[Declude.JunkMail] log file questions
Hello all, I'm hoping someone can clear this up for me, or give a suggestion. If an email was sent by a client to many recipients using distribution lists and BCC entries, will there be a separate entry in the Declude junkmail log files for each email address that the message was sent to under the subject line? I am asking because I need to compile a list of all the email addresses a particular message was sent to. I only have the subject line of the message and the date of the mailing. I've found about 150 addresses in the Declude junkmail log files, but I am told the number addresses should be more like 1000. I am using Imail with Declude Junkmail, and Virus.The servers are only gateway mail servers with no accounts on them. I scan both inbound and outbound mail. Any help or suggestions would be very much appreciated in how to get a complete list of all addressesthismessage was sent to. Thanks as always Jeffrey Jeffrey Di Gregorio MCSE CCNP Systems Administrator Pacific School of Religion 510-849-8283 [EMAIL PROTECTED]
[Declude.JunkMail] Strange filtering behavior
I am not getting a consistent behavior on one ofthe filters I am using. The filter test does not seem to catch anything from some addresses even though I have not set any whitelists on my server. I have attached a txt file of the headers from the messages, the entries from the declude log file, and the related entriesfrom my cfg file. The example emails are two that I sent with the same subject line, one from my gmail account and one from my hotmail account. the one from hotmail is caught, and one from gmail is not. I'm not sure what I am missing here. Any suggestions or ideas would be greatly appreciated. Jeffrey Jeffrey Di Gregorio MCSE CCNP Systems Administrator Pacific School of Religion 510-849-8283 [EMAIL PROTECTED] test PHISHINGFILTER filter D:\IMail\Declude\Filters\phishing.txt x 0 0 Action PHISHINGFILTER ROUTETO [EMAIL PROTECTED] entry in the filter SUBJECT 0 CONTAINSYour Account Will Be Suspended * this message got through, did not trip the filter... 02/24/2005 14:59:50 Q5c641c9803d4c707 R1 Message OK 02/24/2005 14:59:50 Q5c641c9803d4c707 Subject: your account will be suspended 02/24/2005 14:59:50 Q5c641c9803d4c707 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] IP: 64.233.170.204 ID: b11so443721rne02/24/2005 14:59:50 Q5c641c9803d4c707 Tests failed [weight=0]: IPNOTINMX=WARN NOLEGITCONTENT=WARN CATCHALLMAILS=IGNORE 02/24/2005 14:59:50 Q5c641c9803d4c707 Last action = IGNORE. message header Microsoft Mail Internet Headers Version 2.0 Received: from mecca.psr.edu ([209.76.204.2]) by psr-exch01.psr.edu with Microsoft SMTPSVC(6.0.3790.211); Thu, 24 Feb 2005 15:02:47 -0800 Received: from rproxy.gmail.com [64.233.170.204] by mecca.psr.edu with ESMTP (SMTPD32-8.11) id AC641C9803D4; Thu, 24 Feb 2005 14:59:48 -0800 Received: by rproxy.gmail.com with SMTP id b11so443721rne for [EMAIL PROTECTED]; Thu, 24 Feb 2005 14:59:30 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:mime-version:content-type:content-transfer-encoding; b=VHGNr9rLCK5DNvyNzfvPeLYT/xbQmeMt9cEPolvkrAuTqONgxBfFxdFHgDGNu90jWaRDW5YkhDSq1RCh4ZyOWibwd7m9Xuuikl6tXFJsc1ganKPm0SvNO0wkhShHCybe++7ZOPfxmyrHxgvmuZliMAPSQdJn/8piZLXb0JC1Ku8= Received: by 10.38.22.69 with SMTP id 69mr192034rnv; Thu, 24 Feb 2005 14:59:30 -0800 (PST) Received: by 10.38.98.27 with HTTP; Thu, 24 Feb 2005 14:59:30 -0800 (PST) Message-ID: [EMAIL PROTECTED] Date: Thu, 24 Feb 2005 14:59:30 -0800 From: jeffrey Di Gregorio [EMAIL PROTECTED] Reply-To: jeffrey Di Gregorio [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: your account will be suspended Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-RBL-Warning: IPNOTINMX: X-RBL-Warning: NOLEGITCONTENT: No content unique to legitimate E-mail detected. X-Declude-Sender: [EMAIL PROTECTED] [64.233.170.204] X-Spam-Tests-Failed: None X-Country-Chain: UNITED STATES-destination X-Note: Reverse DNS: rproxy.gmail.com X-Note-Out: The total spam weight is 0 Return-Path: [EMAIL PROTECTED] X-OriginalArrivalTime: 24 Feb 2005 23:02:47.0947 (UTC) FILETIME=[F53105B0:01C51AC4] This message was caught by the filter and the ROUTETO action was used... 02/24/2005 14:58:24 Q5c0f18fd03ccc6f4 nNOLEGITCONTENT:-40 . Total weight = -40. 