RE: [Declude.JunkMail] SPF support to be added to next beta
Thanks. I set up my primary domains. I still have to review client domains to determine the proper setup for those that are used for emailing. Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Monday, December 15, 2003 06:54 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] SPF support to be added to next beta We will be adding support for SPF (Sender Permitted From, at http://spf.pobox.com ) to the next beta of Declude JunkMail. This is a system that lets owners of domains publish information on what mailservers people can use to send mail from the domain. We expect that this can be very useful in blocking spam (similar to the SPAMDOMAINS test), as well as helping ensure that legitimate mail gets through. http://spf.pobox.com/dns.html covers how to add an SPF record for your own domain. At its simplest, if all your E-mail is coming from your mailserver, and your mailserver is listed in your MX record, you would add a TXT record of v=spf1 +mx -all for your domain. The SPF records always start with v=spf1; the +mx means that any E-mail from an IP listed in your MX records is good, and the -all is a default so that any other E-mail is bad. The SPF system is much, much more flexible than the SPAMDOMAINS test, and it lets domain owners control the settings (which allows them to be much more accurate). If widely implemented, it will make it much more difficult for spammers to get their spam delivered. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] HOTMAIL ?
Greetings-- Would someone please share a strategy to identify or block junk coming from spoofed/relayed hotmail addys, while letting legit mail originating from the real hotmail host(s) through ? -- ==Ron Rushing== CCNA CCDA Network Manager- ESC7Net Region VII Education Service Center 1909 N. Longview St. Kilgore, Texas 75662 903-988-6955 FX 903-988-6965 [EMAIL PROTECTED] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] HOTMAIL ?
Spamdomains works, and we've been building a list of common sources of spam, cable modem IP's and such. Bill has a spamdomains list that works pretty good, if there's an update to it he might read this and post the link to it. I haven't had a lot of false postives on Spamdomains. Rich - Original Message - From: Ron Rushing [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, December 18, 2003 6:48 AM Subject: [Declude.JunkMail] HOTMAIL ? Greetings-- Would someone please share a strategy to identify or block junk coming from spoofed/relayed hotmail addys, while letting legit mail originating from the real hotmail host(s) through ? -- ==Ron Rushing== CCNA CCDA Network Manager- ESC7Net Region VII Education Service Center 1909 N. Longview St. Kilgore, Texas 75662 903-988-6955 FX 903-988-6965 [EMAIL PROTECTED] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] HOTMAIL ?
Ron, The best thing for hotmail is to setup spamdomains. For hotmail we use the following in our spamdomains file hotmail.com msn.com Darrell Check Out DLAnalyzer a comprehensive reporting tool for Declude Junkmail Logs - http://www.dlanalyzer.com Ron Rushing writes: Greetings-- Would someone please share a strategy to identify or block junk coming from spoofed/relayed hotmail addys, while letting legit mail originating from the real hotmail host(s) through ? -- ==Ron Rushing== CCNA CCDA Network Manager- ESC7Net Region VII Education Service Center 1909 N. Longview St. Kilgore, Texas 75662 903-988-6955 FX 903-988-6965 [EMAIL PROTECTED] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] New CC Scam?
A 16 digit credit card number was displayed. (x'ed out.) html body PDear ANZ Internet banking client,/P PWe encountered a billing error when attempting to renew your ANZ New Zealand BRonline banking services. This type of error usually indicates that either the BRcredit card you have on file has expired or that the billing address we have BRis not current./P PHere is the information from our database:/P PAddress:BR6 Fernaig St. BRPapakura BRAuckland/P POnline banking:BRCustomer Registration Number: 17149053BRPassword: 9215/P PCredit Card:BRCard Type: VISABRCard Number: BRCard Expire: 12/2005BRCard PIN: (we have censored this information for security reasons)/P PPlease take a moment to update your credit card information by a href=http://www.anz-billing.co.nz;clicking here/a BRand submitting your information./P PPlease note that we will attempt to renew your services 5 (five) days from BRtoday. If we are still unable to charge your credit card at that time your BRservice will be terminated./P PSincerely,/P PANZ New Zealand Billing Department.BRCnr Queen amp; Victoria StBR/P /body John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] HOTMAIL ?
Can someone please share their spamdomains file? Thanks, -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of DLAnalyzer Support Sent: Thursday, December 18, 2003 6:53 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] HOTMAIL ? Ron, The best thing for hotmail is to setup spamdomains. For hotmail we use the following in our spamdomains file hotmail.com msn.com Darrell Check Out DLAnalyzer a comprehensive reporting tool for Declude Junkmail Logs - http://www.dlanalyzer.com Ron Rushing writes: Greetings-- Would someone please share a strategy to identify or block junk coming from spoofed/relayed hotmail addys, while letting legit mail originating from the real hotmail host(s) through ? -- ==Ron Rushing== CCNA CCDA Network Manager- ESC7Net Region VII Education Service Center 1909 N. Longview St. Kilgore, Texas 75662 903-988-6955 FX 903-988-6965 [EMAIL PROTECTED] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] AOL and Reverse DNS
I always thought the significant drivers on the IETF were reps of the major players. Burzin Isn't the IETF supposed to be this body? _M At 09:14 PM 12/16/2003, you wrote: I would agree with this type of governing body. One that sets standards like RDNS entries and what they mean. pessimistic rant But it is still up to each mail admin(s) to implement an anti-spam policy. And the history of governing bodies is such that only the biggest players have a voice. This would probably mean that AOL, Earthlink, RR, Hotmail, etc would be on the governing council and it would be interpreted to their greatest competitive advantage and nothing would have changed! /pessimistic rant Todd Holt Xidix Technologies, Inc Las Vegas, NV USA www.xidix.com 702.319.4349 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Hosting Support Sent: Tuesday, December 16, 2003 4:47 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] AOL and Reverse DNS This is exactly why I think we should have a some sort of global internet council for setting standards, rather than all of us little guys having to react, after the fact, whenever a large player makes a change. The global council could maintain a distribution list to help mail admins to keep up with proposed changes and implementation schedules. This is very similar to any other industry that must keep up with compliance standards. In some ways this also seems like an unfair competition tactic as it makes the little guys look bad when our customers can't send mail to AOL...it encourages customers to move to the large players to avoid not having mail delivered to their users. Darin. - Original Message - From: mailto:[EMAIL PROTECTED]Todd Holt To: mailto:[EMAIL PROTECTED][EMAIL PROTECTED] Sent: Tuesday, December 16, 2003 7:32 PM Subject: RE: [Declude.JunkMail] AOL and Reverse DNS I know this will stir a few people the wrong way, but If so many people are upset that MS is being monopolistic by using their EULA to prevent software from operating, then why dont those same people get upset at AOL for the internet-nazi-police tactics used to prevent mail from being delivered? MS just says that you cant use certain apps on their OS. AOL says that you cant deliver mail through mail servers (that control more email than any other on the planet) because they deemed it bad through inaccurate, generalized and dare I say monopolistic policies. The lack of complaints about AOL just shows that the MS bashers are not upset about the MS policies (or monopoly), they just want to complain about the big company on the block. I think if the majority owner of AOL was the richest person on the planet, they would bash AOL. How short sided!!! Further, all of the justice dept. proceedings are based on complaints by the competition, not the users. On the other hand, AOL has thousands of consumer complaints, but very few (if any) complaints by competitors. Its obvious that the justice dept. just wants to appease whiny losers like Jim Barksdale and Scott McNealy. And the MS bashers just fall in line. Lemmings. Todd Holt Xidix Technologies, Inc Las Vegas, NV USA www.xidix.com 702.319.4349 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy Schmidt Sent: Tuesday, December 16, 2003 3:26 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] AOL and Reverse DNS Hi, I just noticed that AOL has stepped up their policies another notch. They used to say that AOL **MAY** not accept email from servers without Reverse DNS. In the last two weeks, that changed: http://postmaster.aol.com/guidelines/standards.htmlhttp://postmaster.aol.com/guidelines/standards.html * AOL's servers will not accept connections from unsecured systems. These include open relays, open proxies, open routers, or any other system that has been determined to be available for unauthorized use. * AOL's mail servers will not accept connections from systems that use dynamically assigned or residential IP addresses. * AOL will not deliver e-mail that contains a hex-encoded Universal Resource Locator (URL). (Ex: http://%6d%6e%3f/) * AOL's mail servers will reject connections from any IP address that does not have reverse DNS (a PTR record). Best Regards Andy Schmidt HM Systems Software, Inc. 600 East Crescent Avenue, Suite 203 Upper Saddle River, NJ 07458-1846 Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 http://www.hm-software.com/http://www.HM-Software.com/ -- Burzin Sumariwalla Phone: (314) 994-9411 x291 [EMAIL PROTECTED] Fax: (314) 997-7615 Pager: (314) 407-3345 Networking and Telecommunications Manager Information Technology Services St. Louis County Library District 1640 S. Lindbergh Blvd. St. Louis, MO 63131 --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was
RE: [Declude.JunkMail] New CC Scam?
