RE: [Declude.JunkMail] Message not scanned
Actually, not until after I sent the second time. It seems that there was a much bigger problem. For some reason, Hijack had decided after several months that now my incoming postfix gateway was trying to relay through our server and was therefore holding SOME BUT NOT ALL incoming email. I was one of those affected, so I wasn't getting any mail. I didn't see my first post or your response (the answer, btw, is no such errors in my event log), so I thought it didn't go and resent. I still don't know why Hijack decided to flag my gateway and hold its messages (ALL messages in HOLD2 were verified to be destined for local users). I still don't know why it only held SOME messages (around 2500 messages were held out of a total volume of around 10,000 that went through the gateway yesterday). I still don't know why these messages were delivered without being scanned by Declude (unless that is a feature of Hijack, that it runs before AV or JM and doesn't rescan re-queued email; and if so it should be changed to at least run after AV). I have added an ALLOWIP for my gateway, since I don't want to turn Hijack off. BTW, I worked with Ralph Krausse at Declude and with Eric Shanbrom at Ipswitch and both were extremely helpful in diagnosing this problem. Thank you both very much. Dan Horne -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Wednesday, June 01, 2005 2:53 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] Message not scanned Did you not see my response to your earlier post? John T eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Dan Horne Sent: Wednesday, June 01, 2005 10:53 AM To: Declude.JunkMail@declude.com Subject: [Declude.JunkMail] Message not scanned I have received a couple of messages in the last two days in my inbox that were NOT scanned by Declude. I thought the headers below were strange, since they seem to have MIME segments in them. However, another message in my inbox that was spam (below my hold weight) also has similar MIME segments, but was scanned by Declude, evidenced by the Declude headers. The Declude headers are not present (I add several headers with Declude) in the email below. The line X-Virus-Scanned: amavisd-new 2.3.0 (20050424) at taisweb.net was added by my gateway postfix box that scans messages with clamav. When searching the Declude logs, the queue number 9F3B01A60A71 does not appear. Neither does a07e06888a82, though I wouldn't expect it to as that is the forward message, which should appear after Declude scans. Version info: Imail v8.2 HF2, Declude Junkmail Pro/Virus Standard/Hijack v2.0.6.10. For reference, I have attached a file with the headers of the other spam message I mentioned, so you can see what kind of headers I add that are missing below. IMAIL LOG SMTPD (9f3b01a60a71) [172.20.5.2] connect 68.118.154.7 port 60324 SMTPD (9f3b01a60a71) [68.118.154.7] EHLO mx2.rmslink.net SMTPD (9f3b01a60a71) [68.118.154.7] MAIL FROM:[EMAIL PROTECTED] SMTPD (9f3b01a60a71) [68.118.154.7] RCPT TO:[EMAIL PROTECTED] SMTPD (9f3b01a60a71) [x] looking up taisweb.net in HOSTS SMTPD (9f3b01a60a71) [68.118.154.7] DATA SMTPD (9f3b01a60a71) [68.118.154.7] S:\imail\spool\D9f3b01a60a71.SMD 4808 SMTP () Info - Adding Queue file S:\imail\spool\Q9F3B01A60A71.SMD SMTP (9f3b01a60a71) processing S:\imail\spool\Q9F3B01A60A71.SMD SMTP (9f3b01a60a71) ldeliver mail.taisweb.net copyall-main (1) [EMAIL PROTECTED] 4808 SMTP (9f3b01a60a71) forwarded message to [EMAIL PROTECTED] using new file: a07e06888a82 SMTP (9f3b01a60a71) finished S:\imail\spool\Q9F3B01A60A71.SMD status=1 HEADERS-- Microsoft Mail Internet Headers Version 2.0 Received: from mail.taisweb.net ([68.118.153.2]) by ex1.wilcoxent.net with Microsoft SMTPSVC(6.0.3790.211); Wed, 1 Jun 2005 07:48:14 -0400 Received: from SMTP32-FWD by mail.taisweb.net (SMTP32) id A9F3B01A60A71; Wed, 1 Jun 2005 07:48:14 Received: from mx2.rmslink.net [68.118.154.7] by mail.taisweb.net with ESMTP (SMTPD-8.20) id AF3C0298; Wed, 01 Jun 2005 07:42:52 -0400 Received: from localhost (localhost [127.0.0.1]) by mx2.rmslink.net (Postfix) with ESMTP id 2F58139863 for [EMAIL PROTECTED]; Wed, 1 Jun 2005 07:20:47 -0400 (EDT) Received: from gatesalbert.com (81-202-101-107.user.ono.com [81.202.101.107]) by mx2.rmslink.net (Postfix) with SMTP id 46D5B39845 for [EMAIL PROTECTED]; Wed, 1 Jun 2005 07:20:40 -0400 (EDT) From: Feli Ridgeway [EMAIL PROTECTED] To: Napier Kincaid [EMAIL PROTECTED] Subject: Re: Really Works GGood Date: Wed, 1 Jun 2005 06:42:20 -0500 MIME-Version: 1.0 Content-Type: multipart/alternative;
Re: [Declude.JunkMail] Message not scanned
