Re: [Declude.JunkMail] Bayesian filtering
Has anyone seen anything about this .. Any good or bad ? .. Bayesian filtering .. Check this link http://www.paulgraham.com/filters.html Scott are you thinking along any of these line for the future of Declude? Here's part of an E-mail that I posted previously: --- The concept is flawed, but sounds like it could work well if implemented properly. It's essentially the same thing that the heuristics test (which never made it out of beta) does, except that the heuristics test only looks at about 100 different aspects of the E-mail (not necessarily individual words). The flaw is that it is based on the Bayes Rule, but doesn't meet its conditions (the individual probabilities used must not be related to each other, but they are in this situation). For example, if you have 10 spams that each have the term This is a spam in them, and it's determined that each word has a 99% chance of indicating spam (IE if the word This appears in an E-mail, there's a 99% chance it is spam), the Bayes Rule would say that an E-mail with This is a spam would have about a 99.9% chance of being spam (when in reality, I believe it would only have a 99% chance of being spam). This probability stuff gets pretty complex unless you've taken a probability and statistics course recently (and did well in it). Another problem is that you need a good database of legitimate E-mail to work with, which is harder to obtain than a good database of spam (which isn't always easy to get). If you just use E-mail to a specific person, it will skew the results. We are doing some testing here to see if the concept could work well (as it seems to for Paul Graham). -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Base 64 test
Anecdotally this makes a lot of sense. It was primarily porn spam that caused us to move our filterchain module development forward in the sniffer program. _M ]-Original Message- ]From: [EMAIL PROTECTED] ][mailto:[EMAIL PROTECTED]]On Behalf Of John Tolmachoff ]Sent: Monday, September 23, 2002 2:02 AM ]To: [EMAIL PROTECTED] ]Subject: [Declude.JunkMail] Base 64 test ] ] ]Since implementing the base 64 test, I am noticing that adult junkmail ]that is in HTML format is getting caught by this. ] ]As I am out of the office this week and working from home, when I have ]time I am going to investigate this further. ] ]Any one else noticing this? ] ]John Tolmachoff ]IT Manager, Network Engineer ]RelianceSoft, Inc. ]Fullerton, CA 92835 ]www.reliancesoft.com ] ] ] ]--- ][This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Yahoo Abuse Account
What's a good rule or configuration that people have used for Yahoo. Seems Yahoo ( at least groups ) fails the abuse test when they do have an abuse account. I've been testing out the junkmail and went hog wild and well you can't please everyone all the time. -- Avolve Support 740 467 3338 -- --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Yahoo Abuse Account
Ok I got an extra of the email I sent to the list with subject line modified and one without. Hmm. Wonder if I'll get a second of this one. -- Original Message -- From: Avolve Support [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Mon, 23 Sep 2002 09:03:16 -0400 What's a good rule or configuration that people have used for Yahoo. Seems Yahoo ( at least groups ) fails the abuse test when they do have an abuse account. I've been testing out the junkmail and went hog wild and well you can't please everyone all the time. -- Avolve Support 740 467 3338 -- --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] -- Avolve Support 740 467 3338 -- --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Junkmail - Spamheaders
Hello, I try to play Junkmail, but it won't work. we host some websites, and they are sending mail over our primary mailserver. If the website uses ASPMail, the mail will fail because of Code: 420f. The E-mail failed the SPAMHEADERS test. This E-mail is missing a Message-ID: header. Although it is legal not to have one, the RFCs say that E-mails SHOULD have this (which, in RFC terms, means that you must have the Message-ID: header or accept the consequences -- in this case, the E-mail may be treated as spam). Note that you may see a Message-ID: header; if so, it was one that IMail added later. If the website uses WTMail (very old Webtrends Product ;-) Code: c040120f. The E-mail failed the BADHEADERS and