I just got one of those yesterday too. Same info displayed. - Andy -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Thursday, December 18, 2003 11:14 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] New CC Scam? A 16 digit credit card number was displayed. (x'ed out.) html body PDear ANZ Internet banking client,/P PWe encountered a billing error when attempting to renew your ANZ New Zealand BRonline banking services. This type of error usually indicates that either the BRcredit card you have on file has expired or that the billing address we have BRis not current./P PHere is the information from our database:/P PAddress:BR6 Fernaig St. BRPapakura BRAuckland/P POnline banking:BRCustomer Registration Number: 17149053BRPassword: 9215/P PCredit Card:BRCard Type: VISABRCard Number: BRCard Expire: 12/2005BRCard PIN: (we have censored this information for security reasons)/P PPlease take a moment to update your credit card information by a href=http://www.anz-billing.co.nz;clicking here/a BRand submitting your information./P PPlease note that we will attempt to renew your services 5 (five) days from BRtoday. If we are still unable to charge your credit card at that time your BRservice will be terminated./P PSincerely,/P PANZ New Zealand Billing Department.BRCnr Queen amp; Victoria StBR/P /body John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Public DJM Config Files
I don't mind doing so, but I don't want to clog the list with config files. I have sent them off list upon request. Burzin At 05:44 PM 12/17/2003, you wrote: Hello, All, Is there anyone on this list besides Kami who makes their Declude JunkMail files publically viewable as he does? Just curious. I'm always looking for new ideas. Thanks, Much! Dan Geiser [EMAIL PROTECTED] --- Sign up for virus-free and spam-free e-mail with Nexus Technology Group http://www.nexustechgroup.com/mailscan --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] -- Burzin Sumariwalla Phone: (314) 994-9411 x291 [EMAIL PROTECTED] Fax: (314) 997-7615 Pager: (314) 407-3345 Networking and Telecommunications Manager Information Technology Services St. Louis County Library District 1640 S. Lindbergh Blvd. St. Louis, MO 63131 --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Public DJM Config Files
FYI to all: I am going ahead with my idea of hosting a site where people can post their files and others can read them. It would have FTP capabilities for use with scripts and such. Unfortunately, the flu has invaded my house and so things are behind right now. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Burzin Sumariwalla Sent: Thursday, December 18, 2003 10:12 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Public DJM Config Files I don't mind doing so, but I don't want to clog the list with config files. I have sent them off list upon request. Burzin At 05:44 PM 12/17/2003, you wrote: Hello, All, Is there anyone on this list besides Kami who makes their Declude JunkMail files publically viewable as he does? Just curious. I'm always looking for new ideas. Thanks, Much! Dan Geiser [EMAIL PROTECTED] --- Sign up for virus-free and spam-free e-mail with Nexus Technology Group http://www.nexustechgroup.com/mailscan --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] -- Burzin Sumariwalla Phone: (314) 994-9411 x291 [EMAIL PROTECTED] Fax: (314) 997-7615 Pager: (314) 407-3345 Networking and Telecommunications Manager Information Technology Services St. Louis County Library District 1640 S. Lindbergh Blvd. St. Louis, MO 63131 --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Public DJM Config Files
Hi; It would be great John.. What would be even greater is a site and mirrors that can host filters from everyone who is willing to share them. This way the network traffic on a single site is reduced. I think that can add a lot of value to Declude and reduce coming online by those that start using it much shorter. Out filter files are updated four times a day and if we can create a network of such sites and mirror sites.. Stopping a spam, a hoax or a scam can be done much faster among the group. One major suggestion: If filters are shared - I really think no negative filters should be shared. Negative words and filters getting in the hands of our beloved spammer would hurt everyone. But that is just my 2 cents. Regards, Kami -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Thursday, December 18, 2003 1:44 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Public DJM Config Files FYI to all: I am going ahead with my idea of hosting a site where people can post their files and others can read them. It would have FTP capabilities for use with scripts and such. Unfortunately, the flu has invaded my house and so things are behind right now. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Burzin Sumariwalla Sent: Thursday, December 18, 2003 10:12 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Public DJM Config Files I don't mind doing so, but I don't want to clog the list with config files. I have sent them off list upon request. Burzin At 05:44 PM 12/17/2003, you wrote: Hello, All, Is there anyone on this list besides Kami who makes their Declude JunkMail files publically viewable as he does? Just curious. I'm always looking for new ideas. Thanks, Much! Dan Geiser [EMAIL PROTECTED] - -- Sign up for virus-free and spam-free e-mail with Nexus Technology Group http://www.nexustechgroup.com/mailscan --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] -- Burzin Sumariwalla Phone: (314) 994-9411 x291 [EMAIL PROTECTED] Fax: (314) 997-7615 Pager: (314) 407-3345 Networking and Telecommunications Manager Information Technology Services St. Louis County Library District 1640 S. Lindbergh Blvd. St. Louis, MO 63131 --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Outbound Port 25, was - Virginia Indicts Indicts
Does any one have comments on any of the following: http://www.computerworld.com/softwaretopics/software/groupware/story/0,10801,80626,00.html Project Lumos http://www.camram.org CANRAM Burzin At 09:01 PM 12/15/2003, you wrote: How about some new suggestions for methods to combat the spammers? - --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. _ [This E-mail virus scanned by 4C Web] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] -- Burzin Sumariwalla Phone: (314) 994-9411 x291 [EMAIL PROTECTED] Fax: (314) 997-7615 Pager: (314) 407-3345 Networking and Telecommunications Manager Information Technology Services St. Louis County Library District 1640 S. Lindbergh Blvd. St. Louis, MO 63131 --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Subject Filter
I can use the following correct, inside of my filter file? SUBJECT 2 STARTSWITH ADV: Thanks, Kris McElroy [EMAIL PROTECTED] Chief Technology Officer Duracom, INC. www.duracom.net I am always doing that which I can not do, in order that I may learn how to do it. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Public DJM Config Files
I would be interested in having a mirror, we have plenty of horsepower to spare! Aaron [EMAIL PROTECTED] www.vantech.net -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kami Razvan Sent: Thursday, December 18, 2003 11:01 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Public DJM Config Files Hi; It would be great John.. What would be even greater is a site and mirrors that can host filters from everyone who is willing to share them. This way the network traffic on a single site is reduced. I think that can add a lot of value to Declude and reduce coming online by those that start using it much shorter. Out filter files are updated four times a day and if we can create a network of such sites and mirror sites.. Stopping a spam, a hoax or a scam can be done much faster among the group. One major suggestion: If filters are shared - I really think no negative filters should be shared. Negative words and filters getting in the hands of our beloved spammer would hurt everyone. But that is just my 2 cents. Regards, Kami -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Thursday, December 18, 2003 1:44 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Public DJM Config Files FYI to all: I am going ahead with my idea of hosting a site where people can post their files and others can read them. It would have FTP capabilities for use with scripts and such. Unfortunately, the flu has invaded my house and so things are behind right now. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Burzin Sumariwalla Sent: Thursday, December 18, 2003 10:12 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Public DJM Config Files I don't mind doing so, but I don't want to clog the list with config files. I have sent them off list upon request. Burzin At 05:44 PM 12/17/2003, you wrote: Hello, All, Is there anyone on this list besides Kami who makes their Declude JunkMail files publically viewable as he does? Just curious. I'm always looking for new ideas. Thanks, Much! Dan Geiser [EMAIL PROTECTED] - -- Sign up for virus-free and spam-free e-mail with Nexus Technology Group http://www.nexustechgroup.com/mailscan --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] -- Burzin Sumariwalla Phone: (314) 994-9411 x291 [EMAIL PROTECTED] Fax: (314) 997-7615 Pager: (314) 407-3345 Networking and Telecommunications Manager Information Technology Services St. Louis County Library District 1640 S. Lindbergh Blvd. St. Louis, MO 63131 --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Subject Filter
I can use the following correct, inside of my filter file? SUBJECT 2 STARTSWITH ADV: Yes, that would work fine. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Public DJM Config Files
I would also be interested in this. Is it possible to get these? Jeff Kratka * TymeWyse Internet P.O.Box 84 - 110 Ecklund St., Canyonville, OR 97417 tel/fax: (541) 839-6027 - [EMAIL PROTECTED] * -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Burzin Sumariwalla Sent: Thursday, December 18, 2003 10:12 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Public DJM Config Files I don't mind doing so, but I don't want to clog the list with config files. I have sent them off list upon request. Burzin At 05:44 PM 12/17/2003, you wrote: Hello, All, Is there anyone on this list besides Kami who makes their Declude JunkMail files publically viewable as he does? Just curious. I'm always looking for new ideas. Thanks, Much! Dan Geiser [EMAIL PROTECTED] --- Sign up for virus-free and spam-free e-mail with Nexus Technology Group http://www.nexustechgroup.com/mailscan --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] -- Burzin Sumariwalla Phone: (314) 994-9411 x291 [EMAIL PROTECTED] Fax: (314) 997-7615 Pager: (314) 407-3345 Networking and Telecommunications Manager Information Technology Services St. Louis County Library District 1640 S. Lindbergh Blvd. St. Louis, MO 63131 --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] SPF support to be added to next beta
We will be adding support for SPF (Sender Permitted From, at http://spf.pobox.com ) to the next beta of Declude JunkMail. This is a system that lets owners of domains publish information on what mailservers people can use to send mail from the domain. We expect that this can be very useful in blocking spam (similar to the SPAMDOMAINS test), as well as helping ensure that legitimate mail gets through. For those that are interested, we now have an interim release with SPF support in it. It can be downloaded from http://www.declude.com/interim (a new URL that we are going to be using for interim releases, that explains a bit more about them). To use the new SPF test, you can add lines such as: SPFPASS spf passx -5 0 SPFFAIL spf failx 8 0 to your global.cfg file. SPF returns PASS for E-mail that passes SPF (that comes from an IP that is acceptable to the owner of the domani that it claims to be coming from), FAIL for E-mail that fails SPF (that does not come from an acceptable IP for the domain), or UNKNOWN (for E-mail from domains that do not use SPF yet, or for some other reason should return UNKNOWN). This will help reduce false positives (for domains that have SPF support), and help capture more spam (as spam comes in from domains that have SPF support, but the spammer isn't using an acceptable IP). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] HOTMAIL ?
I haven't updated my spamdomains file for quite some time, but this has been working well for me, thus far: altavista. .av.com amazon.com .forevermail.com ameritech.net .sbc.com .aol.com @aol.com .aol.com .apple.com @apple.com .apple.com .att. .cdpd.airdata.com @att. .att. attbi.com .comcast. bellatlantic.net .verizon.net .bellsouth.net @bellsouth.net .bellsouth.net .btinternet. @btinternet. .btinternet. .buy.com .dartmail.com @buy.com .buy.com .charter.net @charter.net .charter.net .cisco.com @cisco.com .cisco.com .comcast. @comcast. .comcast. .compaq.com @compaq.com .compaq.com compuserve.com .aol.com concentric.com .cnchost.com concentric.net .cnc.net .cox. @cox. .cox. @cs.com .aol.com .dell.com @dell.com .dell.com earthlink. .mindspring. .ebay.com .emailebay.com @ebay.com .ebay.com excite.com .excitenetwork.com .gateway.com .dartmail.net @gateway.com .gateway.com geocities.com .yahoo.com gte. .verizon. .hotmail.com @hotmail.com .hotmail.com hp.com .compaq.com juno.com .untd.com .lycos.com @lycos.com .lycos.com .microsoft.com @microsoft.com .microsoft.com mindspring. .earthlink. msn.com .hotmail.com netscape. .aol.com netzero. .untd.com .paypal.com @paypal.com .paypal.com prodigy.net .yahoo. psi. .cogentco.com qwest. .uswest. .rr.com @rr.com .rr.com .sbc.com @sbc.com .sbc.com sprint. .sprintlink.net swbell.net .prodigy.net uswest. .qwest. verio. .veriomail.com verizon.com .gte.com verizon.net .bellatlantic. .yahoo. @yahoo. .yahoo. Bill - Original Message - From: Rich [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, December 18, 2003 8:07 AM Subject: Re: [Declude.JunkMail] HOTMAIL ? Spamdomains works, and we've been building a list of common sources of spam, cable modem IP's and such. Bill has a spamdomains list that works pretty good, if there's an update to it he might read this and post the link to it. I haven't had a lot of false postives on Spamdomains. Rich - Original Message - From: Ron Rushing [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, December 18, 2003 6:48 AM Subject: [Declude.JunkMail] HOTMAIL ? Greetings-- Would someone please share a strategy to identify or block junk coming from spoofed/relayed hotmail addys, while letting legit mail originating from the real hotmail host(s) through ? -- ==Ron Rushing== CCNA CCDA Network Manager- ESC7Net Region VII Education Service Center 1909 N. Longview St. Kilgore, Texas 75662 903-988-6955 FX 903-988-6965 [EMAIL PROTECTED] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] OT: Campaign 2004