02/24/2005 14:58:24 Q5c0f18fd03ccc6f4 R1 Message OK 02/24/2005 14:58:25 Q5c0f18fd03ccc6f4 Subject: your account will be suspended 02/24/2005 14:58:25 Q5c0f18fd03ccc6f4 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] IP: 64.4.56.33 ID: 02/24/2005 14:58:25 Q5c0f18fd03ccc6f4 Tests failed [weight=-40]: NOPOSTMASTER=IGNORE IPNOTINMX=WARN PHISHINGFILTER=ROUTETO CATCHALLMAILS=IGNORE 02/24/2005 14:58:25 Q5c0f18fd03ccc6f4 Last action = IGNORE. message header Microsoft Mail Internet Headers Version 2.0 Received: from mecca.psr.edu ([209.76.204.2]) by psr-exch01.psr.edu with Microsoft SMTPSVC(6.0.3790.211); Thu, 24 Feb 2005 15:01:22 -0800 Received: from hotmail.com [64.4.56.33] by mecca.psr.edu with ESMTP (SMTPD32-8.11) id AC0F18FD03CC; Thu, 24 Feb 2005 14:58:23 -0800 Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Thu, 24 Feb 2005 14:58:04 -0800 Message-ID: [EMAIL PROTECTED] Received: from 64.162.197.45 by by101fd.bay101.hotmail.msn.com with HTTP; Thu, 24 Feb 2005 22:57:15 GMT X-Originating-IP: [64.162.197.45] X-Originating-Email: [EMAIL PROTECTED] X-Sender: [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] From: jeffree 13 [EMAIL PROTECTED] To: [EMAIL PROTECTED] Bcc: Subject: your account
[Declude.JunkMail] delete action not working properly
Hello, I recently raised the weighting on my global.cfg file and now have found that my delete action is not working properly all of the time. Some of the time it seems to use the ignore action instead of the delete action on a weight of 350, and at other times it appears to be deleting on the weight of 350 and up as it is supposed to. I am running Declude v1.81. I have attached a snippet of the global.cfg file and the declude message log file. Thanks for any help or suggestions on this. Jeffrey Jeffrey Di Gregorio MCSE CCNP Systems Administrator Pacific School of Religion 510-849-8283 [EMAIL PROTECTED] from dec1115.log 11/15/2004 09:50:50 Qec743a490128d926 CBL:70 DSBL:60 SBL:80 SORBS-DUHL:70 SPAMCOP:90 . Total weight = 370. 11/15/2004 09:50:50 Qec743a490128d926 L1 Message OK 11/15/2004 09:50:50 Qec743a490128d926 Subject: Order Rolex or other Swiss watches online 11/15/2004 09:50:50 Qec743a490128d926 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] IP: 209.30.88.85 ID: 11/15/2004 09:50:50 Qec743a490128d926 Tests failed [weight=370]: CBL=WARN DSBL=WARN SBL=WARN SORBS-DUHL=WARN SPAMCOP=WARN IPNOTINMX=WARN NOLEGITCONTENT=WARN WEIGHT350=IGNORE CATCHALLMAILS=IGNORE 11/15/2004 09:50:50 Qec743a490128d926 Last action = IGNORE. from global.cfg file WEIGHT110 weightrange x x 110 349 WEIGHT350 weight x x 350 0 PARIS_FILTERfilter D:\Imail\Declude\Filters\parisfilter.txtx 0 0 JUNK_FILTER filter D:\Imail\Declude\Filters\junk_filter.txtx 0 0 WEIGHTTOWHITE filter D:\Imail\Declude\Filters\weighttowhite.txt x 0 0 BLACKLIST fromfile D:\Imail\Declude\Filters\blacklist.txtx 200 0 BLACKLISTIP ipfile D:\Imail\Declude\Filters\blacklistip.txtx 200 0 WEIGHT110 WARNx-PSR-warning: %TESTNAME% WEIGHT350 DELETE PARIS_FILTERWARN junk_filter WARN WEIGHTTOWHITE WARN BLACKLIST WARNx-BLACKLISTED-warning: BLACKLISTIP WARNx-BLACKLISTIP-warning
RE: [Declude.JunkMail] delete action not working properly
Thanks, Silly oversight on my part. Jeffrey Di Gregorio MCSE CCNP Systems Administrator Pacific School of Religion 510-849-8283 [EMAIL PROTECTED] -Original Message- From: R. Scott Perry [mailto:[EMAIL PROTECTED] Sent: Monday, November 15, 2004 12:15 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] delete action not working properly I recently raised the weighting on my global.cfg file and now have found that my delete action is not working properly all of the time. Some of the time it seems to use the ignore action instead of the delete action on a weight of 350, and at other times it appears to be deleting on the weight of 350 and up as it is supposed to. I am running Declude v1.81. I have attached a snippet of the global.cfg file and the declude message log file. The global.cfg file contains the actions for outgoing mail (which includes E-mail to gateway domains). The $default$.JunkMail file contains the actions for incoming E-mail. In this case, the E-mail was an incoming E-mail (the L in the L1 Message OK line means that it is a local recipient, and therefore an incoming E-mail). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. This outgoing message is guaranteed to be authentic by Message Level users. Guarantee the authenticity of your email @ http://www.messagelevel.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] help with header information
Can anyone tell me what this line is in the headers? X-UIDL: ZV!;)Q!1,T!`GN!! I searched the archives but could not find an explanation for the X-UIDL entry. Thanks, jeffrey Jeffrey Di Gregorio CCNP MCSE Systems Administrator Pacific School of Religion [EMAIL PROTECTED] 510-849-8283
[Declude.JunkMail] MAPS services
Does anyone have any comments on the usefulness and reliability of the various MAPS RBL tests (RUL, DUL, RSS, OPS, NML)? I would love to hear some feedback before I subscribe. Jeffrey Jeffrey Di Gregorio CCNP MCSE Systems Administrator Pacific School of Religion [EMAIL PROTECTED] 510-849-8283
RE: [Declude.JunkMail] OT: Exchange SMTP Greeting
Does anyone know if it is possible to change the SMTP greeting in Exchange 5.5? I've not had much luck looking online for an answer. Thanks, Jeffrey Jeffrey Di GregorioCCNP MCSE Systems Administrator Pacific School of Religion [EMAIL PROTECTED] 510-849-8283 -Original Message- From: John Tolmachoff (Lists) [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 09, 2004 6:37 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] OT: Exchange SMTP Greeting Isn't the field that you want on the properties page of the Default STMP Virtual Server Delivery Tab Advanced Button In the Fully-qualified domain name field I know that when I change this in Exchange 2000 or 2003 that is the name that the server identifies itself as in the SMTP handshakes. Or were you looking at changing something else? When ever I set up an Exchange Server, or IIS for that matter, I always install MetaEdit and make a bunch of changes that way. I have never even looked in the MMC for that. John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Hotmail Sending Mail From IP's with No Rev erse DNS
There has been a few posting about this over the last week. I began noticing it last Friday in my logs. Test messages I have sent from my hotmail account are now coming through without failing the REVDNS test. It looks like they are finally correcting this issue. It's about time! Jeffrey Di GregorioCCNP MCSE Systems Administrator Pacific School of Religion [EMAIL PROTECTED] 510-849-8283 -Original Message- From: Darrell LaRock [mailto:[EMAIL PROTECTED] Sent: Thursday, April 22, 2004 6:18 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Hotmail Sending Mail From IP's with No Reverse DNS Has anyone else noticed over the last day or so that some of the hotmail messages are coming from servers without revdns.. This is a snag cause they are failing both revdns and spamdomains.. Any thoughts? Received: from hotmail.com [207.68.164.107] by mail2.gannett-tv.com with ESMTP (SMTPD32-8.05) id A6657F0180; Wed, 21 Apr 2004 18:32:05 -0400 Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Wed, 21 Apr 2004 15:30:14 -0700 Received: from 134.84.102.157 by sea2-dav3.sea2.hotmail.com with DAV; Wed, 21 Apr 2004 22:30:14 + X-Originating-IP: [134.84.102.157] X-Originating-Email: [EMAIL PROTECTED] X-Sender: [EMAIL PROTECTED] From: x [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [POTENTIAL SPAM]Assignment Desk Date: Wed, 21 Apr 2004 17:27:30 -0500 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary==_NextPart_000_0009_01C427C5.ECC21740 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1409 