Re: [Declude.JunkMail] Calling an Executable - evaluating in multiple tests
SNIFFER external nonzero sniffer.exe authcode 1 0 SNIFFER-SCAMS external 053 sniffer.exe authcode 2 0 SNIFFER-PORN external 054 sniffer.exe authcode 2 0 SNIFFER-MALWARE external 055 sniffer.exe authcode 3 0 SNIFFER-OBFUSC external 062 sniffer.exe authcode 2 0 Actually, this should work fine. Declude JunkMail checks to see that the command line is the same (the sniffer.exe authcode, which is the same in all the above lines), and if so, it only runs the test if it has not yet been run (or if it has, it uses the exit code from when it was run). Declude JunkMail then handles the weights. So in this case, if Message Sniffer returned an exit code of anything except 0, the SNIFFER test would be triggered. If it returned 53, both the SNIFFER test and the SNIFFER-SCAMS test would be triggered. It should work in the same way as having multiple ip4r tests, one of which looks for * and others which look for specific return IPs. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. This outgoing message is guaranteed to be authentic by Message Level users. Guarantee the authenticity of your email @ http://www.messagelevel.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] IMail export users/aliases - IMGate?
I posted this to the IMGate list last week to a similar request: I use this batch file on my Imail server to create the file, then ftp it over to my IMGate box, scheduled once per hour. It requires unxutils. Start syncIMGate.bat--- rem Make sure we're in the right directory. m: cd \Imail\ScheduledTasks rem Run ImailUsers.exe to create the list of recips. ImailUsers.exe rem Use sed to put the OK at the end of each line sed s/$/ OK/ imailusers.txt relay_recipients_unsorted.txt rem Sort the list sort relay_recipients_unsorted.txt relay_recipients_sorted.txt rem Make sure there are no duplicates uniq -i relay_recipients_sorted.txt relay_recipients.map rem FTP the file over to IMGate using the separate rem script file syncIMGate.txt for the ftp commands ftp -s:syncIMGate.txt rem Remove the temporary files del relay_recipients_unsorted.txt del relay_recipients_sorted.txt exit End syncIMGate.bat--- The following is the ftp command script to send the file to IMGate. Replace USERNAME with the appropriate username and PASSWORD with the pw. Replace imgate.yourdomain.net with your IMGate host name or IP. Start syncIMGate.txt--- open imgate.yourdomain.net USERNAME PASSWORD cd /etc/postfix lcd M:\Imail\ScheduledTasks put relay_recipients.map quit End syncIMGate.txt--- Then just add a line like: 05 */1 * * * rootpostmap /etc/postfix/*.map to your crontab to run postmap once per hour (I have it scheduled for 5 minutes after the Imail job). HTH -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave Doherty Sent: Saturday, January 08, 2005 1:49 AM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] IMail export users/aliases - IMGate? Thanks, Sandy. -d - Original Message - From: Sanford Whiteman [EMAIL PROTECTED] To: Dave Doherty Declude.JunkMail@declude.com Sent: Saturday, January 08, 2005 1:43 AM Subject: Re: [Declude.JunkMail] IMail export users/aliases - IMGate? I'm looking for a way to export IMail users and aliases to an IMGate cache server so the IMGate can throw 550 errors on bad addresses. All help appreciated... There's a utility to do so provided by an IMGate user. Poke around their site and mailing list and you'll turn it up. --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.mailmage.com/products/software/freeutils/SPAMC32/download/release / Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.mailmage.com/products/software/freeutils/exchange2aliases/downloa d/release/ http://www.mailmage.com/products/software/freeutils/ldap2aliases/download/re lease/ --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] IMail export users/aliases - IMGate?