On my home email account, I just received a campaign email from the Wesley Clark camp. Obviously, at least one candidate is not up on spam issues. I've included the headers below Denny Jodeit Flare Net, Inc. ___ Received: from mx17.edigitalknowhowe.com [66.55.189.20] by mail.jodeit.com with ESMTP (SMTPD32-6.06) id ADD88525012E; Thu, 18 Dec 2003 13:11:36 -0500 Received: by mx17.edigitalknowhowe.com (PowerMTA(TM) v2.0r7) id hs7nla04a2gu; Thu, 18 Dec 2003 10:17:56 -0800 (envelope-from [EMAIL PROTECTED]) Date: Thu, 18 Dec 2003 10:17:56 -0800 X-OriginalArrivalTime: Thursday, December 18, 2003 10:17:56 From: General Wesley Clark [EMAIL PROTECTED] To: [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Subject: Denny, My Call to Service, My Pledge to You MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=_=_NextPart_cca8_149c509.b7c51a Content-Length: 9228 Message-Id: [EMAIL PROTECTED] X-RBL-Warning: SPAMHEADERS: This E-mail has headers consistent with spam [420e]. X-Declude-Sender: [EMAIL PROTECTED] [66.55.189.20] X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. X-Spam-Tests-Failed: IPNOTINMX, SPAMHEADERS [3] X-RCPT-TO: [EMAIL PROTECTED] X-UIDL: 370325183 Status: U --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] ZAPTHEDINGBAT v1.0.0 and Y!DIRECTED v1.0.4
The obfuscation exploit for IE that was reported a week ago is now being seen on my server (2 times yesterday). Both were PayPal scams, and in both instances, I would have passed the messages if I didn't have this filter in place because the only other test they failed was FRAUDDOMAINS (a variant of SPAMDOMAINS which is scored higher). The filter is now downloadable from my site, named ZAPTHEDINGBAT (which is what the bug is named). MailPure :: Filter Software :: Declude Filters http://www.mailpure.com/software/decludefilters/ Also, the Y!DIRECTED filter has been updated to v1.0.4. It now includes an additional string that someone discovered which spammers are now using for redirection through Yahoo. Matt --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] SPF support to be added to next beta
Any chance we can seperate fail unknown into two different tests? via spf we have ?all or -all which are supposed to be treated differently from what I understand. I would rather seriously penalize any domain that is configured with a -all and the sending IP is fails and would NOT want to penazlize unconfigured or ?all transitional domains. Ideally I would like something like this: SPFPASS spf pass x -5 0 SPFUNKN spf unknown x 4 0 SPFFAIL spf fail x 8 0 -Original Message- From: R. Scott Perry [mailto:[EMAIL PROTECTED] Sent: Thursday, December 18, 2003 1:34 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] SPF support to be added to next beta We will be adding support for SPF (Sender Permitted From, at http://spf.pobox.com ) to the next beta of Declude JunkMail. This is a system that lets owners of domains publish information on what mailservers people can use to send mail from the domain. We expect that this can be very useful in blocking spam (similar to the SPAMDOMAINS test), as well as helping ensure that legitimate mail gets through. For those that are interested, we now have an interim release with SPF support in it. It can be downloaded from http://www.declude.com/interim (a new URL that we are going to be using for interim releases, that explains a bit more about them). To use the new SPF test, you can add lines such as: SPFPASS spf passx -5 0 SPFFAIL spf failx 8 0 to your global.cfg file. SPF returns PASS for E-mail that passes SPF (that comes from an IP that is acceptable to the owner of the domani that it claims to be coming from), FAIL for E-mail that fails SPF (that does not come from an acceptable IP for the domain), or UNKNOWN (for E-mail from domains that do not use SPF yet, or for some other reason should return UNKNOWN). This will help reduce false positives (for domains that have SPF support), and help capture more spam (as spam comes in from domains that have SPF support, but the spammer isn't using an acceptable IP). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] SPF support to be added to next beta
Any chance we can seperate fail unknown into two different tests? via spf we have ?all or -all which are supposed to be treated differently from what I understand. They are treated differently. An SPF lookup can result in PASS, FAIL, or UNKNOWN. So: Ideally I would like something like this: SPFPASS spf pass x -5 0 SPFUNKN spf unknown x 4 0 SPFFAIL spf fail x 8 0 This will work fine. At this time, though, I would not recommend penalizing for the UNKNOWN response, as most domains do not yet have an SPF record. However, we plan to soon add a way of letting you force SPF records for domains that don't have them, as well as having a default SPF record. This would allow the UNKNOWN result to be more useful. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] SPF support to be added to next beta
Gotcha, all 3 are already setup :) I don't really want to penalize for unknown, was just making an example. ( I just setup spf on my postfix box yesterday as well to help get past some restrictions for pass) Sounds like you are setting the the spf-guess (which defaults to mx/24 a/24 right?) -Original Message- From: R. Scott Perry [mailto:[EMAIL PROTECTED] Sent: Thursday, December 18, 2003 2:30 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] SPF support to be added to next beta Any chance we can seperate fail unknown into two different tests? via spf we have ?all or -all which are supposed to be treated differently from what I understand. They are treated differently. An SPF lookup can result in PASS, FAIL, or UNKNOWN. So: Ideally I would like something like this: SPFPASS spf pass x -5 0 SPFUNKN spf unknown x 4 0 SPFFAIL spf fail x 8 0 This will work fine. At this time, though, I would not recommend penalizing for the UNKNOWN response, as most domains do not yet have an SPF record. However, we plan to soon add a way of letting you force SPF records for domains that don't have them, as well as having a default SPF record. This would allow the UNKNOWN result to be more useful. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] SPF BIND OT question
Scott - If you would a little help please w/my Bind to impliment SPF: In a zone file I would add: example.com. IN TXT v=spf1 mx ptr ip4:63.170.56.4 -all mail.example.com. IN TXT v=spf1 a -all mail2.example.com. IN TXT v=spf1 a -all Is this correct - one line for the domain and one line for each mailserver? Thanks! -Nick Hayer Date sent: Thu, 18 Dec 2003 14:33:38 -0500 To: [EMAIL PROTECTED] From: R. Scott Perry [EMAIL PROTECTED] Subject:Re: [Declude.JunkMail] SPF support to be added to next beta Send reply to: [EMAIL PROTECTED] We will be adding support for SPF (Sender Permitted From, at http://spf.pobox.com ) to the next beta of Declude JunkMail. This is a system that lets owners of domains publish information on what mailservers people can use to send mail from the domain. We expect that this can be very useful in blocking spam (similar to the SPAMDOMAINS test), as well as helping ensure that legitimate mail gets through. For those that are interested, we now have an interim release with SPF support in it. It can be downloaded from http://www.declude.com/interim (a new URL that we are going to be using for interim releases, that explains a bit more about them). To use the new SPF test, you can add lines such as: SPFPASS spf passx -5 0 SPFFAIL spf failx 8 0 to your global.cfg file. SPF returns PASS for E-mail that passes SPF (that comes from an IP that is acceptable to the owner of the domani that it claims to be coming from), FAIL for E-mail that fails SPF (that does not come from an acceptable IP for the domain), or UNKNOWN (for E-mail from domains that do not use SPF yet, or for some other reason should return UNKNOWN). This will help reduce false positives (for domains that have SPF support), and help capture more spam (as spam comes in from domains that have SPF support, but the spammer isn't using an acceptable IP). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Outbound Port 25, was - Virginia Indicts Indicts
Yes, I like the idea of reassuring that an unsubscribe site is not used for harvesting. I recognize that people often report something as spam, because they feel it's safer than being tricked into unsubscribing. Rather than getting negative weight du to Spamcop and being blocked, messages could pass to those people who truly wanted to know what items are new at Walmart. Best Regards Andy Schmidt HM Systems Software, Inc. 600 East Crescent Avenue, Suite 203 Upper Saddle River, NJ 07458-1846 Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 http://www.HM-Software.com/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Burzin Sumariwalla Sent: Thursday, December 18, 2003 02:12 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Outbound Port 25, was - Virginia Indicts Indicts Does any one have comments on any of the following: http://www.computerworld.com/softwaretopics/software/groupware/story/0,10801 ,80626,00.html Project Lumos http://www.camram.org CANRAM Burzin At 09:01 PM 12/15/2003, you wrote: How about some new suggestions for methods to combat the spammers? - --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. _ [This E-mail virus scanned by 4C Web] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] -- Burzin Sumariwalla Phone: (314) 994-9411 x291 [EMAIL PROTECTED] Fax: (314) 997-7615 Pager: (314) 407-3345 Networking and Telecommunications Manager Information Technology Services St. Louis County Library District 1640 S. Lindbergh Blvd. St. Louis, MO 63131 --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Active X filter
If anyone wants BODY4CONTAINSobject classid=""BODY4CONTAINS.cab#version=BODY4CONTAINSparam name=" ACTIVEX-FILTERfilterActiveX-filter.txtx40 Seems to work. Anyone got anything else?
Re: [Declude.JunkMail] SPF BIND OT question
If you would a little help please w/my Bind to impliment SPF: In a zone file I would add: example.com. IN TXT v=spf1 mx ptr ip4:63.170.56.4 -all mail.example.com. IN TXT v=spf1 a -all mail2.example.com. IN TXT v=spf1 a -all Is this correct - one line for the domain and one line for each mailserver? Yes, that looks good to me. :) With those, mail coming from [EMAIL PROTECTED] or [EMAIL PROTECTED] will fail unless they come from the IP of mail.example.com or mail1.example.com. Mail coming from [EMAIL PROTECTED] could come from any IP in the MX record of example.com, any IP with a reverse DNS at .example.com, or the IP 63.170.56.4. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] HOTMAIL ?
How exactly do I set up the spamdomains test in my system. I know I need to create /imail/declude/spamdomains.txt file (I added the domains from below) but I am unsure of how to set it up in the GLOBAL.CFG file. Could someone give me a quick how to. Thanks Darryl Koster -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Bill Landry Sent: Thursday, December 18, 2003 2:37 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] HOTMAIL ? I haven't updated my spamdomains file for quite some time, but this has been working well for me, thus far: altavista. .av.com amazon.com .forevermail.com ameritech.net .sbc.com .aol.com @aol.com .aol.com .apple.com @apple.com .apple.com .att. .cdpd.airdata.com @att. .att. attbi.com .comcast. bellatlantic.net .verizon.net .bellsouth.net @bellsouth.net .bellsouth.net .btinternet. @btinternet. .btinternet. .buy.com .dartmail.com @buy.com .buy.com .charter.net @charter.net .charter.net .cisco.com @cisco.com .cisco.com .comcast. @comcast. .comcast. .compaq.com @compaq.com .compaq.com compuserve.com .aol.com concentric.com .cnchost.com concentric.net .cnc.net .cox. @cox. .cox. @cs.com .aol.com .dell.com @dell.com .dell.com earthlink. .mindspring. .ebay.com .emailebay.com @ebay.com .ebay.com excite.com .excitenetwork.com .gateway.com .dartmail.net @gateway.com .gateway.com geocities.com .yahoo.com gte. .verizon. .hotmail.com @hotmail.com .hotmail.com hp.com .compaq.com juno.com .untd.com .lycos.com @lycos.com .lycos.com .microsoft.com @microsoft.com .microsoft.com mindspring. .earthlink. msn.com .hotmail.com netscape. .aol.com netzero. .untd.com .paypal.com @paypal.com .paypal.com prodigy.net .yahoo. psi. .cogentco.com qwest. .uswest. .rr.com @rr.com .rr.com .sbc.com @sbc.com .sbc.com sprint. .sprintlink.net swbell.net .prodigy.net uswest. .qwest. verio. .veriomail.com verizon.com .gte.com verizon.net .bellatlantic. .yahoo. @yahoo. .yahoo. Bill - Original Message - From: Rich [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, December 18, 2003 8:07 AM Subject: Re: [Declude.JunkMail] HOTMAIL ? Spamdomains works, and we've been building a list of common sources of spam, cable modem IP's and such. Bill has a spamdomains list that works pretty good, if there's an update to it he might read this and post the link to it. I haven't had a lot of false postives on Spamdomains. Rich - Original Message - From: Ron Rushing [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, December 18, 2003 6:48 AM Subject: [Declude.JunkMail] HOTMAIL ? Greetings-- Would someone please share a strategy to identify or block junk coming from spoofed/relayed hotmail addys, while letting legit mail originating from the real hotmail host(s) through ? -- ==Ron Rushing== CCNA CCDA Network Manager- ESC7Net Region VII Education Service Center 1909 N. Longview St. Kilgore, Texas 75662 903-988-6955 FX 903-988-6965 [EMAIL PROTECTED] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Active X filter
What will this filter out...will it filter out email like MyPoints.com which is not a good idea.. Richard FarrisEthixs Online1.270.247. Office1.800.548.3877 Tech Support - Original Message - From: Doug Anderson To: [EMAIL PROTECTED] Sent: Thursday, December 18, 2003 2:48 PM Subject: [Declude.JunkMail] Active X filter If anyone wants BODY4CONTAINSobject classid=""BODY4CONTAINS.cab#version=BODY4CONTAINSparam name=" ACTIVEX-FILTERfilterActiveX-filter.txtx40 Seems to work. Anyone got anything else?
