RE: [Declude.JunkMail] HOLD plus COPYTO
COPYTO or COPYFILE ? %$^^$%**($^$##$*(*^t$%%^ Thanks for the wake up call. Boy, do I feel dumb. John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] The Latest from Earthlink ??
Below is a copy of a message we received: --- This is an automatic reply to your email message to [EMAIL PROTECTED] This email address is protected by EarthLink spamBlocker. Your email message has been redirected to a suspect email folder for [EMAIL PROTECTED] In order for your message to be moved to this recipient's Inbox, he or she must add your email address to a list of allowed senders. Click the link below to request that [EMAIL PROTECTED] add you to this list. https://webmail.atl.earthlink.net/wam/[EMAIL PROTECTED]id =1b7HJs31X3Nl3qW0 --- I guess they are trying to stop spam, but it may be a pain in the arse. Regards, Tom Image`fx --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] HOLD plus COPYTO
Hey, John. How about a 3-fer test to archive messages, like so: HIDETESTS HOURCOPY #Mar-23-2004 AC Testing two new features with one go. Archive all # messages if sent in the hour of 11PM and give a # weight of none. HOURCOPY hour 23 23 0 0 HOURCOPY COPYFILE d:\archive Andrew 8) -Original Message- From: John Tolmachoff (Lists) [mailto:[EMAIL PROTECTED] Sent: Sunday, March 28, 2004 11:05 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] HOLD plus COPYTO COPYTO or COPYFILE ? %$^^$%**($^$##$*(*^t$%%^ Thanks for the wake up call. Boy, do I feel dumb. John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] The Latest from Earthlink ??
Hi Tom- They've been doing this for a while, and it IS a pain. It seems to be a way of keeping an individual-level whitelist. I think this only happens once in most cases, and that once you're approved the mail flows normally. It's annoying to think that you've responded to someone only to find out later that not only has the message not been delivered, the customer doesn't even know it's waiting until you take this secondary action. -Dave - Original Message - From: Tom [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, March 29, 2004 1:25 AM Subject: RE: [Declude.JunkMail] The Latest from Earthlink ?? Below is a copy of a message we received: --- This is an automatic reply to your email message to [EMAIL PROTECTED] This email address is protected by EarthLink spamBlocker. Your email message has been redirected to a suspect email folder for [EMAIL PROTECTED] In order for your message to be moved to this recipient's Inbox, he or she must add your email address to a list of allowed senders. Click the link below to request that [EMAIL PROTECTED] add you to this list. https://webmail.atl.earthlink.net/wam/[EMAIL PROTECTED]id =1b7HJs31X3Nl3qW0 --- I guess they are trying to stop spam, but it may be a pain in the arse. Regards, Tom Image`fx --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] FW: %RND_SUBJECTS (This worries me!)
