RE: [Declude.JunkMail] Stop one IP address
Title: Message This is one of your customers saying they do not care. I would boot them for abusing your servers or at least charge them for the headaches. If they continue you will end up on black lists for continually sending to non existent email addresses. Youmay think that because the emails are not being sent from your server that you will not be bleck listed but there are lists out there that will black list you because the NDRs are being delivered to your server. We are on ATT and had a customer doing just this. We told them to stop or we would terminate there service, we did this after ATT theratened to terminate our service after they received complaints to their abuse address. The source of the email was not our server but they used an email on our server for the NDRs. Kevin Bilbee -Original Message-From: Goran Jovanovic [mailto:[EMAIL PROTECTED]On Behalf Of Goran JovanovicSent: Monday, September 27, 2004 11:31 AMTo: [EMAIL PROTECTED]Subject: RE: [Declude.JunkMail] Stop one IP address Andrew, According to the IMail manual you can only put e-mail addresses into the KILL.LST file. It does not say anything about IPs. I have told them that they need to clean up their lists but they say that it is too much trouble and they don't care. Matt - do you have the name of that product that collects NDRs and cleans the list? Thanx Goran From: [EMAIL PROTECTED] on behalf of Colbeck, AndrewSent: Mon 9/27/2004 1:56 PMTo: '[EMAIL PROTECTED]'Subject: RE: [Declude.JunkMail] Stop one IP address You can hide the problem by going into your IMail configuration under SMTP, then the SMTP Security tab and adding the IP address to the IMail Kill File. When IMail sees aconnection from that IP, it drops it, without returning an error to the sender, and without logging the action in your sysMMDD.txt file. I say that this is hiding the problem, because it doesn't address the problem directly, and you won't have any idea how many times they're retrying. Because the connection is just dropped, they should try again, and will. Whether that is more of an impact than "swallowing them" like you're doing now is up to you! Another sneaky way of dropping the traffic is to disallow routing entirely, right there on your server. route add -p 1.1.1.1 mask 255.255.255.255 127.0.0.1 replace the 1.1.1.1 with the address of the bad host. Andrew 8) -Original Message-From: Goran Jovanovic [mailto:[EMAIL PROTECTED] Sent: Monday, September 27, 2004 9:59 AMTo: [EMAIL PROTECTED]Subject: [Declude.JunkMail] Stop one IP address Hi, From what I can see the imail kill.lst works on the MAIL FROM recipient. I am looking for a way to specifically disallow one IP address. The reason I need to do the IP is because the sender is NULL. The messages are bounce backs from an e-mail campaign of one of the domains that I forward (you know all the messages email address is no longer valid etc etc). This domain uses a service somewhere out there and gives them a list. Unfortunately they do not clean or verify the list at all so a lot of bouncebacks. They will do a broadcast to 25-30 thousand and I will see a 2000 to 3000 incoming e-mail spike in an hour or 2. As a temporary measure I have whitelisted the IP so that I do not spend as much processing time but I would really like to kill the connection as it comes in so I so not have to process much of it. Any other thoughts on what I can do? Thanx Goran Jovanovic The LAN Shoppe attachment: winmail.dat
RE: [Declude.JunkMail] Stop one IP address
Title: Message You can hide the problem by going into your IMail configuration under SMTP, then the SMTP Security tab and adding the IP address to the IMail Kill File. When IMail sees aconnection from that IP, it drops it, without returning an error to the sender, and without logging the action in your sysMMDD.txt file. I say that this is hiding the problem, because it doesn't address the problem directly, and you won't have any idea how many times they're retrying. Because the connection is just dropped, they should try again, and will. Whether that is more of an impact than "swallowing them" like you're doing now is up to you! Another sneaky way of dropping the traffic is to disallow routing entirely, right there on your server. route add -p 1.1.1.1 mask 255.255.255.255 127.0.0.1 replace the 1.1.1.1 with the address of the bad host. Andrew 8) -Original Message-From: Goran Jovanovic [mailto:[EMAIL PROTECTED] Sent: Monday, September 27, 2004 9:59 AMTo: [EMAIL PROTECTED]Subject: [Declude.JunkMail] Stop one IP address Hi, From what I can see the imail kill.lst works on the MAIL FROM recipient. I am looking for a way to specifically disallow one IP address. The reason I need to do the IP is because the sender is NULL. The messages are bounce backs from an e-mail campaign of one of the domains that I forward (you know all the messages email address is no longer valid etc etc). This domain uses a service somewhere out there and gives them a list. Unfortunately they do not clean or verify the list at all so a lot of bouncebacks. They will do a broadcast to 25-30 thousand and I will see a 2000 to 3000 incoming e-mail spike in an hour or 2. As a temporary measure I have whitelisted the IP so that I do not spend as much processing time but I would really like to kill the connection as it comes in so I so not have to process much of it. Any other thoughts on what I can do? Thanx Goran Jovanovic The LAN Shoppe attachment: image001.gif