SPAMHEADERS tests. This E-mail has a bogus time zone in the Date: header. The Timezone is really strange: [Date: Mon, 23 Sep 2002 12:18:56 +429496729500] So most of the mails sent from our own sites fail many usefull tests :( I can't modify the header for WTMail, but I also can't migrate all websites to Aspmail. And with Aspmail, there is no Message-ID ;-( And if I use another tool, the webserver itself has no reverse lookup and no MX entry. It does not need this, because it will only send mail. Is it really usefull to whitelist all my adresses? I feel a bit strange about this idea. Alex --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Junkmail - Spamheaders
If the website uses ASPMail, the mail will fail because of Code: 420f. The E-mail failed the SPAMHEADERS test. This E-mail is missing a Message-ID: header. For this, you should upgrade ASPMail to the latest version (or ask them what the good reason is for not having the Message-ID: header). If the website uses WTMail (very old Webtrends Product ;-) Code: c040120f. The E-mail failed the BADHEADERS and SPAMHEADERS tests. This E-mail has a bogus time zone in the Date: header. The Timezone is really strange: [Date: Mon, 23 Sep 2002 12:18:56 +429496729500] G I wonder if that crashes any mail clients... So most of the mails sent from our own sites fail many usefull tests :( I can't modify the header for WTMail, but I also can't migrate all websites to Aspmail. Do you realize that all the servers using WTMail are sending mail that many mail clients will hide at the bottom of the inbox, because of the invalid time zone? And that other mailservers may just delete the E-mail, because it is broken? A few years ago, sending broken E-mail was OK. However, given the amount of spam that exists today, sending broken E-mail is no longer acceptable. And with Aspmail, there is no Message-ID ;-( Note that there is a LOOSENSPAMHEADERS ON option you can use to get the SPAMHEADERS test not to check for the Message-ID: header. However, this will only prevent the E-mail from failing the test on your server, not other servers. :) Is it really usefull to whitelist all my adresses? I feel a bit strange about this idea. Whitelisting your webservers will make it look like the problem is fixed on your end, but if the mail gets sent out to other servers (and isn't just internal mail), then the mail may still get caught on other systems. Note that a *lot* of mail generated by webservers fails the SPAMHEADERS test (whereas almost no mail from mail clients will fail the test). -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Junkmail - Spamheaders
And if I use another tool, the webserver itself has no reverse lookup and no MX entry. It does not need this, because it will only send mail. But why not eliminate one test failure and create a PTR record for it? Is it really useful to whitelist all my addresses? Unless some one else can come up with something different, in this case it would help. Just whitelist the address that the mail is coming from on the Webserver. If your Webserver is IIS, why not have it send the mails through the Virtual SMTP server? John Tolmachoff IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Hijack
I agree, but our commerce server seems to be having a problem resolving domains, so until I have the time to figure that problem out, I am having our mail server deliver the messages. PS, Declude Queue does help. John Tolmachoff IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Robert Grosshandler Sent: Monday, September 23, 2002 7:17 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Hijack Imail and large batches of e-mail -- We tried it, didn't work well, mostly because of queue problems. We didn't know about Declude Queue at that point. Rob --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Junkmail - Spamheaders