I also forgot to mention that I can't contact Adrian to arrange a whitelist (should any of our users need to send to his users) because my messages will be blacklisted. Todd Holt Xidix Technologies, Inc Las Vegas, NV USA 702.319.4349 www.xidix.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Adrian Hauri Sent: Sunday, March 28, 2004 6:30 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] FW: %RND_SUBJECTS (This worries me!) Our company blocks everything with reverse DNS entry from *.client.comcast.net, *.rr.com, *.du.shawcable.net, *.eastlink.ca, *.client.attbi.com, *client2.attbi.com, *cable.wanadoo.nl, *.de.comcast.net, *.md.comcast.net, *.tn.comcast.net, *.va.comcast.net, *.ipt.aol.com, *.east.verizon.net, *.vie.surfer.at, *.sprint-hsd.net, *cable.wanadoo.nl etc. Additionallly we block everything with *-number-* (like -26-), *.number.*, *.cable.*, *.pp.*, *.ip.*, *modem*, *async*, *rback*, *dyn*, *dhcp*, *ppp*, *dial*, *dsl* in the reverse DNS. This blocks a lot of unwanted emails. It is rare that a reverse DNS entry of a legal mailserver has dsl in the name. We just had one reverse DNS entry that we had to whitelist: mailservers for swiftdsl.com.au. But it helped us to minimize the rbl lookup and speed up the mail processing. There were some people who rang us up because they got the bounce message but all of them didn't have a proper reverse DNS entry for their mailserver. It's up to you how strict you are with blocking emails. But because we do not run a mail service for a lot of clients we can apply strict rules. Adrian - ToadShow Pty Ltd phone: 07 3004 7900 fax: 07 3846 1220 email: [EMAIL PROTECTED] http://www.toadshow.com.au - - Original Message - From: marc catuogno To: [EMAIL PROTECTED] Sent: Monday, March 29, 2004 9:32 AM Subject: [Declude.JunkMail] FW: %RND_SUBJECTS (This worries me!) I just got this e-mail and I just feel like someone is targeting my domain for a spam campaign. When I hit view source, it only said test. Any suggestions on how to block this?? I'm surprised that DUL or DYNA didn't catch this at all, looks like it came in though a dynamic Comcast IP not one of their SMTP servers. I put prod-infinitum.com into the declude header filter with enough weight to hold it, but I don't think that would be enough. Thanks - Marc -Original Message- From: Shella Arrington [mailto:[EMAIL PROTECTED] Sent: Sunday, March 28, 2004 5:10 AM To: [EMAIL PROTECTED] Subject: %RND_SUBJECTS test Headers: Received: from c-24-13-168-241.client.comcast.net [24.13.168.241] by mail.prudentialrand.com (SMTPD32-8.05) id AED14440132; Sun, 28 Mar 2004 17:16:49 -0500 Received: from 18.104.180.255 by 24.13.168.241; Sun, 28 Mar 2004 11:13:22 +0100 Message-ID: [EMAIL PROTECTED] From: Shella Arrington [EMAIL PROTECTED] Reply-To: Shella Arrington [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: %RND_SUBJECTS Date: Sun, 28 Mar 2004 13:10:22 +0300 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=--0825904990538747225 X-Mailer: PIPEX NetMail 2.2.0-pre13 X-IP: 221.134.57.232 X-IMAIL-SPAM-VALFROM: (71565618) X-RBL-Warning: NOABUSE: Not supporting [EMAIL PROTECTED] [2-18-9000] X-RBL-Warning: NOPOSTMASTER: Not supporting [EMAIL PROTECTED] [2-19-9800] X-RBL-Warning: IPNOTINMX: [2-25-c800] X-RBL-Warning: CMDSPACE: Space found in RCPT TO: command . [2-32-1] X-Declude-Sender: [EMAIL PROTECTED] [24.13.168.241] X-Declude-Spoolname: D4ed1044401323a46.SMD X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. X-Spam-Tests-Failed: NOABUSE, NOPOSTMASTER, IPNOTINMX, NOLEGITCONTENT, CMDSPACE [9] X-Country-Chain: X-Note: This E-mail was sent from c-24-13-168-241.client.comcast.net ([24.13.168.241]). X-RCPT-TO: [EMAIL PROTECTED] Status: U X-UIDL: 380366455 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus (http://www.declude.com)] --- [This E-mail scanned for viruses by Declude Virus (http://www.declude.com)] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Test not failed.