RE: [Declude.JunkMail] Stop one IP address
Andrew, According to the IMail manual you can only put e-mail addresses into the KILL.LST file. It does not say anything about IPs. I have told them that they need to clean up their lists but they say that it is too much trouble and they don't care. Matt - do you have the name of that product that collects NDRs and cleans the list? Thanx Goran From: [EMAIL PROTECTED] on behalf of Colbeck, Andrew Sent: Mon 9/27/2004 1:56 PM To: '[EMAIL PROTECTED]' Subject: RE: [Declude.JunkMail] Stop one IP address You can hide the problem by going into your IMail configuration under SMTP, then the SMTP Security tab and adding the IP address to the IMail Kill File. When IMail sees a connection from that IP, it drops it, without returning an error to the sender, and without logging the action in your sysMMDD.txt file. I say that this is hiding the problem, because it doesn't address the problem directly, and you won't have any idea how many times they're retrying. Because the connection is just dropped, they should try again, and will. Whether that is more of an impact than swallowing them like you're doing now is up to you! Another sneaky way of dropping the traffic is to disallow routing entirely, right there on your server. route add -p 1.1.1.1 mask 255.255.255.255 127.0.0.1 replace the 1.1.1.1 with the address of the bad host. Andrew 8) -Original Message- From: Goran Jovanovic [mailto:[EMAIL PROTECTED] Sent: Monday, September 27, 2004 9:59 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Stop one IP address Hi, From what I can see the imail kill.lst works on the MAIL FROM recipient. I am looking for a way to specifically disallow one IP address. The reason I need to do the IP is because the sender is NULL. The messages are bounce backs from an e-mail campaign of one of the domains that I forward (you know all the messages email address is no longer valid etc etc). This domain uses a service somewhere out there and gives them a list. Unfortunately they do not clean or verify the list at all so a lot of bouncebacks. They will do a broadcast to 25-30 thousand and I will see a 2000 to 3000 incoming e-mail spike in an hour or 2. As a temporary measure I have whitelisted the IP so that I do not spend as much processing time but I would really like to kill the connection as it comes in so I so not have to process much of it. Any other thoughts on what I can do? Thanx Goran Jovanovic The LAN Shoppe winmail.dat
[Declude.JunkMail] Declude 1.80
Anyone else notice that Declude 1.80 Release is out? And if my eyes don't deceive me it appears there is a 43 page manual for Declude Junkmail and a 34 page manual for Declude Virus! Release notes (http://www.declude.com/relnotes.htm) page isn't updated yet though. Andy Ognenoff Online Systems Administrator - Cousins Submarines, Inc. http://www.cousinssubs.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Declude 1.80
Looks to me like they have finally locked up the executables and you will need an account to access such things in the future (i.e. service agreement). There is a link on the home page to get the new download. Looks to me like it's pretty much the same app, just packaged differently and limited in access. I'm very thankful that they have maintained a wizzard-less install and configs. I will however wait for someone else to install the new version just in case :) In the mean time, I'll start building my wishlist for new functionality now that this milestone has been hit :)) Just kidding of course. Matt Kevin Bilbee wrote: The release notes say 1.79 9beta) the manual states 1.80 There is no link in the new manual to the default.cfg or the 1.80 executable. I would guess this postig of the manual is premature??? Kevin Bilbee -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Andy Ognenoff Sent: Monday, September 27, 2004 12:20 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Declude 1.80 Anyone else notice that Declude 1.80 Release is out? And if my eyes don't deceive me it appears there is a 43 page manual for Declude Junkmail and a 34 page manual for Declude Virus! Release notes (http://www.declude.com/relnotes.htm) page isn't updated yet though. Andy Ognenoff Online Systems Administrator - Cousins Submarines, Inc. http://www.cousinssubs.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =
Re: [Declude.JunkMail] Declude 1.80