Hi Dan, Here are some thoughts - I still don't know why Hijack decided to flag my gateway and hold its messages (ALL messages in HOLD2 were verified to be destined for local users). Hijack cares about the senders - not the recipients I do believe I still don't know why it only held SOME messages (around 2500 messages were held out of a total volume of around 10,000 that went through the gateway yesterday). What do hijack the logs say? [They may explain just what happened. If not run on high so next time more info may be avail] Were all the held mail prefaced with the gateway ip? [Just to be sure they all came from the gateway] Do you have the line in hijack.cfg "ALLOWIP gateway ip ? ["An ALLOWIP line will let an IP address send unlimited E-mail"] Best, -Nick I still don't know why these messages were delivered without being scanned by Declude (unless that is a "feature" of Hijack, that it runs before AV or JM and doesn't rescan re-queued email; and if so it should be changed to at least run after AV). I have added an ALLOWIP for my gateway, since I don't want to turn Hijack off. BTW, I worked with Ralph Krausse at Declude and with Eric Shanbrom at Ipswitch and both were extremely helpful in diagnosing this problem. Thank you both very much. Dan Horne -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of John Tolmachoff (Lists) Sent: Wednesday, June 01, 2005 2:53 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] Message not scanned Did you not see my response to your earlier post? John T eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED]] On Behalf Of Dan Horne Sent: Wednesday, June 01, 2005 10:53 AM To: Declude.JunkMail@declude.com Subject: [Declude.JunkMail] Message not scanned I have received a couple of messages in the last two days in my inbox that were NOT scanned by Declude. I thought the headers below were strange, since they seem to have MIME segments in them. However, another message in my inbox that was spam (below my hold weight) also has similar MIME segments, but was scanned by Declude, evidenced by the Declude headers. The Declude headers are not present (I add several headers with Declude) in the email below. The line "X-Virus-Scanned: amavisd-new 2.3.0 (20050424) at taisweb.net" was added by my gateway postfix box that scans messages with clamav. When searching the Declude logs, the queue number 9F3B01A60A71 does not appear. Neither does a07e06888a82, though I wouldn't expect it to as that is the forward message, which should appear after Declude scans. Version info: Imail v8.2 HF2, Declude Junkmail Pro/Virus Standard/Hijack v2.0.6.10. For reference, I have attached a file with the headers of the other spam message I mentioned, so you can see what kind of headers I add that are missing below. IMAIL LOG SMTPD (9f3b01a60a71) [172.20.5.2] connect 68.118.154.7 port 60324 SMTPD (9f3b01a60a71) [68.118.154.7] EHLO mx2.rmslink.net SMTPD (9f3b01a60a71) [68.118.154.7] MAIL FROM:[EMAIL PROTECTED] SMTPD (9f3b01a60a71) [68.118.154.7] RCPT TO:[EMAIL PROTECTED] SMTPD (9f3b01a60a71) [x] looking up taisweb.net in HOSTS SMTPD (9f3b01a60a71) [68.118.154.7] DATA SMTPD (9f3b01a60a71) [68.118.154.7] S:\imail\spool\D9f3b01a60a71.SMD 4808 SMTP () Info - Adding Queue file S:\imail\spool\Q9F3B01A60A71.SMD SMTP (9f3b01a60a71) processing S:\imail\spool\Q9F3B01A60A71.SMD SMTP (9f3b01a60a71) ldeliver mail.taisweb.net copyall-main (1) [EMAIL PROTECTED] 4808 SMTP (9f3b01a60a71) forwarded message to [EMAIL PROTECTED] using new file: a07e06888a82 SMTP (9f3b01a60a71) finished S:\imail\spool\Q9F3B01A60A71.SMD status=1 HEADERS-- Microsoft Mail Internet Headers Version 2.0 Received: from mail.taisweb.net ([68.118.153.2]) by ex1.wilcoxent.net with Microsoft SMTPSVC(6.0.3790.211); Wed, 1 Jun 2005 07:48:14 -0400 Received: from SMTP32-FWD by mail.taisweb.net (SMTP32) id A9F3B01A60A71; Wed, 1 Jun 2005 07:48:14 Received: from mx2.rmslink.net [68.118.154.7] by mail.taisweb.net with ESMTP (SMTPD-8.20) id AF3C0298; Wed, 01 Jun 2005 07:42:52 -0400 Received: from localhost (localhost [127.0.0.1]) by mx2.rmslink.net (Postfix) with ESMTP id 2F58139863 for [EMAIL PROTECTED]; Wed, 1 Jun 2005 07:20:47 -0400 (EDT) Received: from gatesalbert.com (81-202-101-107.user.ono.com [81.202.101.107]) by mx2.rmslink.net (Postfix) with SMTP id 46D5B39845 for [EMAIL PROTECTED]; Wed, 1 Jun 2005 07:20:40 -0400 (EDT) From: "Feli Ridgeway" [EMAIL PROTECTED] To: "Napier Kincaid" [EMAIL PROTECTED] Subject: Re: Really Works GGood Date: Wed, 1 Jun 2005 06:42:20 -0500 MIME-Version: 1.0 Content-Type: multipart/alternative;
[Declude.JunkMail] ANOTHER message Declude didn't delete.