Hello Scott, For this, you should upgrade ASPMail to the latest version (or ask them what the good reason is for not having the Message-ID: header). it is the latest version ;-/ I'll try to ask them. Do you realize that all the servers using WTMail are sending mail that many mail clients will hide at the bottom of the inbox, because of the invalid time zone? And that other mailservers may just delete the E-mail, because it is broken? yes, I do. A few years ago, sending broken E-mail was OK. However, given the amount of spam that exists today, sending broken E-mail is no longer acceptable. We _are_ migrating from WTMail to ASPMail, but this will take some more time (I _hope_ we will finish this year :-) Note that there is a LOOSENSPAMHEADERS ON option you can use to get the SPAMHEADERS test not to check for the Message-ID: header. However, this will only prevent the E-mail from failing the test on your server, not other servers. :) does IMail/Declude give the mail a valid Message-ID? We sent all mail from our Webservers to IMail, to avoid the Webservers sending mail to the world. IMail send's it to the world. Whitelisting your webservers will make it look like the problem is fixed on your end, but if the mail gets sent out to other servers (and isn't just internal mail), then the mail may still get caught on other systems. ok, I understand this for the broken timezone, but for the message-ID? I thought IMail would add it? Note that a *lot* of mail generated by webservers fails the SPAMHEADERS test (whereas almost no mail from mail clients will fail the test). ok, so I'm not the only one. I'm beginning to feel better ;-) Alex --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Junkmail - Spamheaders
Note that there is a LOOSENSPAMHEADERS ON option you can use to get the SPAMHEADERS test not to check for the Message-ID: header. However, this will only prevent the E-mail from failing the test on your server, not other servers. :) does IMail/Declude give the mail a valid Message-ID? We sent all mail from our Webservers to IMail, to avoid the Webservers sending mail to the world. IMail send's it to the world. IMail will add a Message-ID: header if none is present, so if the mail is only sent through the IMail server, it will have a Message-ID: header. Whitelisting your webservers will make it look like the problem is fixed on your end, but if the mail gets sent out to other servers (and isn't just internal mail), then the mail may still get caught on other systems. ok, I understand this for the broken timezone, but for the message-ID? I thought IMail would add it? Yes -- *if* the mail goes through IMail. If the webserver delivers it directly to the recipient, or if the webserver is changed to use another mailserver, the problem will occur again for outgoing mail. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Junkmail - Spamheaders
Hello John, And if I use another tool, the webserver itself has no reverse lookup and no MX entry. It does not need this, because it will only send mail. But why not eliminate one test failure and create a PTR record for it? We are only forwarding the mail from the webserver to IMail, and IMail send's it out. So this PTR would only be for the communication on our internal network. But, hmm, ok, it would fix a part of this problem. And it does only cost me time. And I have the DNS here. I'll try it. ;-) Unless some one else can come up with something different, in this case it would help. Just whitelist the address that the mail is coming from on the Webserver. If your Webserver is IIS, why not have it send the mails through the Virtual SMTP server? First, I don't like Webservers sending direct mail to the world Second, I like virus-proof mails and attachements. (we had user's sending out word files with a macro virus in) Third, I personally don't like the IIS SMTP Server. And I like to have only one logfile to search for errors ;) Alex --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Junkmail - Spamheaders
Well you are not taking into account systems like mine, which have a setup like HOP 0 HOPHIGH 4 Yes it adds CPU time, but any IP the message passes through gets tested on my system, And a PTR record does not take long to configure at all. on the Webserver. If your Webserver is IIS, why not have it send the mails through the Virtual SMTP server? What about when for XXX reason your Imail-SMTP server was unavailable when the WEB/CGI script was called? The message NEVER gets queued. I personally do install the MS-SMTP server on my web servers, but do not let it deliver directly to the internet either. I Set all CGI/ASP mail scripts to send mail to 127.0.01 or WEB_IP (but on the local machine), Thus the SMTP server is ALWAYS online when that same web server is online. Then under Properties, Delivery, Advanced Smart Host = [192.168.1.1] (brackets stop DNS lookups = save time) -Tom -Original Message- From: Hirthe, Alexander [mailto:[EMAIL