RE: [Declude.JunkMail] FROMNOMATCH returning high scores
Was it invURIBL by any chance? If so did you find a cause? From: Nick Hayer [mailto:n...@madriveraccess.com] Sent: Wednesday, May 18, 2011 3:06 PM To: Declude.JunkMail@declude.com Subject: re: [Declude.JunkMail] FROMNOMATCH returning high scores I haven't seen it on FROMNOMATCH but have seen it elsewhere; specifically when an external app throws an exception. Bottom line somewhere declude or some other app threw an exception - the wacko score is the result. -Nick MadRiverAccess.com|Skywaves.com Tech Support US/Canada 877-873-6482 or International +1-802-229-6574 Emergency Support 24/7: supp...@skywaves.net General and Non-Emergency support ticket: https://www.skywaves.com/content/secure/support_ticket.htm _ From: Jim Comerford jcomerf...@sbsnet.com Sent: Wednesday, May 18, 2011 1:13 PM To: Declude.JunkMail@declude.com Subject: [Declude.JunkMail] FROMNOMATCH returning high scores Has anyone else seen the FROMNOMATCH test returning ridiculously high scores (like 1027774676) event though its not configured to do so... and yet Declude does not act on the cumulative score, so for example a message with score 1027774676 would not get deleted like it is configured to at a score of 30? Curious if anyone else is seeing this and if they know the cause. -Jim --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] FROMNOMATCH returning high scores
Has anyone else seen the FROMNOMATCH test returning ridiculously high scores (like 1027774676) event though its not configured to do so... and yet Declude does not act on the cumulative score, so for example a message with score 1027774676 would not get deleted like it is configured to at a score of 30? Curious if anyone else is seeing this and if they know the cause. -Jim --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] FROMNOMATCH returning high scores
Well I just solved 1/2 the problem. The range I had defined did not go past so that’s why they were not acted on. Still unsolved is the very high score from FROMNOMATCH test - I'm working with DECLUDE on it, but curious if anyone but me has sees that happen. -Original Message- From: Herb Guenther [mailto:h...@lanex.com] Sent: Wednesday, May 18, 2011 1:31 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] FROMNOMATCH returning high scores I have not seen that. Herb On 5/18/2011 12:12 PM, Jim Comerford wrote: Has anyone else seen the FROMNOMATCH test returning ridiculously high scores (like 1027774676) event though its not configured to do so... and yet Declude does not act on the cumulative score, so for example a message with score 1027774676 would not get deleted like it is configured to at a score of 30? Curious if anyone else is seeing this and if they know the cause. -Jim --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. -- Herb Guenther Lanex, LLC www.lanex.com (262)789-0966x102 Office (262)789-0966x200 (off hours or if out of office) This e-mail is confidential and is for the use of the intended recipient(s)only. If you are not an intended recipient please advise us of our error by return e-mail then delete this e-mail and any attached files. You may not copy, disclose or use the contents in any way. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Sniffer Integration - Global Exit Code nonzero?
So what's the difference between the SNIFFER test as Internal vs External? Is one faster than the other? Assuming you did not want to check the individual tests (ie SNIFFER-TRAVEL) is there an advantage to using one over the other? Internal: SNIFFER external nonzero C:\Smartermail\Declude\Sniffer\xxx.exe xxxabc12312 0 SNIFFER-TRAVEL SNFx 47 12 0 External SNIFFER external nonzero D:\IMAIL\Declude\SNF\SNFClient.exe12 0 -Jim From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of David Barker Sent: Friday, April 30, 2010 11:14 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Sniffer Integration - Global Exit Code nonzero? The test works as an internal test and not as an external test. The main difference being the location of the exit code. See external is the 1st variable whereas the internal it is the 2nd variable and the NONZERO does not work for that. SNIFFER external nonzero C:\Smartermail\Declude\Sniffer\xxx.exe xxxabc12312 0 SNIFFER-TRAVEL SNFx 47 12 0 Also even though there are multiple entries the test only runs once and the resulted exit code is the triggered. David From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Andy Schmidt Sent: Friday, April 30, 2010 10:31 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Sniffer Integration - Global Exit Code nonzero? Hi Dave, Thanks for taking the time to explain it. I see that the sample on your web site has already been corrected to read IPREPUTATIONSNFIPREP and I was simply working off an earlier copy. For the SNF test type, is there a way to have a global match (e.g., NONZERO), instead of having to specify each of the 18 (current) return codes one at a time? The external Sniffer simply allow me to code: SNIFFER external nonzero D:\IMAIL\Declude\SNF\SNFClient.exe10 0 Best Regards, Andy From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of David Barker Sent: Friday, April 30, 2010 10:05 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Sniffer Integration SNFIPBLACK SNFIP the 2nd variable value is 5 = Block and works as an exit code. IPREPUTATION works differently. Note: IPREPUTATIONSNFIP please update this to IPREPUTATIONSNFIPREP x 0 10 -5 this should be the default. SNFIPREP represents a scale of -1- 0 - 1 when the 2nd variable (BASEPOINT) is set to 0 this will convert the IP reputation to this scale as the examples below: If final score is 0 no score is added to the email dec0430.log1842 04/30/2010 00:01:20.700 49319588 SNFIPRep the Value of Result = 0.00 If final score is + the 3rd variable score is used in this case 10 dec0430.log7351 04/30/2010 00:07:14.043 49319625 SNFIPRep the Value of Result = 0.267262 If final score is - the 4th variable score is used in this case -5 dec0430.log1192604/30/2010 00:08:50.340 49319647 SNFIPRep the Value of Result = -0.267262 The BASEPOINT is the point value at which an email will be considered Good if the result is to the left or Bad if to the right. (SNIFFER RETURN) x 10 - (BASEPOINT) = Result Example: 0.267262 x 10 - 0 = 2 This is positive then the test is triggered for 10 points. 0.267262 x 10 - 1 = 1 This is positive then the test is triggered for 10 points. 0.267262 x 10 - 2 = 0 Not Triggered. 0.267262 x 10 - 3 = -1 This is negative then the test is not-triggered for -5 points. 0.267262 x 10 - 4 = -2 This is negative then the test is not-triggered for -5 points. -0.267262 x 10 - 0 = -2 This is negative then the test is not-triggered for -5 points. -0.267262 x 10 - 1 = -1 This is negative then the test is not-triggered for -5 points. -0.267262 x 10 - 2 = 0 Not Triggered. -0.267262 x 10 - 3 = -1 This is negative then the test is not-triggered for -5 points. -0.267262 x 10 - 4 = -2 This is negative then the test is not-triggered for -5 points. David Barker VP Operations Declude Your Email security is our business 978.499.2933 office 978.988.1311 fax mailto:dbar...@declude.com dbar...@declude.com , April 30, 2010 1:26 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Sniffer Integration Hi, 1. I'm confused about the Sniffer integration sample: SNFIPBLACK SNFIP x 5 10 0 IPREPUTATIONSNFIP x 5 10 -5 It seems to me as if BOTH lines test the SAME Sniffer return code of 5 - but one line assigns adds a weight of 10 when found
RE: [Declude.JunkMail] Enumerating and Weighting IP4R/RHSBL/DNSBL tests
I also use fresh15.spameatingmonkey.net and urired.spameatingmonkey.net in my invuribl config Do you happen to know the config lines you need for invuribl to use these...? --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Problems with AUTOWHITELIST
How about a per-domain config... You can turn off AUTOWHITELIST for that customer. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Sunday, November 09, 2008 11:31 PM To: Declude.JunkMail@declude.com Subject: [Declude.JunkMail] Problems with AUTOWHITELIST I am having an issue with AUTOWHITELIST. I have a customer who's users use the web mail client exclusively. Because of this, they put each other in their address books. As spammers will spoof email to one user with another user from the same domain's address, this becomes a problem. With AUTOWHITELIST ON, all of this type of spam gets whitelisted. I cannot turn the feature off because that is how I let my other customers manage their personal whitelist. I would request that Declude offer an alternative to AUTOWHITELIST. Give me a test whereby I can assign a weight to an email if the sender is in the address book. That way, I can assign an appropriate negative weight to allow some of the email to come through but still catch the real bad stuff. Once it's whitelisted, nothing else can be done. This also goes for WHITELIST AUTH. Give us a test whereby I can test for Authentication and do whatever I want based on that. Please help, Don --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Forged-Spam Backscatter
What is the reccommended entry in global.cfg for this filter... Does it also need an entry in $default$.junkmail files(s) Thanks, Jim Comerford http://www.sbsnet.com/images/1px.gif http://www.sbsnet.com/images/sbs65.jpg Successful Business Solutions, Inc. PO Box 310 Gillette, NJ 07933 phone 908-322-5123 fax 908-517-9318 mailto:[EMAIL PROTECTED] [EMAIL PROTECTED] http://www.sbsnet.com/ www.sbsnet.com _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Friday, April 04, 2008 2:01 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Forged-Spam Backscatter I have posted the backscatter filters we use under the download section of Declude, any feedback is welcome. David B From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Colbeck, Andrew Sent: Thursday, April 03, 2008 6:42 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Forged-Spam Backscatter Symantec says that backscatter-as-deliberate-spam-technique is back in vogue. See their April State of Spam Report http://www.symantec.com/enterprise/security_response/weblog/2008/04/post_8.h tml Andrew. _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Todd Richards Sent: Thursday, April 03, 2008 12:43 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Forged-Spam Backscatter Jim - I'm running the exact same set up as you are. We had the same problem about two weeks ago. I don't know if this made much difference or not, but I noticed the domains that we were seeing this with did not have any SPF records in place. So when I saw this sudden increase come through, I added a strict SPF policy for that domain. The backscatter for that domain all but stopped. A few days later, a different domain was targeted - without an SPF record - and adding one seemed to cure that. This happened a few more times, with the results all the same. I'm not at an expert level to say whether this did or did not do the trick. Perhaps it was just coincidental. All the new domains that are set up and running services through us get strict SPF records put in place from the start. However, the older domains that have been around for a while - that didn't have SPF in place - were the ones that seemed to have had the problem. And since then, we haven't had any more problems with that. I can't say for sure that them having their email addresses on their websites was the problem for sure or not. For what it's worth, my new policy is to not put email addresses on public websites. Anyway, just thought I would throw that out there. Todd From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jim Comerford Sent: Thursday, April 03, 2008 1:46 PM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] Forged-Spam Backscatter Over the last several weeks we have seen a dramatic increase in spam hitting our server. From about 70,000 mails a day to around 110,000 /day. Most destined for our users is getting properly filtered by declude. What is getting thru is backscatter from spam that is forging addresses from domains we host. It seems just about any address that is posted on a website seems to be being used to forge outgoing spam (not from our server) -- and is generating all sorts of bounce messages. I suspect there is not much I can do to block this backscatter without blocking legit bounce messages... but I thought I'd ask. Here is our config: Imail 8.22 Declude 4.3.64 invURIBL 3.1.1 Sniffer --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.1px.gifsbs65.jpg
[Declude.JunkMail] Forged-Spam Backscatter
Over the last several weeks we have seen a dramatic increase in spam hitting our server. From about 70,000 mails a day to around 110,000 /day. Most destined for our users is getting properly filtered by declude. What is getting thru is backscatter from spam that is forging addresses from domains we host. It seems just about any address that is posted on a website seems to be being used to forge outgoing spam (not from our server) -- and is generating all sorts of bounce messages. I suspect there is not much I can do to block this backscatter without blocking legit bounce messages... but I thought I'd ask. Here is our config: Imail 8.22 Declude 4.3.64 invURIBL 3.1.1 Sniffer --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Forged-Spam Backscatter
... but I noticed the domains that we were seeing this with did not have any SPF records in place. So when I saw this sudden increase come through, I added a strict SPF policy for that domain. The backscatter for that domain all but stopped. ... Good thing to check... the latest domain to get hit did NOT have an SPF record (and this seems to have been the worst so far)... BUT MOST of the ones that did get hit - did have an SPF record and we still get backscatter. We typically add SPF on all domains.. but in reviewing we had missed a couple of them. Hopefully the Filter that David is referring to will help. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Need to Filter...