Re: [Declude.JunkMail] Active X filter
The parm name entry is used outside of ActiveX, maybe not a good idea to include it here? Also, your scoring is going to be incremental with 4 for the filter in Global.cfg as well as 4 points for each line of the filter this hits. I'm not sure if that's what you intended. While this is probably highly indicative of spam (ones with Active X controls embedded to play video for instance, plus some others, Java for instance), Web designers, and especially Flash programmers, will get blocked by this. The spammers sending this stuff out generally are static IP'd, and I would personally err on the side of letting the RBL's take care of it rather than introduce more potential for FP's on my system. I haven't seen this stuff getting through except in a very rare case. Matt Doug Anderson wrote: If anyone wants BODY 4 CONTAINS object classid= BODY 4 CONTAINS codebase= BODY 4 CONTAINS .cab#version= BODY 4 CONTAINS param name= ACTIVEX-FILTER filter ActiveX-filter.txt x 4 0 Seems to work. Anyone got anything else? --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] SPF support to be added to next beta
Hi Scott: A) Is there an %SPFSTATUS% variable for use in the headers (that will show FAIL/PASS/UNKNOWN)? B) If not, is there a generic SPF test in the global.cfg, so that I can use one line to create a WARN action e.g. SPF spf * x x x Best Regards Andy Schmidt HM Systems Software, Inc. 600 East Crescent Avenue, Suite 203 Upper Saddle River, NJ 07458-1846 Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 http://www.HM-Software.com/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Thursday, December 18, 2003 02:34 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] SPF support to be added to next beta We will be adding support for SPF (Sender Permitted From, at http://spf.pobox.com ) to the next beta of Declude JunkMail. This is a system that lets owners of domains publish information on what mailservers people can use to send mail from the domain. We expect that this can be very useful in blocking spam (similar to the SPAMDOMAINS test), as well as helping ensure that legitimate mail gets through. For those that are interested, we now have an interim release with SPF support in it. It can be downloaded from http://www.declude.com/interim (a new URL that we are going to be using for interim releases, that explains a bit more about them). To use the new SPF test, you can add lines such as: SPFPASS spf passx -5 0 SPFFAIL spf failx 8 0 to your global.cfg file. SPF returns PASS for E-mail that passes SPF (that comes from an IP that is acceptable to the owner of the domani that it claims to be coming from), FAIL for E-mail that fails SPF (that does not come from an acceptable IP for the domain), or UNKNOWN (for E-mail from domains that do not use SPF yet, or for some other reason should return UNKNOWN). This will help reduce false positives (for domains that have SPF support), and help capture more spam (as spam comes in from domains that have SPF support, but the spammer isn't using an acceptable IP). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] SPF support to be added to next beta
Wow, seeing positive results already! Thanks Scott for getting this implemented so quickly! Guess I will need to setup my SPF records now. I've some questions: Our situation here is, that we host mailservices for several customers. We have also our own DNS servers and so we're able to set up SPF TXT records. But as I understand we can't set up silently this records for all our domains because we can't be sure that all of our clients send all their outgoing (legit) mail traffic trough our Mailserver. (that we've authorized in the SPF records) For example if there is on customer side an Exchange Admin that has set up his server to make MX lookups and route outgoing SMTP traffic directly to the recipients server. I know it's risky to do this from a dynamic IP or without REVDNS-entry ..., but this is not under our control. So as I can understand we have to parse trough our smtp-logfiles to find out which customer send his outgoing mail trough our server. Then we can add SPF records only for this domains. Otherwise we risk to penalize our customers outgoing mail traffic if it's not send trough our server and the destination makes also SPF lookups. Right or do I miss something? Markus --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] HOTMAIL ?
Add an entry to your global.cfg like: SPAM-DOMAINS spamdomains M:\IMail\Declude\SpamDomains.txt x 10 0 setting the weight test to whatever you want (reflected as a weight 10 above). Bill - Original Message - From: Darryl Koster [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, December 18, 2003 1:31 PM Subject: RE: [Declude.JunkMail] HOTMAIL ? How exactly do I set up the spamdomains test in my system. I know I need to create /imail/declude/spamdomains.txt file (I added the domains from below) but I am unsure of how to set it up in the GLOBAL.CFG file. Could someone give me a quick how to. Thanks Darryl Koster -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Bill Landry Sent: Thursday, December 18, 2003 2:37 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] HOTMAIL ? I haven't updated my spamdomains file for quite some time, but this has been working well for me, thus far: altavista. .av.com amazon.com .forevermail.com ameritech.net .sbc.com .aol.com @aol.com .aol.com .apple.com @apple.com .apple.com .att. .cdpd.airdata.com @att. .att. attbi.com .comcast. bellatlantic.net .verizon.net .bellsouth.net @bellsouth.net .bellsouth.net .btinternet. @btinternet. .btinternet. .buy.com .dartmail.com @buy.com .buy.com .charter.net @charter.net .charter.net .cisco.com @cisco.com .cisco.com .comcast. @comcast. .comcast. .compaq.com @compaq.com .compaq.com compuserve.com .aol.com concentric.com .cnchost.com concentric.net .cnc.net .cox. @cox. .cox. @cs.com .aol.com .dell.com @dell.com .dell.com earthlink. .mindspring. .ebay.com .emailebay.com @ebay.com .ebay.com excite.com .excitenetwork.com .gateway.com .dartmail.net @gateway.com .gateway.com geocities.com .yahoo.com gte. .verizon. .hotmail.com @hotmail.com .hotmail.com hp.com .compaq.com juno.com .untd.com .lycos.com @lycos.com .lycos.com .microsoft.com @microsoft.com .microsoft.com mindspring. .earthlink. msn.com .hotmail.com netscape. .aol.com netzero. .untd.com .paypal.com @paypal.com .paypal.com prodigy.net .yahoo. psi. .cogentco.com qwest. .uswest. .rr.com @rr.com .rr.com .sbc.com @sbc.com .sbc.com sprint. .sprintlink.net swbell.net .prodigy.net uswest. .qwest. verio. .veriomail.com verizon.com .gte.com verizon.net .bellatlantic. .yahoo. @yahoo. .yahoo. Bill - Original Message - From: Rich [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, December 18, 2003 8:07 AM Subject: Re: [Declude.JunkMail] HOTMAIL ? Spamdomains works, and we've been building a list of common sources of spam, cable modem IP's and such. Bill has a spamdomains list that works pretty good, if there's an update to it he might read this and post the link to it. I haven't had a lot of false postives on Spamdomains. Rich - Original Message - From: Ron Rushing [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, December 18, 2003 6:48 AM Subject: [Declude.JunkMail] HOTMAIL ? Greetings-- Would someone please share a strategy to identify or block junk coming from spoofed/relayed hotmail addys, while letting legit mail originating from the real hotmail host(s) through ? -- ==Ron Rushing== CCNA CCDA Network Manager- ESC7Net Region VII Education Service Center 1909 N. Longview St. Kilgore, Texas 75662 903-988-6955 FX 903-988-6965 [EMAIL PROTECTED] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
RE: [Declude.JunkMail] SPF support to be added to next beta
Our situation here is, that we host mailservices for several customers. We have also our own DNS servers and so we're able to set up SPF TXT records. But as I understand we can't set up silently this records for all our domains because we can't be sure that all of our clients send all their outgoing (legit) mail traffic trough our Mailserver. (that we've authorized in the SPF records) What you can do in this case is something like v=spf1 +mx ?all. This will give a PASS response to anyone sending mail from the domain(s) you add the SPF record for, if they are coming from an IP in their MX record. Otherwise, an UNKNOWN result will be returned (the same thing that they would get if you did not have an SPF record). This will provide positive benefits, without having any negative benefits. If you know a domain will only be sending mail through your mailservers, you can instead use -all at the end (which gives a FAIL result for E-mail sent from other IPs). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] SPF support to be added to next beta
A) Is there an %SPFSTATUS% variable for use in the headers (that will show FAIL/PASS/UNKNOWN)? No. But we will look into this. B) If not, is there a generic SPF test in the global.cfg, so that I can use one line to create a WARN action e.g. SPF spf * x x x I don't think this would be useful, as it wouldn't know whether the E-mail passed or failed the test (or returned an UNKNOWN result). Instead, you could use: SPFPASS WARNX-Note: This E-mail passed SPF SPFFAIL WARNX-Note: This E-mail failed SPF -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Active X filter
what will it filter out? Anything with ActiveX embedded in the HTML of the email. From our system that would be ads for "micro shaver", some miracle bra,a travel "good dealz" ad, and as seen on TV ads. I'm not familar with mypoints.com adshaven't seen any yet. Typically, you'll recognize them when the email comes and you have your internet browsing set at high or medium security. - Original Message - From: Richard Farris To: [EMAIL PROTECTED] Sent: Thursday, December 18, 2003 3:28 PM Subject: Re: [Declude.JunkMail] Active X filter What will this filter out...will it filter out email like MyPoints.com which is not a good idea.. Richard FarrisEthixs Online1.270.247. Office1.800.548.3877 Tech Support - Original Message - From: Doug Anderson To: [EMAIL PROTECTED] Sent: Thursday, December 18, 2003 2:48 PM Subject: [Declude.JunkMail] Active X filter If anyone wants BODY4CONTAINSobject classid=""BODY4CONTAINS.cab#version=BODY4CONTAINSparam name=" ACTIVEX-FILTERfilterActiveX-filter.txtx40 Seems to work. Anyone got anything else?
RE: [Declude.JunkMail] Public DJM Config Files
One major suggestion: If filters are shared - I really think no negative filters should be shared. Negative words and filters getting in the hands of our beloved spammer would hurt everyone. But that is just my 2 cents. AH, but I am scheming a way to combat that. Of course, not everyone will be happy, but then when can you please everyone? Out filter files are updated four times a day and if we can create a network of such sites and mirror sites.. Stopping a spam, a hoax or a scam can be done much faster among the group. They way I am going to try to do this is that who is a member, can then script via FTP those filters they want. Then, when some one updates their files, they could script via ftp updates to the site. As far as bandwidth, we are talking about text files and zipped version and therefore bandwidth usage would be small, AFAIK. John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] HOTMAIL ?
