this, then you don't want to explain why.
However, intentional vagued reasons can be a problem when the majority or a high incidences of rejections are false positives. But if that is case, then the AVS method in place is poor and shouldn't be used.
So the method only works because the vast majority is bad.
That said, I did explore alternative response string methods. I will provide current state of affairs on that. But first let me explain why it was considered.
Again, on the premise the only people who this might effect are false positives. By far, the system works, therefore you don't an urgent
request to do this.
However, there was this one incident a few years back where in a public ANTI-SPAM forum thread exchange of messages, this one fella decided to send a private email to me and got a WCSAP rejection with a generic "Return Path not validated" response.
He posted it publicly and began to bad mouth the system.
Beside the fact it was shown WCSAP was right, it only did its job and he felt embarrassed when it was showed (I posted logs) he using a non-SMTP compliant return path (it must be valid), he did make a valid point that
if he "knew" of reasons, then he would not made an ass of himself.
So based on overall incident and understanding I did need it, especially
for SMTPFILTER, I did start work to allow for custom responses for WCSMTP rejections.
However, and this where I have to now open a DOS BOX and read the source code to confirm if it was done only for SMTPFILTER because it was needed for WCGREYLIST and any other 3rd party SMTPFILTER developers write who need a custom response. I know it was done for SMTPFILTER and it is programmable, and I know it was done for WCSAP, but I don't know if it was allowed to be programmable.
Let me check.. OPENING DOS BOX....
Well, lets just say its not "cleanly" available to be programmable at this point to have WCSAP offer custom SMTP responses but two internal methods
was used to return WCSMTP TRACE LOG reasons.
These methods explored predated the way it currently done for SMTPFILTER which allowed the 3rd party WCX to create a response file with the special file name:
spool\{hostname}\ne\temp-message-filename.response
There is a SMTPFILTER library function that allows this response file to be created. When a SMTPFILTER*.WCX module is run to analyze the email data, before WCSMTP sends the default
250 message accepted
45x/550 message not accepted"
responses, it will check for a specific response file created by SMTPFILTER WCX.
So for WCSAP, we don't have a way to change the SMTP response sent to the sender.
I will jot this down and explore it again :-)
Keep in mind again that I still feel it is not a good idea to expose
"clues" to bad guys, especially when the majority is bad. So IMO its a judgment call if the concern is just a current rare situation you just came across and believe it would of been great to have more information, but overall, do you really want to this to be sent to the majority of
rejections where are bad guys?
The worst case scenario is the bad guy learns from the "spam@" address and begins to bombard it or learns how to autowhite list it selft. :-)
Anyway, I will check it out.
---
HLS
I don't disagree with what you say. I love the way that wcSAP works. It has blocked a bunch of spam. What I am encountering is email server who will
not authenticate their users, possibly with their version of a spam filter.
A good example of this is the NY Time newspaper, polk-fl.net gov emails, passport.msn.com, cheaptickets.com, and firn.edu. These are just a few out
of the smtpfilter.txt file. I do NOT want an automatic whitelist system, I want to still peruse the requests and grant them on a personal basis. I am not so large that an automated system is necessary. Even RR.Com's whitelist sytem is a live person, just their blacklist is automated.
Thanks in advance for looking into this.
Greg
On 2007-12-27 12:57 AM, HECTOR SANTOS wrote to GREG MARLER:or a
On 2007-12-26 11:42 AM, GREG MARLER wrote to All:
Hector this is probably addressed mainly to you but anyone is welcome to comment if they have an answer.
Implementing wcSAP and it works pretty well, blobking and returning a signifcant number of emails.
Questions. Is there a way to customize the return message as to why the sender's email is returned.
For example, some systems such as aol and such tack on a website address or email address that can be used if a legitimate email is returned so that they can be whitelisted or at least have a chance
to be recognized. I would like to be able to append a spam@
email address that I have place as "accept all" exception in the
SAP file. This way a person who is having trouble sending email
can have a means to have their email received by recipient.
Greg
Hi Greg,
First let me explain why it is like it currently is.
Overall, I fundamentally believe the less clue you give the bad guys the better.
This premise works when the FALSE positives are low. In other words, when the majority is expected only to be the "bad guys" to see this, then you don't want to explain why.