Below is a message that did not fail a filter test, GreyFilter3. What am I missing that it did not get caught? From Imail SMTPD log: 2004-03-27 08:49:39 Local7.Debug127.0.0.1 SMTPD (2AD30026) [67.94.227.39] connect 68.164.114.3 port 3017 2004-03-27 08:49:39 Local7.Debug127.0.0.1 SMTPD (2AD30026) [68.164.114.3] HELO srv1.eservicesforyou.net 2004-03-27 08:49:39 Local7.Debug127.0.0.1 SMTPD (2AD30026) [68.164.114.3] MAIL FROM:[EMAIL PROTECTED] 2004-03-27 08:49:39 Local7.Debug127.0.0.1 SMTPD (2AD30026) [68.164.114.3] RCPT TO:[EMAIL PROTECTED] 2004-03-27 08:49:39 Local7.Debug127.0.0.1 SMTPD (2AD30026) [68.164.114.3] F:\Spool\Db0a32ad30026f8a0.SMD 3969 Line in GreyFilter3: HELO5 IS srv1.eservicesforyou.net Full Headers: Received: from srv1.eservicesforyou.net [68.164.114.3] by mail.eservicesforyou.net (SMTPD32-8.05) id A0A32AD30026; Sat, 27 Mar 2004 08:49:39 -0800 Received: from dialin-145-254-233-211.arcor-ip.net ([145.254.233.211]) by srv1.eservicesforyou.net with Microsoft SMTPSVC(5.0.2195.6713); Sat, 27 Mar 2004 08:49:35 -0800 Received: from 64.24.88.152 by 145.254.233.211 with SMTP; Sat, 27 Mar 2004 11:49:13 -0500 Date: Sat, 27 Mar 2004 11:49:13 -0500 From: Bradley Tolbert [EMAIL PROTECTED] Reply-To: Bradley Tolbert [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: MIME-Version: 1.0 Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 7bit Return-Path: [EMAIL PROTECTED] X-OriginalArrivalTime: 27 Mar 2004 16:49:36.0975 (UTC) FILETIME=[7D2955F0:01C4141B] X-RBL-Warning: SORBS-DUL: Dynamic IP Address See: http://www.dnsbl.sorbs.net/cgi-bin/lookup?IP=145.254.233.211; [2-11-5800] X-RBL-Warning: SPAMDOMAINS: Spamdomain '@insurer.com' found: Address of [EMAIL PROTECTED] sent from invalid dialin-145-254-233-211.arcor-ip.net. [2-52-1a000] X-RBL-Warning: SPAMCHECK: Message failed SPAMCHECK: 12. [2-54-1b000] X-Declude-Sender: [EMAIL PROTECTED] [145.254.233.211] X-Declude-Spoolname: Db0a32ad30026f8a0.SMD X-RBL-Warning: Total weight: 29 X-RBL-Warning: TESTS FAILED: SORBS-DUL, IPNOTINMX, NOLEGITCONTENT, SPAMDOMAINS, SPAMCHECK X-Note: This E-mail was received from RevDNS: [dialin-145-254-233-211.arcor-ip.net] X-Note: This E-mail was received from IP: [145.254.233.211] X-Note: This e-mail was scanned by eServices For You for Viruses and SPAM. X-Note: To report any issues, please contact [EMAIL PROTECTED] John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [HOLD weight]RE: [Declude.JunkMail] FW: %RND_SUBJECTS (This worries me!)