PROTECTED]] Sent: Monday, September 23, 2002 10:40 AM To: '[EMAIL PROTECTED]' Subject: RE: [Declude.JunkMail] Junkmail - Spamheaders Hello John, And if I use another tool, the webserver itself has no reverse lookup and no MX entry. It does not need this, because it will only send mail. But why not eliminate one test failure and create a PTR record for it? We are only forwarding the mail from the webserver to IMail, and IMail send's it out. So this PTR would only be for the communication on our internal network. But, hmm, ok, it would fix a part of this problem. And it does only cost me time. And I have the DNS here. I'll try it. ;-) Unless some one else can come up with something different, in this case it would help. Just whitelist the address that the mail is coming from on the Webserver. If your Webserver is IIS, why not have it send the mails through the Virtual SMTP server? First, I don't like Webservers sending direct mail to the world Second, I like virus-proof mails and attachements. (we had user's sending out word files with a macro virus in) Third, I personally don't like the IIS SMTP Server. And I like to have only one logfile to search for errors ;) Alex --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Declude -diag response
-diag response says that Declude Junkmail: Config file not found (M:\imail\Declude\global.CFG). Global.cfg is there and declude appears to be functioning just fine That is unusual. Is that the correct location (M:\imail\Declude\global.cfg)? Is the file named *exactly* like that (no .txt extension, _ in the name, etc.)? Then, the I hate to ask question: are you sure it doesn't say Declude Junkmail: Config file found (M:\imail\Declude\global.CFG), with no not in there? -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Declude -diag response
DOH! What the heck was I looking at... You are correct. There is NOT a NOT! I should have stayed on vacation! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of R. Scott Perry Sent: Monday, September 23, 2002 11:43 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Declude -diag response -diag response says that Declude Junkmail: Config file not found (M:\imail\Declude\global.CFG). Global.cfg is there and declude appears to be functioning just fine That is unusual. Is that the correct location (M:\imail\Declude\global.cfg)? Is the file named *exactly* like that (no .txt extension, _ in the name, etc.)? Then, the I hate to ask question: are you sure it doesn't say Declude Junkmail: Config file found (M:\imail\Declude\global.CFG), with no not in there? -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Upgrade to sniffer 1.1
Sniffer logfile shows nothing but matches (example below). Have not seen a clean entry since the upgrade today. sniffer 20020923165941 D4876000800deda6b.SMD 60 0 Match 10222 46 0 0 5 sniffer 20020923170147 D48f8000900ded796.SMD 60 0 Match 10222 46 0 0 5 sniffer 20020923170245 D493a00deb0b2.SMD 60 0 Match 10222 46 0 0 5 sniffer 20020923170307 D494a000b00de183e.SMD 60 0 Match 10222 46 0 0 5 sniffer 20020923170309 D494c000c00de2165.SMD 60 0 Match 10222 46 0 0 5 sniffer 20020923170448 D49bd00dea5ce.SMD 70 0 Match 10222 46 0 0 5 sniffer 20020923170451 D49b2000900dcaeec.SMD 60 0 Match 10222 46 0 0 5 sniffer 20020923170456 D49b7000a00dcc004.SMD 60 0 Match 10222 46 0 0 5 sniffer 20020923170531 D49ca000b00dc0b20.SMD 70 0 Match 10222 46 0 0 5 sniffer 20020923170545 D49e7000c00dc7f12.SMD 60 0 Match 10222 46 0 0 5 sniffer 20020923170601 D49f7000d00dcbcd7.SMD 60 0 Match 10222 46 0 0 5 sniffer 20020923170640 D4a1e000e00dc53a5.SMD 70 0 Match 10222 46 0 0 5 sniffer 20020923170951 D4add001000dc401a.SMD 60 0 Match 10222 46 0 0 5 sniffer 20020923171653 D4c85000300e0b593.SMD 60 0 Match 10222 46 0 0 5 sniffer 20020923171700 D4c63000f00de334f.SMD 60 0 Match 10222 46 0 0 5 sniffer 20020923171702 D4c8d001000ded45c.SMD 110 0 Match 10222 46 0 0 5 sniffer 20020923171702 D4c8d000400e0d498.SMD 121 0 Match 10222 46 0 0 5 sniffer 20020923171737 D4caf000500e0597b.SMD 70 0 Match 10222 46 0 0 5 sniffer 20020923171843 D4c43001200dcb2f6.SMD 70 0 Match 10222 46 0 0 5 sniffer 20020923172032 D4d5a001500dcf673.SMD 71 0 Match 10222 46 0 0 5 sniffer 20020923172106 D4d82001600dc90e4.SMD 60 0 Match 10222 46 0 0 5 sniffer 20020923172112 D4d88001700dca993.SMD 60 0 Match 10222 46 0 0 5 sniffer 20020923172142 D4da6001800dc1dd6.SMD 60 0 Match 10222 46 0 0 5 sniffer 20020923172216 