Anyone? Anyone? Buehler? Received: from server.tl4s.com [147.202.39.144] by mail.prudentialrand.com with ESMTP (SMTPD32-8.05) id A8F42960114; Thu, 02 Jun 2005 09:26:12 -0400 Received: from [212.35.74.41] (port=2257 helo=comp) by server.tl4s.com with esmtpa (Exim 4.50) id 1DdpeJ-000128-TP; Thu, 02 Jun 2005 08:22:17 -0500 From: eBay [EMAIL PROTECTED] Subject: [SPAM]**eBay Summary Confirmation** To: [EMAIL PROTECTED] Content-Type: text/plain;iso-8859-1 Reply-To: [EMAIL PROTECTED] Date: Thu, 2 Jun 2005 16:22:22 +0300 X-Priority: 3 X-Library: Indy 8.0.25 X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - server.tl4s.com X-AntiAbuse: Original Domain - prudentialrand.com X-AntiAbuse: Originator/Caller UID/GID - [0 0] / [47 12] X-AntiAbuse: Sender Address Domain - ebay.com X-Source: X-Source-Args: X-Source-Dir: Message-Id: [EMAIL PROTECTED] X-RBL-Warning: SORBS-SPAM: Spam Received See: http://www.dnsbl.sorbs.net/lookup.shtml?147.202.39.144; X-RBL-Warning: SPAMCOP: Blocked - see http://www.spamcop.net/bl.shtml?147.202.39.144; X-RBL-Warning: NOABUSE: Not supporting [EMAIL PROTECTED] X-RBL-Warning: SPAMHEADERS: This E-mail has headers consistent with spam [420f]. X-RBL-Warning: SNIFFER: Message failed SNIFFER: 53. X-RBL-Warning: SUBJECTFILTER: Message failed SUBJECTFILTER test (line 156, weight 0) X-RBL-Warning: WEIGHT10: Weight of 45 reaches or exceeds the limit of 10. X-RBL-Warning: WEIGHT25: Weight of 45 reaches or exceeds the limit of 25. X-RBL-Warning: WEIGHT40: Weight of 45 reaches or exceeds the limit of 40. X-Declude-Sender: [EMAIL PROTECTED] [147.202.39.144] X-Declude-Spoolname: D08f4029601143e0e.SMD X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. X-Spam-Tests-Failed: SORBS-SPAM, SPAMCOP, NOABUSE, IPNOTINMX, NOLEGITCONTENT, SPAMHEADERS, SNIFFER, SUBJECTFILTER, WEIGHT10, WEIGHT15, WEIGHT20, WEIGHT25, WEIGHT30, WEIGHT40, CATCHALLMAILS [45] X-Country-Chain: X-Note: This E-mail was sent from ns1.tl4s.com ([147.202.39.144]). Marc Catuogno MIS Director Prudential Rand Realty Office: 845-770-1279 Cell: 914-906-1126 --- [This E-mail scanned for viruses by Declude Virus] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] ANOTHER message Declude didn't delete.
Check your log files to see what config file is being used. I had a similar problem because I updated $default$.junkmail but failed to update all of the per domain / per user .junkmail files, my own in particular! Regards, Brad Morgan IT Manager Horizon Interactive Inc. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Copyto
I am trying to use copyto and copy all mail sent or received from user. I am receiving all mail to the user but nothing from. This is what I have in my filter file. MAILFROM 0 IS [EMAIL PROTECTED] ALLRECIPS 0 CONTAINS [EMAIL PROTECTED] Kyle
RE: [Declude.JunkMail] ANOTHER message Declude didn't delete.