Actually your e-mail did hit my hold weight... maybe I should lower those rev DNS weights I just put in.. Are you using Charters SMTP or your own? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Todd Holt Sent: Monday, March 29, 2004 12:22 PM To: [EMAIL PROTECTED] Subject: [HOLD weight]RE: [Declude.JunkMail] FW: %RND_SUBJECTS (This worries me!) I also forgot to mention that I can't contact Adrian to arrange a whitelist (should any of our users need to send to his users) because my messages will be blacklisted. Todd Holt Xidix Technologies, Inc Las Vegas, NV USA 702.319.4349 www.xidix.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Adrian Hauri Sent: Sunday, March 28, 2004 6:30 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] FW: %RND_SUBJECTS (This worries me!) Our company blocks everything with reverse DNS entry from *.client.comcast.net, *.rr.com, *.du.shawcable.net, *.eastlink.ca, *.client.attbi.com, *client2.attbi.com, *cable.wanadoo.nl, *.de.comcast.net, *.md.comcast.net, *.tn.comcast.net, *.va.comcast.net, *.ipt.aol.com, *.east.verizon.net, *.vie.surfer.at, *.sprint-hsd.net, *cable.wanadoo.nl etc. Additionallly we block everything with *-number-* (like -26-), *.number.*, *.cable.*, *.pp.*, *.ip.*, *modem*, *async*, *rback*, *dyn*, *dhcp*, *ppp*, *dial*, *dsl* in the reverse DNS. This blocks a lot of unwanted emails. It is rare that a reverse DNS entry of a legal mailserver has dsl in the name. We just had one reverse DNS entry that we had to whitelist: mailservers for swiftdsl.com.au. But it helped us to minimize the rbl lookup and speed up the mail processing. There were some people who rang us up because they got the bounce message but all of them didn't have a proper reverse DNS entry for their mailserver. It's up to you how strict you are with blocking emails. But because we do not run a mail service for a lot of clients we can apply strict rules. Adrian - ToadShow Pty Ltd phone: 07 3004 7900 fax: 07 3846 1220 email: [EMAIL PROTECTED] http://www.toadshow.com.au - - Original Message - From: marc catuogno To: [EMAIL PROTECTED] Sent: Monday, March 29, 2004 9:32 AM Subject: [Declude.JunkMail] FW: %RND_SUBJECTS (This worries me!) I just got this e-mail and I just feel like someone is targeting my domain for a spam campaign. When I hit view source, it only said test. Any suggestions on how to block this?? I'm surprised that DUL or DYNA didn't catch this at all, looks like it came in though a dynamic Comcast IP not one of their SMTP servers. I put prod-infinitum.com into the declude header filter with enough weight to hold it, but I don't think that would be enough. Thanks - Marc -Original Message- From: Shella Arrington [mailto:[EMAIL PROTECTED] Sent: Sunday, March 28, 2004 5:10 AM To: [EMAIL PROTECTED] Subject: %RND_SUBJECTS test Headers: Received: from c-24-13-168-241.client.comcast.net [24.13.168.241] by mail.prudentialrand.com (SMTPD32-8.05) id AED14440132; Sun, 28 Mar 2004 17:16:49 -0500 Received: from 18.104.180.255 by 24.13.168.241; Sun, 28 Mar 2004 11:13:22 +0100 Message-ID: [EMAIL PROTECTED] From: Shella Arrington [EMAIL PROTECTED] Reply-To: Shella Arrington [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: %RND_SUBJECTS Date: Sun, 28 Mar 2004 13:10:22 +0300 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=--0825904990538747225 X-Mailer: PIPEX NetMail 2.2.0-pre13 X-IP: 221.134.57.232 X-IMAIL-SPAM-VALFROM: (71565618) X-RBL-Warning: NOABUSE: Not supporting [EMAIL PROTECTED] [2-18-9000] X-RBL-Warning: NOPOSTMASTER: Not supporting [EMAIL PROTECTED] [2-19-9800] X-RBL-Warning: IPNOTINMX: [2-25-c800] X-RBL-Warning: CMDSPACE: Space found in RCPT TO: command . [2-32-1] X-Declude-Sender: [EMAIL PROTECTED] [24.13.168.241] X-Declude-Spoolname: D4ed1044401323a46.SMD X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. X-Spam-Tests-Failed: NOABUSE, NOPOSTMASTER, IPNOTINMX, NOLEGITCONTENT, CMDSPACE [9] X-Country-Chain: X-Note: This E-mail was sent from c-24-13-168-241.client.comcast.net ([24.13.168.241]). X-RCPT-TO: [EMAIL PROTECTED] Status: U X-UIDL: 380366455 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus (http://www.declude.com)] --- [This E-mail scanned for viruses by Declude Virus (http://www.declude.com)] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL
RE: [HOLD weight]RE: [Declude.JunkMail] FW: %RND_SUBJECTS (This worries me!)