D4dc7001900dc9ff2.SMD 70 0 Match 10222 46 0 0 5 sniffer 20020923172226 D4dd2001a00dccbd6.SMD 70 0 Match 10222 46 0 0 5 sniffer 20020923172243 D4de3001b00dc0d16.SMD 70 0 Match 10222 46 0 0 5 sniffer 20020923172251 D4dea001c00dc29b9.SMD 61 0 Match 10222 46 0 0 5 sniffer 20020923172313 D4e1d00dc7dca.SMD 60 0 Match 10222 46 0 0 5 sniffer 20020923172329 D4e11001e00dcc072.SMD 70 0 Match 10222 46 0 0 5 sniffer 20020923172335 D4e16001f00dcd538.SMD 60 0 Match 10222 46 0 0 5 sniffer 20020923172515 D4e790003011a5901.SMD 60 0 Match 10222 46 0 0 5 sniffer 20020923172517 D4e7b0004011a6106.SMD 60 0 Match 10222 46 0 0 5 sniffer 20020923172545 D4e980005011ad1c3.SMD 60 0 Match 10222 46 0 0 5 sniffer 20020923172626 D4ec1002300dc710e.SMD 60 0 Match 10222 46 0 0 5 sniffer 20020923172702 D4ee4002400dcfa3e.SMD 60 0 Match 10222 46 0 0 5 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Upgrade to sniffer 1.1
This rule 10222 should match only a specific email address... however the scan index and ended are both z which is not possible. It is likley you have a corrupted .snf file. Hope this helps, _M | -Original Message- | From: [EMAIL PROTECTED] | [mailto:[EMAIL PROTECTED]] On Behalf Of Marv Gordon | Sent: Monday, September 23, 2002 1:31 PM | To: [EMAIL PROTECTED] | Subject: [Declude.JunkMail] Upgrade to sniffer 1.1 | | | Sniffer logfile shows nothing but matches (example below). | Have not seen a clean entry since the upgrade today. | | | | | sniffer 20020923165941 D4876000800deda6b.SMD 60 | 0 Match | 10222 46 0 0 5 | sniffer 20020923170147 D48f8000900ded796.SMD 60 | 0 Match | 10222 46 0 0 5 | sniffer 20020923170245 D493a00deb0b2.SMD 60 | 0 Match | 10222 46 0 0 5 | sniffer 20020923170307 D494a000b00de183e.SMD 60 | 0 Match | 10222 46 0 0 5 | sniffer 20020923170309 D494c000c00de2165.SMD 60 | 0 Match | 10222 46 0 0 5 | sniffer 20020923170448 D49bd00dea5ce.SMD 70 | 0 Match | 10222 46 0 0 5 | sniffer 20020923170451 D49b2000900dcaeec.SMD 60 | 0 Match | 10222 46 0 0 5 | sniffer 20020923170456 D49b7000a00dcc004.SMD 60 | 0 Match | 10222 46 0 0 5 | sniffer 20020923170531 D49ca000b00dc0b20.SMD 70 | 0 Match | 10222 46 0 0 5 | sniffer 20020923170545 D49e7000c00dc7f12.SMD 60 | 0 Match | 10222 46 0 0 5 | sniffer 20020923170601 D49f7000d00dcbcd7.SMD 60 | 0 Match | 10222 46 0 0 5 | sniffer 20020923170640 D4a1e000e00dc53a5.SMD 70 | 0 Match | 10222 46 0 0 5 | sniffer 20020923170951 D4add001000dc401a.SMD 60 | 0 Match | 10222 46 0 0 5 | sniffer 20020923171653 D4c85000300e0b593.SMD 60 | 0 Match | 10222 46 0 0 5 | sniffer 20020923171700 D4c63000f00de334f.SMD 60 | 0 Match | 10222 46 0 0 5 | sniffer 20020923171702 D4c8d001000ded45c.SMD 110 | 0 Match | 10222 46 0 0 5 | sniffer 20020923171702 D4c8d000400e0d498.SMD 121 | 0 Match | 10222 46 0 0 5 | sniffer 20020923171737 D4caf000500e0597b.SMD 70 | 0 Match | 10222 46 0 0 5 | sniffer 20020923171843 D4c43001200dcb2f6.SMD 70 | 0 Match | 10222 46 0 0 5 | sniffer 20020923172032 D4d5a001500dcf673.SMD 71 | 0 Match | 10222 46 0 0 5 | sniffer 20020923172106 D4d82001600dc90e4.SMD 60 | 0 Match | 10222 46 0 0 5 | sniffer 20020923172112 D4d88001700dca993.SMD 60 | 0 Match | 10222 46 0 0 5 | sniffer 20020923172142 D4da6001800dc1dd6.SMD 60 | 0 Match | 10222 46 0 0 5 | sniffer 20020923172216 D4dc7001900dc9ff2.SMD 70 | 0 Match | 10222 46 0 0 5 | sniffer 20020923172226 D4dd2001a00dccbd6.SMD 70 | 0 Match | 10222 46 0 0 5 | sniffer 20020923172243 D4de3001b00dc0d16.SMD 70 | 0 Match | 10222 46 0 0 5 | sniffer 20020923172251 D4dea001c00dc29b9.SMD 61 | 0 Match | 10222 46 0 0 5 | sniffer 20020923172313 D4e1d00dc7dca.SMD 60 | 0 Match | 10222 46 0 0 5 | sniffer 20020923172329 D4e11001e00dcc072.SMD 70 | 0 Match | 10222 46 0 0 5 | sniffer 20020923172335 D4e16001f00dcd538.SMD 60 | 0 Match | 10222 46 0 0 5 | sniffer 20020923172515 D4e790003011a5901.SMD 60 | 0 Match | 10222 46 0 0 5 | sniffer 20020923172517 D4e7b0004011a6106.SMD 60 | 0 Match | 10222 46 0 0 5 | sniffer 20020923172545 D4e980005011ad1c3.SMD 60 | 0 Match | 10222 46 0 0 5 | sniffer 20020923172626 D4ec1002300dc710e.SMD 60 | 0 Match | 10222 46 0 0 5 | sniffer 20020923172702 D4ee4002400dcfa3e.SMD 60 | 0 Match | 10222 46 0 0 5 | | --- | [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe,
RE: [Declude.JunkMail] Junkmail - Spamheaders
And I like to have only one logfile to search for errors ;) Good point. John Tolmachoff IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Filter types and Definitions?