Thanks Dan! This will be my first experience with FreeBSD (or any *nix, for that matter), so it should be a real adventure. -d - Original Message - From: Dan Horne [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Monday, January 10, 2005 8:18 AM Subject: RE: [Declude.JunkMail] IMail export users/aliases - IMGate? I posted this to the IMGate list last week to a similar request: I use this batch file on my Imail server to create the file, then ftp it over to my IMGate box, scheduled once per hour. It requires unxutils. Start syncIMGate.bat--- rem Make sure we're in the right directory. m: cd \Imail\ScheduledTasks rem Run ImailUsers.exe to create the list of recips. ImailUsers.exe rem Use sed to put the OK at the end of each line sed s/$/ OK/ imailusers.txt relay_recipients_unsorted.txt rem Sort the list sort relay_recipients_unsorted.txt relay_recipients_sorted.txt rem Make sure there are no duplicates uniq -i relay_recipients_sorted.txt relay_recipients.map rem FTP the file over to IMGate using the separate rem script file syncIMGate.txt for the ftp commands ftp -s:syncIMGate.txt rem Remove the temporary files del relay_recipients_unsorted.txt del relay_recipients_sorted.txt exit End syncIMGate.bat--- The following is the ftp command script to send the file to IMGate. Replace USERNAME with the appropriate username and PASSWORD with the pw. Replace imgate.yourdomain.net with your IMGate host name or IP. Start syncIMGate.txt--- open imgate.yourdomain.net USERNAME PASSWORD cd /etc/postfix lcd M:\Imail\ScheduledTasks put relay_recipients.map quit End syncIMGate.txt--- Then just add a line like: 05 */1 * * * root postmap /etc/postfix/*.map to your crontab to run postmap once per hour (I have it scheduled for 5 minutes after the Imail job). HTH -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave Doherty Sent: Saturday, January 08, 2005 1:49 AM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] IMail export users/aliases - IMGate? Thanks, Sandy. -d - Original Message - From: Sanford Whiteman [EMAIL PROTECTED] To: Dave Doherty Declude.JunkMail@declude.com Sent: Saturday, January 08, 2005 1:43 AM Subject: Re: [Declude.JunkMail] IMail export users/aliases - IMGate? I'm looking for a way to export IMail users and aliases to an IMGate cache server so the IMGate can throw 550 errors on bad addresses. All help appreciated... There's a utility to do so provided by an IMGate user. Poke around their site and mailing list and you'll turn it up. --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.mailmage.com/products/software/freeutils/SPAMC32/download/release / Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.mailmage.com/products/software/freeutils/exchange2aliases/downloa d/release/ http://www.mailmage.com/products/software/freeutils/ldap2aliases/download/re lease/ --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Calling an Executable - evaluating in multiple tests
FWIW, we use the Sniffer tests in this way. We assign 2/3 our hold weight to SNIFFER nonzero, then if it also fails the porn, scams, malware tests it gets the other third. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Monday, January 10, 2005 7:17 AM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] Calling an Executable - evaluating in multiple tests SNIFFER external nonzero sniffer.exe authcode 1 0 SNIFFER-SCAMS external 053 sniffer.exe authcode 2 0 SNIFFER-PORN external 054 sniffer.exe authcode 2 0 SNIFFER-MALWARE external 055 sniffer.exe authcode 3 0 SNIFFER-OBFUSC external 062 sniffer.exe authcode 2 0 Actually, this should work fine. Declude JunkMail checks to see that the command line is the same (the sniffer.exe authcode, which is the same in all the above lines), and if so, it only runs the test if it has not yet been run (or if it has, it uses the exit code from when it was run). Declude JunkMail then handles the weights. So in this case, if Message Sniffer returned an exit code of anything except 0, the SNIFFER test would be triggered. If it returned 53, both the SNIFFER test and the SNIFFER-SCAMS test would be triggered. It should work in the same way as having multiple ip4r tests, one of which looks for * and others which look for specific return IPs. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. This outgoing message is guaranteed to be authentic by Message Level users. Guarantee the authenticity of your email @ http://www.messagelevel.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Calling an Executable - evaluating in multiple tests
Thanks everyone who responded on and off-list. Yes, log files, headers - everything indicates that Declude functions as designed. Since I was un-categorically told that this was as mis-configuration and subject to Delude's error handling, I felt I better double-check my knowledge how Declude was designed to work. Sorry for the false alarm. Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan Horne Sent: Monday, January 10, 2005 11:45 AM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] Calling an Executable - evaluating in multiple tests FWIW, we use the Sniffer tests in this way. We assign 2/3 our hold weight to SNIFFER nonzero, then if it also fails the porn, scams, malware tests it gets the other third. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] High smtp traffic