Hi, I have a customer that keep getting a certain message I would like to block. Here are the headers. It always has the mailto:[EMAIL PROTECTED] [EMAIL PROTECTED] address in there. How best to block this message. I have changed my customers email address in these headers to mailto:[EMAIL PROTECTED] [EMAIL PROTECTED] Microsoft Mail Internet Headers Version 2.0 Received: from mail.sbsnet.com ([63.147.233.20]) by thisdomain.com with Microsoft SMTPSVC(6.0.3790.1830); Wed, 5 Mar 2008 16:28:11 -0500 Received: from py-out-1112.google.com [64.233.166.182] by mail.sbsnet.com with ESMTP (SMTPD-8.22) id A7A5023C; Wed, 05 Mar 2008 15:50:45 -0500 Received: by py-out-1112.google.com with SMTP id u52so2871078pyb.10 for someone mailto:[EMAIL PROTECTED] @thisdomain; Wed, 05 Mar 2008 12:50:42 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:received:received:message-id:from:to:subject:date; bh=7XAeQbBfpxM7+gtXqB4pHXkly3zKIUhT03M6xBGz6Fs=; b=R3EKQ9CkpX9inopXhNybOUkX9PkvZGe6zWd7/6n+iZVdGJVHwBJgnbH3jcKZPA7+RQzuZq Ptc28yS1czmWq4lt/k16yAxZ/iQLzbkPTotnh87GaRLnQzXAJTnyGi6I7+BULIwiODZqda2R 0ZLKqOIWMPwN6nhCLcP/yTCtdgWjs= DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=message-id:from:to:subject:date; b=uqmrXv3hqd0vHoXWsqtE5fKqJqKmW3QKVxeAsuLQi4ELBtTVDU8Dqkd5qlLaJJJrSD5QGS k9oEP4wokdxzY7o7XQrzfwPGvIhCw3tVJ+EU7Ukr70XKGSZDvzeMYfvdIRXG4DvAbJrubdN9 IQRqluRXH4h9QE5G9Y0yhScCh2luo= Received: by 10.35.75.15 with SMTP id c15mr5258589pyl.6.1204750242251; Wed, 05 Mar 2008 12:50:42 -0800 (PST) Received: by 10.35.75.15 with SMTP id c15mr10486278pyl.6; Wed, 05 Mar 2008 12:50:42 -0800 (PST) Message-ID: [EMAIL PROTECTED] From: Mail Delivery Subsystem [EMAIL PROTECTED] To: someone mailto:[EMAIL PROTECTED] @thisdomain.com Subject: Delivery Status Notification (Delay) Date: Wed, 05 Mar 2008 12:50:42 -0800 (PST) X-RBL-Warning: MXRATE-ALLOW: GOOD SENDER X-RBL-Warning: FROMNOMATCH: Env sender () From: ([EMAIL PROTECTED]) mismatch. X-Declude-Sender: [64.233.166.182] X-Declude-Spoolname: D07a5017c0029.smd X-Declude-RefID: X-Declude-Scan: Score [-5] at 16:29:09 on 05 Mar 2008 X-Declude-Fail: MXRATE-ALLOW [-5], BGISOCWL [-1], CASA [-1], FROMNOMATCH [2] X-Country-Chain: UNITED STATES-destination Return-Path: X-OriginalArrivalTime: 05 Mar 2008 21:28:11.0355 (UTC) FILETIME=[D02392B0:01C87F07] -Original Message- From: Mail Delivery Subsystem [ mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] Sent: Wednesday, March 05, 2008 3:51 PM To: someone Subject: Delivery Status Notification (Delay) This is an automatically generated Delivery Status Notification THIS IS A WARNING MESSAGE ONLY. YOU DO NOT NEED TO RESEND YOUR MESSAGE. Delivery to the following recipient has been delayed: [EMAIL PROTECTED] Message will be retried for 4 more day(s) Technical details of temporary failure: DISABLED_USER: Account temporarily disabled - Message header follows - Received: by 10.35.84.9 with SMTP id m9mr18615493pyl.6.1204468218506; Sun, 02 Mar 2008 06:30:18 -0800 (PST) Return-Path: someone mailto:[EMAIL PROTECTED] @thisdomain.com Received: from e58065.upc-e.chello.nl (e58065.upc-e.chello.nl [213.93.58.65]) by mx.google.com with SMTP id f60si40752796pyh.14.2008.03.02.06.30.14; Sun, 02 Mar 2008 06:30:18 -0800 (PST) Received-SPF: neutral (google.com: 213.93.58.65 is neither permitted nor denied by best guess record for domain of someone mailto:[EMAIL PROTECTED] @thisdomain.com) client-ip=213.93.58.65; Authentication-Results: mx.google.com; spf=neutral (google.com: 213.93.58.65 is neither permitted nor denied by best guess record for domain of [EMAIL PROTECTED]) mailto:[EMAIL PROTECTED] [EMAIL PROTECTED] Date: Sun, 02 Mar 2008 06:30:18 -0800 (PST) X-Originating-IP: [95.1.80.490] X-Originating-Email: [EMAIL PROTECTED] X-Sender: [EMAIL PROTECTED] Return-Path: [EMAIL PROTECTED] Received: (qmail 13690 by uid 349); Sun, 2 Mar 2008 03:30:54 +0100 Message-Id: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: RE: SALE 70% OFF From: [EMAIL PROTECTED] MIME-Version: 1.0 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] New PDF worm?
Could someone explain further how this filter works and what it is doing... it is adding weight to all PDF's or is this searhcing for some common element present in the PDF Spams? _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Monday, July 02, 2007 1:35 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] New PDF worm? Create a filter eg FILTER-PDF.txt and use the following lines. Adjust your weights accordingly. Also ensure you are running Declude 4.3.46 BODY 3 PCRE (JVBERi0xLjMgCjEgMCBvYmoKPDwKPj4KZW5kb2JqCjIgMCBvYmo) BODY 5 PCRE (-+[0-9]+\r\n(?:[a-zA-Z\-]+: [^\r]+\r\n)+(?:\r\n){1,}-+[0-9]+\r\n(?:[a-zA-Z\-]+: [^\r]+\r\n)*Content-Type: application/pdf;) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Katie LaSalle-Lowery Sent: Monday, July 02, 2007 1:28 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] New PDF worm? We've been suffering .pdf spam getting through the filter. What settings are you using that's identifying these as spam? We're seeing an overall increase in spam getting through the filter the last few weeks... Thanks, Katie _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of SJ.Stanaitis Sent: Wednesday, June 27, 2007 9:17 AM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] New PDF worm? I'm getting gobs of PDF's snagged in my antispam filter, they're not triggering any AV yet, anyone else seeing this? SJ.Stanaitis - Network Administrator Decorative Product Source, Inc. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Per user config and performance
I don't have specific answers for you, but when I implemented per-domain setup, I inquired with Linda at Declude Tech Support and she was very helpful and timely in assisting in the setup. There are ways to default domains (and I assume users) to use a base set of settings if you dont need a custom setup for each. My experience with Declude tech support has been excellent - so why not try it since the answer is not coming out here quickly. -Jim _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ing. Andrés E. Gallo Sent: Wednesday, May 16, 2007 9:27 AM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] Per user config and performance Sorry for re-posting but from Thursday to Monday, no messages of the list. If any, please re-answer. Thanks Andres.- /***/ Hi List I wonder if some have experience by configuring the per user and per domain settings. I mean, having 5000 users per domain, each user by domain will choose if Declude Antispam or not. So, should be a file ( for all users same configuration, _not_ customized for each one ) like user.junkmail, user1.junkmail, user6.junkmail and so on under each domain dir. How this will impact performance ? Is there a limit there ? Any experience ? or any easy way to do it ? Regards Andres-. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Weighting based on some Imail Tests...?
I'm relatively new to Declude, but have been using Imail and many of its test for quite a while. I'm curious if it is possible to use some of imail's antispam tests (specifically Baysean filter, and url-blacklist) to add weight to declude tests. We have had great results with these two tests and if they were in the weighting systen I think it would help. I'm not sure which part of imail's tests get run before control is passed to declude, but it seems if these are, declude shouldbe able to use them in the weighting system... Is anyone doing anything like this? Or and I off base and duplicating something that declude already offers...? --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] How can I make imail look for Declude in a different location?
We recently had some problems with our mail server. The C drive corrupted and we had to re-install the opertaing system. Fortunately, the D drive where imail was located was unharmed. We re-installed imail, swapped in the old imail folderand, with a little help from imail's built-in backup/restore system, everything is almost working again.The problem is that the person who re-installed our OS also renamed the drive letters. The drive where imail is located is now E, rather than D. We are seeing in our log that every time an email goes through the system, imail is searching for "D:\IMail\Declude.exe" when it should now be searching for "E:\IMail\Declude.exe". Is there some easy way to get imail to look for declude in the correct location? Yahoo! Shopping Find Great Deals on Holiday Gifts at Yahoo! Shopping
RE: [Declude.JunkMail] How can I make imail look for Declude in a different location?
Kevin Bilbee [EMAIL PROTECTED] wrote: Change the registry settingYup, that did it. Thanks! Yahoo! Shopping Find Great Deals on Holiday Gifts at Yahoo! Shopping
Re: [Declude.JunkMail] Any word on the 2.06 release?
Erik wrote: Me either Declude has been pretty silent with a lack of communication in all areas. Is anyone running the current version (2.05?) with Smartermail? I've yet to install it with all the problems of late. Jim --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Declude 2.0b status
Andy Schmidt wrote: Is there now a 2.0 beta that's robust enough to install? And is there a 2.0 beta that we can use with SmarterMail? Inquiring minds want to know! :) Jim --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Declude 2.0b status
Scott Fisher wrote: Is anyone happily running Declude 2.0 beta for Imail? I asked about this last week and received an email from Declude saying there would be news last week. So I dunno what the status is... I'm running Smartermail and REALLY want to get Declude running again. Jim --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] smartermail beta news?
Any news on the Declude/Smartermail beta?? Is this usable in a production setting? I switched 2 weeks ago and everything is going great except for the spam. Jim --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Forwarding and Hosting on IMail vs. SmarterMail
On Mon, 10 Jan 2005 21:29:25 -0500, Matt wrote: I'm watching intently myself for what other's experiences are with SmarterMail, and I trust that Declude will work hard to iron out the issues that exist in the migration to this new platform. I We just moved to Smartermail. I did the migration late Thursday. Took maybe 30-45 minutes. We don't have a huge userbase. 35 domains, 300 users and do maybe 5-6000 mails a day. We never had any performance problems with Imail. Mainly switched due to the recent flak about the new release and minor issues that have just never been addressed. I was anticipating a lot of calls after the switch but I think I had 3 phone calls Friday - mainly people who needed to turn on SMTP authentication or had some other odd configuration issue. Biggest issue now is spam. Need my Declude! :) There are some things missing, but there are also a lot of small neat features that make you say 'what a neat idea'... Jim --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] spam to Imail aliases
Last few weeks I've finally taken some time to read the manual and tweak Declude. So far I'm seeing great results - but have one problem which I can't seem to resolve. Right now spam to an Imail alias gets through. For example I've got an alias setup for '[EMAIL PROTECTED]' which directs mail to several normal Imail accounts. Spam to this alias fails the WEIGHT10 test but still gets through? I read 6.14 Using the actual recipient instead of intended recipient for settings. But this just confuses me more as spam to the accounts I've included in the alias is normally caught. I've also added two directories to cover any problems with my mail domain or domain aliases per 11. Per-Domain Configuration So I have setup: \IMail\declude\mail.mydomain.com as well as \IMail\declude\mydomain.com What am I missing? Here is an example of the headers that get through: Received: from fastcashvoicemail.com [68.83.227.212] by mail.mydomain.com (SMTPD32-8.05) id AC3C309A009A; Fri, 19 Nov 2004 13:32:28 -0500 Received: from dummo (h00045ade3330.ne.client2.attbi.com [24.61.44.13]) by fastcashvoicemail.com (8.12.3/8.12.3/Debian-6.3) with ESMTP id J87Gz014582511 for [EMAIL PROTECTED]; Sat, 20 Nov 2004 13:03:17 -0500 (EST) Message-Id: [EMAIL PROTECTED] X-Mailer: QUALCOMM Windows Eudora Version 5.2.0.9 Date: Sat, 20 Nov 2004 13:03:17 -0500 (EST) To: [EMAIL PROTECTED] From: Raven Mccall [EMAIL PROTECTED] Subject: Logo templates starting from $19 to create your own custom logo Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Declude-Sender: [EMAIL PROTECTED] [68.83.227.212] X-Declude-Spoolname: D3c3c309a009a19e0.SMD X-Note: == X-Note: Spam Score: 18 X-Note: Scan Time: 13:32:31 on 19 Nov 2004 X-Note: Spool File: D3c3c309a009a19e0.SMD X-Note: Server Name: fastcashvoicemail.com X-Note: SMTP Sender: [EMAIL PROTECTED] X-Note: Reverse DNS IP: pcp02166333pcs.levtwn01.pa.comcast.net [68.83.227.212] X-Note: Recipient(s): jim, lloyd X-Note: Country Chain: X-Note: == X-Note: This E-mail was scanned filtered by Declude [1.81] for SPAM X-Note: http://www.declude.com/x-note.htm X-Note: == X-Note: Tests Failed: XBL, SORBS-DUHL, SPAMCOP, WEIGHT10 X-Note: == X-RCPT-TO: [EMAIL PROTECTED] Status: U X-UIDL: 399578894 Thanks much! Jim --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Declude/Smartermail
Mailing Lists wrote: We're moving our installs to SM as well, hoping to see Declude support for it ): Ditto! One more vote for SM. Jim --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Declude and Ipswitch ICS
The only reason to freak out is because Ipswich has pissed off their customer base by not giving people a heads up and slapping us in the fact Well I think a lot of us are concerned because we have invested a lot of money and time into Imail: 1. platform - Windows vs. free Linux alternative 2. add ons - declude and anti-virus 3. time on setups, configs, automated tools, scripts, etc If I have to switch mail platforms most of that goes out the window. I now have to re-evaluate several mail clients - pick one and hope it works as well as iMail did, and that companies like Declude will support them. I don't think any of us would be as upset if a year ago Ipswitch published their intentions to kill off Imail which would have allowed everyone to come up with migration plans or upgrade, but now as others have pointed out if something security or bug wise shows up in current or older versions of Imail - will Ipswitch release patches or upgrades? Jim --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Solution to death of IMail
On Tue, 26 Oct 2004 04:46:50 -0400, Mark E. Smith wrote: What makes everyone think that Declude won't work with Ipswitch ICS? I'll bet that the core MTA in ICS is identical to Imail -- probably 99% of the same SMTP code. Unless the Spool folder, file name structure and ability to call your own SMTP32D transport is removed, I'll bet that it works. Has anyone downloaded a version and tested? If I get a chance I'll DL and test in Virtual PC. I'm not going to download it for the same reason I don't go for test rides in Hummers and Mercedes - because while I'm sure the product is nice - I'll never be able to afford it :) I'll probably spend some time today seeing what's new out in the mail server world. Been years since I've looked so it'll be interesting to see what has popped up. Jim --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] IPSwitch ICS
Nick Hayer wrote: Because your customer base of Imail will not be increasing or so it seems - if it is Collaborate or not it seems most folks will NOT - Wow. I missed the beginning of this thread but it looks like IMail is no more?? Just visited the IPSwitch site and read up on ICS. Not something I'm really interested in from the looks of it... So add me to the 'what other products will Declude support' question. So far we're happy with Imail 8 but eventually I can see us migrating elsewhere. Jim --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] OT - Copying 200,000 plus files
Jeff Pereira wrote: What's killing me is not so much the amount of data, but the fact that there are so many small files. I'm gonna have to try XCOPY on the next folder and see how that works. I can't remember but do TIFF files compress well? Might be worth it to ZIP them and copy that over. Jim --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Anything special for Imail 8.1?