I was wondering if someone could post the filter types and definitions. For example, I found these and I'm sure there are more. BODY10 CONTAINSif the Body contains a word or phrase HELO10 CONTAINSif the HELO command contains a word or phrase MAILFROM10 CONTAINSif the MAILFROM contains a word or phrase REMOTEIP10 IS if the REMOTEIP IS REVDNS 10 ENDSWITHif REVDNS ENDSWITH SUBJECT 10 CONTAINSif the SUBJECT contains a word or phrase BODY10 CONTAINSif the BODY contains a word or phrase PS: or just point me to the url. Regards, Tom Image`fx --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Filter types and Definitions?
I was wondering if someone could post the filter types and definitions. For example, I found these and I'm sure there are more. BODY10 CONTAINSif the Body contains a word or phrase HELO10 CONTAINSif the HELO command contains a word or phrase MAILFROM10 CONTAINSif the MAILFROM contains a word or phrase REMOTEIP10 IS if the REMOTEIP IS REVDNS 10 ENDSWITHif REVDNS ENDSWITH SUBJECT 10 CONTAINSif the SUBJECT contains a word or phrase BODY10 CONTAINSif the BODY contains a word or phrase It's in the manual now. You can filter on SUBJECT, HELO, BODY, MAILFROM, REMOTEIP or REVDNS. Those will filter the subject, the HELO/EHLO hostname, the return address, the remote IP address, or the reverse DNS entry of the remote IP address. You can use CONTAINS, STARTSWITH, ENDSWITH, or IS for determining a match. They are pretty much self-explanatory -- IS is an exact match (hi matches just hi, not hi there or I said hi), STARTSWITH looks for something that starts with your filter (hi would match hi or hi there, but not I said hi), ENDSWITH looks for a match at the end (hi would match hi and I said hi, but not hi there), and CONTAINS matches anything that has your filter in it (hi would match hi, I said hi, hi there, and even white). -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Filter types and Definitions?
Would it be possible to add CONTAINSWORD so white wouldn't be caught? Obviously, I understand it complicates things because you have to deal with things like hi. Perhaps you can just search for the word surrounded by non-letters and numbers. Just a thought. Jerod M. Bennett Director of Media Production Pixelpushers, Inc. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of R. Scott Perry Sent: Monday, September 23, 2002 1:49 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Filter types and Definitions? I was wondering if someone could post the filter types and definitions. For example, I found these and I'm sure there are more. BODY10 CONTAINSif the Body contains a word or phrase HELO10 CONTAINSif the HELO command contains a word or phrase MAILFROM10 CONTAINSif the MAILFROM contains a word or phrase REMOTEIP10 IS if the REMOTEIP IS REVDNS 10 ENDSWITHif REVDNS ENDSWITH SUBJECT 10 CONTAINSif the SUBJECT contains a word or phrase BODY10 CONTAINSif the BODY contains a word or phrase It's in the manual now. You can filter on SUBJECT, HELO, BODY, MAILFROM, REMOTEIP or REVDNS. Those will filter the subject, the HELO/EHLO hostname, the return address, the remote IP address, or the reverse DNS entry of the remote IP address. You can use CONTAINS, STARTSWITH, ENDSWITH, or IS for determining a match. They are pretty much self-explanatory -- IS is an exact match (hi matches just hi, not hi there or I said hi), STARTSWITH looks for something that starts with your filter (hi would match hi or hi there, but not I said hi), ENDSWITH looks for a match at the end (hi would match hi and I said hi, but not hi there), and CONTAINS matches anything that has your filter in it (hi would match hi, I said hi, hi there, and even white). -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Filter types and Definitions?
Would it be possible to add CONTAINSWORD so white wouldn't be caught? It is unlikely that that would get added. The problem is that it adds a significant amount of extra processing time (especially when the headers or the body of the E-mail is scanned), and requires coming up with a way to define exact what a word is (IE does should hi-there match? What about Hi! or $$$HI$$$). -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Filter types and Definitions?