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409 Message-ID: [EMAIL PROTECTED] X-OriginalArrivalTime: 21 Apr 2004 22:30:14.0967 (UTC) FILETIME=[377B2C70:01C427F0] X-RBL-Warning: SPAMDOMAINS: Spamdomain 'hotmail.com' found: Address of [EMAIL PROTECTED] sent from invalid [No Reverse DNS]. [2-10-5000] X-RBL-Warning: NOPOSTMASTER: Not supporting [EMAIL PROTECTED] [2-48-18000] X-RBL-Warning: REVDNS: This E-mail was sent from a MUA/MTA 207.68.164.107 with no reverse DNS entry. [2-53-1a800] X-Declude-Sender: [EMAIL PROTECTED] [207.68.164.107] X-Declude-Spoolname: Df665007f01804541.SMD X-Declude-Sender: [EMAIL PROTECTED] [12.25.87.100] X-Declude-Spoolname: Df66c3910081cb3c8.SMD X-Spam-Tests-Failed: Whitelisted X-Spam-Weight: 0 X-RCPT-TO: [EMAIL PROTECTED] Status: U X-UIDL: 377609636 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Hotmail and MSN help needed.
Yes, I am getting the same. I have also alerted Microsoft via an employee friend there (hoping this might expediate the fix). This was last Friday... Jeffrey Jeffrey Di GregorioCCNP MCSE Systems Administrator Pacific School of Religion [EMAIL PROTECTED] 510-849-8283 -Original Message- From: Chuck Schick [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 20, 2004 12:51 PM To: Declude. JunkMail Subject: [Declude.JunkMail] Hotmail and MSN help needed. About a week ago Hotmail and MSN had certain mail servers that did not have reverse DNS entries. Is anyone else seeing this? This is causing a lot of false positives. I sent an email to Microsoft but that is probably a total waste of time. Anybody know what is up with this. Chuck Schick Warp 8, Inc. 303-421-5140 www.warp8.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] why does this fail the spam domains test? test?
Scott here is the header for this message. Received: from hebron.psr.edu (hebron.psr.edu [209.76.204.3]) by gabriel.cdsp.edu (8.9.3/8.9.3) with ESMTP id PAA12702 for [EMAIL PROTECTED]; Wed, 14 Apr 2004 15:15:10 -0700 Received: from m11.lax.untd.com [64.136.30.74] by hebron.psr.edu (SMTPD32-7.07) id AA672ACB0144; Wed, 14 Apr 2004 15:25:43 -0700 Received: from cookie.untd.com by cookie.untd.com for vuYqdvKWrWGUhnNcKZ+kmBr94SKTWaz4L+t/wTPbIAMx6AJFf8Bm5A==; Wed, 14 Apr 2004 15:19:19 PDT Received: (from [EMAIL PROTECTED]) by m11.lax.untd.com (jqueuemail) id JS78PXB8; Wed, 14 Apr 2004 15:19:19 PDT To: [EMAIL PROTECTED] Date: Wed, 14 Apr 2004 15:18:28 -0700 Subject: Re: Email Test Message-ID: [EMAIL PROTECTED] X-Mailer: Juno 5.0.33 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Juno-Line-Breaks: 0-3,6-7,10-15 From: [EMAIL PROTECTED] X-Alligate-In: Passed - Adult: 0 (Req: 17) Spam: 8 (Req: 30) Tot: 8 (Req: 35) X-Alligate-Tracking: BD12445F41774F4E X-Alligate-Signature: 1869066384 X-Alligate-SpoolFile: Dba672acb0144dad9.SMD X-Alligate-Sender: [EMAIL PROTECTED] [64.136.30.74] x-PSR-warning: WEIGHT13 X-Declude-Sender: [EMAIL PROTECTED] [64.136.30.74] X-Spam-Tests-Failed: NOABUSE [2], REVDNS [4], WEIGHT13 [13], SPAMDOMAINS [8] X-Country-Chain: UNITED STATES-destination X-Note: Reverse DNS: [No Reverse DNS] X-Note-Out: The total spam weight is 14 X-UIDL: bXM!A^R!?CV!!\%P!! What am I missing here? I don't understand why it states no reverse DNS, when I can look it up on www.dnsstuff.com with no problem. Any help in understanding this would be much appreciated. Thanks as always, Jeffrey -Original Message- From: R. Scott Perry [mailto:[EMAIL PROTECTED] Sent: Thursday, April 15, 2004 1:43 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] why does this fail the spam domains test? test? Can anyone explain why this message would fail the spamdomains test? Here is the spamdomains entry: @juno.com.untd.com The key here is the reverse DNS entry -- do you have the full headers for the E-mail? Although the IMail log file shows the IP address, it is possible that Declude JunkMail may have used a different IP, which would be reflected in the headers. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] why does this fail the spam domains test?