In global.cfg: SPAMDOMAINS spamdomains c:\imail\declude\spamdomains.txt x 7 0 change the weight to suit your needs...change the path to that of your location on your server Sincerely, Randy Armbrecht Global Web SolutionsR, Inc. 804-346-5300 ext. 1 877-800-GLOBAL (4562) ext. 1 http://globalweb.net -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darryl Koster Sent: Thursday, December 18, 2003 4:32 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] HOTMAIL ? How exactly do I set up the spamdomains test in my system. I know I need to create /imail/declude/spamdomains.txt file (I added the domains from below) but I am unsure of how to set it up in the GLOBAL.CFG file. Could someone give me a quick how to. Thanks Darryl Koster -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Bill Landry Sent: Thursday, December 18, 2003 2:37 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] HOTMAIL ? I haven't updated my spamdomains file for quite some time, but this has been working well for me, thus far: altavista. .av.com amazon.com .forevermail.com ameritech.net .sbc.com .aol.com @aol.com .aol.com .apple.com @apple.com .apple.com .att. .cdpd.airdata.com @att. .att. attbi.com .comcast. bellatlantic.net .verizon.net .bellsouth.net @bellsouth.net .bellsouth.net .btinternet. @btinternet. .btinternet. .buy.com .dartmail.com @buy.com .buy.com .charter.net @charter.net .charter.net .cisco.com @cisco.com .cisco.com .comcast. @comcast. .comcast. .compaq.com @compaq.com .compaq.com compuserve.com .aol.com concentric.com .cnchost.com concentric.net .cnc.net .cox. @cox. .cox. @cs.com .aol.com .dell.com @dell.com .dell.com earthlink. .mindspring. .ebay.com .emailebay.com @ebay.com .ebay.com excite.com .excitenetwork.com .gateway.com .dartmail.net @gateway.com .gateway.com geocities.com .yahoo.com gte. .verizon. .hotmail.com @hotmail.com .hotmail.com hp.com .compaq.com juno.com .untd.com .lycos.com @lycos.com .lycos.com .microsoft.com @microsoft.com .microsoft.com mindspring. .earthlink. msn.com .hotmail.com netscape. .aol.com netzero. .untd.com .paypal.com @paypal.com .paypal.com prodigy.net .yahoo. psi. .cogentco.com qwest. .uswest. .rr.com @rr.com .rr.com .sbc.com @sbc.com .sbc.com sprint. .sprintlink.net swbell.net .prodigy.net uswest. .qwest. verio. .veriomail.com verizon.com .gte.com verizon.net .bellatlantic. .yahoo. @yahoo. .yahoo. Bill - Original Message - From: Rich [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, December 18, 2003 8:07 AM Subject: Re: [Declude.JunkMail] HOTMAIL ? Spamdomains works, and we've been building a list of common sources of spam, cable modem IP's and such. Bill has a spamdomains list that works pretty good, if there's an update to it he might read this and post the link to it. I haven't had a lot of false postives on Spamdomains. Rich - Original Message - From: Ron Rushing [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, December 18, 2003 6:48 AM Subject: [Declude.JunkMail] HOTMAIL ? Greetings-- Would someone please share a strategy to identify or block junk coming from spoofed/relayed hotmail addys, while letting legit mail originating from the real hotmail host(s) through ? -- ==Ron Rushing== CCNA CCDA Network Manager- ESC7Net Region VII Education Service Center 1909 N. Longview St. Kilgore, Texas 75662 903-988-6955 FX 903-988-6965 [EMAIL PROTECTED] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This message was Virus Scanned by GlobalWeb.net] --- [This message
RE: [Declude.JunkMail] SPF caught SPAM already
Wow, With only a few hundred domains registered, what were the chances that it would already catch spam: 12/18/2003 16:32:17 Q1cd609ef0252d469 DSBL:5 SPAMCOP:7 NJABLDUL:4 SORBS-DUL:5 CBL:7 SPFFAIL:8 . Total weight = 36. 12/18/2003 16:32:17 Q1cd609ef0252d469 Bypassing whitelisting of E-mail with weight =20 (36) and at least 1 recipients (1). ... 12/18/2003 16:32:18 Q1cd609ef0252d469 Msg failed SPFFAIL (SPF returned FAIL for this E-mail.). Action=IGNORE. ... 12/18/2003 16:32:18 Q1cd609ef0252d469 Deleting spam from [EMAIL PROTECTED] to ... 12/18/2003 16:32:18 Q1cd609ef0252d469 Subject: =?iso-8859-1?b?QWRkIEluY2hlcyB3aXRoIHRoZSBwYXRjaA==?= Best Regards Andy --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Overflow Directory
I had a similar problem last week. In that case, it turned out to be a problem with the Sniffer add-on program for declude Junkmail. It was related to their new wide-release-beta (v2-2b). They have had flurry of beta releases addressing the problem. The latest is v2-2b6. I have been running it for several days with no problems. Here is a message from the Sniffer e-mail list when this problem was happening: Sniffer Pete, Sniffer Sniffer It happened again today about 15-20 minutes ago, where the spool folder and Sniffer overflow folder were growing very quickly. I moved the old version back Sniffer into production, and mail started flowing properly again. Is there Sniffer anything else I can do to further troubleshoot this issue? -Russ Uhte Sniffer Sniffer --- Sniffer [This E-mail scanned for viruses by Declude Virus] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Fritz Squib Sent: Wednesday, December 17, 2003 7:35 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Overflow Directory Scott, I've got a little problem here, all of a sudden (as of this morning) the declude overflow directory is flooded with mail waiting to be delivered. 1:47 AM - 2:04 AM not moving at all so I copied them from overflow spool to another directory. Big gap until 3:11 PM - mail is coming in faster than can be delivered. No evidence of a dictionary attack that I've seen so far. Currently 30,927 in the overflow directory and growing. I'll take the standard user cop out and say I didn't change anything ('cause I didn't). All of my DNS servers are responding correctly, I've switched between all three that I have available with no noticeable improvement. Imail 7.15 w/all hotfixes Win2K Advanced Server Declude Virus / F-Prot Declude JM Pro 1.77 beta Processor(s) running normal. Any ideas ? Any responses off list to fsquib at kecksburg dot net please (different mail server), as it may take a while with the backlog of mail in the spool/queue. Fritz Frederick P. Squib, Jr. Network Operations/Mail Administrator Citizens Telephone Company of Kecksburg http://www.wpa.net () ascii ribbon campaign - against html mail /\- against microsoft attachments --- [This E-mail scanned by Citizens Internet Services with Declude Virus.] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] SPF vs. Form Mail
Hi, I assume that Form Mail's are a big problem under SPF? If a web site (greeting card site) inserts the users email address as the from address, then it will fail SPF, correct? Or, if we host a web site for a client, the registrations or feedback form mailers email the input to the client using the from address of the web visitor (otherwise, clients tend to press the reply button and end up sending their acknowledgements to our mail server, rather than to the visitor). These emails will fail SPF, because the web visitors domain will not list our web server as a valid sender!? In other words, in real life, SPF is best use to subtract weight for PASS, rather than add (any substantial) weight for FAIL? It has to be treated like the SPAMDOMAINS test - except that the entries are maintained by the owner of each domain and thus are more likely to be accurate. But we can't reach block based on SPF failures without ignoring the reality of the www? Best Regards Andy Schmidt HM Systems Software, Inc. 600 East Crescent Avenue, Suite 203 Upper Saddle River, NJ 07458-1846 Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 http://www.HM-Software.com/ -Original Message- From: Andy Schmidt [mailto:[EMAIL PROTECTED] Sent: Thursday, December 18, 2003 05:20 PM To: '[EMAIL PROTECTED]' Subject: RE: [Declude.JunkMail] SPF caught SPAM already Wow, With only a few hundred domains registered, what were the chances that it would already catch spam: 12/18/2003 16:32:17 Q1cd609ef0252d469 DSBL:5 SPAMCOP:7 NJABLDUL:4 SORBS-DUL:5 CBL:7 SPFFAIL:8 . Total weight = 36. 12/18/2003 16:32:17 Q1cd609ef0252d469 Bypassing whitelisting of E-mail with weight =20 (36) and at least 1 recipients (1). ... 12/18/2003 16:32:18 Q1cd609ef0252d469 Msg failed SPFFAIL (SPF returned FAIL for this E-mail.). Action=IGNORE. ... 12/18/2003 16:32:18 Q1cd609ef0252d469 Deleting spam from [EMAIL PROTECTED] to ... 12/18/2003 16:32:18 Q1cd609ef0252d469 Subject: =?iso-8859-1?b?QWRkIEluY2hlcyB3aXRoIHRoZSBwYXRjaA==?= Best Regards Andy --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] SPF support to be added to next beta
This will provide positive benefits, without having any negative benefits. If you know a domain will only be sending mail through your mailservers, you can instead use -all at the end (which gives a FAIL result for E-mail sent from other IPs). Ok, thank you for this information. But I have to know in any case of all the domains that send out legit messages trough our server. Is there any way to gather this information from already present logfiles (smtp, declude jm, ...) ? If not: Would it be possible to have something like LOGSPFINFO ON that can be enabled temporary for some days to write one line for every outgoing message. (eventually also in a separate logfile) Then we can uniq and sort this list and know about all domains where we can add safely the SPF TXT records. Markus --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] HOTMAIL ?
Could you explain to a newbie what the format is of the C:\Imail\Declude\SpamDomains.txt file is and what the entries mean? Looking back through the archives, I see some lines with single entries and others with 2 entries per line. Like: .aol.com@aol.com .aol.com Thx. -Marc - Original Message - From: Bill Landry To: [EMAIL PROTECTED] Sent: Thursday, December 18, 2003 4:41 PM Subject: Re: [Declude.JunkMail] HOTMAIL ? Add an entry to your global.cfg like:SPAM-DOMAINS spamdomains M:\IMail\Declude\SpamDomains.txt x 10 0setting the weight test to whatever you want (reflected as a weight 10above).Bill- Original Message - From: "Darryl Koster" [EMAIL PROTECTED]To: [EMAIL PROTECTED]Sent: Thursday, December 18, 2003 1:31 PMSubject: RE: [Declude.JunkMail] HOTMAIL ? How exactly do I set up the spamdomains test in my system. I know I needto create /imail/declude/spamdomains.txt file (I added the domains frombelow) but I am unsure of how to set it up in the GLOBAL.CFG file. Could someone give me a quick "how to". Thanks Darryl Koster -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Bill Landry Sent: Thursday, December 18, 2003 2:37 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] HOTMAIL ? I haven't updated my spamdomains file for quite some time, but this hasbeen working well for me, thus far: altavista. .av.com amazon.com .forevermail.com ameritech.net .sbc.com .aol.com @aol.com .aol.com .apple.com @apple.com .apple.com .att. .cdpd.airdata.com @att. .att. attbi.com .comcast. bellatlantic.net .verizon.net .bellsouth.net @bellsouth.net .bellsouth.net .btinternet. @btinternet. .btinternet. .buy.com .dartmail.com @buy.com .buy.com .charter.net @charter.net .charter.net .cisco.com @cisco.com .cisco.com .comcast. @comcast. .comcast. .compaq.com @compaq.com .compaq.com compuserve.com .aol.com concentric.com .cnchost.com concentric.net .cnc.net .cox. @cox. .cox. @cs.com .aol.com .dell.com @dell.com .dell.com earthlink. .mindspring. .ebay.com .emailebay.com @ebay.com .ebay.com excite.com .excitenetwork.com .gateway.com .dartmail.net @gateway.com .gateway.com geocities.com .yahoo.com gte. .verizon. .hotmail.com @hotmail.com .hotmail.com hp.com .compaq.com juno.com .untd.com .lycos.com @lycos.com .lycos.com .microsoft.com @microsoft.com .microsoft.com mindspring. .earthlink. msn.com .hotmail.com netscape. .aol.com netzero. .untd.com .paypal.com @paypal.com .paypal.com prodigy.net .yahoo. psi. .cogentco.com qwest. .uswest. .rr.com @rr.com .rr.com .sbc.com @sbc.com .sbc.com sprint. .sprintlink.net swbell.net .prodigy.net uswest. .qwest. verio. .veriomail.com verizon.com .gte.com verizon.net .bellatlantic. .yahoo. @yahoo. .yahoo. Bill - Original Message - From: "Rich" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, December 18, 2003 8:07 AM Subject: Re: [Declude.JunkMail] HOTMAIL ? Spamdomains works, and we've been building a list of common sources of spam, cable modem IP's and such. Bill has a spamdomains list that workspretty good, if there's an update to it he might read this and post the link to it. I haven't had a lot of false postives on Spamdomains. Rich - Original Message - From: "Ron Rushing" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, December 18, 2003 6:48 AM Subject: [Declude.JunkMail] HOTMAIL ? Greetings-- Would someone please share a strategy to identify or block junk coming from spoofed/relayed hotmail addys, while letting legit mailoriginating from the real hotmail host(s) through ? -- ==Ron Rushing== CCNA CCDA Network Manager- ESC7Net Region VII Education Service Center 1909 N. Longview St. Kilgore, Texas 75662 903-988-6955 FX 903-988-6965 [EMAIL PROTECTED] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type
[Declude.JunkMail] How did this PASS SPF?