Anyone else can see an abnormal high smtp traffic this minutes? I haven't identified completely but something strnage is going one here. Lot of NDR's Markus --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] High smtp traffic
On Monday, January 10, 2005, 12:10:32 PM, Markus wrote: MG Anyone else can see an abnormal high smtp traffic this minutes? MG I haven't identified completely but something strnage is going one here. Lot MG of NDR's We have been seeing what I would classify as a severe spam storm today starting at about 0100 EST. 553 new rules so far today (and it is early). This might be related. _M --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] High smtp traffic
Nothing unusual here at the moment. -d - Original Message - From: Markus Gufler [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Monday, January 10, 2005 12:10 PM Subject: [Declude.JunkMail] High smtp traffic Anyone else can see an abnormal high smtp traffic this minutes? I haven't identified completely but something strnage is going one here. Lot of NDR's Markus --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] High smtp traffic
Anyone else can see an abnormal high smtp traffic this minutes? I haven't identified completely but something strnage is going one here. Lot of NDR's False alarm. Just another genius sending around promotional messages to 500 recipients all listed in the to-field. Certain other MTA's (I believe non correctly configured POP-Connectors) seems to resend this messages to all other recipients. For some reason this will happen not once but mutliple times so each recipient is receiving the same message several hundred times. Last but not least this promotional message has a 450 kByte attachment. Congratulaions! Solution? Haven't found anything else then addign the sender address to the imail kill file. Markus --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Spam Ratios, specifically: Sniffer and SURBL
Title: Message Hi Matt, Well, statistics are a tricky thing. When you had posted on the Sniffer or Declude lists over the weekendthat I should provide more specific numbers, I had no yet understood how you calculated your "percent of SPAM". The key is always how one defines 100%. Now that I read your post on the Sniffer list, I realize what number you are looking for. You call it "percent of SPAM", I call it "percent of HELD messages" (which, in reality,is only a subset of all Spam.) Total Messages Processed: 13,077Messages That FailedANY Test(s): 11,323 (86.59%) Total Messages DELETE, HOLD, BOUNCE, ROUTETO:7,737 (59.16%) Average Message Weight: 22.00 (Hold weight is 10) Note: Before anyone jumps down my throat for the low "hold" ratio, we simply whitelist a lot of internal mail based on SMTP AUTH and based on clients' static IPs. Of those 7,737 spam messages: INV-URIBL...7,737...59.16%IPNOTINMX...7,620...58.27%SNIFFER.7,396...56.56% - or 95% of the messages that were "held" (which, matches your "capture" rate of 95 - 96% exactly!) Note: As stated in my original post, Iran additional reports to break out the unique hits by SURBL vs. Sniffer, vs. the combined hits. From that I concluded that SURBL is NOT an irrelevantsubset of Sniffer - but rather there is about an 80 - 90% overlap. On both ends there are messages that one flags - but not the other. Thus my previous statement that by using both together I'm able to "tag" about 10 - 20% more messages than what each one individually would have tagged (tapping into the 40.84% of non-held messages). NOLEGITCONTENT..7,215...55.17%SPAMCOP.4,611...35.26%XBL-DYNA4,228...32.33%SORBS...4,221...32.28%DSBLSINGLE..3,686...28.19%REVDNS..2,967...22.69%WEIGHTFILTER2,841...21.73%SORBS-DUHL..2,436...18.63%HELOBOGUS...2,277...17.41%SENDERDB-BLOCK..2,095...16.02%SPAMROUTING.1,977...15.12%NJABLDYNA...1,958...14.97%DYNAMIC-IP..1,486...11.36%SPAMHEADERS.1,442...11.03%AHBL1,424...10.89%BLITZEDALL..1,359...10.39%NJABLPROXIES1,342...10.26%BCC41,313...10.04%SORBS-WEB...1,0267.85%BCC6..9277.09%BADHEADERS9267.08%AHBLPROXIES...9237.06%SBL...9187.02%SPAMDOMAINS...8346.38%SURBL-FROM7986.10%OPEN-RELAY7335.61%SORBS-HTTP7045.38%SNIFFER-PORN..6985.34%BCC8..6685.11%SORBS-SOCKS...6254.78%AHBLSOURCES...4913.75%RHSBL.3772.88%AHBLDOMAINS...2932.24%SPFFAIL...2762.11%SPFPASS...2351.80%BASE641871.43%MAILFROM..1821.39%NJABLDUL..1791.37%SENDERDB-SUSP.1451.11%SNIFFER-SCAMS.1110.85%FORMMAIL...850.65%NJABLSOURCES...710.54%SORBS-BADCONF..550.42%COMMENTS...410.31%SORBS-MISC.410.31%SNIFFER-MALWARE380.29%MULTI-RELAY330.25%DSBLMULTI..330.25%WEB-O-TRUST260.20%SORBS-ZOMBIE...230.18%SORBS-SMTP.230.18%MAILPOLICE-PORN220.17%SNIFFER-OBFUSC.150.11%ORDB...100.08%RDNSBL..50.04%NJABLRELAYS.50.04%HIL.40.03% Best RegardsAndy SchmidtHM Systems Software, Inc.600 East Crescent Avenue, Suite 203Upper Saddle River, NJ 07458-1846Phone: +1 201 934-3414 x20 (Business)Fax: +1 201 934-9206http://www.HM-Software.com/ -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of MattSent: Monday, January 10, 2005 11:35 AMTo: sniffer@SortMonster.comSubject: Re: [sniffer] Still having problemsI just wanted to add some stats that I thought might be of some use here. I gathered info on my block rates over the past three days and compared my Sniffer hits to them. There has been no measurable change to my system with an average of 96% of spam getting tagged by Sniffer. I'm at least not seeing any issues. FRIDAY==Blocked: 89.45% of Total Message VolumeSniffer: 85.74% of Total Message Volume-Sniffer Capture Rate on Spam: 95.85%SATURDAY==Blocked: 96.57% of Total Message VolumeSniffer: 92.55% of Total Message Volume-Sniffer Capture Rate on Spam:
RE: [Declude.JunkMail] High smtp traffic
There is definately something happening. Currently we are seeing a mailing which boasts of 400 million mails being sent promoting some penny stock with the symbol is CSYT, company name Communications Synergi Technology. I found out the hard way, because they are using my personal address as 'Reply-To', and I have received more than 2000 NDRs. They are being relatively clever by forging a Received From line, complete with our server name and IP. The only thing they've got wrong is the time stamp. We see actual senders from all over the world, pretty well all cable or dsl connections, so I guess it is a zombie storm. I am trying to figure some way of grabbing all the NDRs and then send each one 10 times to the company's CEO, CFO, etc. Apparently it is working; the stock is up 30% today. Erik -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Markus Gufler Sent: Monday, January 10, 2005 09:11 To: Declude.JunkMail@declude.com Subject: [Declude.JunkMail] High smtp traffic Anyone else can see an abnormal high smtp traffic this minutes? I haven't identified completely but something strnage is going one here. Lot of NDR's Markus --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] High smtp traffic
We can do a simple bounce message to his address using BOUNCEONLYIF.. We are bombarded by them also but they are all getting caught as spam.. Kami -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tandem Group Sent: Monday, January 10, 2005 2:11 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] High smtp traffic There is definately something happening. Currently we are seeing a mailing which boasts of 400 million mails being sent promoting some penny stock with the symbol is CSYT, company name Communications Synergi Technology. I found out the hard way, because they are using my personal address as 'Reply-To', and I have received more than 2000 NDRs. They are being relatively clever by forging a Received From line, complete with our server name and IP. The only thing they've got wrong is the time stamp. We see actual senders from all over the world, pretty well all cable or dsl connections, so I guess it is a zombie storm. I am trying to figure some way of grabbing all the NDRs and then send each one 10 times to the company's CEO, CFO, etc. Apparently it is working; the stock is up 30% today. Erik -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Markus Gufler Sent: Monday, January 10, 2005 09:11 To: Declude.JunkMail@declude.com Subject: [Declude.JunkMail] High smtp traffic Anyone else can see an abnormal high smtp traffic this minutes? I haven't identified completely but something strnage is going one here. Lot of NDR's Markus --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] High smtp traffic
We are catching the original messages as spam, but only a small percentage of the NDRs are being caught. They all come from legit mailservers, and since there is no URL in the meesage, even if it is attached Declude won't necessarily penalize it enough. The BOUNCEONLYIF won't work as the NDRs would attempt to go back to the zombies, and I doubt that they can even receive mail. My evil thought was to penalize the company itself by letting them have a few copies of each of my NDRs. :-) Erik -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Kami Razvan Sent: Monday, January 10, 2005 11:23 To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] High smtp traffic We can do a simple bounce message to his address using BOUNCEONLYIF.. We are bombarded by them also but they are all getting caught as spam.. Kami -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tandem Group Sent: Monday, January 10, 2005 2:11 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] High smtp traffic There is definately something happening. Currently we are seeing a mailing which boasts of 400 million mails being sent promoting some penny stock with the symbol is CSYT, company name Communications Synergi Technology. I found out the hard way, because they are using my personal address as 'Reply-To', and I have received more than 2000 NDRs. They are being relatively clever by forging a Received From line, complete with our server name and IP. The only thing they've got wrong is the time stamp. We see actual senders from all over the world, pretty well all cable or dsl connections, so I guess it is a zombie storm. I am trying to figure some way of grabbing all the NDRs and then send each one 10 times to the company's CEO, CFO, etc. Apparently it is working; the stock is up 30% today. Erik -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Markus Gufler Sent: Monday, January 10, 2005 09:11 To: Declude.JunkMail@declude.com Subject: [Declude.JunkMail] High smtp traffic Anyone else can see an abnormal high smtp traffic this minutes? I haven't identified completely but something strnage is going one here. Lot of NDR's Markus --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] invURIBL (SURBL URI Query) Important Notice On Beta 4