I know when Imail 8.1 was initially release there were some issues with Imail and Declude? I just noticed 8.11 is out and figured I'd upgrade but want to make sure my Junkmail doesn't break! :) Also - does anyone have the current ULR to the latest Junkmail manual and download? I can't find it on the new site anywhere? Search doesn't find it and there is no sitemap... Thanks! jim --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Anything special for Imail 8.1?
Ipswitch now essentially has their customers beta-test the software when it is released. The latest beta of Declude has That's why I waited for 8.11 :) There are no known issues with IMail v8.11 and Declude. So can I continue to use the latest non-beta or do I need to beta? How stable is the beta? Thanks, Jim --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Help with filter to delete mail
I've finally gotten some time to me mess around with my recent JunkMail installation and am trying to begin slowly and configure a simple filter to delete some recurring spam I get for a legitimate source (long story) I followed the manual and in my globals.cfg file I've setup: BIGELOWSPAM filter E:\IMail\declude\bigelowspam.txt x 5 0 Bigelowspam.txt contains: HEADERS 8 CONTAINSbigelowspam.rcbigelow_nt.local My domain specific $default$.junkmail contains: BIGELOWSPAMDELETE But I'm still getting messages through - and if I look at the headers I can see they've failed the test: X-Spam-Tests-Failed: BADHEADERS, HELOBOGUS, IPNOTINMX, REVDNS, ROUTING, BIGELOWSPAM, WEIGHT10, WEIGHT20 [27] I've also got it setup to delete at WEIGHT20 but it's bypassing that one as well? What am I doing wrong? Thanks, Jim --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Help with filter to delete mail
Thanks Scott, That is indeed the case - I think it's reading the base $default$.junkmail and it's never making it to my \domainname\$default$.junkmail where I have it set to delete. Looking in the logs it's flagged and marked as IGNORE I guess I could set it to delete in the base $default$.junkmail ?? Jim -Original Message- From: R. Scott Perry [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 31, 2004 1:45 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Help with filter to delete mail That means that the test is set up properly, but a different action is being used than the one you expected. From the manual: --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Help with filter to delete mail
The full path is: E:\imail\declude\mail.mydomainname.com\$default$.junkmail Here is what I'm seeing in the log: 03/31/2004 14:22:44 Q1a810b6d006cf796 Triggered CONTAINS filter on bigelowspam.rcbigelow_nt.local [weight-8; bigelowspam.rcbigelow_nt.local]. 03/31/2004 14:22:44 Q1a810b6d006cf796 BADHEADERS:8 HELOBOGUS:5 nNOLEGITCONTENT:-5 REVDNS:4 BIGELOWSPAM:13 . Total weight = 25 03/31/2004 14:22:44 Q1a810b6d006cf796 Using [incoming] CFG file e:\IMail\Declude\\$default$.junkmail. 03/31/2004 14:22:44 Q1a810b6d006cf796 Using [incoming] CFG file e:\IMail\Declude\\$default$.junkmail. 03/31/2004 14:22:44 Q1a810b6d006cf796 Msg failed BADHEADERS (This E-mail was sent from a broken mail client [801e].). Action=IGNORE. 03/31/2004 14:22:44 Q1a810b6d006cf796 Msg failed HELOBOGUS (Domain mail.rcbigelow_nt.local has no MX or A records.). Action=IGNORE. 03/31/2004 14:22:44 Q1a810b6d006cf796 Msg failed REVDNS (This E-mail was sent from a MUA/MTA xxx.xxx.xxx.98 with no reverse DNS entry.). Action=IGNORE. 03/31/2004 14:22:44 Q1a810b6d006cf796 Msg failed BIGELOWSPAM (Message failed BIGELOWSPAM test (1)). Action=IGNORE. 03/31/2004 14:22:44 Q1a810b6d006cf796 Msg failed WEIGHT10 (Weight of 25 reaches or exceeds the limit of 10.). Action=IGNORE. 03/31/2004 14:22:44 Q1a810b6d006cf796 Msg failed WEIGHT20 (Weight of 25 reaches or exceeds the limit of 20.). Action=IGNORE. 03/31/2004 14:22:44 Q1a810b6d006cf796 L2 Message OK 03/31/2004 14:22:44 Q1a810b6d006cf796 Last action = IGNORE. I can see elsewhere in the logs where it's hitting the domain file: Using [incoming] CFG file e:\IMail\Declude\mail.mydomain.com\$default$.junkmail Just not for this particular filter? Jim -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Wednesday, March 31, 2004 2:23 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Help with filter to delete mail That is indeed the case - I think it's reading the base $default$.junkmail and it's never making it to my \domainname\$default$.junkmail where I have it set to delete. Is domainname the actual name of the domain name (if domainname is an alias for mail.domainname, then the directory needs to be \IMail\Declude\mail.domainname\)? -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Help with filter to delete mail
It is indeed mail.mydomainname.com, which is also how Imail is setup. Diagnostics ON (Declude v1.75). Declude JunkMail: Config file found (E:\IMAIL\Declude\global.CFG). 37 spam tests defined: HIDETESTS AHBL BLITZEDALL CBL DSBL ORDB SBL SORBS-H RBS-SOCKS SORBS-MISC SORBS-SMTP SORBS-SPAM SORBS-WEB SORBS-BLOCK SORBS-ZOM RBS-DUHL SPAMCOP DSN NOABUSE NOPOSTMASTER BONDEDSENDER BADHEADERS BASE64 C E COMMENTS HELOBOGUS IPNOTINMX MAILFROM NOLEGITCONTENT PERCENT REVDNS ROUT AMHEADERS BIGELOWSPAM WEIGHT10 WEIGHT20 CATCHALLMAILS IMail reports Official Host Name as: mail.mydomainname.com. IMail's SendName registry seems OK: e:\IMail\Declude.exe. Declude JunkMail Status: PRO version registered. I was digging through the log and notice the only place the double \\ appear are for entries for the test I added... Do I need to wrap the path in global.cfg with quotes?? BIGELOWSPAM filter E:\IMail\declude\bigelowspam.txt x 5 0 OR BIGELOWSPAM filter E:\IMail\declude\bigelowspam.txt x 5 0 I can certainly pull corresponding logs from Imail. Jim -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Wednesday, March 31, 2004 3:16 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Help with filter to delete mail Well, the question then becomes: is mail.mydomainname.com the actual name of the domain, or a domain alias? If the actual name is mydomainname.com, then directory should be E:\imail\declude\mydomainname.com\$default$.junkmail. What matters it the actual domain name (in the IMail settings). What version of Declude are you running (\IMail\Declude -diag from a command prompt will show you)? The \\ in there shows that something isn't right (either an old logging bug, or perhaps Declude thinks the domain is just ). Do you have the IMail log file entries for this E-mail? --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Help with filter to delete mail
The email is going to: [EMAIL PROTECTED] which is an alias for [EMAIL PROTECTED] Thanks, Jim -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Wednesday, March 31, 2004 3:46 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Help with filter to delete mail It is indeed mail.mydomainname.com, which is also how Imail is setup. The next question, then, is Was the E-mail sent to an alias?. If so, the domain used in the alias would be used for the per-domain configuration settings. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Help with filter to delete mail
Sorry, don't mean to be dense here - I'm learning :) So I need both: Imail\declude\mail.mydomainname.com Imail\declude\mydomainname.com Or will Imail\declude\mydomainname.com cover both? Seems like when I originally set this up I tried just mydomainname.com and it didn't work - I had to use the mail.mydomainname.com Thanks, Jim -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Wednesday, March 31, 2004 4:03 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Help with filter to delete mail The email is going to: [EMAIL PROTECTED] which is an alias for [EMAIL PROTECTED] In that case, you need to use \IMail\Declude\mydomainname.com (for aliases, IMail gives Declude the domain that the alias points to, rather than the official name of the domain). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Bounce not an action??
Title: Message After reading archives for the past two hours, I still do not understand why this is happening. I completely removed BOUNCE from $default$.junkmail and global.cfg. I changed it to delete. As is evidenced by the lines below, WEIGHT40 is set to LOG and WEIGHT50=IGNORE. But in my cfg files I have them both set to DELETE. Redundant, I realize but I am going bald right now trying to figure this out. I believe this file should have been deleted with a weight of 60. Am I wrong in this belief and if so, how do I make it so? 03/05/2004 07:26:33 Q800304f9037efdbb SBL:20 SPAMHEADERS:20 FLOWGO:20 . Total weight = 60.03/05/2004 07:26:33 Q800304f9037efdbb Warning: misconfiguration in following line in configuration file (bounce is not an ACTION). May be a duplicate test definition?03/05/2004 07:26:33 Q800304f9037efdbb L1 Message OK03/05/2004 07:26:33 Q800304f9037efdbb Subject: *^*^*^ Good Morning !!*^*^*^*3/5/0403/05/2004 07:26:33 Q800304f9037efdbb From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] IP: 12.129.205.75 ID: h9208m03u7o603/05/2004 07:26:33 Q800304f9037efdbb Tests failed [weight=60]: SBL=IGNORE SPAMHEADERS=WARN WEIGHT40=LOG WEIGHT50=IGNORE CATCHALLMAILS=IGNORE FLOWGO=WARN $default$.junkmail DSBLWARNORDBWARNOSDULWARNOSFORMWARNOSLISTWARNOSRELAYWARNOSSMARTWARNOSSOFT WARNOSSRC WARNSPAMCOPWARNSPAMSUBJ WARNDSNWARNNOABUSEWARNNOPOSTMASTERWARNMYFILTERWARNBADHEADERSWARNHELOBOGUSWARNMAILFROM WARNPERCENTWARNREVDNSWARNROUTINGWARNSPAMHEADERSWARN#SNIFFERWARN WEIGHT20WARNWEIGHT30WARNWEIGHT40DELETEWEIGHT50DELETEMAILTOWARNKFROMWARNCOUNTRYWARNCOMMENTS20WARNCOMMENTS40WARNCOMMENTS60WARNCOMMENTS80WARNCOMMENTS100WARNCOMMENTS120WARN global.cfg DSBLWARNORDBWARN#OSDULWARNOSFORMWARNOSLISTWARNOSRELAYWARNOSSMARTWARNOSSOFT WARNOSSRC WARNSPAMCOPWARNDSNWARNNOABUSEWARNNOPOSTMASTERWARNBADHEADERSWARNHELOBOGUSWARNKFROMWARNMAILFROM WARNMAILTOWARNPERCENTWARNREVDNSWARNROUTINGWARNSPAMHEADERSWARNSPAMSUBJWARN#SNIFFERWARNWEIGHT10WARNWEIGHT20WARNWEIGHT40DELETEWEIGHT50DELETE Jim Rooth Clotron, Inc [EMAIL PROTECTED] 214.244.0979 If you can read thisthank a teacher If you are reading this in English, thank a veteran! -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of MattSent: Thursday, March 04, 2004 7:53 PMTo: [EMAIL PROTECTED]Subject: Re: [Declude.JunkMail] Bounce not an action??Jim,It's the fact that administrators bounce spam or unaddressable E-mail accepted by gateways for large sites like AOL and Yahoo that have completely ruined the use of the nobody alias for my domains because this forged stuff is constantly hitting my server, bounced from someone like you or someone like Yahoo and AOL. I've had a single person get over 200 bounce messages a day for things they didn't receive. As a result of this, I now have to score system notifications from other servers high in order to hopefully catch them on a single bit of content returned that I also sometimes false positive on legitimate bounces. If people stopped bouncing trash, none of this would be necessary.As far as your customer goes, allowing them to tell you to bounce spam is the equivalent of telling you to spam for them IMO. I will not bounce for my customers, I will capture in an account and they can go through that account looking for false positives if they wish, but being to lazy to want to bother is no excuse to bounce.It doesn't matter if you only get 100 spams a day, you just shouldn't bounce. The same thing goes for virus notifications IMO. Don't send me notices for any virus to my postmaster address, and please don't send notices to my customers...reason being, 99.9% of them are from forged addresses these days, and this causes 100 times more harm than good.MattJim Rooth wrote: Heck, I thought they had 10 gears but the 10th and 9th were reversed to give you a great overdrive. Shows what I know. I will check the archives again and see if I can find something that tells me different than don't use BOUNCE! That would be the simplest solution... Jim Rooth Clotron, Inc [EMAIL PROTECTED] 214.244.0979 "If you can read this.thank a teacher If you are reading this in English, thank a veteran!" -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of John Tolmachoff (Lists) Sent: Thursday, March 04, 2004 6:17 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Bounce not an action?? Jim Jim Jim. What can I say. Sometimes, it is hard to use that new fangled transmission that only has 9 gears instead of 13. Check the current JunkMail manual and archives, and you will be surprised. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED]] On Behalf Of Jim Rooth Sent: Thursday, March 04, 2004 4:12 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Bounce not
RE: [Declude.JunkMail] Bounce not an action??