Looks to me like they have finally locked up the executables and you will need an account to access such things in the future (i.e. service agreement). There is a link on the home page to get the new download. Correct. The new owners wisely felt that this would be a good idea, as it will help ensure that we have contact information for our current customers (which is useful for cases such as when we receive abuse complaints regarding our customers, or if there is a serious problem they need to be aware of), and will help ensure that people are licensed properly (quite a few people truly *thought* that they had a valid Service Agreement, and would have gladly purchased one if they had realized they did not, and were unaware that they were violating our licensing agreement by running a version they were not entitled to). Looks to me like it's pretty much the same app, just packaged differently and limited in access. Correct. It's pretty much the same 1.80 release that people would have expected in the past (lots of changes since the last release, but few changes since the last interim), except with an install program and .pdf/.doc documentation files. I'm very thankful that they have maintained a wizzard-less install and configs. :) There should also be a .ZIP file that people can download (if it is not yet available) with just the files that are needed, for people who don't want to run the install program. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Stop one IP address
Title: Message Whups, yeah, what John said. Andrew 8) -Original Message-From: John Tolmachoff (Lists) [mailto:[EMAIL PROTECTED] Sent: Monday, September 27, 2004 11:40 AMTo: [EMAIL PROTECTED]Subject: RE: [Declude.JunkMail] Stop one IP address Andrew and Goran, IPs are added to the Control access list only accessible through the IMAIL admin GUI. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message-From: Goran Jovanovic [mailto:[EMAIL PROTECTED] On Behalf Of Goran JovanovicSent: Monday, September 27, 2004 11:31 AMTo: [EMAIL PROTECTED]Subject: RE: [Declude.JunkMail] Stop one IP address Andrew, According to the IMail manual you can only put e-mail addresses into the KILL.LST file. It does not say anything about IPs. I have told them that they need to clean up their lists but they say that it is too much trouble and they don't care. Matt - do you have the name of that product that collects NDRs and cleans the list? Thanx Goran From: [EMAIL PROTECTED] on behalf of Colbeck, AndrewSent: Mon 9/27/2004 1:56 PMTo: '[EMAIL PROTECTED]'Subject: RE: [Declude.JunkMail] Stop one IP address You can hide the problem by going into your IMail configuration under SMTP, then the SMTP Security tab and adding the IP address to the IMail Kill File. When IMail sees aconnection from that IP, it drops it, without returning an error to the sender, and without logging the action in your sysMMDD.txt file. I say that this is hiding the problem, because it doesn't address the problem directly, and you won't have any idea how many times they're retrying. Because the connection is just dropped, they should try again, and will. Whether that is more of an impact than "swallowing them" like you're doing now is up to you! Another sneaky way of dropping the traffic is to disallow routing entirely, right there on your server. route add -p 1.1.1.1 mask 255.255.255.255 127.0.0.1 replace the 1.1.1.1 with the address of the bad host. Andrew 8) -Original Message-From: Goran Jovanovic [mailto:[EMAIL PROTECTED] Sent: Monday, September 27, 2004 9:59 AMTo: [EMAIL PROTECTED]Subject: [Declude.JunkMail] Stop one IP address Hi, From what I can see the imail kill.lst works on the MAIL FROM recipient. I am looking for a way to specifically disallow one IP address. The reason I need to do the IP is because the sender is NULL. The messages are bounce backs from an e-mail campaign of one of the domains that I forward (you know all the messages email address is no longer valid etc etc). This domain uses a service somewhere out there and gives them a list. Unfortunately they do not clean or verify the list at all so a lot of bouncebacks. They will do a broadcast to 25-30 thousand and I will see a 2000 to 3000 incoming e-mail spike in an hour or 2. As a temporary measure I have whitelisted the IP so that I do not spend as much processing time but I would really like to kill the connection as it comes in so I so not have to process much of it. Any other thoughts on what I can do? Thanx Goran Jovanovic The LAN Shoppe attachment: image001.gif
Re: [Declude.JunkMail] Declude 1.80