THANK YOU~ there was one person who had the weight 30 'blank' in their .junkmail file so it skipped the test. Marc -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brad Morgan Sent: Thursday, June 02, 2005 11:04 AM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] ANOTHER message Declude didn't delete. Check your log files to see what config file is being used. I had a similar problem because I updated $default$.junkmail but failed to update all of the per domain / per user .junkmail files, my own in particular! Regards, Brad Morgan IT Manager Horizon Interactive Inc. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Message not scanned
"Hijack cares about the senders - not the recipients I do believe" Yes, but Hijack should be OUTGOING only. These emails were obviously incoming. What do hijack the logs say? 06/01/2005 08:53:13 QAFB901A60E85 [EMAIL PROTECTED] is not local.06/01/2005 08:53:13 QAFB901A60E85 Outgoing from 68.118.154.7: threshold 2 reached; SPAM: HOLDING PERMANENTLY That is a sample of one of the held emails (loglevel high). It clearly says [EMAIL PROTECTED] is not local, but that address is set up as an alias on our server (It forwards to AOL). The domain burnsandco.com is local and it contains an address of pattinelson. Another: 06/01/2005 08:58:05 QB0DC01820EDC [EMAIL PROTECTED] is not local.06/01/2005 08:58:05 QB0DC01820EDC Outgoing from 68.118.154.7: threshold 2 reached; SPAM: HOLDING PERMANENTLY Again, this one clearly states that [EMAIL PROTECTED] is not local but the address is set up on our server. This one is not an alias and is not forwarded anywhere. The log shows between those two entries (among many other "is not local" entries) that several messages coming in from the gateway ARE in fact treated as local:06/01/2005 08:56:50 QB09201A00EC7 Incoming from 68.118.154.7: OK. and 06/01/2005 08:56:53 QB09501980ECB Incoming from 68.118.154.7: OK. Were all the held mail prefaced with the gateway ip? Yes, every single one of nearly 5000.. Do you have the line in hijack.cfg "ALLOWIP gateway ip ? I do now, but I shouldn't need to. The problem is thatHijack somehow started incorrectly identifying local addresses. For example if I go back tothe previous day'slog and look I see that all emails coming from the gateway for local addresses are correctly identified as local addresses and get an OK line. 05/31/2005 16:27:38 QC8BA02143290 Incoming from 68.118.154.7: OK.05/31/2005 16:27:39 QC8BA020E3292 Incoming from 68.118.154.7: OK.05/31/2005 16:27:47 QC8C202223294 Incoming from 68.118.154.7: OK.05/31/2005 16:27:53 QC8C8021A3296 Incoming from 68.118.154.7: OK.05/31/2005 16:28:00 QC8D002143298 Incoming from 68.118.154.7: OK.05/31/2005 16:28:18 QC8E2020E329A Incoming from 68.118.154.7: OK.05/31/2005 16:28:27 QC8EB0222329C Incoming from 68.118.154.7: OK.05/31/2005 16:28:27 QC8EB021A329E Incoming from 68.118.154.7: OK.05/31/2005 16:28:48 QC900022232A3 Incoming from 68.118.154.7: OK.05/31/2005 16:28:50 QC902021A32A5 Incoming from 68.118.154.7: OK.05/31/2005 16:29:01 QC90D020E32A8 Incoming from 68.118.154.7: OK.05/31/2005 16:29:01 QC90D022232AA Incoming from 68.118.154.7: OK.05/31/2005 16:29:03 QC90F021A32AC Incoming from 68.118.154.7: OK.05/31/2005 16:29:04 QC910021432AE Incoming from 68.118.154.7: OK.05/31/2005 16:29:14 QC91A020E32B0 Incoming from 68.118.154.7: OK.05/31/2005 16:29:19 QC91F021A32B3 Incoming from 68.118.154.7: OK.05/31/2005 16:29:21 QC921021432B5 Incoming from 68.118.154.7: OK.05/31/2005 16:29:31 QC92B021A32B9 Incoming from 68.118.154.7: OK.05/31/2005 16:29:31 QC92B021432BB Incoming from 68.118.154.7: OK.05/31/2005 16:29:33 QC92C020E32BD Incoming from 68.118.154.7: OK. This particular problem did not start until yesterday and ended when I put in the ALLOWIP line. Looking through the entire log shows no incorrect identifications on that day. This happened suddenly and I don't know why (when last we spoke, neither did Declude). From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of NIck HayerSent: Thursday, June 02, 2005 8:51 AMTo: Declude.JunkMail@declude.comSubject: Re: [Declude.JunkMail] Message not scanned Hi Dan,Here are some thoughts - I still don't know why Hijack decided to flag my gateway and