I AGREE with you 100% Where besides the global.cfg and the $default$.junkmail could I have BOUNCE set up? I can't find it anywhere. Jim Rooth Clotron, Inc [EMAIL PROTECTED] 214.244.0979 If you can read this.thank a teacher If you are reading this in English, thank a veteran! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Friday, March 05, 2004 7:43 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Bounce not an action?? After reading archives for the past two hours, I still do not understand why this is happening. I completely removed BOUNCE from $default$.junkmail and global.cfg. I changed it to delete. Great! As is evidenced by the lines below, WEIGHT40 is set to LOG and WEIGHT50=IGNORE. But in my cfg files I have them both set to DELETE. Redundant, I realize but I am going bald right now trying to figure this out. I believe this file should have been deleted with a weight of 60. Am I wrong in this belief and if so, how do I make it so? 03/05/2004 07:26:33 Q800304f9037efdbb SBL:20 SPAMHEADERS:20 FLOWGO:20 . Total weight = 60. 03/05/2004 07:26:33 Q800304f9037efdbb Warning: misconfiguration in following line in configuration file (bounce is not an ACTION). May be a duplicate test definition? This warning: indicates that you are still using the BOUNCE action somewhere. If you are insistent upon letting them do this, here's what I wrote yesterday: --- What I would recommend is having them sign a contract that they will be liable for any issues resulting from the bounces. Specifically, about 99.9% of the E-mail that is bouncing (E-mail that fails the WEIGHT40 test) is spam. Since about 99% of spam sent with a fake return address, that's 100,000s of spams a year your customer is sending out. If I were you, I would only do it if they assume liability for it. In any case, if you feel that it is appropriate to do so, you can rename the BOUNCE action to BOUNCEONLYIFYOUMUST, and it will start working again. --- Remember that even if they pay their bills like clockwork, there are some spammers out there that pay their bills like clockwork too. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- --- --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Bounce not an action??
Thanks Scott, found it hidden in a per user file! Jim Rooth Clotron, Inc [EMAIL PROTECTED] 214.244.0979 If you can read this.thank a teacher If you are reading this in English, thank a veteran! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Friday, March 05, 2004 8:05 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Bounce not an action?? I AGREE with you 100% Where besides the global.cfg and the $default$.junkmail could I have BOUNCE set up? I can't find it anywhere. You can use LOGLEVEL HIGH to see which config files Declude JunkMail is using. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- --- --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Bounce not an action??
One last thing...I have figured a way to keep the customer happy and still be bouncing everything. I have this particular client set up per domain. They are the only one out of 75 that are set that way. I have gone into their domain $default$.junkmail file and added WEIGHT40 ROUTETO [EMAIL PROTECTED] domain .com. I am of the opinion that this will send all mail with a weight of 40 or higher (to WEIGHT 60 which is set to delete) that is sent to their domain but will not send any other mail from other domains. Is that correct? Jim Rooth Clotron, Inc [EMAIL PROTECTED] 214.244.0979 If you can read this.thank a teacher If you are reading this in English, thank a veteran! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Friday, March 05, 2004 8:05 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Bounce not an action?? I AGREE with you 100% Where besides the global.cfg and the $default$.junkmail could I have BOUNCE set up? I can't find it anywhere. You can use LOGLEVEL HIGH to see which config files Declude JunkMail is using. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- --- --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Bounce not an action??
Title: Bounce not an action?? Scott, I have been noticing this for a couple of days. I didn't say anything because of the tremendous load you have had for the last three days. Good job in getting under control! I am running v1.78i9. But even before that (running with v1.65) I was getting the error below: 03/04/2004 00:01:04 Qc6110a10001ca68e Tests failed [weight=260]: DSN=WARN NOABUSE=WARN NOPOSTMASTER=WARN BADHEADERS=WARN MYFILTER=WARN BASE64=IGNORE COUNTRY=WARN ipfile=IGNORE WEIGHT40=LOG WEIGHT60=DELETE CATCHALLMAILS=IGNORE BADWHOIS=WARN 03/04/2004 00:01:06 Warning: misconfiguration in following line in configuration file (BOUNCE is not an ACTION). May be a duplicate test definition? 03/04/2004 00:01:06 WEIGHT40 BOUNCE 03/04/2004 00:01:07 Warning: misconfiguration in following line in configuration file (BOUNCE is not an ACTION). May be a duplicate test definition? I have WEIGHT40 set to bounce in the global.cfg. It has been working without fail until the last four or five days. I could find no location that had WEIGHT40=LOG. Any ideas? Jim Rooth Clotron, Inc [EMAIL PROTECTED] 214.244.0979 If you can read thisthank a teacher If you are reading this in English, thank a veteran!
RE: [Declude.JunkMail] Bounce not an action??
Not because I want to, that's for sure. But I have my largest customer who wants all mail to be sent back so the sender can see their email didn't go through. They average 900 emails a day just from bounces! The overhead caused by it is extremely detrimental but they pay the bill like clockwork. I just went through and I lied to you. It started yesterday at 1311 which is when I loaded the v178.i9 on the server. Jim Rooth Clotron, Inc [EMAIL PROTECTED] 214.244.0979 If you can read this.thank a teacher If you are reading this in English, thank a veteran! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Thursday, March 04, 2004 5:58 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Bounce not an action?? I have WEIGHT40 set to bounce in the global.cfg. I know you're looking for an answer, but before I give it to you, can I ask why you are using WEIGHT40 BOUNCE? -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- --- --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Bounce not an action??
Heck, I thought they had 10 gears but the 10th and 9th were reversed to give you a great overdrive. Shows what I know. I will check the archives again and see if I can find something that tells me different than don't use BOUNCE! That would be the simplest solution... Jim Rooth Clotron, Inc [EMAIL PROTECTED] 214.244.0979 If you can read this.thank a teacher If you are reading this in English, thank a veteran! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Thursday, March 04, 2004 6:17 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Bounce not an action?? Jim Jim Jim. What can I say. Sometimes, it is hard to use that new fangled transmission that only has 9 gears instead of 13. Check the current JunkMail manual and archives, and you will be surprised. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Jim Rooth Sent: Thursday, March 04, 2004 4:12 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Bounce not an action?? Not because I want to, that's for sure. But I have my largest customer who wants all mail to be sent back so the sender can see their email didn't go through. They average 900 emails a day just from bounces! The overhead caused by it is extremely detrimental but they pay the bill like clockwork. I just went through and I lied to you. It started yesterday at 1311 which is when I loaded the v178.i9 on the server. Jim Rooth Clotron, Inc [EMAIL PROTECTED] 214.244.0979 If you can read this.thank a teacher If you are reading this in English, thank a veteran! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Thursday, March 04, 2004 5:58 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Bounce not an action?? I have WEIGHT40 set to bounce in the global.cfg. I know you're looking for an answer, but before I give it to you, can I ask why you are using WEIGHT40 BOUNCE? -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- --- --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- --- --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] **OT** Intrusion Detection Software
http://www.snort.org/ Jim -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sharyn Schmidt Subject: [Declude.JunkMail] **OT** Intrusion Detection Software I have been asked to research Intrusion Detection Software. Anyone have any suggestions? Sharyn --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] evaluating declude
Yesterday with Scott's help I got JunkMail installed and running on my Imail installation. Currently I have all my actions set to WARN and am using some client side filter/rules to deal with spam. I've got a few filters setup on my local mail client to look for: X-RBL-Warning WEIGHT20 Currently I'm catching a lot of spam but I'm also seeing some things (like the occasional email from this list) get caught as well. I'm curious how other folks have Declude setup and how you deal with false positives, etc. If a spam message doesn't get flagged by Declude - what do you do? I have seen a few message get through that didn't fail any of the RBL tests. How do I catch those? It looks like just using WEIGHT10 would grab a lot which will be a tremendous help but I'm curious how others deal with the rest. Heard lots of great things about Declude on the imail mailing list so figured I'd give it a try as I haven't had much luck with Imail's own antispam tools. Thanks, Jim --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[2]: [Declude.JunkMail] evaluating declude
Tuesday, January 27, 2004, 2:42:18 PM, Chuck wrote: CS Here are some of my general guidelines. CS 4. ) A few pieces of Spam are always going to get through because spammers CS are always changing their methodology. We are in a reactive mode. Chuck, thanks for all the info. Been digging through some of the archives and learning more. Another quick question - how many people use the 'hold' action - and how do you manage any spam which gets held? I've found some software called 'Spam Review' which looks helpful. jim --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Capital One
Hen how about fixing us up with any good active account? Jim Rooth Clotron, Inc [EMAIL PROTECTED] 214.244.0979 If you can read thisthank a teacher If you are reading this in English, thank a veteran! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Friday, November 21, 2003 2:55 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Capital One Sorry, not my account. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Todd Holt Sent: Friday, November 21, 2003 12:31 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Capital One ROFLOL! :) Todd Holt Xidix Technologies, Inc Las Vegas, NV USA www.xidix.com 702.319.4349 -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of nick Sent: Friday, November 21, 2003 11:48 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Capital One John, If you would send your username password we all can really confirm if its real :)) -Nick -- Original Message -- From: Matthew Bramble [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Fri, 21 Nov 2003 14:11:31 -0500 John, I think that one is actually real :) the bfi01[dot]com link is actually a redirection for BigFoot Interactive which handles the mailings for CapitalOne. It goes to the real site. Matt John Tolmachoff (Lists) wrote: Here is a nice deceptive one purporting to be from Capital One, even going so far as to tell you the from address will change periodically and the site may be down from time to time: --ABCD-TATH06CBF112C4836245D2E4AC5E7-EFGH Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Capital One(R)--what's in your wallet?(SM) * Log in to see your Capital One statement * = = RE: Your account ending in 4727 Your current Capital One statement is now available for viewing = online. Simply log in to Online Account Services at = http://capitalone.bfi0.com/TART0524EF6B34836245D2E4AC5E7 and click the My Statement tab. While you're in Online Account Services, click on the Customer = Service Tab to . . . = - Update your e-mail address = - Change your payment due date = - Change your password = - Request your PIN = - View your account terms = - View your online account history = Is all your information reaching you? ** To help ensure this time-sensitive message reaches your inbox = each month, add the Capital One address that appears in the = From line above to your electronic address book. This is = especially important if you or your service provider uses e-mail = filters. Pay your bill for free *** You can make payments safely and securely through Online Account = Services. Just click the Pay My Bill tab and complete the payment = profile. Online payments post the same day when they're made = before 3:00 p.m. ET Monday through Saturday.* Use our Web site as a resource to access a variety of consumer = lending products and special services. Please visit http://capitalone.bfi0.com/TART0524EF8B24836245D2E4AC5E7 Thanks for using Capital One's Online Account Services. To log in, visit http://capitalone.bfi0.com/TART0524EF4BD4836245D2E4AC5E7 - Important Information from Capital One The site may be unavailable during normal weekly maintenance or = due to unforeseen circumstances. = *Your online payment posts the same day when it's made before = 3:00 p.m. ET Monday through Saturday. Payments made after = 3:00 p.m. ET Monday through Friday will post the following day. = Payments made after 3:00 p.m. ET on Saturday and anytime on = Sunday will post to your account on Monday. Payments will not be = posted on Thanksgiving, Christmas and New Years day. = Capital One and its service providers are committed to providing = meaningful privacy protection for their customers. To protect = your privacy, please do not send sensitive account information = through e-mail. For information on our privacy policy or how to = contact us, please visit our web site at = http://capitalone.bfi0.com/TART0524EF6BC4836245D2E4AC5E7 Copyright 2003 Capital One Services, Inc. Capital One is a = federally registered service mark. All rights reserved. --ABCD-TATH06CBF112C4836245D2E4AC5E7-EFGH Content-Type: text/html; charset=us
RE: [Declude.JunkMail] Capital One
Them were the good old days...thinking about retiring and driving a diesel again...in a motor home! Jim Rooth Clotron, Inc [EMAIL PROTECTED] 214.244.0979 If you can read thisthank a teacher If you are reading this in English, thank a veteran! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Friday, November 21, 2003 7:09 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Capital One Well hello Jim. I thought the Diesel got to you. Haven't heard from you in awhile. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Jim Rooth Sent: Friday, November 21, 2003 4:24 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Capital One Hen how about fixing us up with any good active account? Jim Rooth Clotron, Inc [EMAIL PROTECTED] 214.244.0979 If you can read this.thank a teacher If you are reading this in English, thank a veteran! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Friday, November 21, 2003 2:55 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Capital One Sorry, not my account. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Todd Holt Sent: Friday, November 21, 2003 12:31 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Capital One ROFLOL! :) Todd Holt Xidix Technologies, Inc Las Vegas, NV USA www.xidix.com 702.319.4349 -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of nick Sent: Friday, November 21, 2003 11:48 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Capital One John, If you would send your username password we all can really confirm if its real :)) -Nick -- Original Message -- From: Matthew Bramble [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Fri, 21 Nov 2003 14:11:31 -0500 John, I think that one is actually real :) the bfi01[dot]com link is actually a redirection for BigFoot Interactive which handles the mailings for CapitalOne. It goes to the real site. Matt John Tolmachoff (Lists) wrote: Here is a nice deceptive one purporting to be from Capital One, even going so far as to tell you the from address will change periodically and the site may be down from time to time: --ABCD-TATH06CBF112C4836245D2E4AC5E7-EFGH Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Capital One(R)--what's in your wallet?(SM) * Log in to see your Capital One statement * = = RE: Your account ending in 4727 Your current Capital One statement is now available for viewing = online. Simply log in to Online Account Services at = http://capitalone.bfi0.com/TART0524EF6B34836245D2E4AC5E7 and click the My Statement tab. While you're in Online Account Services, click on the Customer = Service Tab to . . . = - Update your e-mail address = - Change your payment due date = - Change your password = - Request your PIN = - View your account terms = - View your online account history = Is all your information reaching you? ** To help ensure this time-sensitive message reaches your inbox = each month, add the Capital One address that appears in the = From line above to your electronic address book. This is = especially important if you or your service provider uses e-mail = filters. Pay your bill for free *** You can make payments safely and securely through Online Account = Services. Just click the Pay My Bill tab and complete the payment = profile. Online payments post the same day when they're made = before 3:00 p.m. ET Monday through Saturday.* Use our Web site as a resource to access a variety of consumer = lending products and special services. Please visit http://capitalone.bfi0.com/TART0524EF8B24836245D2E4AC5E7 Thanks for using Capital One's Online Account Services. To log in, visit http://capitalone.bfi0.com/TART0524EF4BD4836245D2E4AC5E7 - Important Information from Capital One The site may be unavailable during normal weekly maintenance or = due to unforeseen circumstances. = *Your
RE: [Declude.JunkMail] Is the list down?