We use IMail 7.15 on a static IP (in fact we have a block of static IPs) from MPower, but they will not delegate or customize the RDNS entries for any customers. As I know from many previous threads, this is VERY common among ISPs. Not having an RDNS entry is a very reliable measure of SPAM, but if it exists, the text of the entry is not reliable. This is why I suggest not giving the type of RDNS entry much credibility, but certainly check if the RDNS exists!! Todd Holt Xidix Technologies, Inc Las Vegas, NV USA 702.319.4349 www.xidix.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of marc catuogno Sent: Monday, March 29, 2004 9:30 AM To: [EMAIL PROTECTED] Subject: RE: [HOLD weight]RE: [Declude.JunkMail] FW: %RND_SUBJECTS (This worries me!) Actually your e-mail did hit my hold weight... maybe I should lower those rev DNS weights I just put in.. Are you using Charters SMTP or your own? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Todd Holt Sent: Monday, March 29, 2004 12:22 PM To: [EMAIL PROTECTED] Subject: [HOLD weight]RE: [Declude.JunkMail] FW: %RND_SUBJECTS (This worries me!) I also forgot to mention that I can't contact Adrian to arrange a whitelist (should any of our users need to send to his users) because my messages will be blacklisted. Todd Holt Xidix Technologies, Inc Las Vegas, NV USA 702.319.4349 www.xidix.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Adrian Hauri Sent: Sunday, March 28, 2004 6:30 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] FW: %RND_SUBJECTS (This worries me!) Our company blocks everything with reverse DNS entry from *.client.comcast.net, *.rr.com, *.du.shawcable.net, *.eastlink.ca, *.client.attbi.com, *client2.attbi.com, *cable.wanadoo.nl, *.de.comcast.net, *.md.comcast.net, *.tn.comcast.net, *.va.comcast.net, *.ipt.aol.com, *.east.verizon.net, *.vie.surfer.at, *.sprint-hsd.net, *cable.wanadoo.nl etc. Additionallly we block everything with *-number-* (like -26-), *.number.*, *.cable.*, *.pp.*, *.ip.*, *modem*, *async*, *rback*, *dyn*, *dhcp*, *ppp*, *dial*, *dsl* in the reverse DNS. This blocks a lot of unwanted emails. It is rare that a reverse DNS entry of a legal mailserver has dsl in the name. We just had one reverse DNS entry that we had to whitelist: mailservers for swiftdsl.com.au. But it helped us to minimize the rbl lookup and speed up the mail processing. There were some people who rang us up because they got the bounce message but all of them didn't have a proper reverse DNS entry for their mailserver. It's up to you how strict you are with blocking emails. But because we do not run a mail service for a lot of clients we can apply strict rules. Adrian - ToadShow Pty Ltd phone: 07 3004 7900 fax: 07 3846 1220 email: [EMAIL PROTECTED] http://www.toadshow.com.au - - Original Message - From: marc catuogno To: [EMAIL PROTECTED] Sent: Monday, March 29, 2004 9:32 AM Subject: [Declude.JunkMail] FW: %RND_SUBJECTS (This worries me!) I just got this e-mail and I just feel like someone is targeting my domain for a spam campaign. When I hit view source, it only said test. Any suggestions on how to block this?? I'm surprised that DUL or DYNA didn't catch this at all, looks like it came in though a dynamic Comcast IP not one of their SMTP servers. I put prod-infinitum.com into the declude header filter with enough weight to hold it, but I don't think that would be enough. Thanks - Marc -Original Message- From: Shella Arrington [mailto:[EMAIL PROTECTED] Sent: Sunday, March 28, 2004 5:10 AM To: [EMAIL PROTECTED] Subject: %RND_SUBJECTS test Headers: Received: from c-24-13-168-241.client.comcast.net [24.13.168.241] by mail.prudentialrand.com (SMTPD32-8.05) id AED14440132; Sun, 28 Mar 2004 17:16:49 -0500 Received: from 18.104.180.255 by 24.13.168.241; Sun, 28 Mar 2004 11:13:22 +0100 Message-ID: [EMAIL PROTECTED] From: Shella Arrington [EMAIL PROTECTED] Reply-To: Shella Arrington [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: %RND_SUBJECTS Date: Sun, 28 Mar 2004 13:10:22 +0300 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=--0825904990538747225 X-Mailer: PIPEX NetMail 2.2.0-pre13 X-IP: 221.134.57.232 X-IMAIL-SPAM-VALFROM: (71565618) X-RBL-Warning: NOABUSE: Not supporting [EMAIL PROTECTED] [2-18-9000] X-RBL-Warning: NOPOSTMASTER: Not supporting [EMAIL PROTECTED] [2-19-9800] X-RBL-Warning: IPNOTINMX: [2-25-c800] X-RBL-Warning: CMDSPACE: Space found in RCPT TO: command . [2-32-1] X-Declude-Sender: [EMAIL PROTECTED] [24.13.168.241] X-Declude-Spoolname: D4ed1044401323a46.SMD X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. X-Spam-Tests-Failed: NOABUSE, NOPOSTMASTER, IPNOTINMX, NOLEGITCONTENT, CMDSPACE [9] X-Country-Chain: X-Note:
Re: [Declude.JunkMail] FW: %RND_SUBJECTS (This worries me!)
here is also a list of rbl's that we trust and directly bounce: (most of them are spam traps, open relay lists or filters by country so you should be safe) What if we get a lot of legit email from these countries? Sheldon Sheldon Koehler, Owner/Partnerhttp://www.tenforward.com Ten Forward Communications 360-457-9023 Nationwide access, neighborhood support! Whenever you find yourself on the side of the majority, it's time to pause and reflect. Mark Twain --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] e-commerce counter weights
Most of my false positives are coming from e-commerce sites, where automatic email are generated after an order has been placed. What sort of counter weighting do you guys use to balance out these types of messages? I can't decide on anything to identify these types of messages with that spammers don't already try to fake. Any help would be much appreciated. Thank you for making YourNET Connection your connection to the world Jim O'Keefe Technical Support @YourNET Connection, Inc. [EMAIL PROTECTED]
Re: [Declude.JunkMail] Test not failed.
Below is a message that did not fail a filter test, GreyFilter3. What am I missing that it did not get caught? Line in GreyFilter3: HELO5 IS srv1.eservicesforyou.net Full Headers: Received: from srv1.eservicesforyou.net [68.164.114.3] by mail.eservicesforyou.net (SMTPD32-8.05) id A0A32AD30026; Sat, 27 Mar 2004 08:49:39 -0800 It looks like this should have been caught. Are there any spaces/tabs at the end of the line in the filter file? Is that the last line on the file (if so, the cursor needs to be able to go to the line below it, by hitting ENTER at the end of the line if necessary)? -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] e-commerce counter weights
We just use a negative weight list, and add new domains to the list as needed. Note that it's not a good idea to have any of your hosted domain in the negative weight list, or ISP domains such as aol, yahoo, msn, etc. as you'll just end up letting a lot of spam through that way. NEGATIVEWEIGHTLISTfromfile F:\IMail\Declude\negativeweight.txt x -25 0 We also use a "positive weight list", which is probably a misnomer since it add to the spam weighta better name would probably be greylist. We add known spam domains to this list. Similar to a blacklist, but we only add enough weight to hold on the greylist, while the blacklist has enough weight to delete. POSITIVEWEIGHTLISTfromfile F:\IMail\Declude\positiveweight.txt x 20 0 You'll probably want to adjust the weights to match your scale. We use the positive weight to put it just into the hold range, while the negative weight would take an email from the middle of the hold range down to zero. Darin. - Original Message - From: Technical Support To: [EMAIL PROTECTED] Sent: Monday, March 29, 2004 3:35 PM Subject: [Declude.JunkMail] e-commerce counter weights Most of my false positives are coming from e-commerce sites, where automatic email are generated after an order has been placed. What sort of counter weighting do you guys use to balance out these types of messages? I can't decide on anything to identify these types of messages with that spammers don't already try to fake. Any help would be much appreciated. Thank you for making YourNET Connection your connection to the world Jim O'Keefe Technical Support @YourNET Connection, Inc. [EMAIL PROTECTED]
RE: [Declude.JunkMail] Test not failed.