hold its messages (ALL messages in HOLD2 were verified to be destined for local users). Hijack cares about the senders - not the recipients I do believe I still don't know why it only held SOME messages (around 2500 messages were held out of a total volume of around 10,000 that went through the gateway yesterday).What do hijack the logs say? [They may explain just what happened. If not run on high so next time more info may be avail]Were all the held mail prefaced with the gateway ip? [Just to be sure they all came from the gateway]Do you have the line in hijack.cfg "ALLOWIP gateway ip ? ["An ALLOWIP line will let an IP address send unlimited E-mail"]Best,-Nick I still don't know why these messages were delivered without being scanned by Declude (unless that is a "feature" of Hijack, that it runs before AV or JM and doesn't rescan re-queued email; and if so it should be changed to at least run after AV). I have added an ALLOWIP for my gateway, since I don't want to turn Hijack off. BTW, I worked with Ralph Krausse at Declude and with Eric Shanbrom at Ipswitch and both were extremely helpful in diagnosing this problem. Thank you both very much. Dan Horne -Original Message-
[Declude.JunkMail] Problem with Whitelist
I am trying to figure out why this email transaction started off with the Last Action = "" then went to WHITELIST. My global.cfg has WHITELIST AUTH and AUTOWHITELIST, but I checked the Imail log and this person did not AUTH and the recipients are not in this persons webmail address book. Any ideas Kyle 06/02/2005 10:31:45 Q265E0149717D Subject: FW: Scripture for Thursday 06/02/2005 10:31:45 Q265E0149717D From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] IP: 198.216.117.200 ID: 06/02/2005 10:31:45 Q265E0149717D Tests failed [weight=-192]: CMDSPACE=WARN IPNOTINMX=IGNORE NOLEGITCONTENT=IGNORE IP-WHITELIST=IGNORE CATCHALLMAILS=IGNORE 06/02/2005 10:31:45 Q265E0149717D Action(s) taken for [EMAIL PROTECTED] = IGNORE WARN [LAST ACTION=""> 06/02/2005 10:31:45 Q265E0149717D L16 Message OK 06/02/2005 10:31:45 Q265E0149717D Subject: FW: Scripture for Thursday 06/02/2005 10:31:45 Q265E0149717D From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] IP: 198.216.117.200 ID: 06/02/2005 10:31:45 Q265E0149717D Tests failed [weight=-192]: CMDSPACE=WARN IPNOTINMX=IGNORE NOLEGITCONTENT=IGNORE IP-WHITELIST=IGNORE CATCHALLMAILS=IGNORE 06/02/2005 10:31:45 Q265E0149717D Action(s) taken for [EMAIL PROTECTED] = IGNORE WARN [LAST ACTION=""> 06/02/2005 10:31:45 Q265E0149717D L17 Message OK 06/02/2005 10:31:45 Q265E0149717D Subject: FW: Scripture for Thursday 06/02/2005 10:31:45 Q265E0149717D From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] IP: 198.216.117.200 ID: 06/02/2005 10:31:45 Q265E0149717D Tests failed [weight=-192]: CMDSPACE=WARN IPNOTINMX=IGNORE NOLEGITCONTENT=IGNORE IP-WHITELIST=IGNORE CATCHALLMAILS=IGNORE 06/02/2005 10:31:45 Q265E0149717D Action(s) taken for [EMAIL PROTECTED] = IGNORE WARN [LAST ACTION=""> 06/02/2005 10:31:45 Q265E0149717D L18 Message OK 06/02/2005 10:31:45 Q265E0149717D Subject: FW: Scripture for Thursday 06/02/2005 10:31:45 Q265E0149717D From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] IP: 198.216.117.200 ID: 06/02/2005 10:31:45 Q265E0149717D Tests failed [weight=-192]: CMDSPACE=WARN IPNOTINMX=IGNORE NOLEGITCONTENT=IGNORE IP-WHITELIST=IGNORE CATCHALLMAILS=IGNORE 06/02/2005 10:31:45 Q265E0149717D Action(s) taken for [EMAIL PROTECTED] = IGNORE WARN [LAST ACTION=""> 06/02/2005 10:31:45 Q265E0149717D Skipping4 E-mail from [EMAIL PROTECTED] ; whitelisted [EMAIL PROTECTED] ]. 06/02/2005 10:31:45 Q265E0149717D L19 Message OK 06/02/2005 10:31:45 Q265E0149717D Subject: FW: Scripture for Thursday 06/02/2005 10:31:45 Q265E0149717D From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] IP: 198.216.117.200 ID: 06/02/2005 10:31:45 Q265E0149717D Tests failed [weight=0]: CATCHALLMAILS=IGNORE 06/02/2005 10:31:45 Q265E0149717D Action(s) taken for [EMAIL PROTECTED] = WHITELISTED [LAST ACTION=""> 06/02/2005 10:31:45 Q265E0149717D L20 Message OK 06/02/2005 10:31:45 Q265E0149717D Subject: FW: Scripture for Thursday 06/02/2005 10:31:45 Q265E0149717D From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] IP: 198.216.117.200 ID: 06/02/2005 10:31:45 Q265E0149717D Tests failed [weight=0]: CATCHALLMAILS=IGNORE 06/02/2005 10:31:45 Q265E0149717D Action(s) taken for [EMAIL PROTECTED] = WHITELISTED [LAST ACTION=""> 06/02/2005 10:31:45