Scott, Also from the doc's it appears as if the bounce action has changed back to bounce from bounceonlyifyoumust. Is this correct or an error in the doc's? Darrell Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, MRTG Integration, and Log Parsers. R. Scott Perry writes: Looks to me like they have finally locked up the executables and you will need an account to access such things in the future (i.e. service agreement). There is a link on the home page to get the new download. Correct. The new owners wisely felt that this would be a good idea, as it will help ensure that we have contact information for our current customers (which is useful for cases such as when we receive abuse complaints regarding our customers, or if there is a serious problem they need to be aware of), and will help ensure that people are licensed properly (quite a few people truly *thought* that they had a valid Service Agreement, and would have gladly purchased one if they had realized they did not, and were unaware that they were violating our licensing agreement by running a version they were not entitled to). Looks to me like it's pretty much the same app, just packaged differently and limited in access. Correct. It's pretty much the same 1.80 release that people would have expected in the past (lots of changes since the last release, but few changes since the last interim), except with an install program and .pdf/.doc documentation files. I'm very thankful that they have maintained a wizzard-less install and configs. :) There should also be a .ZIP file that people can download (if it is not yet available) with just the files that are needed, for people who don't want to run the install program. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Stop one IP address
Title: Message I did not think that if I was simply the MX record for the domain that I would get blacklisted. I thought that it would be the broadcast e-mail service provider. The flood of NDRs certainly puts a strain on our server and while it seems that I was able to keep up with it today I am told that this list is going to grow from the 20-30 thousand e-mails that are on it today to over 200,000 e-mails. This list is something that people sign up for but there is no verification of their e-mail address so they can type in anything they want (or make a legitimate typo). I think I am going to have a stronger word with them about this and tell them that they must clean up their act. Thanx to all for the info Goran Jovanovic The LAN Shoppe From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kevin Bilbee Sent: Monday, September 27, 2004 2:52 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Stop one IP address This is one of your customers saying they do not care. I would boot them for abusing your servers or at least charge them for the headaches. If they continue you will end up on black lists for continually sending to non existent email addresses. Youmay think that because the emails are not being sent from your server that you will not be bleck listed but there are lists out there that will black list you because the NDRs are being delivered to your server. We are on ATT and had a customer doing just this. We told them to stop or we would terminate there service, we did this after ATT theratened to terminate our service after they received complaints to their abuse address. The source of the email was not our server but they used an email on our server for the NDRs. Kevin Bilbee -Original Message- From: Goran Jovanovic [mailto:[EMAIL PROTECTED]On Behalf Of Goran Jovanovic Sent: Monday, September 27, 2004 11:31 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Stop one IP address Andrew, According to the IMail manual you can only put e-mail addresses into the KILL.LST file. It does not say anything about IPs. I have told them that they need to clean up their lists but they say that it is too much trouble and they don't care. Matt - do you have the name of that product that collects NDRs and cleans the list? Thanx Goran From: [EMAIL PROTECTED] on behalf of Colbeck, Andrew Sent: Mon 9/27/2004 1:56 PM To: '[EMAIL PROTECTED]' Subject: RE: [Declude.JunkMail] Stop one IP address You can hide the problem by going into your IMail configuration under SMTP, then the SMTP Security tab and adding the IP address to the IMail Kill File. When IMail sees aconnection from that IP, it drops it, without returning an error to the sender, and without logging the action in your sysMMDD.txt file. I say that this is hiding the problem, because it doesn't address the problem directly, and you won't have any idea how many times they're retrying. Because the connection is just dropped, they should try again, and will. Whether that is more of an impact than swallowing them like you're doing now is up to you! Another sneaky way of dropping the traffic is to disallow routing entirely, right there on your server. route add -p 1.1.1.1 mask 255.255.255.255 127.0.0.1 replace the 1.1.1.1 with the address of the bad host. Andrew 8) -Original Message- From: Goran Jovanovic [mailto:[EMAIL PROTECTED] Sent: Monday, September 27, 2004 9:59 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Stop one IP address Hi, From what I can see the imail kill.lst works on the MAIL FROM recipient. I