URL Blacklisting On MailEnable Standard

Discussion regarding the Standard version.
fmaxwell
Posts: 151
Joined: Sat Aug 03, 2002 9:10 am

URL Blacklisting On MailEnable Standard

Post by fmaxwell »

I just rebuilt my server on new hardware and, in the process, moved from MailEnable 1.x Pro to 4.x Standard.

After installing 4.x, I was excited to see URL blacklisting. Well, after spending about three hours trying to get it to work, I looked over the feature comparison and saw that it was not supposed to be available in MailEnable Standard.

If it's not supposed to be available, why is there a checkbox to enable it? Why is there a place to add servers for URL blacklisting? I can't believe that all of that was left in place as, essentially, a dead end for people trying to come up to speed on MailEnable Standard.

MailEnable-Ian
Site Admin
Posts: 9738
Joined: Mon Mar 22, 2004 4:44 am
Location: Melbourne, Victoria, Australia

Post by MailEnable-Ian »

Hi,

Apologies for the misleading information. URL blacklisting is part of the standard v4 kits. We will update the feature matrix accordingly. Are you experiencing problems configuring URL blacklisting?
Regards,

Ian Margarone
MailEnable Support

fmaxwell
Posts: 151
Joined: Sat Aug 03, 2002 9:10 am

Post by fmaxwell »

MailEnable-Ian wrote:Hi,

URL blacklisting is part of the standard v4 kits.
Great! Glad to hear it.
MailEnable-Ian wrote:Apologies for the misleading information.
How dare you include more features than promised in a product give to us for free!? :wink:
MailEnable-Ian wrote:Are you experiencing problems configuring URL blacklisting?
Oh yes! I configured it to use ws.surbl.org and multi.surbl.org (the Combined SURBL list) and then sent multiple messages with links to a domain blacklisted in ws.surbl.org and multi-surbl.org (rpaise.com). I sent it as plaintext. I sent it as a plaintext link with the http:// in front of it. I sent it as an HTML link. I forwarded the spam that included it back to myself. And I did all of this from outside e-mail services gmail.com and email2me.net. Every message got through unaltered, not flagged, and the link not replaced (I tried all settings).

P.S. An IO Error (ignorant operator error) check of the zone to assure that it ends with a period would save people a lot of head scratching -- though that was not my problem in this case.

Now, here's the really disturbing part (insofar as these things go) from the diagnostic utility:

Code: Select all

RDNS Blacklist Status 	Enabled 	Reverse DNS is enabled at the RCPT command.	Pass
RDNS Blacklist Status 	BarracudaBRBL 	Enabled	Pass
RDNS Blacklist Status 	BarracudaBRBL 	Enabled	Pass
RDNS Blacklist Status 	dnsbl.njab 	Enabled	Pass
RDNS Blacklist Status 	multi.surb 	Disabled	Pass
RDNS Blacklist Status 	Spamcop 	Enabled	Pass
RDNS Blacklist Status 	SpamhausZEN 	Enabled	Pass
RDNS Blacklist Status 	ws.surbl.o 	Disabled	Pass
That doesn't match up with this at all:

Image

You will note that the diagnostic report does not have 'URL blacklist status' indicator at all and the individual URL blacklists are shown as disabled.

Thanks for your help on this one.

fmaxwell
Posts: 151
Joined: Sat Aug 03, 2002 9:10 am

Does anyone have any experience with this problem?

Post by fmaxwell »

I've not heard back from anyone on this. Any ideas?

MailEnable-Ian
Site Admin
Posts: 9738
Joined: Mon Mar 22, 2004 4:44 am
Location: Melbourne, Victoria, Australia

Post by MailEnable-Ian »

Hi,

The reason why the URL blacklists are not working for you is because you are using the Sorbl blacklists which are unsupported within MailEnable.
Regards,

Ian Margarone
MailEnable Support

fmaxwell
Posts: 151
Joined: Sat Aug 03, 2002 9:10 am

Post by fmaxwell »

MailEnable-Ian wrote:Hi,

The reason why the URL blacklists are not working for you is because you are using the Sorbl blacklists which are unsupported within MailEnable.
Thanks.

But how can I tell which ones are supported? I could not find anything about URL blacklisting in the Standard Edition PDF manual. The Professional Edition mentions the subject, but does not indicate that there is some characteristic that a URL blacklist DNS server must have or not have in order to work.