Let me guess...the mode of transportation will be a short wheel base, Diamond T w/Browning 4X4 tranny and no trailer! There is something down though that is affecting a lot opf people. Network Solutions have 4 DNS servers that are down. Anyone with the misfortune of having their A or MX records based on those servers are out of luck. I have six domains that are not accessible as of right now. Jim Rooth Clotron, Inc [EMAIL PROTECTED] 214.244.0979 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Thursday, July 31, 2003 11:28 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Is the list down? I don't want to go home, I want a vacation! Dear Mr. Sheldon Koehler; It is with great pleasure that I can announce that you are hereby granted an official vacation. You MUST take this vacation immediately, or forfeit the right to use it forever. To claim your official vacation, you must call this number within the next 30 seconds, or this vacation will be gone forever. Should you fail to call in time, or to take your vacation once confirmed, you will then be disallowed any further opportunities to take a vacation in the foreseeable future. Good luck and enjoy. John Tolmachoff MCSE CSSA (Moonlighting Travel Agent Extraordinaire) ;-) --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.504 / Virus Database: 302 - Release Date: 7/24/2003 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.504 / Virus Database: 302 - Release Date: 7/24/2003 --- --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Different bounce messages?
Based on failing a weight of 40, I have a WEIGHT40 that bounces. I also have a weight of 60 that will delete. What happens to the mail that falls in between 41 and 59? Jim Rooth Klotron, Inc. 214.244.0979 [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Saturday, March 15, 2003 1:03 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Different bounce messages? Can we have different bounce messages? Lets say if we can define a certain test and for that test a certain message be sent out!? Yes. Declude JunkMail uses the name of the test in the name of the .eml file it uses for the bounce message, so if you have TEST1 and TEST2, you would use the files \IMail\Declude\TEST1bounce.eml and \IMail\Declude\TEST2bounce.eml. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.462 / Virus Database: 261 - Release Date: 3/13/2003 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.463 / Virus Database: 262 - Release Date: 3/17/2003 --- --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Sending out a bounced message
Does Declude JunkMail have an email file similar to the virus file recip.eml? I have a client that wants to be notified when they have an email they dont receive. We are having an unusual amount of lost emails and they are (and I am) trying to finds out why. Almost all attachments with .pdf are being lost. I believe it is a bad mail client issue but need to verify this. The broken mail client is caught by Declude Virus but I am unable to capture all of them as I can not sit in front of the tube constantly. So some sort of notification will help. Also can I direct this to one domain only? Mt biggest client wants it but I do not want all our clients to be inconvenienced by it. I see where attbi.com is without an abuse account sorry about that! SPEWS listed my ISP 3 Class C blocks because of an email from one account. Makes sense to me. Jim Rooth Klotron, Inc. 214.244.0979 [EMAIL PROTECTED] --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.456 / Virus Database: 256 - Release Date: 2/18/2003
RE: [Declude.JunkMail] Sending out a bounced message
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of R. Scott Perry Sent: Wednesday, February 19, 2003 12:53 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Sending out a bounced message Does Declude JunkMail have an email file similar to the virus file recip.eml? I have a client that wants to be notified when they have an email they don't receive. In that case, you could use the ATTACH action, and modify the \IMail\Declude\spamattach.eml file to not include the original spam. I would use the ATTACH action instead of DELETE or HOLD? Won't that send all spam forward or at least notification of receiving spam? We are having an unusual amount of lost emails and they are (and I am) trying to finds out why. Almost all attachments with .pdf are being lost. Have you checked your IMail rules? That's a common reason for .pdfs getting lost. I looked at the rules section all are blank as nothing had ever been set up in them. I am checking with IMAIL as that seems to be their area. You might also want to check the IMail log file -- it should have SMTPD lines for the E-mail arriving (before Declude scans it), and SMTP- or SMTP lines afterwards for the actual delivery of the E-mail. After checking the logs I do see the SMTPD and SMTP entries as stated. So that portion is working now to find out why I am losing attachments. It seems like any attachment is subject but pdfs never make it through. Except to me and my Boss we are both using the latest and greatest Outlook and have not had any problems. That is why I am prone to think there is an issue with older Email platforms. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.456 / Virus Database: 256 - Release Date: 2/18/2003 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.456 / Virus Database: 256 - Release Date: 2/18/2003
RE: [Declude.JunkMail] Sending out a bounced message
That was the first place I went to, the security settings. I had Imail send one to the client that was complaining and of course, it went through without a hiccup...thanks anyway. Thanks Scott for your help. Yes that is what I wanted but I had in mind trying to just send it to the one domain. But as much flak as I have been getting lately about spam, I think I will let everyone see they are getting spam blocked! Jim Rooth Klotron, Inc. 214.244.0979 [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Helpdesk Sent: Wednesday, February 19, 2003 2:03 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Sending out a bounced message on 2/19/03 2:54 PM, R. Scott Perry wrote: After checking the logs I do see the SMTPD and SMTP entries as stated. So that portion is working now to find out why I am losing attachments. Is it the whole E-mail being lost, or just the attachment? Neither Declude nor IMail will remove attachments, so if the attachment is missing, it's almost certainly a mail client issue. If it is just the attachments, and the client is running Outlook Express 6, the problem is their security settings. Microsoft's instructions for changing the security settings in Outlook Express and Internet Explorer can be found at http://support.microsoft.com/default.aspx?scid=kb;en-us;Q291387 . Later, Greg --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.456 / Virus Database: 256 - Release Date: 2/18/2003 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.456 / Virus Database: 256 - Release Date: 2/18/2003 --- --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Sending out a bounced message
You have no idea Jim Rooth Klotron, Inc. 214.244.0979 [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of John Tolmachoff Sent: Wednesday, February 19, 2003 2:34 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Sending out a bounced message trying to just send it to the one domain. But as much flak as I have been getting lately about spam, I think I will let everyone see they are getting spam blocked! I don't know Jim. The smell of diesel is calling stronger and stronger. John Tolmachoff MCSE, CSSA IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.456 / Virus Database: 256 - Release Date: 2/18/2003 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.456 / Virus Database: 256 - Release Date: 2/18/2003 --- --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Sending out a bounced message
Larry, this is why we really do not want to send out messages about receiving spam. This is from the man who programs the Declude program. While I understand you do not want spam bounced, the email that gets caught is going to bounce, along with any spam email. As stated below, most spam is shown to be sent from a forged address and that means that some poor soul gets told he or she is sending out spam. Before it is over, tempers flare and we get sent to a blacklist for sending out bogus email. It is a vicious circle. I am going to turn it back off and wait for a decision from John before I turn it on and leave us liable... Jim Rooth Klotron, Inc. 214.244.0979 [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of R. Scott Perry Sent: Wednesday, February 19, 2003 4:01 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Sending out a bounced message The problem is that if you bounce obvious spam -- which is almost always sent with a fake return address -- the legitimate user of the return address is going to get the bounce messages, which does nobody any good. For example, if some spammer used [EMAIL PROTECTED] as the return address of their spam, would your client really want a ton of bounce messages? Bouncing spam just makes the spam problem worse, as it spreads the spam further. -Scott --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.456 / Virus Database: 256 - Release Date: 2/18/2003 --- --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Tuning Declude
Set your virus to hold and not delete...then you will see many a spam in there being held because of broken email clients. They were caught by the Virus program... Jim Rooth Klotron, Inc. 214.244.0979 [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Dan Geiser Sent: Tuesday, February 18, 2003 2:36 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Tuning Declude Hey, Scott! From my point of view, a false positive is a false positive is a false positive. I just need to make sure that a message has to fail more than the BADHEADERS test to get rejected. On the other hand, with this attitude, it will be impossible to stop viruses in the future. I guess I'm a little unclear on why virus checking would have any overlap with spam checking. The problem is that detecting malformed E-mail is a very important part of the process in stopping spam and viruses, as many spamware programs use broken headers (or let the spammers create their own headers), and viruses will take advantage of known vulnerabilities. I understand that it is an important part of the process for spam. I don't necessarily see what that has to do with viruses. Are a lot of Virus Protection Vendors checking broken e-mail headers to intercept spam? Having an occasional spam come through so you can get legitimate E-mail from broken mailers may be acceptable. But what happens when you have to choose between accepting legitimate mail from broken mailers or protecting yourself against viruses? Obviously protecting yourself from viruses would always win out over receiving legitimate e-mail. We aren't going to let a virus into our system just so someone can receive an e-mail message. If a legitimate e-mail is being tracked as a virus we would have no choice but to get the sender to change something on their end. There are a number of recently discovered vulnerabilities that some legitimate mailers are using (unintentionally, of course), that *must* be blocked (without blocking them, future viruses will be allowed to bypass virus scanners on the mailserver). I see what your saying there. It's also very important to remember that lots of this legitimate broken E-mail gets lost, anyways. Many mailservers will block such E-mail. And in many cases, the mail gets lost in inboxes. I understand that when possible broken e-mail needs to be fixed. It's a choice of dealing with it now or dealing with it later. Waiting means that you'll receive more spam now, and you'll probably have to get hit with a virus outbreak before dealing with the problem, which can be very costly. Well, obviously I'm dealing with it now. Of course, the choice is completely up to you, and only you can know your unique situation well enough to determine whether or not to allow such E-mail through. Specifically what type of e-mail are you talking about? The only legitimate mail that the BADHEADERS test catches is mail that has broken headers (which may never reach you anyways). Whenever legitimate E-mail fails the BADHEADERS test, I strongly recommend fixing the problem. In most cases, blocking based on the BADHEADERS test alone is very useful. So how would you recommend fixing the problem? We are always willing to deal with legitimate companies who have products that are sending out broken E-mail (either failing the BADHEADERS test in Declude JunkMail, or getting caught as vulnerabilities with Declude Virus). In the majority of cases, though, upgrading to the latest version of the software used to send the mail is all that is required (and if someone is sending broken mail and isn't willing to upgrade, they have to accept the consequences). Is there any way to tell what about a particular message raises the BADHEADERS flag? Thanks for all of your help! Dan Geiser [EMAIL PROTECTED] This E-mail is scanned and free from viruses. www.nexustechgroup.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.455 / Virus Database: 255 - Release Date: 2/13/2003 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.455 / Virus Database: 255 - Release Date: 2/13/2003 --- --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http
[Declude.JunkMail] FW: returned email