am looking for a way to specifically disallow one IP address. The reason I need to do the IP is because the sender is NULL. The messages are bounce backs from an e-mail campaign of one of the domains that I forward (you know all the messages email address is no longer valid etc etc). This domain uses a service somewhere out there and gives them a list. Unfortunately they do not clean or verify the list at all so a lot of bouncebacks. They will do a broadcast to 25-30 thousand and I will see a 2000 to 3000 incoming e-mail spike in an hour or 2. As a temporary measure I have whitelisted the IP so that I do not spend as much processing time but I would really like to kill the connection as it comes in so I so not have to process much of it. Any other thoughts on what I can do? Thanx Goran Jovanovic The LAN Shoppe
RE: [Declude.JunkMail] Stop one IP address
Title: Message I would also put that list OFF of the Imail server. Maybe a IIS server or something. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Goran Jovanovic Sent: Monday, September 27, 2004 4:10 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Stop one IP address I did not think that if I was simply the MX record for the domain that I would get blacklisted. I thought that it would be the broadcast e-mail service provider. The flood of NDRs certainly puts a strain on our server and while it seems that I was able to keep up with it today I am told that this list is going to grow from the 20-30 thousand e-mails that are on it today to over 200,000 e-mails. This list is something that people sign up for but there is no verification of their e-mail address so they can type in anything they want (or make a legitimate typo). I think I am going to have a stronger word with them about this and tell them that they must clean up their act. Thanx to all for the info Goran Jovanovic The LAN Shoppe From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kevin Bilbee Sent: Monday, September 27, 2004 2:52 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Stop one IP address This is one of your customers saying they do not care. I would boot them for abusing your servers or at least charge them for the headaches. If they continue you will end up on black lists for continually sending to non existent email addresses. Youmay think that because the emails are not being sent from your server that you will not be bleck listed but there are lists out there that will black list you because the NDRs are being delivered to your server. We are on ATT and had a customer doing just this. We told them to stop or we would terminate there service, we did this after ATT theratened to terminate our service after they received complaints to their abuse address. The source of the email was not our server but they used an email on our server for the NDRs. Kevin Bilbee -Original Message- From: Goran Jovanovic [mailto:[EMAIL PROTECTED]On Behalf Of Goran Jovanovic Sent: Monday, September 27, 2004 11:31 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Stop one IP address Andrew, According to the IMail manual you can only put e-mail addresses into the KILL.LST file. It does not say anything about IPs. I have told them that they need to clean up their lists but they say that it is too much trouble and they don't care. Matt - do you have the name of that product that collects NDRs and cleans the list? Thanx Goran From: [EMAIL PROTECTED] on behalf of Colbeck, Andrew Sent: Mon 9/27/2004 1:56 PM To: '[EMAIL PROTECTED]' Subject: RE: [Declude.JunkMail] Stop one IP address You can hide the problem by going into your IMail configuration under SMTP, then the SMTP Security tab and adding the IP address to the IMail Kill File. When IMail sees aconnection from that IP, it drops it, without returning an error to the sender, and without logging the action in your sysMMDD.txt file. I say that this is hiding the problem, because it doesn't address the problem directly, and you won't have any idea how many times they're retrying. Because the connection is just dropped, they should try again, and will. Whether that is more of an impact than swallowing them like you're doing now is up to you! Another sneaky way of dropping the traffic is to disallow routing entirely, right there on your server. route add -p 1.1.1.1 mask 255.255.255.255 127.0.0.1 replace the 1.1.1.1 with the address of the bad host. Andrew 8) -Original Message- From: Goran Jovanovic [mailto:[EMAIL PROTECTED] Sent: Monday, September 27, 2004 9:59 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Stop one IP address Hi, From what I can see the imail kill.lst works on the MAIL FROM recipient. I am looking for a way to specifically disallow one IP address. The reason I need to do the IP is because the sender is NULL. The messages are bounce backs from an e-mail campaign of one of the domains that I forward (you know all the messages email address is no longer valid etc etc). This domain uses a service somewhere out there and gives them a list. Unfortunately they do not clean or verify the list at all so a lot of bouncebacks. They will do a broadcast to 25-30 thousand and I will see a 2000 to 3000 incoming e-mail spike in an hour or 2. As a temporary measure I have whitelisted the IP so that I do not spend as much processing time but I would really like to kill the connection as it comes in so I so not have to process much of it. Any other thoughts on what I can do? Thanx