However, intentional vagued reasons can be a problem when the majority
sendhigh incidences of rejections are false positives. But if that is case, then the AVS method in place is poor and shouldn't be used.
So the method only works because the vast majority is bad.
That said, I did explore alternative response string methods. I will provide current state of affairs on that. But first let me explain why it was considered.
Again, on the premise the only people who this might effect are false positives. By far, the system works, therefore you don't an urgent request to do this.
However, there was this one incident a few years back where in a public ANTI-SPAM forum thread exchange of messages, this one fella decided to
Patha private email to me and got a WCSAP rejection with a generic "Return
neednot validated" response.
He posted it publicly and began to bad mouth the system.
Beside the fact it was shown WCSAP was right, it only did its job and he felt embarrassed when it was showed (I posted logs) he using a non-SMTP compliant return path (it must be valid), he did make a valid point that if he "knew" of reasons, then he would not made an ass of himself.
So based on overall incident and understanding I did need it, especially for SMTPFILTER, I did start work to allow for custom responses for WCSMTP rejections.
However, and this where I have to now open a DOS BOX and read the source code to confirm if it was done only for SMTPFILTER because it was needed for WCGREYLIST and any other 3rd party SMTPFILTER developers write who
thisa custom response. I know it was done for SMTPFILTER and it is programmable, and I know it was done for WCSAP, but I don't know if it was allowed to be programmable.
Let me check.. OPENING DOS BOX....
Well, lets just say its not "cleanly" available to be programmable at
to bepoint to have WCSAP offer custom SMTP responses but two internal methods was used to return WCSMTP TRACE LOG reasons.
These methods explored predated the way it currently done for SMTPFILTER which allowed the 3rd party WCX to create a response file with the special file name:
spool\{hostname}\ne\temp-message-filename.response
There is a SMTPFILTER library function that allows this response file
SMTPFILTERcreated. When a SMTPFILTER*.WCX module is run to analyze the email data, before WCSMTP sends the default
250 message accepted
45x/550 message not accepted"
responses, it will check for a specific response file created by
cameWCX.
So for WCSAP, we don't have a way to change the SMTP response sent to the sender.
I will jot this down and explore it again :-)
Keep in mind again that I still feel it is not a good idea to expose "clues" to bad guys, especially when the majority is bad. So IMO its a judgment call if the concern is just a current rare situation you just
across and believe it would of been great to have more information, but overall, do you really want to this to be sent to the majority of rejections where are bad guys?
The worst case scenario is the bad guy learns from the "spam@" address and begins to bombard it or learns how to autowhite list it selft. :-)
Anyway, I will check it out.
---
HLS
Ok, I am not sure what you are looking for or how this helps, so give meIt has
an example of what you would like to do? what you would like to see replaced or done?
--
HLS
On 2007-12-27 11:56 AM, GREG MARLER wrote to HECTOR SANTOS:
I don't disagree with what you say. I love the way that wcSAP works.
filter.blocked a bunch of spam. What I am encountering is email server who will not authenticate their users, possibly with their version of a spam
whitelistA good example of this is the NY Time newspaper, polk-fl.net gov emails, passport.msn.com, cheaptickets.com, and firn.edu. These are just a few out of the smtpfilter.txt file. I do NOT want an automatic whitelist system, I want to still peruse the requests and grant them on a personal basis. I am not so large that an automated system is necessary. Even RR.Com's
sytem is a live person, just their blacklist is automated.
Thanks in advance for looking into this.
Greg
welcome toOn 2007-12-27 12:57 AM, HECTOR SANTOS wrote to GREG MARLER:
On 2007-12-26 11:42 AM, GREG MARLER wrote to All:
Hector this is probably addressed mainly to you but anyone is
why thecomment if they have an answer.
Implementing wcSAP and it works pretty well, blobking and returning a signifcant number of emails.
Questions. Is there a way to customize the return message as to
guys thesender's email is returned.
For example, some systems such as aol and such tack on a website address or email address that can be used if a legitimate email is returned so that they can be whitelisted or at least have a chance to be recognized. I would like to be able to append a spam@
email address that I have place as "accept all" exception in the
SAP file. This way a person who is having trouble sending email
can have a means to have their email received by recipient.