I am a little confused. This email was sent from a client on our mail server to another client on a different mail server. If I am reading this correctly, email.genesis (my server) says it cannot find this person so it is refusing delivery. This person is not on my server so why is my server trying to validate this account? I am more than a little confused... Jim Rooth Klotron, Inc. 214.244.0979 [EMAIL PROTECTED] From: Postmaster [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, February 14, 2003 2:12 PM Subject: Undeliverable Mail undeliverable to [EMAIL PROTECTED] Original message follows. Received: from MIS02065 [65.120.133.99] by email.genesis (SMTPD32-7.14) id AD99112C017C; Fri, 14 Feb 2003 14:12:09 -0600 Message-ID: 013601c2d465$5d35fd80$[EMAIL PROTECTED] Reply-To: John Castro [EMAIL PROTECTED] From: John Castro [EMAIL PROTECTED] To: Light, Cindy [EMAIL PROTECTED] References: [EMAIL PROTECTED] Subject: Re: P.ups for 2/14 at Eastman in Pleasant Prairie WI Date: Fri, 14 Feb 2003 14:12:13 -0600 MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 Disposition-Notification-To: John Castro [EMAIL PROTECTED] X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-Declude-Sender: [EMAIL PROTECTED] [65.120.133.99] X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. Organization: Klotron, INC. --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.455 / Virus Database: 255 - Release Date: 2/13/2003 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.455 / Virus Database: 255 - Release Date: 2/13/2003 --- --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] FW: returned email
I see where the log files say error 554 Transaction error. I do not know where to go to find an explanation of error 554. The log file is: 20030214 141209 127.0.0.1 SMTPD (112C017C) [168.75.225.202] connect65.120.133.99 port 52573 20030214 141209 127.0.0.1 SMTPD (112C017C) [65.120.133.99] HELO MIS02065 20030214 141209 127.0.0.1 SMTPD (112C017C) [65.120.133.99] MAIL FROM: [EMAIL PROTECTED] 20030214 141209 127.0.0.1 SMTPD (112C017C) [65.120.133.99] RCPT TO: [EMAIL PROTECTED] 20030214 141209 127.0.0.1 SMTPD (112C017C) [65.120.133.99] d:\IMail\spool\D4d99112c017c52e0.SMD 1954 20030214 141210 127.0.0.1 SMTP (1996) processing d:\IMail\spool\Q4d99112c017c52e0.SMD 20030214 141210 127.0.0.1 SMTP (1996) Trying cendian.com (0) 20030214 141210 127.0.0.1 SMTP (1996) Connect cendian.com [12.129.91.60:25] (1) 20030214 141210 127.0.0.1 SMTP (1996) 220 clean1.cendian.com WebShielde500/SMTP Ready. 20030214 141210 127.0.0.1 SMTP (1996) EHLO email.genesis 20030214 141210 127.0.0.1 SMTP (1996) 250 Requested mail action okay, completed. 20030214 141210 127.0.0.1 SMTP (1996) MAIL FROM:[EMAIL PROTECTED] 20030214 141210 127.0.0.1 SMTP (1996) 250 [EMAIL PROTECTED] Sender OK 20030214 141210 127.0.0.1 SMTP (1996) RCPT To:[EMAIL PROTECTED] 20030214 141210 127.0.0.1 SMTP (1996) 250 Requested mail action okay, completed. 20030214 141210 127.0.0.1 SMTP (1996) DATA 20030214 141210 127.0.0.1 SMTP (1996) 354 Enter mail, end with . on a line by itself 20030214 141210 127.0.0.1 SMTP (1996) . 20030214 141210 127.0.0.1 SMTP (1996) 554 Transaction failed: message format error 20030214 141210 127.0.0.1 SMTP (1996) ERR undeliverable 554 Transaction failed: message format error 20030214 141210 127.0.0.1 SMTP (1996) SMTP_DELIV_FAILED 20030214 141210 127.0.0.1 SMTP (1996) QUIT 20030214 141210 127.0.0.1 SMTP (1996) 221 Closing connection 20030214 141210 127.0.0.1 SMTP (1996) Creating message from Postmaster 20030214 141210 127.0.0.1 SMTP (1996) finished d:\IMail\spool\Q4d99112c017c52e0.SMD status=2 Original message with a simple reply with thanks added. Here is the original message: Received: from MIS02065 [65.120.133.99] by email.genesis (SMTPD32-7.14) id AD99112C017C; Fri, 14 Feb 2003 14:12:09 -0600 Message-ID: 013601c2d465$5d35fd80$[EMAIL PROTECTED] Reply-To: John Castro [EMAIL PROTECTED] From: John Castro [EMAIL PROTECTED] To: Light, Cindy [EMAIL PROTECTED] References: [EMAIL PROTECTED] Subject: Re: P.ups for 2/14 at Eastman in Pleasant Prairie WI Date: Fri, 14 Feb 2003 14:12:13 -0600 MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 Disposition-Notification-To: John Castro [EMAIL PROTECTED] X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-Declude-Sender: [EMAIL PROTECTED] [65.120.133.99] X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. Organization: Klotron, INC. Thanks John Castro Corporate Customer Service 800-233-9226 Ext 4480 Fax 254-741-5248 [EMAIL PROTECTED] www.centralfreight.com - Original Message - From: Light, Cindy [EMAIL PROTECTED] To: John Castro (E-mail) [EMAIL PROTECTED] Sent: Friday, February 14, 2003 1:43 PM Subject: P.ups for 2/14 at Eastman in Pleasant Prairie WI Please reply with confirmation and have a nice Valentine's Day. Jim Rooth Klotron, Inc. 214.244.0979 [EMAIL PROTECTED] --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.455 / Virus Database: 255 - Release Date: 2/13/2003
RE: [Declude.JunkMail] FW: returned email
Thanks. Jim Rooth Klotron, Inc. 214.244.0979 [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of R. Scott Perry Sent: Sunday, February 16, 2003 2:00 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] FW: returned email I see where the log files say error 554 Transaction error. I do not know where to go to find an explanation of error 554. The log file is: There is no need to look up the 554 error message: 20030214 141210 127.0.0.1 SMTP (1996) DATA 20030214 141210 127.0.0.1 SMTP (1996) 354 Enter mail, end with . on a line by itself 20030214 141210 127.0.0.1 SMTP (1996) . 20030214 141210 127.0.0.1 SMTP (1996) 554 Transaction failed: message format error The remote mailserver returned an error 554 Transaction failed: message format error. The meaning of that message is only known to the remote mailserver, so you would need to either contact them for an explanation, or ignore it. There isn't enough information to determine what the problem is, aside from the remote mailserver not wanting the E-mail. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.455 / Virus Database: 255 - Release Date: 2/13/2003 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.455 / Virus Database: 255 - Release Date: 2/13/2003 --- --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] whitelist todomain
I have set this up as a way to prevent lost emails. I have a problem with three different companies saying they are losing their emails. Will this allow their emails to go through...regardless of what it is? WHITELIST TODOMAIN pyramidhealthcare.com WHITELIST TODOMAIN standardhardware.com Jim Rooth Klotron, Inc. 214.244.0979 [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of John Tolmachoff Sent: Wednesday, February 05, 2003 9:34 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Comments I mean't to search for normal but uneccessary repeated html-tags like font ... This can trigger a lot of false positives not only in Frontpage composed html. The target is to remove them completely before search for keywords. OK, I guess I am still not sure then how this test works. Of course, since I have a major project facing me right now, changing ISP this Friday/Saturday, I am a little distracted. John Tolmachoff MCSE, CSSA IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.449 / Virus Database: 251 - Release Date: 1/27/2003 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.449 / Virus Database: 251 - Release Date: 1/27/2003 --- --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] whitelist todomain
Thanks , will set it up that way. Jim Rooth Klotron, Inc. 214.244.0979 [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Grant Griffith Sent: Wednesday, February 05, 2003 10:18 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] whitelist todomain I have them entered differently and it works. WHITELIST TO @pyramidhealthcare.com Not sure if the other way works, but this does... Sincerely, Grant Griffith, Vice President EI8HT LEGS Web Management Co., Inc. http://www.getafreewebsite.com 877-483-3393 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Jim Rooth Sent: Wednesday, February 05, 2003 11:05 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] whitelist todomain I have set this up as a way to prevent lost emails. I have a problem with three different companies saying they are losing their emails. Will this allow their emails to go through...regardless of what it is? WHITELIST TODOMAIN pyramidhealthcare.com WHITELIST TODOMAIN standardhardware.com Jim Rooth Klotron, Inc. 214.244.0979 [EMAIL PROTECTED] Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.449 / Virus Database: 251 - Release Date: 1/27/2003 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.449 / Virus Database: 251 - Release Date: 1/27/2003 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.449 / Virus Database: 251 - Release Date: 1/27/2003 --- --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Trouble adding latest beta version
I copied the filed from the web, but when I try to copy it to the Imail folder I get a sharing violation. I stopped all services in Imail and still get the sharing violation. The only thing open on the server is Explorer so I can see the files. Any ideas? I even tried to delete the existing file but it says it is in use... Jim Rooth Klotron, Inc. 214.244.0979 [EMAIL PROTECTED] --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.445 / Virus Database: 250 - Release Date: 1/21/2003 --- --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Trouble adding latest beta version
Thanks...that fixed it. I was afraid to rename it because it said it was in use. Oh well...Declude -diag says the new one is up and running..1.66 so I reckon everything is fine in cyber land. Jim Rooth Klotron, Inc. 214.244.0979 [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Rick Davidson Sent: Friday, January 24, 2003 9:20 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Trouble adding latest beta version Renaming it fixes that condition for me Have a great day! Rick Davidson Buckeye Internet Inc. www.buckeyeweb.com 440-953-1900 - - Original Message - From: Jim Rooth [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, January 24, 2003 10:07 AM Subject: [Declude.JunkMail] Trouble adding latest beta version I copied the filed from the web, but when I try to copy it to the Imail folder I get a sharing violation. I stopped all services in Imail and still get the sharing violation. The only thing open on the server is Explorer so I can see the files. Any ideas? I even tried to delete the existing file but it says it is in use... Jim Rooth Klotron, Inc. 214.244.0979 [EMAIL PROTECTED] --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.445 / Virus Database: 250 - Release Date: 1/21/2003 --- --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.445 / Virus Database: 250 - Release Date: 1/21/2003 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.445 / Virus Database: 250 - Release Date: 1/21/2003 --- --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] No reverse dns
How odes one correct the reverse DNS on Imail if using virtual domains? For instance I have 57 domains all using the same IP...doing a reverse lookup will not show the correct server name. Jim Rooth Klotron, Inc. 214.244.0979 [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Mark Smith Sent: Thursday, January 09, 2003 11:44 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Hotmail, Yahoo, MSN, etc... That's the problem... Hotmail is on and off of Spamcop every other day. We bounce at 12 and delete at 20. Spamcop is at 8 so I'll put in -8 for hotmail which will adjust for the nopostmaster and noabuse. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of John Tolmachoff Sent: Thursday, January 09, 2003 11:59 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Hotmail, Yahoo, MSN, etc... The way I have it configured, they will end up with a weight of 8 and we hold at 20, so they would have to fail a test like SPAMCOP or NOXMAIL or one of our major filters to be held. John Tolmachoff MCSE, CSSA IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by F-Proto Virus Scanner] --- [This E-mail scanned for viruses by F-Proto Virus Scanner] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.438 / Virus Database: 246 - Release Date: 1/7/2003 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.438 / Virus Database: 246 - Release Date: 1/7/2003 --- --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] No reverse dns
Problem is there are 57 domains using one ip address. Reverse lookup shows the domain the server is and not the other domains. But if you do a reverse lookup for mail.standardhardware.com it will give you 168.75.225.197 mail.klotron.com. Thus it fails the reverse dns test. The IP is correct but the domain name is that of the main mail record. Jim Rooth Klotron, Inc. 214.244.0979 [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of John Tolmachoff Sent: Thursday, January 09, 2003 12:17 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] No reverse dns Jim, only one PTR record per IP address needed. Should only be for the mail record domain. John Tolmachoff MCSE, CSSA IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.438 / Virus Database: 246 - Release Date: 1/7/2003 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.438 / Virus Database: 246 - Release Date: 1/7/2003 --- --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] No reverse dns