RE: [Declude.JunkMail] Copyto
What I found so far is that the user is using AUTH and I whitelist auth so if the whitelist run before my filter it probably wont work right? How could I get this to work? Kyle From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kyle Fisher Sent: Thursday, June 02, 2005 10:17 AM To: Declude.JunkMail@declude.com Subject: [Declude.JunkMail] Copyto I am trying to use copyto and copy all mail sent or received from user. I am receiving all mail to the user but nothing from. This is what I have in my filter file. MAILFROM 0 IS [EMAIL PROTECTED] ALLRECIPS 0 CONTAINS [EMAIL PROTECTED] Kyle
Re: [Declude.JunkMail] Copyto
Good point. Looks like you would have to turn off AUTH for the user, which may be undesirable for other reasons. I don't think you can run filters if AUTH is enabled. You might use an IMail rule instead. I think others have used that successfully to hide the copying from the user. Darin. - Original Message - From: Kyle Fisher To: Declude.JunkMail@declude.com Sent: Thursday, June 02, 2005 2:28 PM Subject: RE: [Declude.JunkMail] Copyto What I found so far is that the user is using AUTH and I whitelist auth so if the whitelist run before my filter it probably wont work right? How could I get this to work? Kyle From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kyle FisherSent: Thursday, June 02, 2005 10:17 AMTo: Declude.JunkMail@declude.comSubject: [Declude.JunkMail] Copyto I am trying to use copyto and copy all mail sent or received from user. I am receiving all mail to the user but nothing from. This is what I have in my filter file. MAILFROM 0 IS [EMAIL PROTECTED] ALLRECIPS 0 CONTAINS [EMAIL PROTECTED] Kyle
RE: [Declude.JunkMail] Copyto
Ok thanks. I am already using the copyall account for Imail for monitoring a different user, but there might be a way just to use rules to make it work. Ill try it. Thanks Kyle From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Thursday, June 02, 2005 2:02 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] Copyto Good point. Looks like you would have to turn off AUTH for the user, which may be undesirable for other reasons. I don't think you can run filters if AUTH is enabled. You might use an IMail rule instead. I think others have used that successfully to hide the copying from the user. Darin. - Original Message - From: Kyle Fisher To: Declude.JunkMail@declude.com Sent: Thursday, June 02, 2005 2:28 PM Subject: RE: [Declude.JunkMail] Copyto What I found so far is that the user is using AUTH and I whitelist auth so if the whitelist run before my filter it probably wont work right? How could I get this to work? Kyle From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kyle Fisher Sent: Thursday, June 02, 2005 10:17 AM To: Declude.JunkMail@declude.com Subject: [Declude.JunkMail] Copyto I am trying to use copyto and copy all mail sent or received from user. I am receiving all mail to the user but nothing from. This is what I have in my filter file. MAILFROM 0 IS [EMAIL PROTECTED] ALLRECIPS 0 CONTAINS [EMAIL PROTECTED] Kyle
Re: [Declude.JunkMail] Copyto
There was a discussion in the IMail list about a week or so ago about doing this. Ibelieve Eric Shanbrom chimed in at one point if that helps you find it in the archive. Domain rules may have been mentioned as well. Darin. - Original Message - From: Kyle Fisher To: Declude.JunkMail@declude.com Sent: Thursday, June 02, 2005 3:57 PM Subject: RE: [Declude.JunkMail] Copyto Ok thanks. I am already using the copyall account for Imail for monitoring a different user, but there might be a way just to use rules to make it work. Ill try it. Thanks Kyle From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin CoxSent: Thursday, June 02, 2005 2:02 PMTo: Declude.JunkMail@declude.comSubject: Re: [Declude.JunkMail] Copyto Good point. Looks like you would have to turn off AUTH for the user, which may be undesirable for other reasons. I don't think you can run filters if AUTH is enabled. You