My bandwidth comes from SBC. -Original Message- From: R. Scott Perry [mailto:[EMAIL PROTECTED] Sent: Thursday, April 15, 2004 4:02 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] why does this fail the spam domains test? test? test? test? Scott here is the header for this message. X-Declude-Sender: [EMAIL PROTECTED] [64.136.30.74] X-Note: Reverse DNS: [No Reverse DNS] What am I missing here? I don't understand why it states no reverse DNS, when I can look it up on www.dnsstuff.com with no problem. Any help in understanding this would be much appreciated. That's the problem -- for some reason, the IP is showing up as not having a reverse DNS entry. Since it *does*, it sounds like there is a serious DNS problem (a dropped packet shouldn't cause this). Are you using bandwidth from ATT (which intentionally alters many non-MX-record lookups from mailservers), which could account for this? -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] why does this fail the spam domains test? test?
Scott, My DNS servers are local, and I have not noticed any DNS issues recently. I'll monitor the messages that fail the REVDNS test for the rest of the day. Thanks, Jeffrey -Original Message- From: R. Scott Perry [mailto:[EMAIL PROTECTED] Sent: Thursday, April 15, 2004 4:15 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] why does this fail the spam domains test? test? My bandwidth comes from SBC. Are you using a local DNS server? Somehow, a DNS server was reporting that there was no reverse DNS entry for 64.136.30.74. Have you noticed any other issues like this that could be related to DNS? -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] spam domains question
I've seen a few posts to this list (from myself and a few others) over the last year requesting anyone to post a current spam domains list. These requests never seem to be answered or even acknowledged. Is there some reason for this that I am missing? There was a list posted about a year ago, but I think a few of us would much appreciate someone sharing a current and expanded list. Thanks for the help as always, Jeffrey Jeffrey Di Gregorio CCNP MCSE Systems Administrator Pacific School of Religion
RE: [Declude.JunkMail] please help. Imail spool directory filling up
Title: Message Thanks to everyone who responded with some advice to my problem, even including one phone call. It appears the problem began when I added the "FORGINGVIRUS bagel" line to my virus.cfg file. Following Scott's advice, andupdating to the newest interim release has fixed the problem. Thanks once again. Jeffrey Jeffrey Di Gregorio Systems Administrator Pacific School of Religion 510-849-8283 My spool directory just started filling up recently and Imail is not delivering any messages to local mailboxes. It appears to be sending messages outbound. I am using Imail v 7.07 with declude junkmail and virus 1.77 i12. I have moved all the Q*, D* files from the spool directory to another directory and tried again, but the spool directory is only filling up once again. Any help or ideas would be greatly appreciated. Thanks, Jeffrey Jeffrey Di Gregorio Systems Administrator Pacific School of Religion 510-849-8283
[Declude.JunkMail] please help. Imail spool directory filling up
My spool directory just started filling up recently and Imail is not delivering any messages to local mailboxes. It appears to be sending messages outbound. I am using Imail v 7.07 with declude junkmail and virus 1.77 i12. I have moved all the Q*, D* files from the spool directory to another directory and tried again, but the spool directory is only filling up once again. Any help or ideas would be greatly appreciated. Thanks, Jeffrey Jeffrey Di Gregorio Systems Administrator Pacific School of Religion 510-849-8283
RE: [Declude.JunkMail] messages not being delivered
Scott, Thanks for the quick reply. The message I'm concerned with is process E9380148 and it just appears to stop with no more entries right at the point of those mx failure entries. But, like you pointed out these mx failure entries are for a different process. I do have a ROUTETO action in Declude Junkmail, but it is only for routing messages to a special mailbox in the PSR domain that fail my weight40 test (it did not appear in this mailbox), and besides I could not find any entries for this message in my dec or vir log files, which I think it would have, had it failed any these tests. Any ideas? Thanks for any help Jeffrey -Original Message- From: R. Scott Perry [mailto:[EMAIL PROTECTED] Sent: Friday, December 