After working with Andy we found that a DLL was missing out of our beta 4 package. If you downloaded invURIBL for the first time as Beta 4 you may be missing a DLL that was not included in that specific package. This DLL is used for additional mime decoding. I would recommend that everyone who downloaded Beta 4 please do so again as the package has been corrected to include the DLL. - http://www.invariantsystems.com/invuribl/default.htm We also recommend if you are using invURIBL that you please join the list serve for the application to stay informed on its status ([EMAIL PROTECTED]). Again, I am sorry for the inconvenience. Darrell Andy Schmidt writes: Hi Phil: A) I just corrected a bug in the setup of invURIBL (which is used to test again SURBL). I don't know yet what the impact is - but I BELIEVE that bug had caused more messages to be tagged than should have. Thus, the results were skewed, but I won't know until tomorrow by what degree. Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, MRTG Integration, and Log Parsers. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Old email accounts
Is there a way to keep email that is sent to old non-existant email accounts on my server from being processed by Declude. I have noticed that a lot of the spam in spamreview is to email addresses that are no longer there.. Richard Farris Ethixs Online 1.270.247. Office 1.800.548.3877 Tech Support Crossroads to a Cleaner Internet --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Forwarding and Hosting on IMail vs. SmarterMail
Hi all, I would like to get some opinions from the group. In my testing/experimenting with Declude JunkMail Pro and Virus Pro (2 scanners running) under IMail 8.1x I found that: 1 - With a volume of 20,000 messages per day which half were hosted and half were forwarded the IMail server's SMTP service would become unresponsive and users who were using the IMail box to send outbound would get timeouts. Also the Web Interface bogged down and response was bad. This created customer complaints. This is bad. 2 - If I split the above 20,000 messages onto two servers one scanning/forwarding and one hosting then I did not see the slowdowns and customers did not complain. So my question is the following: Is there enough knowledge out there yet that if I was to put everything back on one server but use SmarterMail instead of IMail with the same Declude package would I be suffering the same performance problems? I have heard more than once that IMail's Web Interface is a big pig on CPU resources. Any thoughts on this? Thanx Goran Jovanovic The LAN Shoppe --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Old email accounts
Is there a way to keep email that is sent to old non-existant email accounts on my server from being processed by Declude. I have noticed that a lot of the spam in spamreview is to email addresses that are no longer there.. If you have IMail reject those E-mails, Declude won't scan them. Otherwise, Declude will scan them. Note, however, that you may see E-mail addresses that do not exist (that IMail did not accept the E-mail for), if there was at least one valid recipient. In that case, IMail will process the E-mail, and have all the bogus recipients listed in the SMTP envelope. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. This outgoing message is guaranteed to be authentic by Message Level users. Guarantee the authenticity of your email @ http://www.messagelevel.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Forwarding and Hosting on IMail vs. SmarterMail
Goran, I have no experience with SmarterMail, but I would generally suggest that doing your antispam content filtering on a box with which your end users have direct experience is bad. In other words, I would suggest always having a gateway configuration, with your mailboxes on an internal server. Andrew 8) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Goran Jovanovic Sent: Monday, January 10, 2005 5:59 PM To: Declude.JunkMail@declude.com Subject: [Declude.JunkMail] Forwarding and Hosting on IMail vs. SmarterMail Hi all, I would like to get some opinions from the group. In my testing/experimenting with Declude JunkMail Pro and Virus Pro (2 scanners running) under IMail 8.1x I found that: 1 - With a volume of 20,000 messages per day which half were hosted and half were forwarded the IMail server's SMTP service would become unresponsive and users who were using the IMail box to send outbound would get timeouts. Also the Web Interface bogged down and response was bad. This created customer complaints. This is bad. 2 - If I split the above 20,000 messages onto two servers one scanning/forwarding and one hosting then I did not see the slowdowns and customers did not complain. So my question is the following: Is there enough knowledge out there yet that if I was to put everything back on one server but use SmarterMail instead of IMail with the same Declude package would I be suffering the same performance problems? I have heard more than once that IMail's Web Interface is a big pig on CPU resources. Any thoughts on this? Thanx Goran Jovanovic The LAN Shoppe --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] AVG antivirus