Title: Message I noticed that local form mails seem to "PASS" SPF? That's nice - but how/why? Example: 12/18/2003 17:21:45 Q28781b8a01d045e5 SPFPASS:-5. Total weight =5. ...12/18/2003 17:21:45 Q28781b8a01d045e5 Msg failed SPFPASS (SPF returned PASS for this E-mail.). Action="">12/18/2003 17:21:45 Q28781b8a01d045e5 Subject:deleted 12/18/2003 17:21:45 Q28781b8a01d045e5 From:deleted@logan-aluminum.com To:deleted@fmametalfab.org IP: 127.0.0.1 ID: http://www.dnsstuff.com/tools/lookup.ch?name=logan-aluminum.comtype=TXT Domain Type Class TTL Answer logan-aluminum.com. TXT IN 86400 "Contact: [EMAIL PROTECTED]" Best RegardsAndy SchmidtHM Systems Software, Inc.600 East Crescent Avenue, Suite 203Upper Saddle River, NJ 07458-1846Phone: +1 201 934-3414 x20 (Business)Fax: +1 201 934-9206http://www.HM-Software.com/
RE: [Declude.JunkMail] PREWHITELIST ON Question
Scott - I have PREWHITELIST ON however all tests seem to be run on an email regardless - then when tests are completed the email is whitelisted. Is this broke or am I misunderstanding PREWHITELIST eg: if switched ON then testing will be done? - Thanks! -Nick Hayer snip 12/18/2003 17:50:09 Q2f1b03d9014aebb8 Filter FREEEMAIL-BODYREMOVE: Not skipping E-mail due to current weight of 9. 12/18/2003 17:50:09 Q2f1b03d9014aebb8 Filter: Set max weight to 6. 12/18/2003 17:50:09 Q2f1b03d9014aebb8 HELOBOGUS:4 SNIFFER:3 SPAMCHK:2 . Total weight = 9. 12/18/2003 17:50:09 Q2f1b03d9014aebb8 NOT bypassing whitelisting of E- mail with weight =29 (9) and at least 2 recipients (1). 12/18/2003 17:50:09 Q2f1b03d9014aebb8 E-mail whitelisted - automatically passing all spam tests [EMAIL PROTECTED] 12/18/2003 17:50:09 Q2f1b03d9014aebb8 Using [incoming] CFG file e:\IMail\Declude\$default$.junkmail. 12/18/2003 17:50:09 Q2f1b03d9014aebb8 L1 Message OK 12/18/2003 17:50:09 Q2f1b03d9014aebb8 Subject: Meredith's computer snip --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Declude-Date header in 1.77i3?
Title: Message Hi, X-Declude: Version 1.77i3; D2acb18b6021e5887.SMD from sccrmhc12.comcast.net [204.127.202.56] X-Declude-Date: 12/18/2003 22:37:23 [5] Is this something I can turn off, or will it eventually be removed from this beta/interim? Best RegardsAndy SchmidtHM Systems Software, Inc.600 East Crescent Avenue, Suite 203Upper Saddle River, NJ 07458-1846Phone: +1 201 934-3414 x20 (Business)Fax: +1 201 934-9206http://www.HM-Software.com/
Re: [Declude.JunkMail] SPF vs. Form Mail
Andy, I'm with you on the idea being that this is much like SPAMDOMAINS, however, I don't think that I will be subtracting any points for E-mails that pass. I see spam coming through legit servers every day, and what's to stop a static spammer from adding these records to their own server? Nothing I assume, and that could present problems than it fixes if negatively weighted. I view this as a fail only test, and while I could probably score it at 80% comfortably while it is not in widespread use, I'm only going to weight it the same as my SPAMDOMAINS test which I believe is at 40% of my fail weight. I still have to read up on this some more and figure it all out, but am I correct that this matches the MAILFROM address and not something else like the the HELO? Matt Andy Schmidt wrote: Hi, I assume that Form Mail's are a big problem under SPF? If a web site (greeting card site) inserts the users email address as the from address, then it will fail SPF, correct? Or, if we host a web site for a client, the registrations or feedback form mailers email the input to the client using the from address of the web visitor (otherwise, clients tend to press the reply button and end up sending their acknowledgements to our mail server, rather than to the visitor). These emails will fail SPF, because the web visitors domain will not list our web server as a valid sender!? In other words, in real life, SPF is best use to subtract weight for PASS, rather than add (any substantial) weight for FAIL? It has to be treated like the SPAMDOMAINS test - except that the entries are maintained by the owner of each domain and thus are more likely to be accurate. But we can't reach block based on SPF failures without ignoring the reality of the www? Best Regards Andy Schmidt HM Systems Software, Inc. 600 East Crescent Avenue, Suite 203 Upper Saddle River, NJ 07458-1846 Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 http://www.HM-Software.com/ -Original Message- From: Andy Schmidt [mailto:[EMAIL PROTECTED] Sent: Thursday, December 18, 2003 05:20 PM To: '[EMAIL PROTECTED]' Subject: RE: [Declude.JunkMail] SPF caught SPAM already Wow, With only a few hundred domains registered, what were the chances that it would already catch spam: 12/18/2003 16:32:17 Q1cd609ef0252d469 DSBL:5 SPAMCOP:7 NJABLDUL:4 SORBS-DUL:5 CBL:7 SPFFAIL:8 . Total weight = 36. 12/18/2003 16:32:17 Q1cd609ef0252d469 Bypassing whitelisting of E-mail with weight =20 (36) and at least 1 recipients (1). ... 12/18/2003 16:32:18 Q1cd609ef0252d469 Msg failed SPFFAIL (SPF returned FAIL for this E-mail.). Action=IGNORE. ... 12/18/2003 16:32:18 Q1cd609ef0252d469 Deleting spam from [EMAIL PROTECTED] to ... 12/18/2003 16:32:18 Q1cd609ef0252d469 Subject: =?iso-8859-1?b?QWRkIEluY2hlcyB3aXRoIHRoZSBwYXRjaA==?= Best Regards Andy --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Using SUBJECT
Hello, Silly question. I've entered the following action in response to test: SUBJECT Message Contains Unsafe URL However, messages get tagged as Message Contains Unsafe URLSpam ##: test How do (or can) I prevent the Spam ## from showing up? Thanks, Burzin -- Burzin Sumariwalla Phone: (314) 994-9411 x291 [EMAIL PROTECTED] Fax: (314) 997-7615 Pager: (314) 407-3345 Networking and Telecommunications Manager Information Technology Services St. Louis County Library District 1640 S. Lindbergh Blvd. St. Louis, MO 63131 --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] False Positives v. Uncaught Spam for Various Tests
Hello, 1. Does anyone have stats. on false positives v. uncaught spam for various tests. Am I correct in understanding that tests with ratios closer to zero are more accurate? 2. Can someone point me to Scott's November Spam Statistics post. I couldn't find it in the Declude archive. Thanks, Burzin. -- Burzin Sumariwalla Phone: (314) 994-9411 x291 [EMAIL PROTECTED] Fax: (314) 997-7615 Pager: (314) 407-3345 Networking and Telecommunications Manager Information Technology Services St. Louis County Library District 1640 S. Lindbergh Blvd. St. Louis, MO 63131 --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] HOTMAIL ?
I would like to try the file listed below for the spamdomains...but I am nto sure if wrapping has taken place in the mail client. Could someone send me a attachement of the text file that has been working for them...thanks in advance...At 04:31 PM 12/18/2003 -0500, you wrote: altavista. .av.com amazon.com .forevermail.com ameritech.net .sbc.com .aol.com @aol.com .aol.com .apple.com @apple.com .apple.com .att. .cdpd.airdata.com @att. .att. attbi.com .comcast. bellatlantic.net .verizon.net .bellsouth.net @bellsouth.net .bellsouth.net .btinternet. @btinternet. .btinternet. .buy.com .dartmail.com @buy.com .buy.com .charter.net @charter.net .charter.net .cisco.com @cisco.com .cisco.com .comcast. @comcast. .comcast. .compaq.com @compaq.com .compaq.com compuserve.com .aol.com concentric.com .cnchost.com concentric.net .cnc.net .cox. @cox. .cox. @cs.com .aol.com .dell.com @dell.com .dell.com earthlink. .mindspring. .ebay.com .emailebay.com @ebay.com .ebay.com excite.com .excitenetwork.com .gateway.com .dartmail.net @gateway.com .gateway.com geocities.com .yahoo.com gte. .verizon. .hotmail.com @hotmail.com .hotmail.com hp.com .compaq.com juno.com .untd.com .lycos.com @lycos.com .lycos.com .microsoft.com @microsoft.com .microsoft.com mindspring. .earthlink. msn.com .hotmail.com netscape. .aol.com netzero. .untd.com .paypal.com @paypal.com .paypal.com prodigy.net .yahoo. psi. .cogentco.com qwest. .uswest. .rr.com @rr.com .rr.com .sbc.com @sbc.com .sbc.com sprint. .sprintlink.net swbell.net .prodigy.net uswest. .qwest. verio. .veriomail.com verizon.com .gte.com verizon.net .bellatlantic. .yahoo. @yahoo. .yahoo. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] SPF vs. Form Mail
When we create a form on a server we never send the form using the email address that the user entered. Toomany times the user enters the address incorrectly. We use a from address of the domain we are in and place what the user typed in the body of the message. This guarentees that we get all messages. greeting card sites can do the same thing but they do not. The can use an address in their own domain to send the email and add a header for the reply to address as the person who sent the message. They can also use the persons email address or name as the friendly name to display in the mail client Kevin Bilbee -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Andy Schmidt Sent: Thursday, December 18, 2003 2:29 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] SPF vs. Form Mail Hi, I assume that Form Mail's are a big problem under SPF? If a web site (greeting card site) inserts the users email address as the from address, then it will fail SPF, correct? Or, if we host a web site for a client, the registrations or feedback form mailers email the input to the client using the from address of the web visitor (otherwise, clients tend to press the reply button and end up sending their acknowledgements to our mail server, rather than to the visitor). These emails will fail SPF, because the web visitors domain will not list our web server as a valid sender!? In other words, in real life, SPF is best use to subtract weight for PASS, rather than add (any substantial) weight for FAIL? It has to be treated like the SPAMDOMAINS test - except that the entries are maintained by the owner of each domain and thus are more likely to be accurate. But we can't reach block based on SPF failures without ignoring the reality of the www? Best Regards Andy Schmidt HM Systems Software, Inc. 600 East Crescent Avenue, Suite 203 Upper Saddle River, NJ 07458-1846 Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 http://www.HM-Software.com/ -Original Message- From: Andy Schmidt [mailto:[EMAIL PROTECTED] Sent: Thursday, December 18, 2003 05:20 PM To: '[EMAIL PROTECTED]' Subject: RE: [Declude.JunkMail] SPF caught SPAM already Wow, With only a few hundred domains registered, what were the chances that it would already catch spam: 12/18/2003 16:32:17 Q1cd609ef0252d469 DSBL:5 SPAMCOP:7 NJABLDUL:4 SORBS-DUL:5 CBL:7 SPFFAIL:8 . Total weight = 36. 12/18/2003 16:32:17 Q1cd609ef0252d469 Bypassing whitelisting of E-mail with weight =20 (36) and at least 1 recipients (1). ... 12/18/2003 16:32:18 Q1cd609ef0252d469 Msg failed SPFFAIL (SPF returned FAIL for this E-mail.). Action=IGNORE. ... 12/18/2003 16:32:18 Q1cd609ef0252d469 Deleting spam from [EMAIL PROTECTED] to ... 12/18/2003 16:32:18 Q1cd609ef0252d469 Subject: =?iso-8859-1?b?QWRkIEluY2hlcyB3aXRoIHRoZSBwYXRjaA==?= Best Regards Andy --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Sniffer and Low Spam Weight
Hello, Some of my spam that gets caught has a really low weight. This usually indicates a FP. I was wondering is it possible to setup a Declude config such that a total Declude weight of less than 5 will ignore the normal action of Sniffer. In other words is it possible to set an action of a test conditional upon the total Declude value of the message. Any ideas or thoughts? Thanks, Burzin -- Burzin Sumariwalla Phone: (314) 994-9411 x291 [EMAIL PROTECTED] Fax: (314) 997-7615 Pager: (314) 407-3345 Networking and Telecommunications Manager Information Technology Services St. Louis County Library District 1640 S. Lindbergh Blvd. St. Louis, MO 63131 --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] PREWHITELIST ON Question