Greg
Hi Greg,
First let me explain why it is like it currently is.
Overall, I fundamentally believe the less clue you give the bad
words, whenbetter.
This premise works when the FALSE positives are low. In other
then youthe majority is expected only to be the "bad guys" to see this,
case,don't want to explain why.
or aHowever, intentional vagued reasons can be a problem when the majority
high incidences of rejections are false positives. But if that is
why itthen the AVS method in place is poor and shouldn't be used.
So the method only works because the vast majority is bad.
That said, I did explore alternative response string methods. I will provide current state of affairs on that. But first let me explain
and hewas considered.
Again, on the premise the only people who this might effect are false positives. By far, the system works, therefore you don't an urgent request to do this.
sendHowever, there was this one incident a few years back where in a public ANTI-SPAM forum thread exchange of messages, this one fella decided to
Patha private email to me and got a WCSAP rejection with a generic "Return
not validated" response.
He posted it publicly and began to bad mouth the system.
Beside the fact it was shown WCSAP was right, it only did its job
point thatfelt embarrassed when it was showed (I posted logs) he using a non-SMTP compliant return path (it must be valid), he did make a valid
especiallyif he "knew" of reasons, then he would not made an ass of himself.
So based on overall incident and understanding I did need it,
WCSMTPfor SMTPFILTER, I did start work to allow for custom responses for
sourcerejections.
However, and this where I have to now open a DOS BOX and read the
neededcode to confirm if it was done only for SMTPFILTER because it was
it wasneedfor WCGREYLIST and any other 3rd party SMTPFILTER developers write who
a custom response. I know it was done for SMTPFILTER and it is programmable, and I know it was done for WCSAP, but I don't know if
methodsallowed to be programmable.
Let me check.. OPENING DOS BOX....
thisWell, lets just say its not "cleanly" available to be programmable at
point to have WCSAP offer custom SMTP responses but two internal
SMTPFILTERwas used to return WCSMTP TRACE LOG reasons.
These methods explored predated the way it currently done for
specialwhich allowed the 3rd party WCX to create a response file with the
data,file name:
spool\{hostname}\ne\temp-message-filename.response
to beThere is a SMTPFILTER library function that allows this response file
created. When a SMTPFILTER*.WCX module is run to analyze the email
to thebefore WCSMTP sends the default
250 message accepted
45x/550 message not accepted"
SMTPFILTERresponses, it will check for a specific response file created by
WCX.
So for WCSAP, we don't have a way to change the SMTP response sent
address andsender.
I will jot this down and explore it again :-)
cameKeep in mind again that I still feel it is not a good idea to expose "clues" to bad guys, especially when the majority is bad. So IMO its a judgment call if the concern is just a current rare situation you just
across and believe it would of been great to have more information, but overall, do you really want to this to be sent to the majority of rejections where are bad guys?
The worst case scenario is the bad guy learns from the "spam@"
begins to bombard it or learns how to autowhite list it selft. :-)
Anyway, I will check it out.
---
HLS
I would just like a message appended to the current error code to either--- Platinum Xpress/Win/WINServer v3.1
send an email to a specified email address or go to a certain URL to be
given access to send email to this system.
RoadRunner Uses:
Received: 550 ERROR: Mail Refused - 24.173.130.227 - See http://security.rr.com/cgi-bin/block-lookup?24.173.130.227 from SMTP server hrndva-smtpin01.mail.rr.com.
In this case, taken from smtp logs they are using the offending ip in the message. Nothing this sophisticated needs to be used just a link or instructions on why they are blocked and how to get unblocked.
The actual unblocking would take place after a review of the email address that is sent to the spam blocked email address i.e. spam@myhometownweb.com
or a form that sends the email to that address.
Hope that this clarifies things more.
Thanks, in advance.
Greg Marler
Ok, I am not sure what you are looking for or how this helps, so give me an example of what you would like to do? what you would like to see replaced or done?
--
HLS
Sysop: | Nelgin |
---|---|
Location: | Plano, TX |
Users: | 577 |
Nodes: | 10 (1 / 9) |
Uptime: | 57:12:13 |
Calls: | 9,294 |
Calls today: | 2 |
Files: | 16,016 |
Messages: | 1,046,601 |