I just noticed that my new AVG 7.0 caused some mail that I sent out to be caught in the spam filter because it looked like it originated from a different IPhas anyone else seen AVG do this and how do you deactivate AVG causing this? Richard Farris Ethixs Online 1.270.247. Office 1.800.548.3877 Tech Support Crossroads to a Cleaner Internet --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Forwarding and Hosting on IMail vs. SmarterMail
Goran Jovanovic wrote: So my question is the following: Is there enough knowledge out there yet that if I was to put everything back on one server but use SmarterMail instead of IMail with the same Declude package would I be suffering the same performance problems? I have heard more than once that IMail's Web Interface is a big pig on CPU resources. Any thoughts on this? IMail's Web server is so challenged that I consider it to be a security vulnerability (seriously). Most of my business is gatewayed E-mail now, but I have about 500 hosted accounts and I tell everyone that I can that the Web interface is not meant to be a primary means of access, and that it is unsupported. It's quite sad that I can't support the Web interface. I also have the IMAP service turned off because of long standing issues that seem to affect a great number of people with a decent number of IMAP users. I'm watching intently myself for what other's experiences are with SmarterMail, and I trust that Declude will work hard to iron out the issues that exist in the migration to this new platform. I have little doubt that any mail server worth it's weight would be able to handle a message volume of 20,000 per day, and I would want to see 20 times that amount on a suitable server in fact, but aside from that, I am thinking that the determining factor would revolve around very specific capabilities that I have either come to rely upon, or would further benefit from. For instance, having SmarterMail be able to do address validation for gatewayed domains would be very nice, sub-mailbox functionality is something that would be hard to function without, supporting the SMTP Submission Port 587 would be very nice to see, and there are other such things, some of which might not hit me until the 11th hour that could be deal makers or deal breakers. I'm eagerly awaiting the results and feedback of others, though I'm not technically in a rush to make the leap. Matt -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] external program with quotes....
I'm writing my own external program to compare domain names. I need to pass the %REVDNS% parameter with quotes around it due to possible spaces in it. Is this possible? Will this work? MR-MATCHING external 11 "D:\IMail\Declude\FPFilters\vbs\FRDNS.exe PATH=d:\IMail\declude\FPFilters LOG=HIGH CW=%WEIGHT% SW=440 REVDNS=""%REVDNS%"" FROM=%MAILFROM%" 0 0
Re: [Declude.JunkMail] Forwarding and Hosting on IMail vs. SmarterMail
On Mon, 10 Jan 2005 21:29:25 -0500, Matt wrote: I'm watching intently myself for what other's experiences are with SmarterMail, and I trust that Declude will work hard to iron out the issues that exist in the migration to this new platform. I We just moved to Smartermail. I did the migration late Thursday. Took maybe 30-45 minutes. We don't have a huge userbase. 35 domains, 300 users and do maybe 5-6000 mails a day. We never had any performance problems with Imail. Mainly switched due to the recent flak about the new release and minor issues that have just never been addressed. I was anticipating a lot of calls after the switch but I think I had 3 phone calls Friday - mainly people who needed to turn on SMTP authentication or had some other odd configuration issue. Biggest issue now is spam. Need my Declude! :) There are some things missing, but there are also a lot of small neat features that make you say 'what a neat idea'... Jim --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Forwarding and Hosting on IMail vs. SmarterMail
There are some things missing, but there are also a lot of small neat features that make you say 'what a neat idea'... Could you elaborate on what is missing and what is neat? Kevin Bilbee --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] external program with quotes....
Title: Message Reverse dns should never have spaces in it. -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Scott FisherSent: Monday, January 10, 2005 7:22 PMTo: Declude.JunkMail@declude.comSubject: [Declude.JunkMail] external program with quotes I'm writing my own external program to compare domain names. I need to pass the %REVDNS% parameter with quotes around it due to possible spaces in it. Is this possible? Will this work? MR-MATCHING external 11 "D:\IMail\Declude\FPFilters\vbs\FRDNS.exe PATH=d:\IMail\declude\FPFilters LOG=HIGH CW=%WEIGHT% SW=440 REVDNS=""%REVDNS%"" FROM=%MAILFROM%" 0 0