PREWHITELIST ON only tells Declude to not run tests IF an incoming message meets on of the WHITELIST lines. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Nick Hayer Sent: Thursday, December 18, 2003 3:00 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] PREWHITELIST ON Question Scott - I have PREWHITELIST ON however all tests seem to be run on an email regardless - then when tests are completed the email is whitelisted. Is this broke or am I misunderstanding PREWHITELIST eg: if switched ON then testing will be done? - Thanks! -Nick Hayer snip 12/18/2003 17:50:09 Q2f1b03d9014aebb8 Filter FREEEMAIL-BODYREMOVE: Not skipping E-mail due to current weight of 9. 12/18/2003 17:50:09 Q2f1b03d9014aebb8 Filter: Set max weight to 6. 12/18/2003 17:50:09 Q2f1b03d9014aebb8 HELOBOGUS:4 SNIFFER:3 SPAMCHK:2 . Total weight = 9. 12/18/2003 17:50:09 Q2f1b03d9014aebb8 NOT bypassing whitelisting of E- mail with weight =29 (9) and at least 2 recipients (1). 12/18/2003 17:50:09 Q2f1b03d9014aebb8 E-mail whitelisted - automatically passing all spam tests [EMAIL PROTECTED] 12/18/2003 17:50:09 Q2f1b03d9014aebb8 Using [incoming] CFG file e:\IMail\Declude\$default$.junkmail. 12/18/2003 17:50:09 Q2f1b03d9014aebb8 L1 Message OK 12/18/2003 17:50:09 Q2f1b03d9014aebb8 Subject: Meredith's computer snip --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] SPF vs. Form Mail
Yes, I understand how it can be done - unfortunately, many form mailer scripts don't use the reply-to header and greeting card companies seem to use the from field. Bottom line - unless web sites are being changed, we cannot define -all, we have to define ?all since any of our users may be sending mail through a third party web site. Of course, ?all means that there will never be a FAIL - which is equivalent to giving no or little weight. Best Regards Andy Schmidt HM Systems Software, Inc. 600 East Crescent Avenue, Suite 203 Upper Saddle River, NJ 07458-1846 Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 http://www.HM-Software.com/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kevin Bilbee Sent: Thursday, December 18, 2003 06:18 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] SPF vs. Form Mail When we create a form on a server we never send the form using the email address that the user entered. Toomany times the user enters the address incorrectly. We use a from address of the domain we are in and place what the user typed in the body of the message. This guarentees that we get all messages. greeting card sites can do the same thing but they do not. The can use an address in their own domain to send the email and add a header for the reply to address as the person who sent the message. They can also use the persons email address or name as the friendly name to display in the mail client Kevin Bilbee -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Andy Schmidt Sent: Thursday, December 18, 2003 2:29 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] SPF vs. Form Mail Hi, I assume that Form Mail's are a big problem under SPF? If a web site (greeting card site) inserts the users email address as the from address, then it will fail SPF, correct? Or, if we host a web site for a client, the registrations or feedback form mailers email the input to the client using the from address of the web visitor (otherwise, clients tend to press the reply button and end up sending their acknowledgements to our mail server, rather than to the visitor). These emails will fail SPF, because the web visitors domain will not list our web server as a valid sender!? In other words, in real life, SPF is best use to subtract weight for PASS, rather than add (any substantial) weight for FAIL? It has to be treated like the SPAMDOMAINS test - except that the entries are maintained by the owner of each domain and thus are more likely to be accurate. But we can't reach block based on SPF failures without ignoring the reality of the www? Best Regards Andy Schmidt HM Systems Software, Inc. 600 East Crescent Avenue, Suite 203 Upper Saddle River, NJ 07458-1846 Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 http://www.HM-Software.com/ -Original Message- From: Andy Schmidt [mailto:[EMAIL PROTECTED] Sent: Thursday, December 18, 2003 05:20 PM To: '[EMAIL PROTECTED]' Subject: RE: [Declude.JunkMail] SPF caught SPAM already Wow, With only a few hundred domains registered, what were the chances that it would already catch spam: 12/18/2003 16:32:17 Q1cd609ef0252d469 DSBL:5 SPAMCOP:7 NJABLDUL:4 SORBS-DUL:5 CBL:7 SPFFAIL:8 . Total weight = 36. 12/18/2003 16:32:17 Q1cd609ef0252d469 Bypassing whitelisting of E-mail with weight =20 (36) and at least 1 recipients (1). ... 12/18/2003 16:32:18 Q1cd609ef0252d469 Msg failed SPFFAIL (SPF returned FAIL for this E-mail.). Action=IGNORE. ... 12/18/2003 16:32:18 Q1cd609ef0252d469 Deleting spam from [EMAIL PROTECTED] to ... 12/18/2003 16:32:18 Q1cd609ef0252d469 Subject: =?iso-8859-1?b?QWRkIEluY2hlcyB3aXRoIHRoZSBwYXRjaA==?= Best Regards Andy --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[2]: [Declude.JunkMail] SPF vs. Form Mail
greeting card sites can do the same thing but they do not. The can use an address in their own domain to send the email and add a header for the reply to address as the person who sent the message. Not just the Reply-To:, but the From: as well. It is not technically difficult to change form code to separate the envelope sender from header information. Non-delivery notifications are made more difficult in such situations, however (if eBay had wanted NDRs to go to the user, rather than to their server, the user had to be the Return-Path:...and thus some of the more complicated parts of SPF, such as sender rewriting). -Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Sniffer and Low Spam Weight
In other words is it possible to set an action of a test conditional upon the total Declude value of the message. I believe--but this may be outdated info--that you can pass the %WEIGHT% var to a test (as well as some other in-progress parameters), so you could set up an external test that checks the current value and then shells to Sniffer if desired, returning either 0 or the Sniffer result. Well, that's one way. Only thought about it for a sec. -Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] HOTMAIL ?
Could you explain to a newbie what the format is of the C:\Imail\Declude\SpamDomains.txt file is and what the entries mean? Looking back through the archives, I see some lines with single entries and others with 2 entries per line. Like: .aol.com @aol.com .aol.com The first column is text that must appear in the return address of the E-mail (from the X-Declude-Sender: header) header in order for that line to be used. If there is a match there, then the reverse DNS entry must contain either the text from the first column or the second column. So .aol.com would not do much, as most AOL E-mail comes from [EMAIL PROTECTED] (which doesn't contain .aol.com). However, E-mail from [EMAIL PROTECTED] would need to come from an IP with a reverse DNS entry containing .aol.com. The @aol.com .aol.com line would require that any E-mail from @aol.com have a reverse DNS entry with either @aol.com or .aol.com in it (note that a reverse DNS entry won't have @aol.com in it, so it essentially would require the reverse DNS entry to contain .aol.com). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Declude-Date header in 1.77i3?
X-Declude: Version 1.77i3; D2acb18b6021e5887.SMD from sccrmhc12.comcast.net [204.127.202.56] X-Declude-Date: 12/18/2003 22:37:23 [5] Is this something I can turn off, or will it eventually be removed from this beta/interim? This is a feature specific to the interim release, that will not be in the next beta or released version. It cannot be removed. The number in the brackets is the number of minutes difference between the current time and the time in the Date: header (as lots of spam is sent with big differences, such as days/weeks/years off). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] HOTMAIL ?
I had pretty much everything correct except the SPAM-DOMAINS (I had SPAMDOMAINS). Thank you very much for clearing this up for me, it has truly knocked the level of spam down significantly in just over an hour. Darryl Koster -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Bill Landry Sent: Thursday, December 18, 2003 4:42 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] HOTMAIL ? Add an entry to your global.cfg like: SPAM-DOMAINS spamdomains M:\IMail\Declude\SpamDomains.txt x 10 0 setting the weight test to whatever you want (reflected as a weight 10 above). Bill - Original Message - From: Darryl Koster [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, December 18, 2003 1:31 PM Subject: RE: [Declude.JunkMail] HOTMAIL ? How exactly do I set up the spamdomains test in my system. I know I need to create /imail/declude/spamdomains.txt file (I added the domains from below) but I am unsure of how to set it up in the GLOBAL.CFG file. Could someone give me a quick how to. Thanks Darryl Koster -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Bill Landry Sent: Thursday, December 18, 2003 2:37 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] HOTMAIL ? I haven't updated my spamdomains file for quite some time, but this has been working well for me, thus far: altavista. .av.com amazon.com .forevermail.com ameritech.net .sbc.com .aol.com @aol.com .aol.com .apple.com @apple.com .apple.com .att. .cdpd.airdata.com @att. .att. attbi.com .comcast. bellatlantic.net .verizon.net .bellsouth.net @bellsouth.net .bellsouth.net .btinternet. @btinternet. .btinternet. .buy.com .dartmail.com @buy.com .buy.com .charter.net @charter.net .charter.net .cisco.com @cisco.com .cisco.com .comcast. @comcast. .comcast. .compaq.com @compaq.com .compaq.com compuserve.com .aol.com concentric.com .cnchost.com concentric.net .cnc.net .cox. @cox. .cox. @cs.com .aol.com .dell.com @dell.com .dell.com earthlink. .mindspring. .ebay.com .emailebay.com @ebay.com .ebay.com excite.com .excitenetwork.com .gateway.com .dartmail.net @gateway.com .gateway.com geocities.com .yahoo.com gte. .verizon. .hotmail.com @hotmail.com .hotmail.com hp.com .compaq.com juno.com .untd.com .lycos.com @lycos.com .lycos.com .microsoft.com @microsoft.com .microsoft.com mindspring. .earthlink. msn.com .hotmail.com netscape. .aol.com netzero. .untd.com .paypal.com @paypal.com .paypal.com prodigy.net .yahoo. psi. .cogentco.com qwest. .uswest. .rr.com @rr.com .rr.com .sbc.com @sbc.com .sbc.com sprint. .sprintlink.net swbell.net .prodigy.net uswest. .qwest. verio. .veriomail.com verizon.com .gte.com verizon.net .bellatlantic. .yahoo. @yahoo. .yahoo. Bill - Original Message - From: Rich [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, December 18, 2003 8:07 AM Subject: Re: [Declude.JunkMail] HOTMAIL ? Spamdomains works, and we've been building a list of common sources of spam, cable modem IP's and such. Bill has a spamdomains list that works pretty good, if there's an update to it he might read this and post the link to it. I haven't had a lot of false postives on Spamdomains. Rich - Original Message - From: Ron Rushing [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, December 18, 2003 6:48 AM Subject: [Declude.JunkMail] HOTMAIL ? Greetings-- Would someone please share a strategy to identify or block junk coming from spoofed/relayed hotmail addys, while letting legit mail originating from the real hotmail host(s) through ? -- ==Ron Rushing== CCNA CCDA Network Manager- ESC7Net Region VII Education Service Center 1909 N. Longview St. Kilgore, Texas 75662 903-988-6955 FX 903-988-6965 [EMAIL PROTECTED] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be
RE: [Declude.JunkMail] SPF support to be added to next beta
But I have to know in any case of all the domains that send out legit messages trough our server. No, you do not. You can simply add the v=spf1 +mx ?all to all your domains. However, if you want to take the time to find ones that only send through your server, you can change them from v=spf1 +mx ?all to v=spf1 +mx -all. If not: Would it be possible to have something like LOGSPFINFO ON that can be enabled temporary for some days to write one line for every outgoing message. (eventually also in a separate logfile) With the current interim release, a C:\spf.log will be recorded for domains with SPF entries, and C:\spf.none for domains without SPF entries. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] How did this PASS SPF?