[Declude.JunkMail] domainwhitelists flag
Does the DOMAINWHITELISTS flag override the WHITELISTFILE entry that you can list in the per domain config file and is it required? Does it require the whitelist file to be named whitelist.txt? We have been running 1.79 for awhile, but noticed it in the Release notes, but been using WHITELISTFILE for a long time. Thanks for the aid. Per Release Notes: DOMAINWHITELISTS ON option, to allow for per-domain whitelist files at \IMail\Declude\example.com\whitelist.txt. Keith winmail.dat
RE: [Declude.JunkMail] Stop one IP address
Title: Message John, I have nothing to do with the list. I do not even know where it is. They supply the list to the e-mail broadcaster and then I learn about it as my server hits a wall from the NDRs coming in. Goran Jovanovic The LAN Shoppe 2345 Yonge Street, Suite 302 Toronto, Ontario M4P 2E5 Phone: (416) 440-1167 x-2113 Cell: (416) 931-0688 E-Mail: [EMAIL PROTECTED] From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Monday, September 27, 2004 7:23 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Stop one IP address I would also put that list OFF of the Imail server. Maybe a IIS server or something. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Goran Jovanovic Sent: Monday, September 27, 2004 4:10 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Stop one IP address I did not think that if I was simply the MX record for the domain that I would get blacklisted. I thought that it would be the broadcast e-mail service provider. The flood of NDRs certainly puts a strain on our server and while it seems that I was able to keep up with it today I am told that this list is going to grow from the 20-30 thousand e-mails that are on it today to over 200,000 e-mails. This list is something that people sign up for but there is no verification of their e-mail address so they can type in anything they want (or make a legitimate typo). I think I am going to have a stronger word with them about this and tell them that they must clean up their act. Thanx to all for the info Goran Jovanovic The LAN Shoppe From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kevin Bilbee Sent: Monday, September 27, 2004 2:52 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Stop one IP address This is one of your customers saying they do not care. I would boot them for abusing your servers or at least charge them for the headaches. If they continue you will end up on black lists for continually sending to non existent email addresses. Youmay think that because the emails are not being sent from your server that you will not be bleck listed but there are lists out there that will black list you because the NDRs are being delivered to your server. We are on ATT and had a customer doing just this. We told them to stop or we would terminate there service, we did this after ATT theratened to terminate our service after they received complaints to their abuse address. The source of the email was not our server but they used an email on our server for the NDRs. Kevin Bilbee -Original Message- From: Goran Jovanovic [mailto:[EMAIL PROTECTED]On Behalf Of Goran Jovanovic Sent: Monday, September 27, 2004 11:31 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Stop one IP address Andrew, According to the IMail manual you can only put e-mail addresses into the KILL.LST file. It does not say anything about IPs. I have told them that they need to clean up their lists but they say that it is too much trouble and they don't care. Matt - do you have the name of that product that collects NDRs and cleans the list? Thanx Goran From: [EMAIL PROTECTED] on behalf of Colbeck, Andrew Sent: Mon 9/27/2004 1:56 PM To: '[EMAIL PROTECTED]' Subject: RE: [Declude.JunkMail] Stop one IP address You can hide the problem by going into your IMail configuration under SMTP, then the SMTP Security tab and adding the IP address to the IMail Kill File. When IMail sees aconnection from that IP, it drops it, without returning an error to the sender, and without logging the action in your sysMMDD.txt file. I say that this is hiding the problem, because it doesn't address the problem directly, and you won't have any idea how many times they're retrying. Because the connection is just dropped, they should try again, and will. Whether that is more of an impact than swallowing them like you're doing now is up to you! Another sneaky way of dropping the traffic is to disallow routing entirely, right there on your server. route add -p 1.1.1.1 mask 255.255.255.255 127.0.0.1 replace the 1.1.1.1 with the address of the bad host. Andrew 8) -Original Message- From: Goran Jovanovic [mailto:[EMAIL PROTECTED] Sent: Monday, September 27, 2004 9:59 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Stop one IP address Hi, From what I can see the imail kill.lst works on the MAIL FROM recipient. I am looking for a way to specifically disallow one IP address. The reason I need to do the IP is because the sender is NULL. The messages are bounce backs from an e-mail campaign of one of the domains that