19, 2003 2:58 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] messages not being delivered I seem to be having messages disappearing from one particular sender. I have tested this by having them send a message to me which appears in the log file at my gateway mail server then nothing happens after that and there are no entries in the vir or dec log files. It does show a failure in MX connect... I had them send another message to me from another user at the same domain and it arrives without any issues. I have attached a txt file of the log entries. I do not understand what is going on here, and what I can do about it. Any advice or help in my understanding of this would be much appreciated. You may want to try going to http://www.declude.com/info/logs.htm for some information on reading IMail log files. The MX connect fails shown in the log are for E-mails to an IP for t-online.com. However, since the log file entries related to those E-mails weren't included, I can't say what E-mail address they belong to (and whether or not IMail used the correct IP). Are you by chance using the ROUTETO action in Declude JunkMail (which would explain why an E-mail addressed to psr.edu was instead sent to another domain)? -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] recipient in the subject line
Hello, Does anyone know of a way to add a weight to a message that has the recipients name in the subject line? Thanks Jeffrey Di Gregorio Systems Administrator Pacific School of Religion 510-849-8283
[Declude.JunkMail] matching from and to addresses
Hello, I'm not sure if I'm missing something very simple here, but is there a way to add a weight when an email has a matching from and to address, or is there a reason why this type of a test is not a good idea. Thanks for any help, Jeffrey Jeffrey Di Gregorio Systems Administrator Pacific School of Religion 510-849-8283
RE: [Declude.JunkMail] matching from and to addresses
Thanks for the response John. Since I am running Declude only on my gateway mail servers, and not on my internal exchange server (where all my clients are), I do not think this is such an issue for me. Do you know of a way that Declude Junkmail could perform this type of test? Thanks for any advice, Jeffrey -Original Message- From: John Tolmachoff (Lists) [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 3:55 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] matching from and to addresses CEOs and others that like to send copies to themselves. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jeffrey Di Gregorio Sent: Tuesday, December 09, 2003 1:13 PM To: '[EMAIL PROTECTED]' Subject: [Declude.JunkMail] matching from and to addresses Hello, I'm not sure if I'm missing something very simple here, but is there a way to add a weight when an email has a matching from and to address, or is there a reason why this type of a test is not a good idea. Thanks for any help, Jeffrey Jeffrey Di Gregorio Systems Administrator Pacific School of Religion 510-849-8283
[Declude.JunkMail] spam domains
Does anyone have a current file of domains for the spamdomains test that they would like to share? Thanks Jeffrey Di Gregorio Systems Administrator Pacific School of Religion [EMAIL PROTECTED] 510-849-8283
[Declude.JunkMail] DNS and MX record question
Hello all, I have 3 mx records for my domain. The first 2 are pointing to the external mail gateways (primary and backup) both running Imail with declude junkmail/virus. The 3rd mx record points directly to my internal exchange server (running scanmail), which bypasses all junkmail and virus scanning by declude, and I thought only would be used if the first two mailservers fail. I have noticed in the last few weeks a few spam messages being sent directly to my internal exchange mailserver. I was not aware that this is possible when my mx records are configured as they are. If someone can explain how this can be happening, and any suggestions for a more secure setup would be much appreciated. Below is the header of one of the messages. Received: from 68.60.235.20 (12-207-220-249.client.attbi.com [12.207.220.249]) by chirala.psr.edu with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id N9GX5QVR; Mon, 14 Jul 2003 11:15:44 -0700 Return-Path: Received: from 82.49.149.76 ([82.49.149.76]) by hd.regsoft.net with asmtp; Jul, 14 2003 12:23:25 PM +1200 Received: from [24.118.23.60] by n9.groups.yahoo.com with SMTP; Jul, 14 2003 11:02:40 AM +1200 Received: from [135.12.72.250] by ssymail.ssy.co.kr with SMTP; Jul, 14 2003 10:05:37 AM -0100 From: 1-800-Patches [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Beyond Ephedra, Beyond Everything! Sender: 1-800-Patches [EMAIL PROTECTED] Mime-Version: 1.0 Content-Type: text/html; charset=iso-8859-1 Date: Mon, 14 Jul 2003 12:24:44 -0600 X-Mailer: The Bat! (v1.52f) Business Thanks for your help, Jeffrey --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] messages getting through the blacklist from file