MailEnable-Ian
Site Admin
Posts: 9738
Joined: Mon Mar 22, 2004 4:44 am
Location: Melbourne, Victoria, Australia

Post by MailEnable-Ian »

Hi,

We will update the standard documentation accordingly and include the URL blacklisting information and which blacklists are compatible for future reference.

MailEnable URL blacklisting looks up the resolved domains in emails in an RBL (such as the Spamhaus Exploits Block List). It is not totally SURBL compatible, as SURBL requires a lookup of the non-resolved URIs extracted from messages.
Regards,

Ian Margarone
MailEnable Support

fmaxwell
Posts: 151
Joined: Sat Aug 03, 2002 9:10 am

Post by fmaxwell »

MailEnable-Ian wrote:MailEnable URL blacklisting looks up the resolved domains in emails in an RBL (such as the Spamhaus Exploits Block List). It is not totally SURBL compatible, as SURBL requires a lookup of the non-resolved URIs extracted from messages.
Thank you, Ian. That really clears things up. I was pulling my hair out trying to figure out what was wrong and to determine what lists I could use.

Does MailEnable run just the links or does it also run html img tags (when spammers use images hosted on their spam sites in message bodies)?

I do see some benefit to the SURBL's approach in that it moving the domain to other host IP addresses would not foil the detection. Nor would clustered hosting (e.g. 15 different DNS entries for the domain that rotate traffic through different servers).

Regards,
Fred

wscheer
Posts: 7
Joined: Wed Aug 26, 2009 7:39 pm

Post by wscheer »

Is there any harm in enabling all of them in the mean time?

johnsonfredral
Posts: 4
Joined: Tue Nov 03, 2009 11:24 am

Re: URL Blacklisting On MailEnable Standard

Post by johnsonfredral »

thanks for sharing :)

cszeto
Posts: 527
Joined: Sat Feb 07, 2004 8:06 am
Location: Arizona, USA

Re:

Post by cszeto »

wscheer wrote:Is there any harm in enabling all of them in the mean time?
Typically no harm as long as you agree with each of their individual characteristics, otherwise you may be increasing the chance of a classification that is counter to your needs. Example - some may classify all dynamic IP addresses is "invalid" where you might be exchanging emails with someone who does have a legitimate business-class dynamic IP that has been mis-identified as being dynamic/non-exclusive assigning.
Microsoft MVP (2004 through 2008)

telecomputers
Posts: 48
Joined: Sat Dec 04, 2004 3:59 pm

Re: URL Blacklisting On MailEnable Standard

Post by telecomputers »

MailEnable URL Blacklisting is a lie.

After seeing that MailEnable (ME) Pro version created a new function for URL Blacklisting we deleted the old MEfilter (which by-the-way was doing a great job of URL lookups). But we figured since ME had it "built-in" now we could go without MEfilter.
Then we find out that the function ME calls URL Blacklisting is just another IP blacklist. It does not lookup any domain names within the email text - but instead just allows you to enter another IP Blacklist agent into the mix. So there is no real time check with something like SURBL to match any text.

Now we can not re-install MEfilter as it's web site has gone away and there is no way to get a "new"registration code to make it work.
Looking at the ME suggestions they say to add a third party program to do SURBL lookups. Well that is rather lame - especially since one of the programs recommended is MEfilter (which as I say has gone away). Talk about a slap in the face!

Are there any plans to make the ME URL Blacklist function do what it is supposed to do - or - at least remove it from the program features list as false advertising?

Then you state:
"We will update the standard documentation accordingly and include the URL blacklisting information and which blacklists are compatible for future reference."
So where exactly is that information?

Finally, when are you going to update the third party "real URL Blacklisting" programs list that you recommend?
http://mailenable.com/kb/Content/Articl ... D=me020344
Since some of them are no longer around... and many of the ones listed have no idea what URL Blacklisting is either. MagicSpam for example has no SURBL lookup in it either.

URL Blacklisting is the only way to stop spam email. Blocking IP addresses that are sending spam is not stopping spammers who are continuously changing their IPs and using infected PCs to send mail. The only way to effectively stop them is to do a URL lookup and kill any message that has a spammer's domain name in it. The domain name is the payload.