might use an IMail rule instead. I think others have used that successfully to hide the copying from the user. Darin. - Original Message - From: Kyle Fisher To: Declude.JunkMail@declude.com Sent: Thursday, June 02, 2005 2:28 PM Subject: RE: [Declude.JunkMail] Copyto What I found so far is that the user is using AUTH and I whitelist auth so if the whitelist run before my filter it probably wont work right? How could I get this to work? Kyle From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kyle FisherSent: Thursday, June 02, 2005 10:17 AMTo: Declude.JunkMail@declude.comSubject: [Declude.JunkMail] Copyto I am trying to use copyto and copy all mail sent or received from user. I am receiving all mail to the user but nothing from. This is what I have in my filter file. MAILFROM 0 IS [EMAIL PROTECTED] ALLRECIPS 0 CONTAINS [EMAIL PROTECTED] Kyle
RE: [Declude.JunkMail] Problem with Whitelist
Got any whitelist anywhere entries? It looks like it says IP-Whitelist did it come from a whitelisted IP address? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kyle Fisher Sent: Thursday, June 02, 2005 1:47 PM To: Declude.JunkMail@declude.com Subject: [Declude.JunkMail] Problem with Whitelist I am trying to figure out why this email transaction started off with the Last Action = "" then went to WHITELIST. My global.cfg has WHITELIST AUTH and AUTOWHITELIST, but I checked the Imail log and this person did not AUTH and the recipients are not in this persons webmail address book. Any ideas Kyle 06/02/2005 10:31:45 Q265E0149717D Subject: FW: Scripture for Thursday 06/02/2005 10:31:45 Q265E0149717D From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] IP: 198.216.117.200 ID: 06/02/2005 10:31:45 Q265E0149717D Tests failed [weight=-192]: CMDSPACE=WARN IPNOTINMX=IGNORE NOLEGITCONTENT=IGNORE IP-WHITELIST=IGNORE CATCHALLMAILS=IGNORE 06/02/2005 10:31:45 Q265E0149717D Action(s) taken for [EMAIL PROTECTED] = IGNORE WARN [LAST ACTION=""> 06/02/2005 10:31:45 Q265E0149717D L16 Message OK 06/02/2005 10:31:45 Q265E0149717D Subject: FW: Scripture for Thursday 06/02/2005 10:31:45 Q265E0149717D From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] IP: 198.216.117.200 ID: 06/02/2005 10:31:45 Q265E0149717D Tests failed [weight=-192]: CMDSPACE=WARN IPNOTINMX=IGNORE NOLEGITCONTENT=IGNORE IP-WHITELIST=IGNORE CATCHALLMAILS=IGNORE 06/02/2005 10:31:45 Q265E0149717D Action(s) taken for [EMAIL PROTECTED] = IGNORE WARN [LAST ACTION=""> 06/02/2005 10:31:45 Q265E0149717D L17 Message OK 06/02/2005 10:31:45 Q265E0149717D Subject: FW: Scripture for Thursday 06/02/2005 10:31:45 Q265E0149717D From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] IP: 198.216.117.200 ID: 06/02/2005 10:31:45 Q265E0149717D Tests failed [weight=-192]: CMDSPACE=WARN IPNOTINMX=IGNORE NOLEGITCONTENT=IGNORE IP-WHITELIST=IGNORE CATCHALLMAILS=IGNORE 06/02/2005 10:31:45 Q265E0149717D Action(s) taken for [EMAIL PROTECTED] = IGNORE WARN [LAST ACTION=""> 06/02/2005 10:31:45 Q265E0149717D L18 Message OK 06/02/2005 10:31:45 Q265E0149717D Subject: FW: Scripture for Thursday 06/02/2005 10:31:45 Q265E0149717D From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] IP: 198.216.117.200 ID: 06/02/2005 10:31:45 Q265E0149717D Tests failed [weight=-192]: CMDSPACE=WARN IPNOTINMX=IGNORE NOLEGITCONTENT=IGNORE IP-WHITELIST=IGNORE CATCHALLMAILS=IGNORE 06/02/2005 10:31:45 Q265E0149717D Action(s) taken for [EMAIL PROTECTED] = IGNORE WARN [LAST ACTION=""> 06/02/2005 10:31:45 Q265E0149717D Skipping4 E-mail from [EMAIL PROTECTED] ; whitelisted [EMAIL PROTECTED] ]. 06/02/2005 10:31:45 Q265E0149717D L19 Message OK 06/02/2005 10:31:45 Q265E0149717D Subject: FW: Scripture for Thursday 06/02/2005 10:31:45 Q265E0149717D From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] IP: 198.216.117.200 ID: 06/02/2005 10:31:45 Q265E0149717D Tests failed [weight=0]: CATCHALLMAILS=IGNORE 06/02/2005 10:31:45 Q265E0149717D Action(s) taken for [EMAIL PROTECTED] = WHITELISTED [LAST ACTION=""> 06/02/2005 10:31:45 Q265E0149717D L20 Message OK 06/02/2005 10:31:45 Q265E0149717D Subject: FW: Scripture for Thursday 06/02/2005 10:31:45 Q265E0149717D From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
[Declude.JunkMail] DNS Tests?