It looks like this should have been caught. Are there any spaces/tabs at the end of the line in the filter file? Is that the last line on the file (if so, the cursor needs to be able to go to the line below it, by hitting ENTER at the end of the line if necessary)? Bingo. Was the last line and I forgot to create another line underneath. Thanks. John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] e-commerce counter weights
On 29 Mar 2004 at 14:35, Technical Support wrote: What sort of counter weighting do you guys use to balance out these types of messages? I can't decide on anything to identify these types of messages with that spammers don't already try to fake. Any help would be much appreciated. As Darin responded you should use a negative weighted filter. I call mine compensatory.txt In it include REVDNS, CONTAINS, MAILFROM, etc. from the false positives that will counter weight the spam scores. As far a phrase that you could add for a BODY tag kinda hard. But they may work for you like 'Order shipped' , etc. I make compensatory.txt the first filter in global.cfg also; to be sure SKIPIFWEIGHT feature is used in the other filter files. -Nick Hayer Thank you for making YourNET Connection your connection to the world Jim O'Keefe Technical Support @YourNET Connection, Inc. mailto:[EMAIL PROTECTED] [EMAIL PROTECTED] [AUTOMATED NOTE: Your mail server [170.222.200.91] is missing a reverse DNS entry. All Internet hosts are required to have a reverse DNS entry. The missing reverse DNS entry will cause your mail to be treated as spam on some servers, such as AOL.] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Store and Forward - Outgoing Actions
Wesetup Store and Forward (Imail 8.05, Declude JunkMail Pro) and everything seems to work correctly. But, The manual and archives talk about Outgoing Actions. We have a declude/domainname.com directory with a $default$.junkmail file. Do those tests get performed on the outbound email or is there something special to make them outgoing tests? Is Declude JunkMail testing ALL of my outgoing email? I don't think I want it to, just store and forward email. [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Store and Forward - Outgoing Actions
Wesetup Store and Forward (Imail 8.05, Declude JunkMail Pro) and everything seems to work correctly. But, The manual and archives talk about Outgoing Actions. We have a declude/domainname.com directory with a $default$.junkmail file. Do those tests get performed on the outbound email or is there something special to make them outgoing tests? When an E-mail arrives, Declude JunkMail will use the configuration file(s) for the recipients, not the senders. For E-mail where a recipient is not local, Declude JunkMail will use the outgoing actions, which are the ones in the \IMail\Declude\global.cfg file. The \IMail\Declude\example.com\$default$.JunkMail file will be used for E-mail *to* an @example.com user, but not for an E-mail *from* an @example.com user. The outgoing E-mail settings are global, and cannot be changed per domain. Is Declude JunkMail testing ALL of my outgoing email? I don't think I want it to, just store and forward email. In this case, you can have per-domain settings for those domains. Then, the \IMail\Declude\global.cfg file can be set up to use the IGNORE action. That way, regular outgoing E-mail will not be scanned -- but E-mail to the store-and-forward domains will be scanned (even though they would otherwise be treated as outgoing E-mail, the per-domain config file takes priority). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Store and Forward - Outgoing Actions
Thanks Scott. I think I understand. I guess I'll wait and see what happens. [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Monday, March 29, 2004 4:33 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Store and Forward - Outgoing Actions When an E-mail arrives, Declude JunkMail will use the configuration file(s) for the recipients, not the senders. For E-mail where a recipient is not local, Declude JunkMail will use the outgoing actions, which are the ones in the \IMail\Declude\global.cfg file. The \IMail\Declude\example.com\$default$.JunkMail file will be used for E-mail *to* an @example.com user, but not for an E-mail *from* an @example.com user. The outgoing E-mail settings are global, and cannot be changed per domain. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Crazy Characters