Possibly...the error my client received just said no reverse dns but it does have one even if it doesn't match the wording. Thanks. Jim Rooth Klotron, Inc. 214.244.0979 [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Mark Smith Sent: Thursday, January 09, 2003 12:27 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] No reverse dns This shouldn't fail REVDNS as there is a REVDNS entry. Maybe HELOBOGUS. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Jim Rooth Sent: Thursday, January 09, 2003 1:24 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] No reverse dns Problem is there are 57 domains using one ip address. Reverse lookup shows the domain the server is and not the other domains. But if you do a reverse lookup for mail.standardhardware.com it will give you 168.75.225.197 mail.klotron.com. Thus it fails the reverse dns test. The IP is correct but the domain name is that of the main mail record. Jim Rooth Klotron, Inc. 214.244.0979 [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of John Tolmachoff Sent: Thursday, January 09, 2003 12:17 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] No reverse dns Jim, only one PTR record per IP address needed. Should only be for the mail record domain. John Tolmachoff MCSE, CSSA IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.438 / Virus Database: 246 - Release Date: 1/7/2003 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.438 / Virus Database: 246 - Release Date: 1/7/2003 --- --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by F-Proto Virus Scanner] --- [This E-mail scanned for viruses by F-Proto Virus Scanner] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.438 / Virus Database: 246 - Release Date: 1/7/2003 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.438 / Virus Database: 246 - Release Date: 1/7/2003 --- --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] No reverse dns
Thanks to all. I have sent a request to the ISP to set up PTR record and hopefully that will solve this issue. Appreciate the help from everyone. Jim Rooth Klotron, Inc. 214.244.0979 [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of David Lewis-Waller Sent: Thursday, January 09, 2003 12:37 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] No reverse dns John, dnstsuff shows that 168.75.225.197 (ip for mail.standardhardware.com) doesn't have a PTR record. Set one up and you shouldn't fail REVDNS. http://www.dnsstuff.com/tools/ptr.ch?ip=168.75.225.197 David -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Jim Rooth Sent: 09 January 2003 18:24 To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] No reverse dns Problem is there are 57 domains using one ip address. Reverse lookup shows the domain the server is and not the other domains. But if you do a reverse lookup for mail.standardhardware.com it will give you 168.75.225.197 mail.klotron.com. Thus it fails the reverse dns test. The IP is correct but the domain name is that of the main mail record. Jim Rooth Klotron, Inc. 214.244.0979 [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of John Tolmachoff Sent: Thursday, January 09, 2003 12:17 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] No reverse dns Jim, only one PTR record per IP address needed. Should only be for the mail record domain. John Tolmachoff MCSE, CSSA IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.438 / Virus Database: 246 - Release Date: 1/7/2003 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.438 / Virus Database: 246 - Release Date: 1/7/2003 --- --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.438 / Virus Database: 246 - Release Date: 1/7/2003 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.438 / Virus Database: 246 - Release Date: 1/7/2003 --- --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] No reverse dns
This sucker would be flying down the boulevard! Jim Rooth Klotron, Inc. 214.244.0979 [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of John Tolmachoff Sent: Thursday, January 09, 2003 2:13 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] No reverse dns Thanks to all. I have sent a request to the ISP to set up PTR record and hopefully that will solve this issue. Appreciate the help from everyone. Now, if we were still driving... John Tolmachoff MCSE, CSSA IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.438 / Virus Database: 246 - Release Date: 1/7/2003 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.438 / Virus Database: 246 - Release Date: 1/7/2003 --- --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Server change over
To my understanding the code is actually lnked to the mail server name. Without having the exact same name, declude will not work with the old code. There was a problem earlier with Imail...one of their versions renamed the mail server and it caused the virus protection to come to a screeching halt. Jim Rooth Klotron, Inc. 214.244.0979 [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Avolve Support Sent: Tuesday, December 31, 2002 7:45 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Server change over I don't think it is tied to the server, as I had mine blow up over Thanksgiving and just recovered the .cfg file from the old server and put it on the new server. Do you have the mail server names the same as the last one ? -- Original Message -- From: Malcolm Kynoch [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Mon, 30 Dec 2002 16:29:26 -0500 Hi, Over the holiday our mail server blew up big time, I loaded up a new server but with a different machine name. Now junkmail/virus pro doesn't like my CODE # I've forgotten the procedure and info required to get a new one Regards, Malcolm --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.435 / Virus Database: 244 - Release Date: 12/30/2002 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.435 / Virus Database: 244 - Release Date: 12/30/2002 --- --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Lost emails
I am having a small problem. One company sends an email to my mail server. They get a return that says it is an unknown user.. They answer an email we send them. They get it back with unknown user. I gave them a completely different address. Mine. One time it goes through and never again. I had them send me an email to my personal address and it came through with no problems. What am I missing here? I thought maybe they had an internal and external mail program and the guy was sending it through the wrong program. He assures me that isn't the case...they send all email through the internet and he can send to many other clients across the country with no problem. Any help would be greatly appreciated. Oh yes, the logs show no record of ever receiving any emails that were sent other than the two that came through. I checked the syslog, virlog, declog, hilog and log.txt. No where does it mention any of the emails that are not getting through. Makes me think his mail server is bad but he can send to other companies with no problem... Here are the headers from the GOOD email: Return-Path: @alironmarketing.com Received: from mail.allironmarketing.com ([209.151.255.101]) by rwcrgwc52.attbi.com (InterMail vM.4.01.03.37 201-229-121-137-20020806) with ESMTP id [EMAIL PROTECTED] for [EMAIL PROTECTED]; Wed, 18 Dec 2002 22:34:54 + Received: from ALIRON05 [209.167.97.68] by mail.allironmarketing.com with ESMTP (SMTPD32-7.11) id A74A1CBD0096; Wed, 18 Dec 2002 14:31:38 -0800 Reply-To: @alironmarketing.com From: *** @alironmarketing.com To: [EMAIL PROTECTED] Subject: Test Date: Wed, 18 Dec 2002 17:36:17 -0500 Message-ID: LDEAKKKMIAIBEMKDJJPDMEHCCAAA.@alironmarketing.com MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700 Here is the header where it did come through my server the one time: Received: from mail.allironmarketing.com [209.151.255.101] by email.genesis with ESMTP (SMTPD32-7.12) id A806469017E; Wed, 18 Dec 2002 15:26:30 -0600 Received: from ALIRON05 [209.167.97.68] by mail.allironmarketing.com with ESMTP (SMTPD32-7.11) id A74376AF0052; Wed, 18 Dec 2002 13:23:15 -0800 Reply-To: @alironmarketing.com From: @alironmarketing.com To: [EMAIL PROTECTED] Subject: RE: Undeliverable Mail Date: Wed, 18 Dec 2002 16:27:54 -0500 Message-ID: LDEAKKKMIAIBEMKDJJPDOEHACAAA.@alironmarketing.com MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700 In-Reply-To: [EMAIL PROTECTED] X-RBL-Warning: MYFILTER: Message failed MYFILTER test (1536) X-Declude-Sender: @alironmarketing.com [209.151.255.101] X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. X-Spam-Tests-Failed: MYFILTER X-RCPT-TO: [EMAIL PROTECTED] Status: U X-UIDL: 326489075 Here is the message he received about it being a bad user name: From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, December 16, 2002 3:57 PM To: @alironmarketing.com Subject: Undeliverable Mail Unknown user: @centralfreight.com Original message follows. Received: from ALIRON05 [209.167.97.68] by mail.allironmarketing.com with ESMTP (SMTPD32-7.11) id AE1E4AB60042; Mon, 16 Dec 2002 12:57:02 -0800 Reply-To: [EMAIL PROTECTED] From: [EMAIL PROTECTED] To: @centralfreight.com Subject: RE: E MAIL Date: Mon, 16 Dec 2002 16:01:38 -0500 Message-ID: LDEAKKKMIAIBEMKDJJPDMEFOCAAA.[EMAIL PROTECTED] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700 In-Reply-To: [EMAIL PROTECTED] X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. X-Note: This E-mail was sent from [No Reverse DNS] ([209.167.97.68]). Jim Rooth KLOTRON,INC. Office: 817.654.3018.103 Home: 972.606.6341 Mobile: 214.244.0979 [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.431 / Virus Database: 242 - Release Date: 12/17/2002 --- --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail
RE: [Declude.JunkMail] Lost emails
Thanks...that explains why...DNS has been bouncing and the great ISP has killed the backup servers...oh well, back to the drawing board! Jim Rooth KLOTRON,INC. Office: 817.654.3018.103 Home: 972.606.6341 Mobile: 214.244.0979 [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of R. Scott Perry Sent: Wednesday, December 18, 2002 17:36 To: [EMAIL PROTECTED] Subject:Re: [Declude.JunkMail] Lost emails I am having a small problem. One company sends an email to my mail server. They get a return that says it is an unknown user.. They answer an email we send them. They get it back with unknown user. I gave them a completely different address. Mine. One time it goes through and never again. I had them send me an email to my personal address and it came through with no problems. What am I missing here? The Unknown User message comes from IMail (or another mailserver), and indicates that the server receiving the E-mail doesn't recognize the account that the E-mail is being sent to. Oh yes, the logs show no record of ever receiving any emails that were sent other than the two that came through. I checked the syslog, virlog, declog, hilog and log.txt. No where does it mention any of the emails that are not getting through. In this case (BTW, it's the syslog or log.txt that it would appear in), if the E-mail doesn't appear, then it isn't reaching your server. I think the problem can be seen at http://www.dnsreport.com/tools/mail.ch?[EMAIL PROTECTED] . It seems that one of your backup mailservers doesn't accept mail addressed to you, and the other backup mailserver is down. Therefore, if they can't reach your mailserver for some reason (even due to a temporary problem on their end), the mail will go to your backup that will bounce it. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.431 / Virus Database: 242 - Release Date: 12/17/2002 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.431 / Virus Database: 242 - Release Date: 12/17/2002 --- --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] attachments ending in .text
I have a client complaining about some emails being blocked. What is weird is the particular mainframe that sends the emails in question is whitelisted. Now he tells me all emails go through with a .txt extension but any with a .text does not. Have I forgot DOS again? Doesn't dos require a 3 character extension? Jim Rooth KLOTRON,INC. Office: 817.654.3018.103 Home: 972.606.6341 Mobile: 214.244.0979 [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] attachments ending in .text
Yes, the only thing I can see in the log file is where an incorrect address is entered, then it doesn't get delivered. Other than that it just says server whitelisted. They are using a very antiquated main frame to send this mail. Could it be it does not support a long extension? I knew the newer DOS would accept a long file name but I wasn't aware it would accept an extension longer than 3 characters... Jim Rooth KLOTRON,INC. Office: 817.654.3018.103 Home: 972.606.6341 Mobile: 214.244.0979 [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of R. Scott Perry Sent: Tuesday, December 10, 2002 18:57 To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] attachments ending in .text I have a client complaining about some emails being blocked. What is weird is the particular mainframe that sends the emails in question is whitelisted. Have you checked the Declude log file(s) to see what happens to his E-mail? Now he tells me all emails go through with a .txt extension but any with a .text does not. That is really odd... Have I forgot DOS again? Doesn't dos require a 3 character extension? DOS used to require a 3 character extension, but the latest versions of DOS (the ones that come with Windows) do have some support for long filenames. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] attachments ending in .text
Thanks, I'll look into it and come up with an answer of some kind...hopefully the correct one...LOL Jim Rooth KLOTRON,INC. Office: 817.654.3018.103 Home: 972.606.6341 Mobile: 214.244.0979 [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of R. Scott Perry Sent: Tuesday, December 10, 2002 19:24 To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] attachments ending in .text Yes, the only thing I can see in the log file is where an incorrect address is entered, then it doesn't get delivered. Other than that it just says server whitelisted. If the Declude JunkMail log file entry says that it is whitelisted, then the E-mail shouldn't be caught by Declude JunkMail (meaning that it is getting caught for some other reason, such as an IMail rule, or through Declude Virus). Have you checked the IMail log file? If the E-mail is delivered, you should see both SMTPD lines showing the E-mail being received, and SMTP or SMTP- lines showing the E-mail being delivered. If it is delivered, the fault doesn't lie on your end; if it is not delivered, then you will know to investigate further. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] attachments ending in .text