Don't forget HEADERS! I don't see it in the manual, but it was added and I am using it :) -Original Message- From: R. Scott Perry [mailto:[EMAIL PROTECTED]] Sent: Monday, September 23, 2002 3:49 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Filter types and Definitions? I was wondering if someone could post the filter types and definitions. For example, I found these and I'm sure there are more. BODY10 CONTAINSif the Body contains a word or phrase HELO10 CONTAINSif the HELO command contains a word or phrase MAILFROM10 CONTAINSif the MAILFROM contains a word or phrase REMOTEIP10 IS if the REMOTEIP IS REVDNS 10 ENDSWITHif REVDNS ENDSWITH SUBJECT 10 CONTAINSif the SUBJECT contains a word or phrase BODY10 CONTAINSif the BODY contains a word or phrase It's in the manual now. You can filter on SUBJECT, HELO, BODY, MAILFROM, REMOTEIP or REVDNS. Those will filter the subject, the HELO/EHLO hostname, the return address, the remote IP address, or the reverse DNS entry of the remote IP address. You can use CONTAINS, STARTSWITH, ENDSWITH, or IS for determining a match. They are pretty much self-explanatory -- IS is an exact match (hi matches just hi, not hi there or I said hi), STARTSWITH looks for something that starts with your filter (hi would match hi or hi there, but not I said hi), ENDSWITH looks for a match at the end (hi would match hi and I said hi, but not hi there), and CONTAINS matches anything that has your filter in it (hi would match hi, I said hi, hi there, and even white). -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] negative weight in CFG
How does one go about creating a negative weight for the following CFG example: --- WLIST fromfiled:\imail\declude\allowed.txtx 0 0 --- Regards, Tom Image`fx --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] BASE64 test
I searched the mail archive and found this example for the BASE64 test definition BASE64 base64 x x 4 0 I have two questions 1) Is this the correct format? 2) Does this test only fail on messages with Content-Type: text/html Content-Transfer-Encoding: base64 It is my assumption that if this is true, currently this is very good indicator of spam. Is this assumption correct? Jerod M. Bennett Director of Media Production Pixelpushers, Inc. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] BASE64 test
I searched the mail archive and found this example for the BASE64 test definition BASE64 base64x x 4 0 BASE64 base64 x x 4 0 Looks correct. 2) Does this test only fail on messages with Content-Type: text/html Content-Transfer-Encoding: base64 It appears to do exactly that. It is my assumption that if this is true, currently this is very good indicator of spam. Is this assumption correct? These messages have been spam, however, I can not speak for others. Regards, Tom Image`fx --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] BASE64 test
Will this test work for outgoing mail as well? -Mark -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Tom Sent: Monday, September 23, 2002 2:54 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] BASE64 test I searched the mail archive and found this example for the BASE64 test definition BASE64 base64x x 4 0 BASE64 base64 x x 4 0 Looks correct. 2) Does this test only fail on messages with Content-Type: text/html Content-Transfer-Encoding: base64 It appears to do exactly that. It is my assumption that if this is true, currently this is very good indicator of spam. Is this assumption correct? These messages have been spam, however, I can not speak for others. Regards, Tom Image`fx --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Custom ASP for Declude Pro?
Does anyone have custom .asp code to allow customers to set some of their own Declude pro settings? Thank you, Zachery Wolfinger Director of IT/IS - Galaxy Holdings, Inc. 888-758-3910 [EMAIL PROTECTED] ICQ#: 28221108 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.391 / Virus Database: 222 - Release Date: 9/19/2002 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Country file and codes
I created a list of countries and found that Declude is not working the way I thought it should. Declude checks the entire string for a match instead of just the tail end. I was under the impression that it examined the addresses from the tail end and not the beginning. So if I had .ru, then mail.rude.com would get caught along with mail.something.com.ru I guess this means we will need some sort of way of checking for countries. Regards, Tom Image`fx --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] BASE64 test
I searched the mail archive and found this example for the BASE64 test definition BASE64 base64 x x 4 0 I have two questions 1) Is this the correct format? Yes, it is. This is a beta feature that is available in v1.60 and higher. 2) Does this test only fail on messages with Content-Type: text/html Content-Transfer-Encoding: base64 It fails on either HTML or text MIME segments that are base64 encoded (so it would also fail on Content-Type: text/plain). [From another E-mail:] Will this test work for outgoing mail as well? Yes, all Declude JunkMail tests can be used for either incoming or outgoing E-mail. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Custom ASP for Declude Pro?