Re: [Declude.JunkMail] domainwhitelists flag
Does the DOMAINWHITELISTS flag override the WHITELISTFILE entry that you can list in the per domain config file and is it required? They are separate options, so you can use both, neither, or just one. Does it require the whitelist file to be named whitelist.txt? Yes (otherwise, Declude JunkMail won't know to look for the file). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Stop one IP address
SPEWS is exactly the type of list that would take the MX server and blacklist them as well. SPEWS is influential as far as some other minor lists go so there could also be a chance of it spreading. If I were this client, I would be more concerned about my domain blacklisted, and possibly never being able to get off such lists. I can't think of a good reason why a list would all of a sudden go from 20,000 addresses to 200,000 addresses unless they were harvesting/buying addresses from some source, paired with the fact that they don't care about cleaning their list suggests to me that they also have little regard for the recipients and the administrators that have to deal with this stuff, including Goran who's server gets pounded by this stuff. In other words, it sounds like what might be considered to be spam. Here's my take on people like this and why I don't want their business. The vast majority of people don't want anything to do with spamming, yet this small minority of people, many of whom care very little for others or put profits above everything else, have created a situation where spam outnumbers ham by 6 times. So instead of looking the other way at some seemingly minor infractions, you must consider what would happen if every list out there had a 15% NDR rate with no attempt to clean, and an interest in growing to 10 times the size through some likely questionable means. If you don't draw the line there, where do you draw it? I don't claim to be perfect, but I'm quite sick of self-centered/greedy people making decisions that benefit themselves at the expense of others. Matt Kevin Bilbee wrote: Message There are lists that will list a server for not having a double-op-in system. With out this you can not control who signs up and it the address is valid as you already know. And yes you can be listed for hosting the server that receives the NDR records. Maybe someone else can chime in and give an example of an RBL that lists server that host the NDR and list for not having a double-opt-in system. I understand that you are not hosting the mail list but you may be supporting a spammer. If your client is not getting these email address in a reputable way or getting a list from a third party that could mean trouble for you and your mail system. You may not be able to block the NDRs based on ip address. I the mail is delivered to a gateway that does not have the intelligence to authenticate the email address then the NDR is going to come from that server not the sending server. Kevin Bilbee -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Goran Jovanovic Sent: Monday, September 27, 2004 4:10 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Stop one IP address I did not think that if I was simply the MX record for the domain that I would get blacklisted. I thought that it would be the broadcast e-mail service provider. The flood of NDRs certainly puts a strain on our server and while it seems that I was able to keep up with it today I am told that this list is going to grow from the 20-30 thousand e-mails that are on it today to over 200,000 e-mails. This list is something that people sign up for but there is no verification of their e-mail address so they can type in anything they want (or make a legitimate typo). I think I am going to have a stronger word with them about this and tell them that they must clean up their act. Thanx to all for the info Goran Jovanovic The LAN Shoppe From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Kevin Bilbee Sent: Monday, September 27, 2004 2:52 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Stop one IP address This is one of your customers saying they do not care. I would boot them for abusing your servers or at least charge them for the headaches. If they continue you will end up on black lists for continually sending to non existent email addresses. Youmay think that because the emails are not being sent from your server that you will not be bleck listed but there are lists out there that will black list you because the NDRs are being delivered to your server. We are on ATT and had a customer doing just this. We told them to stop or we would terminate there service, we did this after ATT theratened to terminate our service after they received complaints to their abuse address. The source of the email was not our server but they used an email on our server for the NDRs. Kevin Bilbee -Original Message- From: Goran Jovanovic [mailto:[EMAIL PROTECTED]]On Behalf Of Goran Jovanovic Sent: Monday, September 27, 2004 11:31 AM To: [EMAIL