Can anyone clarify why this message would get past the blacklist file I have set-up. The test is working fine most of the time, only once in a while one seems to sneak through. The entry in the fromfile is: .checkyourinbox.com The partial header of the message is: Received: from mecca.psr.edu ([209.76.204.2]) by chirala.psr.edu with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id L6DA4K12; Mon, 23 Jun 2003 14:58:09 -0700 Received: from mail9.checkyourinbox.com [146.82.96.211] by mecca.psr.edu (SMTPD32-7.07) id A8FD8CD60122; Mon, 23 Jun 2003 15:02:37 -0700 From: Jennifer Gayo [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Body Soul, Yoga Mat, Stretching Strap, Yoga CD-ROM and MORE! Date: Sun, 22 Jun 2003 15:20:41 -0600 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary===-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-== List-Unsubscribe: mailto:[EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Message-Id: [EMAIL PROTECTED] Thanks for any help, Jeffrey Jeffrey Di Gregorio Systems Administrator Pacific School of Religion
RE: [Declude.JunkMail] messages getting through the blacklist fro m file from file m file from filem file from file
Sorry, I should have posted the complete header for you to see. Notice the x-declude-sender entry in the header is a subdomain of my entry in the blacklist file. Received: from mecca.psr.edu ([209.76.204.2]) by chirala.psr.edu with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id L6DA4K12; Mon, 23 Jun 2003 14:58:09 -0700 Received: from mail9.checkyourinbox.com [146.82.96.211] by mecca.psr.edu (SMTPD32-7.07) id A8FD8CD60122; Mon, 23 Jun 2003 15:02:37 -0700 From: Jennifer Gayo [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Body Soul, Yoga Mat, Stretching Strap, Yoga CD-ROM and MORE! Date: Sun, 22 Jun 2003 15:20:41 -0600 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary===-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-== List-Unsubscribe: mailto:[EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Message-Id: [EMAIL PROTECTED] X-Alligate-In: FAILED - Score Adult: 5 (Req: 17) Spam: 45 (Req: 22) Tot: 50 (Req: 26) X-Alligate-Tracking: EA23B7FE03902B88 X-Alligate-Signature: 939055304 X-Alligate-SpoolFile: D78fd8cd60122896e.SMD X-Alligate-Sender: [EMAIL PROTECTED] [146.82.96.211] x-PSR-warning: WEIGHT18 X-Declude-Sender: [EMAIL PROTECTED] [146.82.96.211] X-Spam-Tests-Failed-Out: SPAMCOP, SPAMHEADERS, ALLIGATE, WEIGHT17, WEIGHT18, NOLEGITCONTENT X-Note-Out: The total spam weight is 22 Thanks for the help Jeffrey Di Gregorio Systems Administrator Pacific School of Religion -Original Message- From: R. Scott Perry [mailto:[EMAIL PROTECTED] Sent: Monday, June 23, 2003 3:44 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] messages getting through the blacklist from file from file Can anyone clarify why this message would get past the blacklist file I have set-up. The test is working fine most of the time, only once in a while one seems to sneak through. The entry in the fromfile is: .checkyourinbox.com (from the manual): --- Blacklisting is not working The fromfile type of blacklisting checks the domain name or E-mail address that is in the return address (where bounce messages go; this is also the MAIL FROM in the SMTP envelope). This may be different than the From: or Reply-To: headers in the E-mail. If you use the XSENDER ON option, this address will appear in the X-Declude-Sender: header of the E-mail. Otherwise, you will need to look at the MAIL FROM line in the IMail SMTP log file to find this address. --- So if you look at the X-Declude-Sender: header or the MAIL FROM: line in the IMail SMTP log file, you'll find the address that Declude JunkMail is using for the blacklist. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Spammanager question