I noticed that local form mails seem to PASS SPF? That's nice - but how/why? That's because: 12/18/2003 17:21:45 Q28781b8a01d045e5 From: deletedmailto:[EMAIL PROTECTED]@logan-aluminum.com To: deletedmailto:[EMAIL PROTECTED]@fmametalfab.org IP: 127.0.0.1 ID: the IP is 127.0.0.1. The RFC draft for SPF requires that E-mail from 127.0.0.1 return a PASS result. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Using SUBJECT
Silly question. I've entered the following action in response to test: SUBJECT Message Contains Unsafe URL However, messages get tagged as Message Contains Unsafe URLSpam ##: test How do (or can) I prevent the Spam ## from showing up? Unfortunately, there isn't a way to do that -- the SUBJECT action will add text to the beginning of the subject, but cannot replace the subject. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] False Positives v. Uncaught Spam for Various Tests
1. Does anyone have stats. on false positives v. uncaught spam for various tests. Am I correct in understanding that tests with ratios closer to zero are more accurate? Right now, I believe the best source is: 2. Can someone point me to Scott's November Spam Statistics post. I couldn't find it in the Declude archive. this. It doesn't have information on false positives, however (we're working on that, but it's a lot more work). You can find the latest spam stats post at http://www.mail-archive.com/[EMAIL PROTECTED]/msg76305.html . -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] SPF vs. Form Mail
- Original Message - From: Matthew Bramble [EMAIL PROTECTED] I view this as a fail only test, and while I could probably score it at 80% comfortably while it is not in widespread use, I'm only going to weight it the same as my SPAMDOMAINS test which I believe is at 40% of my fail weight. This was my thought, as well. I have already found e-mail that I felt was spam that had valid SPF records. I am currently only using SPF as positive weight test, but am monitoring the logs to see if using it as a weight reduction test is also viable. I still have to read up on this some more and figure it all out, but am I correct that this matches the MAILFROM address and not something else like the the HELO? I believe it is the domain part of the original sender's e-mail address that is queried for its txt record. Scott, is this correct? However, it appears to use the list servers domain address if sent from a mailing list. Bill --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] SPF vs. Form Mail
This was my thought, as well. I have already found e-mail that I felt was spam that had valid SPF records. I'm curious about this one -- could you let me know the domain? I think whitelisting E-mail based on an SPF PASS probably isn't a wise idea, but I'm sure that spammers that do use SPF will be much easier to catch (they are providing a list of IPs that they may be spamming from G). I still have to read up on this some more and figure it all out, but am I correct that this matches the MAILFROM address and not something else like the the HELO? I believe it is the domain part of the original sender's e-mail address that is queried for its txt record. Scott, is this correct? However, it appears to use the list servers domain address if sent from a mailing list. Normally, it uses the return address of the E-mail (MAILFROM, from the X-Declude-Sender: header). However, if there is a NULL return address, or the address isn't valid (postmaster, for example), then the domain in the HELO/EHLO will be used. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] SPF vs. Form Mail
Agreed but with any change some code needs to be modified to support new ways of processing data. As for the greeting card companies if SPF takes off they will wake up and change their delivery method. How else will they make their advertising buck? There will always be a time of adjustment where the configurations will have to be less restrictive. But if you notify all your accounts/programmers of the future tighting up of the policy the beenfit will be greater and the discomfort of change will be minimized. Kevin Bilbee -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Andy Schmidt Sent: Thursday, December 18, 2003 3:28 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] SPF vs. Form Mail Yes, I understand how it can be done - unfortunately, many form mailer scripts don't use the reply-to header and greeting card companies seem to use the from field. Bottom line - unless web sites are being changed, we cannot define -all, we have to define ?all since any of our users may be sending mail through a third party web site. Of course, ?all means that there will never be a FAIL - which is equivalent to giving no or little weight. Best Regards Andy Schmidt HM Systems Software, Inc. 600 East Crescent Avenue, Suite 203 Upper Saddle River, NJ 07458-1846 Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 http://www.HM-Software.com/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kevin Bilbee Sent: Thursday, December 18, 2003 06:18 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] SPF vs. Form Mail When we create a form on a server we never send the form using the email address that the user entered. Toomany times the user enters the address incorrectly. We use a from address of the domain we are in and place what the user typed in the body of the message. This guarentees that we get all messages. greeting card sites can do the same thing but they do not. The can use an address in their own domain to send the email and add a header for the reply to address as the person who sent the message. They can also use the persons email address or name as the friendly name to display in the mail client Kevin Bilbee -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Andy Schmidt Sent: Thursday, December 18, 2003 2:29 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] SPF vs. Form Mail Hi, I assume that Form Mail's are a big problem under SPF? If a web site (greeting card site) inserts the users email address as the from address, then it will fail SPF, correct? Or, if we host a web site for a client, the registrations or feedback form mailers email the input to the client using the from address of the web visitor (otherwise, clients tend to press the reply button and end up sending their acknowledgements to our mail server, rather than to the visitor). These emails will fail SPF, because the web visitors domain will not list our web server as a valid sender!? In other words, in real life, SPF is best use to subtract weight for PASS, rather than add (any substantial) weight for FAIL? It has to be treated like the SPAMDOMAINS test - except that the entries are maintained by the owner of each domain and thus are more likely to be accurate. But we can't reach block based on SPF failures without ignoring the reality of the www? Best Regards Andy Schmidt HM Systems Software, Inc. 600 East Crescent Avenue, Suite 203 Upper Saddle River, NJ 07458-1846 Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 http://www.HM-Software.com/ -Original Message- From: Andy Schmidt [mailto:[EMAIL PROTECTED] Sent: Thursday, December 18, 2003 05:20 PM To: '[EMAIL PROTECTED]' Subject: RE: [Declude.JunkMail] SPF caught SPAM already Wow, With only a few hundred domains registered, what were the chances that it would already catch spam: 12/18/2003 16:32:17 Q1cd609ef0252d469 DSBL:5 SPAMCOP:7 NJABLDUL:4 SORBS-DUL:5 CBL:7 SPFFAIL:8 . Total weight = 36. 12/18/2003 16:32:17 Q1cd609ef0252d469 Bypassing whitelisting of E-mail with weight =20 (36) and at least 1 recipients (1). ... 12/18/2003 16:32:18 Q1cd609ef0252d469 Msg failed SPFFAIL (SPF returned FAIL for this E-mail.). Action=IGNORE. ... 12/18/2003 16:32:18 Q1cd609ef0252d469 Deleting spam from [EMAIL PROTECTED] to ... 12/18/2003 16:32:18 Q1cd609ef0252d469 Subject: =?iso-8859-1?b?QWRkIEluY2hlcyB3aXRoIHRoZSBwYXRjaA==?= Best Regards Andy --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] SPF vs. Form Mail
As for the greeting card companies if SPF takes off they will wake up and change their delivery method. How else will they make their advertising buck? Actually, the greeting card companies *should* already be doing this. The return address is used for bounce messages. If they are using the supposed E-mail address of the web site visitor, any bounces will go to the innocent victim whose E-mail address has been used. So they should use their own domain name in the return address. If this is the case, they automatically get an UNKNOWN instead of a FAIL (or a PASS if they add their own SPF record). Meanwhile, if they keep the supposed address of the web site visitor in the From:/Sender:/Reply-To: headers, the recipient probably won't know the difference, and replies will be sent to the person who requested that the greeting card be sent. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] SPF vs. Form Mail
- Original Message - From: R. Scott Perry [EMAIL PROTECTED] This was my thought, as well. I have already found e-mail that I felt was spam that had valid SPF records. I'm curious about this one -- could you let me know the domain? I was a little hasty in my statement above. When I went to retrieve the domain for you, I checked on the site and did a closer review of the messages and found that they were e-mails from a legitimate opt-in list. However, I will keep track and report any questionable findings. I think whitelisting E-mail based on an SPF PASS probably isn't a wise idea, but I'm sure that spammers that do use SPF will be much easier to catch (they are providing a list of IPs that they may be spamming from G). Yes, this is a good thing, indeed! I believe it is the domain part of the original sender's e-mail address that is queried for its txt record. Scott, is this correct? However, it appears to use the list servers domain address if sent from a mailing list. Normally, it uses the return address of the E-mail (MAILFROM, from the X-Declude-Sender: header). However, if there is a NULL return address, or the address isn't valid (postmaster, for example), then the domain in the HELO/EHLO will be used. Thanks for the clarification. Bill --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] SPF vs. Form Mail
R. Scott Perry wrote: I think whitelisting E-mail based on an SPF PASS probably isn't a wise idea, but I'm sure that spammers that do use SPF will be much easier to catch (they are providing a list of IPs that they may be spamming from G). If I was a spammer, I would use this to my advantage. These guys collect 2,000 IP's at a time, and move around their blocks in order to avoid being perma-listed in the RBL's already, and turning on and off some SPF listings can't be that much more difficult. Besides that, even legit servers pass spam. Forwarding is problematic for this test, and then there's the fact that very small-time spammers will use their ISP to send out their garbage. The very small-time spammers are the most likely to get through my server, but thankfully the volume is low. If SPF becomes popular, crediting points for passing the test will become a big no-no. Maybe this isn't something that you will want to support long-term? Normally, it uses the return address of the E-mail (MAILFROM, from the X-Declude-Sender: header). However, if there is a NULL return address, or the address isn't valid (postmaster, for example), then the domain in the HELO/EHLO will be used. I'm not sure if this is in the RFC, but it would be a lot more accurate if you could compare the HELO to the SPF data. Some scripts to also falsify the HELO, but no where near the number of forged domains in MAILFROM. Maybe a separate test possibility? Or even a replacement? I do like this whole idea a lot better than Web-O-Trust though. My only concern about the viability of this test is how responsible administrators will be in covering their scripts as well as their mail server. I suspect that human nature will show its face and mitigate the usefulness to some extent. The fact that this appears hard to understand at first glance (to me at least) tells me that it's likely to be screwed up. Matt --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Something to be blocking
The most troublesome crud spammer of them all (the p-patch guy) is currently sending out E-mails with the following line in the headers: X-Ki: random characters I'm going to throw in a filter for this as follows: HEADERS 30CONTAINS X-Ki: I suspect this pattern may be short-lived, but he just got 2 messages to me in a 5 minute space, coming from two different IP's. Someone needs to put this guy in jail for a long-time. The FBI could track this guy down in a matter of days. Matt --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] How did this PASS SPF?
Excellent! Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Thursday, December 18, 2003 06:47 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] How did this PASS SPF? I noticed that local form mails seem to PASS SPF? That's nice - but how/why? That's because: 12/18/2003 17:21:45 Q28781b8a01d045e5 From: deletedmailto:[EMAIL PROTECTED]@logan-aluminum.com To: deletedmailto:[EMAIL PROTECTED]@fmametalfab.org IP: 127.0.0.1 ID: the IP is 127.0.0.1. The RFC draft for SPF requires that E-mail from 127.0.0.1 return a PASS result. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.