I would love to find some as well! -- Thanks, Aaron mailto:[EMAIL PROTECTED] VanTech.Net www.vantech.net Phone 559.732.3952 Fax 559.732.1509 6707 W. Goshen Avenue Visalia, CA 93291 Monday, September 23, 2002, 3:00:32 PM, you wrote: ZW Does anyone have custom .asp code to allow customers to set some of their ZW own Declude pro settings? ZW Thank you, ZW Zachery Wolfinger ZW Director of IT/IS - Galaxy Holdings, Inc. ZW 888-758-3910 ZW [EMAIL PROTECTED] ZW ICQ#: 28221108 ZW --- ZW Outgoing mail is certified Virus Free. ZW Checked by AVG anti-virus system (http://www.grisoft.com). ZW Version: 6.0.391 / Virus Database: 222 - Release Date: 9/19/2002 ZW --- ZW [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] ZW --- ZW This E-mail came from the Declude.JunkMail mailing list. To ZW unsubscribe, just send an E-mail to [EMAIL PROTECTED], and ZW type unsubscribe Declude.JunkMail. The archives can be found ZW at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] negative weight in CFG
How does one go about creating a negative weight for the following CFG example: --- WLIST fromfiled:\imail\declude\allowed.txtx 0 0 --- Negative weight can (unfortunately) mean two different things. You can have: WLIST fromfiled:\imail\declude\allowed.txtx -1000 0 this line will give the WLIST test a weight of -1000 (which should normally result in a total weight of less than 0). Or, you can have: WLIST fromfiled:\imail\declude\allowed.txtx 0 1000 In this case, any E-mail that is NOT caught by the WLIST test would get a weight of 1,000. Assuming that this is a whitelist, you would want the first type (-1000 0). -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Filter types and Definitions?
Don't forget HEADERS! I don't see it in the manual, but it was added and I am using it Thanks -- it's in the manual now. I don't know how that one got overlooked... -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Country file and codes
I created a list of countries and found that Declude is not working the way I thought it should. Declude checks the entire string for a match instead of just the tail end. I was under the impression that it examined the addresses from the tail end and not the beginning. So if I had .ru, then mail.rude.com would get caught along with mail.something.com.ru I guess this means we will need some sort of way of checking for countries. That is a partial match, and how the domains in the sender blacklists work. That way, .example.com can catch mail.example.com. We can look into doing a match at the end (ENDSWITH, as the filter would use). The only problem is that you couldn't use something like @example. to catch mail from @example.com and @example.net (but I don't know of anyone who is doing that). -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Yahoo Abuse Account
Seems Yahoo (at least groups) fails the abuse test when they do have an abuse account. yahoogroups.com should not fail, but yahoo.com proper (pardon the expression) should fail NOABUSE (they attempt to route people to [EMAIL PROTECTED], which is all well and good, but non-RFC). If you're getting improper results from rfc-ignorant, that's a different issue. I don't know what weight you're using for NOABUSE, but it needs to be lowered or perhaps eliminated. You don't want to whitelist yahoo.com by domain, nor would whitelisting their outgoing IPs be easy to maintain (though someone might have compiled a current list, it could change without notice). -Sandy --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] negative weight in CFG
Negative weight can (unfortunately) mean two different things. You can have: Assuming that this is a whitelist, you would want the first type (-1000 0). Thanks. Tom Image`fx --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] new filters
Hello, I was wondering if anyone would like to share their filter list, as I am working on mine right now. I only have about 20 filters in place right that are working great, but there are so many ways/options. Here are the filters I am looking for: SUBJECT BODY HEADERS HELO MAILFROM REMOTEIP REVDNS If you want to exchange them off the list let me know Thanks, Adam Adam Hobach CyberLynk Sales/Support [EMAIL PROTECTED] or [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] hijack question
One of our client's got locked out by HiJack (hold2), but it appears to be because of inbound mail, not outgoing mail. This client has an email account at another provider which forwards to an account on our server. He had a few hundred emails from an automated program sent to his other account in a short amount of time...and these were all automatically forwarded to his account on our server. But hijack apparently saw these inbound forwarded messages as outgoing even though they were being delivered to a local mailbox...and it began holding all mail that came from that other mail server's IP Address. It shouldn't do this should it? I can send you an example of the held mail along with the log entries if you'd like. Thanks, Bill --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Why is this failing Spamcop
Why is this IP failing Spamcop? http://spamcop.net/bl.shtml?162.42.150.35 The link says it falls below the threshold and shouldn't be listed. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Why is this failing SpamCop
http://www.dnsstuff.com/tools/ip4r.ch?ip=162.42.150.35 Shows listed in MAILDEFLECTOR and POSTFIXGATE. John Tolmachoff IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of David Dodell Sent: Monday, September 23, 2002 8:47 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Why is this failing Spamcop Why is this IP failing Spamcop? http://spamcop.net/bl.shtml?162.42.150.35 The link says it falls below the threshold and shouldn't be listed. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.