Has anyone noticed these yet: Subject: Lower your monthly payment today ! Between the words are space like characters that aren't spaces. I can only view them using symbol or dingbat fonts and my email client can't even search for them in a folder of messages. I'm inclined to make a filter for them, but I don't know how Declude will react. Scott, please advise, Dan --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] weird random .htm attachments
Hi, Tried searching mail-archive.com for these but didn't turn up anything. Subject: pass on the fun [random subjects] Body: This message has attach [random too] [random attachments but always ends in .htm] I didn't open it with IE but with a text editor. Starts with script language=JavaScriptcontractions = new Array(162, [whole bunch of numbers] ends with charters = 907; beetle = 243; var equal = ; for(bowl = 0; bowl charters; bowl++) equal = equal + String.fromCharCode(contractions[bowl] ^ preferential[bowl % beetle]); document.write(equal); /script Sniffer catches these under rule 62 (Experimental) but it's not enough to hold these. Any ideas? What does one see when they view this under IE? --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] weird random .htm attachments
Yes, I have been seeing them too. They are java scripts that run. Definitly spam. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Kevin Sent: Monday, March 29, 2004 4:37 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] weird random .htm attachments Hi, Tried searching mail-archive.com for these but didn't turn up anything. Subject: pass on the fun [random subjects] Body: This message has attach [random too] [random attachments but always ends in .htm] I didn't open it with IE but with a text editor. Starts with script language=JavaScriptcontractions = new Array(162, [whole bunch of numbers] ends with charters = 907; beetle = 243; var equal = ; for(bowl = 0; bowl charters; bowl++) equal = equal + String.fromCharCode(contractions[bowl] ^ preferential[bowl % beetle]); document.write(equal); /script Sniffer catches these under rule 62 (Experimental) but it's not enough to hold these. Any ideas? What does one see when they view this under IE? --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] weird random .htm attachments
Has anyone set up a filter to catch thesewe get a lot of them... gb At 04:41 PM 3/29/2004 -0800, you wrote: Yes, I have been seeing them too. They are java scripts that run. Definitly spam. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Kevin Sent: Monday, March 29, 2004 4:37 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] weird random .htm attachments Hi, Tried searching mail-archive.com for these but didn't turn up anything. Subject: pass on the fun [random subjects] Body: This message has attach [random too] [random attachments but always ends in .htm] I didn't open it with IE but with a text editor. Starts with script language=JavaScriptcontractions = new Array(162, [whole bunch of numbers] ends with charters = 907; beetle = 243; var equal = ; for(bowl = 0; bowl charters; bowl++) equal = equal + String.fromCharCode(contractions[bowl] ^ preferential[bowl % beetle]); document.write(equal); /script Sniffer catches these under rule 62 (Experimental) but it's not enough to hold these. Any ideas? What does one see when they view this under IE? --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. Glenn Brooks WebWize, Inc. 713-688-4382 http://www.webwize.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Crazy Characters
Between the words are space like characters that aren't spaces. I can only view them using symbol or dingbat fonts and my email client can't even search for them in a folder of messages. I'm inclined to make a filter for them, but I don't know how Declude will react. Those are high bit (8-bit) characters. Versions of Declude JunkMail v1.70 and later will properly process those characters in filters (previous versions would not be able to handle them properly in filters). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Crazy Characters
Nice. From: R. Scott Perry [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Mon, 29 Mar 2004 20:10:52 -0500 To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Crazy Characters Between the words are space like characters that aren't spaces. I can only view them using symbol or dingbat fonts and my email client can't even search for them in a folder of messages. I'm inclined to make a filter for them, but I don't know how Declude will react. Those are high bit (8-bit) characters. Versions of Declude JunkMail v1.70 and later will properly process those characters in filters (previous versions would not be able to handle them properly in filters). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