It would seem that it would be in the best interest of ME to create such a process - scan every message and match it to the SURBL list. You know it is a good selling point because you already have it listed as one of your features even though you do not offer it.
j@mes

MEpro 10.20
JAM Software - SpamAssassin in a Box

telecomputers
Posts: 48
Joined: Sat Dec 04, 2004 3:59 pm

Re: URL Blacklisting On MailEnable Standard

Post by telecomputers »

No reply?

SMTP Properties | DNS Blacklisting tab

[checkbox] Enable URL Blacklisting

"URL filtering will check in the body of emails against DNS blacklists to determine whether it is spam."

No it does NOT.
It just checks another IP list of blocked IP numbers. Same as the section above it.

[checkbox] Enable DNS Blacklisting

So what gives - any intention of actually doing what you say you are doing?
j@mes

MEpro 10.20
JAM Software - SpamAssassin in a Box

MailEnable-Ian
Site Admin
Posts: 9738
Joined: Mon Mar 22, 2004 4:44 am
Location: Melbourne, Victoria, Australia

Re: URL Blacklisting On MailEnable Standard

Post by MailEnable-Ian »

Hi,

Apologies for the delay. So you are saying that a message contains a URL in the message body and the URL filtering is resolving the URL to an IP that is listed on a blacklist? Best way forward and for a managed response would be to lodge a support ticket via our ticketing system and provide exact details and examples messages and URL blacklists your using so we can further diagnose and assist in troubleshooting.
Regards,

Ian Margarone
MailEnable Support

telecomputers
Posts: 48
Joined: Sat Dec 04, 2004 3:59 pm

Re: URL Blacklisting On MailEnable Standard

Post by telecomputers »

There is no reason to submit a ticket as there is nothing broken or repairable.
The problem is that your are not providing what you claim to have included in your features.

I will try to explain.

Most spam contains a payload. The payload is almost always the domain name URL of the target site and that is the link to the spam product.
Bayesian filters no longer work (and haven't for quite some time) since the spammers have learned to poison their messages by including chapters from books or long paragraphs of plain text.
The spammer also changes the sending IP address around so much that trying to block by IP is nearly impossible.
The one thing that remains constant is the spam domain name - the link to the spam web site. Without that written into the email - they cannot deliver the payload.
SURBL list contains these domain names of these offensive web sites.
Other online lists contain the IP addresses of these domain names (this is what ME uses) but by the time they get the IP address into the list the spammer has moved on to another IP.
So really the simply solution is to have the program look for domain name URLs inside the text of the email before delivery - take that URL and search for it through SURBL - if it is found, deal with it as spam, if not allow the email to continue.

In our situation we had MEfilter installed and it included a beta version of SURBL lookup - it was doing a bang up job too.
Once we saw you had included the URL lookup in the newest version of ME - we happily uninstalled the third party MEfilter and turned on the new function.
Only then did we find out that ME's URL lookup was not doing what it claims to do - but is instead looking up banned IP addresses.
By then it was too late, we had removed MEfliter and could no longer re-install it as they have vanished off the Internet (it requires a REG keycode).
So now for the first time in years we have an abundance of spam getting through to all our clients.

So do we look for a NEW email server program and replace ME altogether?
Or do we wait until ME offers true SURBL lookups?
Or do we look for third party programs to do the lookup job that ME should be doing for us?
Most of these services charge a hefty monthly fee to pre-screen the email before handing it off to ME.
But ME is already handling the email! That is why we bought it.
Shouldn't ME be looking into adding true URL lookups into it's programing instead of falsely claiming that it is already there?

By the way - I submitted a ticket on Dec 23 2012 and also one on Jan 11 2013 about this.

The last word I got back was this:

The URL blacklisting in MailEnable is called URL Blacklisting since it
searches for URLs within email content and resolves these to IP addresses
which it then uses to check in blacklists. So it does find URLs and resolve
and look for blacklisted destinations. But it is an older feature which we
intend to change to working like SURBL where you don't do the resolution,
you just use the URL. I don't know when this will be done, sorry, but have
passed your email onto the development side of things here to help move it
forward faster. I've also asked our web guy to update the details in the KB
article to be more current.

Regards,
Peter Fregon
MailEnable Pty Ltd

So according to that answer you ALREADY look up the URL - so instead of resolving it to an IP and THEN doing an IP look up - just do a lookup of the URL through SURBL! Done!
j@mes

MEpro 10.20
JAM Software - SpamAssassin in a Box

Post Reply