After upgrading and implementing the slightly modified global.cfg file that comes with the latest distribution, my non-local dns related tests dont seem to be working anymore. Im still tagging spam but Im only seeing weight being added from the locally performed tests. Is there something that would break the old non-local tests from working? Thanks, Evans Martin
Re: [Declude.JunkMail] Problem with Whitelist
This line: 06/02/2005 10:31:45 Q265E0149717D Skipping4 E-mail from [EMAIL PROTECTED] ; whitelisted [EMAIL PROTECTED] ]. Represents an address book whitelist. Here's what I think is happening... A message with numerous recipients. So Declude runs the tests for each recipient. Recipients #1 through #4 no problem. Recipient tested #5 has an address book whitelist I believe the recipient is[EMAIL PROTECTED]. The email is correctly whitelisted. Recipient #6 (and all subsequent recipients) are tested and incorrectly picks up recipient #5's address book whitelisting. They are falsely whitelisted. That's what I read from the logs. If you agree this is the case, I'd forward it to the Declude support address as a potential bug. - Original Message - From: Marc Catuogno To: Declude.JunkMail@declude.com Sent: Thursday, June 02, 2005 9:02 PM Subject: RE: [Declude.JunkMail] Problem with Whitelist Got any whitelist anywhere entries? It looks like it says IP-Whitelist did it come from a whitelisted IP address? -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kyle FisherSent: Thursday, June 02, 2005 1:47 PMTo: Declude.JunkMail@declude.comSubject: [Declude.JunkMail] Problem with Whitelist I am trying to figure out why this email transaction started off with the Last Action = "" then went to WHITELIST. My global.cfg has WHITELIST AUTH and AUTOWHITELIST, but I checked the Imail log and this person did not AUTH and the recipients are not in this persons webmail address book. Any ideas Kyle 06/02/2005 10:31:45 Q265E0149717D Subject: FW: Scripture for Thursday 06/02/2005 10:31:45 Q265E0149717D From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] IP: 198.216.117.200 ID: 06/02/2005 10:31:45 Q265E0149717D Tests failed [weight=-192]: CMDSPACE=WARN IPNOTINMX=IGNORE NOLEGITCONTENT=IGNORE IP-WHITELIST=IGNORE CATCHALLMAILS=IGNORE 06/02/2005 10:31:45 Q265E0149717D Action(s) taken for [EMAIL PROTECTED] = IGNORE WARN [LAST ACTION=""> 06/02/2005 10:31:45 Q265E0149717D L16 Message OK 06/02/2005 10:31:45 Q265E0149717D Subject: FW: Scripture for Thursday 06/02/2005 10:31:45 Q265E0149717D From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] IP: 198.216.117.200 ID: 06/02/2005 10:31:45 Q265E0149717D Tests failed [weight=-192]: CMDSPACE=WARN IPNOTINMX=IGNORE NOLEGITCONTENT=IGNORE IP-WHITELIST=IGNORE CATCHALLMAILS=IGNORE 06/02/2005 10:31:45 Q265E0149717D Action(s) taken for [EMAIL PROTECTED] = IGNORE WARN [LAST ACTION=""> 06/02/2005 10:31:45 Q265E0149717D L17 Message OK 06/02/2005 10:31:45 Q265E0149717D Subject: FW: Scripture for Thursday 06/02/2005 10:31:45 Q265E0149717D From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] IP: 198.216.117.200 ID: 06/02/2005 10:31:45 Q265E0149717D Tests failed [weight=-192]: CMDSPACE=WARN IPNOTINMX=IGNORE NOLEGITCONTENT=IGNORE IP-WHITELIST=IGNORE CATCHALLMAILS=IGNORE 06/02/2005 10:31:45 Q265E0149717D Action(s) taken for [EMAIL PROTECTED] = IGNORE WARN [LAST ACTION=""> 06/02/2005 10:31:45 Q265E0149717D L18 Message OK 06/02/2005 10:31:45 Q265E0149717D Subject: FW: Scripture for Thursday 06/02/2005 10:31:45 Q265E0149717D From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] IP: 198.216.117.200 ID: 06/02/2005 10:31:45 Q265E0149717D Tests failed [weight=-192]: CMDSPACE=WARN IPNOTINMX=IGNORE NOLEGITCONTENT=IGNORE IP-WHITELIST=IGNORE CATCHALLMAILS=IGNORE 06/02/2005 10:31:45 Q265E0149717D Action(s) taken for [EMAIL PROTECTED] = IGNORE WARN [LAST ACTION=""> 06/02/2005 10:31:45 Q265E0149717D Skipping4 E-mail from [EMAIL PROTECTED] ; whitelisted [EMAIL PROTECTED] ]. 06/02/2005