Title: Spammanager question Spammanager is a great product, and excellent support from Brian. This test alone accounts for about 70% of my hold weight. Jeffrey Di Gregorio Systems Administrator Pacific School of Religion -Original Message- From: Keith Johnson [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 11, 2003 2:31 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Spammanager question We have the sniffer product and it works great, we wanted to also introduce a second content application, i.e. spammanager, but I wanted to see how well it was doing in the field via testimonies. Thanks for the aid. ___ Keith Johnson Network Engineer Network Advocates, Inc. Tel: 502.412.1050 Fax: 502.412.1058 Email: [EMAIL PROTECTED] Good pings come in small packets
NONE RE: [Declude.JunkMail] DNS server returned server failure for
I am getting this same problem showing in my log files. Has any solution or suggestions been thought of yet? Or even if this is something I need to worry about? Thanks, Jeffrey Di Gregorio Systems Administrator Pacific School of Religion -Original Message- From: John Tolmachoff [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 11, 2003 11:55 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] DNS server returned server failure for Well, I guess I could always run netmon. It is just that it has been such a long time since I did that I will have to relearn how to filter and rename and such. John Tolmachoff MCSE, CSSA IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Dan Patnode Sent: Tuesday, March 11, 2003 11:23 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] DNS server returned server failure for John, I've been running around in circles chasing this problem. Basically its an error that your DNS server doesn't understand well enough to give the correct code for. The problem then is that Declude misses out on any kind of DNS test opportunity because as Scott explains it, reacting to the failure itself would mean that a genuine failure would cause FPs. I would love a solution. Dan On Tuesday, March 11, 2003 11:06, John Tolmachoff [EMAIL PROTECTED] wrote: What is the best way to diagnose/investigate these: 03/11/2003 11:04:05 Q33230c6100e83de9 WARNING: DNS server 67.94.227.35 returned a SERVER FAILURE error for MX or A for John Tolmachoff MCSE, CSSA IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] please help to explain
Hello, I am new to Declude Junkmail, and trying to get a handle on what is happening in the message headers, and the global.cfg file. I have set all of the settings to log only so I can track just what is being caught as spam first, before I enforce any stricter rules. But when I look at the message headers, I noticed that some of the messages still have x-rbl-warning: in the headers, and some even have x-cybersitter (a test I am not using). How can this be? My thought was to filter the mail at the users outlook with a rule looking for x-rbl-warning in the header of the message, and then sending these messages to a separate spam folder that the user creates and can monitor how they choose. I am sure it just my understanding of how the product works here that is the problem. Thanks for any help in clearing this up for me. Jeffrey Di Gregorio Systems Administrator Pacific School of Religion
RE: [Declude.JunkMail] please help to explain
Is it possible to customize the notice that is placed in the header when Declude Junkmail gets a warn instead of the standard x-rbl-warning:? This way my outlook rules will be acting upon only what my server has found to be suspicious messages, or can you suggest a better way for me to accomplish this. Thanks again, Jeffrey Di Gregorio -Original Message- From: R. Scott Perry [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 05, 2003 9:43 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] please help to explain I am new to Declude Junkmail, and trying to get a handle on what is happening in the message headers, and the global.cfg file.I have set all of the settings to log only so I can track just what is being caught as spam first, before I enforce any stricter rules. But when I look at the message headers, I noticed that some of the messages still have x-rbl-warning: in the headers, and some even have x-cybersitter (a test I am not using). How can this be? That's probably because the E-mail came from a server that is running Declude JunkMail. For example, if I send an E-mail to you, you'll see the headers that Declude JunkMail adds on this end. My thought was to filter the mail at the users outlook with a rule looking for x-rbl-warning in the header of the message, and then sending these messages to a separate spam folder that the user creates and can monitor how they choose. That would work fine. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.