Re: [Declude.JunkMail] Stop one IP address
Title: Message Goran- I learned years ago that if you are connected in any way with a spammer, you will be forever labelled as a spammer yourself. This includes hosting the website or mail exchanger for any domain that is accused of spamming, regardless of whether they use your server to deliver the spam. You need to fire this customer. His practices and his attitude will cost you far more in the long run than you can ever hope to recover in revenues from him. As soon as you try to reclaim your support costs, he will move on to another unsuspecting provider. -Dave - Original Message - From: Goran Jovanovic To: [EMAIL PROTECTED] Sent: Monday, September 27, 2004 7:43 PM Subject: RE: [Declude.JunkMail] Stop one IP address John, I have nothing to do with the list. I do not even know where it is. They supply the list to the e-mail broadcaster and then I learn about it as my server hits a wall from the NDRs coming in. Goran Jovanovic The LAN Shoppe 2345 Yonge Street, Suite 302 Toronto, Ontario M4P 2E5 Phone: (416) 440-1167 x-2113 Cell: (416) 931-0688 E-Mail: [EMAIL PROTECTED] From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists)Sent: Monday, September 27, 2004 7:23 PMTo: [EMAIL PROTECTED]Subject: RE: [Declude.JunkMail] Stop one IP address I would also put that list OFF of the Imail server. Maybe a IIS server or something. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Goran JovanovicSent: Monday, September 27, 2004 4:10 PMTo: [EMAIL PROTECTED]Subject: RE: [Declude.JunkMail] Stop one IP address I did not think that if I was simply the MX record for the domain that I would get blacklisted. I thought that it would be the broadcast e-mail service provider. The flood of NDRs certainly puts a strain on our server and while it seems that I was able to keep up with it today I am told that this list is going to grow from the 20-30 thousand e-mails that are on it today to over 200,000 e-mails. This list is something that people sign up for but there is no verification of their e-mail address so they can type in anything they want (or make a legitimate typo). I think I am going to have a stronger word with them about this and tell them that they must clean up their act. Thanx to all for the info Goran Jovanovic The LAN Shoppe From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kevin BilbeeSent: Monday, September 27, 2004 2:52 PMTo: [EMAIL PROTECTED]Subject: RE: [Declude.JunkMail] Stop one IP address This is one of your customers saying they do not care. I would boot them for abusing your servers or at least charge them for the headaches. If they continue you will end up on black lists for continually sending to non existent email addresses. Youmay think that because the emails are not being sent from your server that you will not be bleck listed but there are lists out there that will black list you because the NDRs are being delivered to your server. We are on ATT and had a customer doing just this. We told them to stop or we would terminate there service, we did this after ATT theratened to terminate our service after they received complaints to their abuse address. The source of the email was not our server but they used an email on our server for the NDRs. Kevin Bilbee -Original Message-From: Goran Jovanovic [mailto:[EMAIL PROTECTED]On Behalf Of Goran JovanovicSent: Monday, September 27, 2004 11:31 AMTo: [EMAIL PROTECTED]Subject: RE: [Declude.JunkMail] Stop one IP address Andrew, According to the IMail manual you can only put e-mail addresses into the KILL.LST file. It does not say anything about IPs. I have told them that they need to clean up their lists but they say that it is too much trouble and they don't care. Matt - do you have the name of that product that collects NDRs and cleans the list? Thanx Goran From: [EMAIL PROTECTED] on behalf of Colbeck, AndrewSent: Mon 9/27/2004 1:56 PMTo: '[EMAIL PROTECTED]'Subject: RE: [Declude.JunkMail] Stop one IP address You can hide the problem by going into your IMail configuration under SMTP, then the SMTP Security tab and adding the IP address to the IMail Kill File. When IMail sees aconnection from that IP, it drops it, without returning an