Go to your room! This is weird. The virus detector is catching it as it says there is no file extension so it assumes the extension to be .exe. 12/10/2002 11:03:03 Q1e400d65014a69ab Found file with mismatched extensions [AR.B.S.ARB-AR.B.S.ARB]; assuming .exe 12/10/2002 11:03:03 Q1e400d65014a69ab Got disp name=AR.B.S.ARBCA2.FILE01.TEXT [MimeName=mismatched.exe]. 12/10/2002 11:03:03 Q1e400d65014a69ab Scanned: Banned file extension. [MIME: 2 475831] However when I look at the file name I see where it is extremely long but does in fact have an ext of .text --MIME-Boundary-1039539809 Content-Type: text/plain; name=AR.B.S.ARBCA2.FILE06.txt Content-Disposition: attachment; filename=AR.B.S.ARBCA2.FILE06.TEXT Content-Transfer-Encoding: Base64 Content-Description: AR.B.S.ARBCA2.FILE06 I guess I need to go back to driving as I sure do not understand this. Jim Rooth KLOTRON,INC. Office: 817.654.3018.103 Home: 972.606.6341 Mobile: 214.244.0979 [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of John Tolmachoff Sent: Tuesday, December 10, 2002 19:34 To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] attachments ending in .text ...hopefully the correct one...LOL All answers are assumed correct until proven otherwise. Kind of like, if you can't find it, grind it. :)) John Tolmachoff MCSE, CSSA IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- attachment: winmail.dat
RE: [Declude.JunkMail] Unable to get filter to work
You might try adding a value to the myfilter.txt MYFILTER filter c:\imail\declude\myfilter.txt x 5 0 It might think that the value of zero is telling it to bypass myfilter.txt Jim Rooth KLOTRON,INC. Office: 817.654.3018.103 Home: 972.606.6341 Mobile: 214.244.0979 [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of David Lewis-Waller Sent: Thursday, November 28, 2002 07:42 To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Unable to get filter to work Any help appreciated... I have in my global.cfg file the line MYFILTER filter c:\imail\declude\myfilter.txt x 0 0 myfilter.txt has the following lines MAILFROM -10 CONTAINS @talk21.com MAILFROM -10 CONTAINS @passport.com MAILFROM -10 CONTAINS @economist.com MAILFROM -10 CONTAINS .ft.com MAILFROM -10 CONTAINS .bbc.co.uk I hold email on a weight of 30. I have a test account with talk21.com which normally fails a number of tests resulting in a total weight of 33. I would have expected the weight to drop to 23 because of myfilter.txt but it doesn't. I tried silly numbers as well e.g. -60 but still end up with a total weight o 33. I'm obviously missing something fundamental. Sent email headers: Received: from wmpmta04-app.mail-store.com [194.73.242.6] by mail.nthost.co.uk with ESMTP (SMTPD32-7.13) id ACAC128E00CC; Thu, 28 Nov 2002 13:39:56 + Received: from wmpmtavirtual ([10.216.84.18]) by wmpmta04-app.mail-store.com with SMTP id 20021128133955.RBKO6682.wmpmta04-app.mail-store.com@wmpmtavirtual for [EMAIL PROTECTED]; Thu, 28 Nov 2002 13:39:55 + Received: from 62.189.235.109 by t21web08-lrs ([10.216.84.18]); Thu, 28 Nov 02 13:30:20 GMT+00:00 X-Mailer: talk21 v1.26 - http://talk21.btopenworld.com From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] X-Talk21Ref: none Date: Thu, 28 Nov 2002 13:30:20 GMT+00:00 Subject: SPAM: (No Subject) Message-Id: 20021128133955.RBKO6682.wmpmta04-app.mail-store.com@wmpmtavirtual X-RBL-Warning: NOPOSTMASTER: Not supporting postmaster@domain X-RBL-Warning: BADHEADERS: This E-mail was sent from a broken mail client [804f]. X-RBL-Warning: REVDNS: This E-mail was sent from a mail server 194.73.242.6 with no reverse DNS entry. X-RBL-Warning: SNIFFER: Message failed SNIFFER: 4. X-RBL-Warning: WEIGHT10: Weight of 33 reaches or exceeds the limit of 10. X-Declude-Sender: [EMAIL PROTECTED] [194.73.242.6] X-Note: This E-mail was scanned by Declude JunkMail for evidence of spam. X-Note: This E-mail was sent from [No Reverse DNS] ([194.73.242.6]). Thanks in advance. David -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Dan Patnode Sent: 28 November 2002 08:57 To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] BASE64 usage I have John. While Base64 is a great test, a number of newsletters and normal emails have come across using it. I have weakened my system to let these types of messages through and pull my hair out every time a spam gets through because of it. Dan On Wednesday, November 27, 2002 8:02, John Tolmachoff [EMAIL PROTECTED] wrote: Even thought it has been determined that there is no legit REASON to use BASE64 encoding in the body, I am finding and increasing use of it. Most of these are junk, but it has caught a number of legit messages. Therefore, I have downgraded BASE64 from 15 to 12. Any one experiencing similar? John Tolmachoff MCSE, CSSA IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Log entry
Sounds like an Imail issue. Sometimes they change the server name when they upgrade. Dont know why but it happens. From your IMAIL directory (in DOS) run declude diag This will tellyou the name it sees of the server and if it is different than what you registered Declude with, it will not work. Jim Rooth KLOTRON,INC. Office: 817.654.3018.103 Home: 972.606.6341 Mobile: 214.244.0979 [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of steve Sent: Monday, November 25, 2002 09:04 To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Log entry Scott, Just ran the Declude Junkmail installation this morning. Can you tell me what this log entry means: 11/25/2002 09:04:08 Q2dd81489010e9f06 Declude JunkMail NOT Registered for mail; not scanning E-mail. Thanks, Steve
RE: [Declude.JunkMail] Log entry
Oops. Should have known, Scott beat me to the answer...LOL Jim Rooth KLOTRON,INC. Office: 817.654.3018.103 Home: 972.606.6341 Mobile: 214.244.0979 [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of R. Scott Perry Sent: Monday, November 25, 2002 09:28 To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Log entry Just ran the Declude Junkmail installation this morning. Can you tell me what this log entry means: 11/25/2002 09:04:08 Q2dd81489010e9f06 Declude JunkMail NOT Registered for mail; not scanning E-mail. Did you just upgrade IMail? A few of the IMail upgrades have a bug that can change the Official Host Name of the server -- it looks like that is what happened here. Instead of being mail.example.com, IMail changed the name to mail (which isn't a valid hostname on the Internet). If you switch it back, it should fix the problem. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] How does a reverse lookup work from a mail server?
Scott, Could you put that in layman's terms. ;)) Jim Rooth KLOTRON,INC. Office: 817.654.3018.103 Home: 972.606.6341 Mobile: 214.244.0979 [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of R. Scott Perry Sent: Wednesday, October 16, 2002 11:42 To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] How does a reverse lookup work from a mail server? When a message arrives at my mail server, how does the server perform the reverse lookup? It just does. :) You can go to http://www.DNSstuff.com/info/revdns.htm for an overview of how reverse DNS lookups work. Or, you can use the Reverse DNS Lookup at http://wwwDNSstuff.com to check to see if the reverse DNS entry exists for a given IP. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Best Rule Tweaks
I'd sure buy some stock if you did decide to go public! Jim Rooth KLOTRON,INC. Office: 817.654.3018.103 Home: 972.606.6341 Mobile: 214.244.0979 [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of R. Scott Perry Sent: Wednesday, October 09, 2002 17:42 To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Best Rule Tweaks Thanks for the suggestion -- that page has been updated to include links to the archives. Wow, THAT was fast! Thank you, Scott! We aim to please. :) Could you define your version of a discussion forum? My definition is similar enough to a mailing list that I'm not sure what you are looking for. I define a discussion forum as a web-based, threaded discussion site, whereas newsgroups, mailing lists, listservs, etc. are e-mail-based. I'm not sure that mine is the publicly recognized standard parlance or not. It could just be me. My favorite example of a slick and useful web discussion forum would have to be the Macromedia Support Forums, at http://forums.macromedia.comhttp://webforums.macromedia.com/coldfusio n/ , for example. Ah, gotcha. That's something that we may look into, although if we do so, we would likely have it act as a mirror to the mailing list (so that people could choose whether or not to use the web interface). Thanks again. I am increasingly impressed by Declude. Goin' public anytime soon? Nope, sorry. :) -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] DSN:WEIGHTING
Works on the same principlemore weight more costly Jim Rooth Klotron, Inc. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Kevin (Linkbrokers Support) Sent: Tuesday, October 01, 2002 13:41 To: Declude Junk Mail Subject: [Declude.JunkMail] DSN:WEIGHTING I hear allot about the weighting system! Is there somewhere to go to see examples and explanations - I am totally clueless on this subject - newbe here - Don't laugh - I was a tobacco farmer and weight to us was how much did I get for atruck load or kilo's kevin ^^^^---^^---^^ Link Brokers Group, LLC Email:mailto:[EMAIL PROTECTED] ONLINE SUPPORT FORM 24 Hours http://www.linkbrokers.com/support_ticket.cfm TOLL FREE Support 1-888-546-5631 - Ext 15 Mon - Friday 9-5 EST. ^^^^---^^---^^
RE: [Declude.JunkMail] DSN:WEIGHTING
Hey!! I resemble that remark! Jim Rooth Klotron, Inc. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Kevin (Linkbrokers Support) Sent: Tuesday, October 01, 2002 16:10 To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] DSN:WEIGHTING I'm glade you'all have a since of humor. :-) - Original Message - From: John Tolmachoff [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, October 01, 2002 3:11 PM Subject: RE: [Declude.JunkMail] DSN:WEIGHTING I think this post is going to the trucks. Honk Honk. John Tolmachoff IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Jim Rooth Sent: Tuesday, October 01, 2002 11:50 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] DSN:WEIGHTING Works on the same principle.more weight more costly Jim Rooth Klotron, Inc. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Kevin (Linkbrokers Support) Sent: Tuesday, October 01, 2002 13:41 To: Declude Junk Mail Subject: [Declude.JunkMail] DSN:WEIGHTING I hear allot about the weighting system! Is there somewhere to go to see examples and explanations - I am totally clueless on this subject - newbe here - Don't laugh - I was a tobacco farmer and weight to us was how much did I get for a truck load or kilo's kevin ^^^^---^^---^^ Link Brokers Group, LLC Email:mailto:[EMAIL PROTECTED] ONLINE SUPPORT FORM 24 Hours http://www.linkbrokers.com/support_ticket.cfm TOLL FREE Support 1-888-546-5631 - Ext 15 Mon - Friday 9-5 EST. ^^^^---^^---^^ --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. [Reliable Web Hosting by - http://www.linkbrokers.com/hosting.cfm] [This E-mail scanned for viruses by LinkBrokers EMail Service] [This E-mail scanned for spam mail against orbs and spamcop] [Reliable Web Hosting by - http://www.linkbrokers.com/hosting.cfm] [This E-mail scanned for viruses by LinkBrokers EMail Service] [This E-mail scanned for spam mail against orbs and spamcop] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] BADHEADERS Test question
Getting to me...look here, you say you been thinking again! Sounds like a retread coming off to me... Jim Rooth Klotron, Inc. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of John Tolmachoff Sent: Friday, September 27, 2002 01:00 To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] BADHEADERS Test question Thanks Scott, I meant to say SPAMHEADERS in lieu of BADHEADERS...to ya'll I was RFC ignorant...you had to figure the rest of the ignorance out on your own...LOL Me thinks you have been spending too much time around a truck stop again Jim. The diesel fumes are getting to you again. :-) John Tolmachoff IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] BADHEADERS Test question
I do it by a weight system. Thee are a few of the tests that really have less value in catching legitimate spam. For instance if you give a heavy weight to noabuse, you will not receive any mail from Microsoft as they do not want the emails telling them they are screwing up so therefore they do not have an 'abuse' account. BADHEADERS, in my opinion, should have a lower value. Many servers out there are legitimate but have RFC ignorant people running them. I know, cause I am one ignorant son of a gun when it comes to RFC! Jim Rooth Klotron, Inc. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Troy Hilton Sent: Thursday, September 26, 2002 15:53 To: Declude Junkmail Forum (E-mail) Subject: [Declude.JunkMail] BADHEADERS Test question Hello All, So far I've been very happy with JunkMail. I'm only running a few tests and it's catching a lot of spam and porn. However, I'm noticing the occasional legitimate email from badly formatted clients. For example, JunkMail caught a confirmation email from an online service that one of my co-workers signed up for. This was a good email but it had badly formatted headers. Fortunately, I'm not rejecting or deleting emails as of yet but eventually I will. How do you all deal with emails that fail the BADHEADERS test because of poor mail clients/senders but are legit emails that need to be delivered? I'm looking for my next step in configuring JunkMail. Any advice is appreciated. Troy D. Hilton SofWerks LLC. [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] SPAMCOP:[SNIFFER Sniffer test failed]Declude.JunkMail and Message Sniffer
Instead of whitelisting, try giving those names a negative value. That way if you do get some real spam from that domain, you will still have other values or weights to use to catch it. If you whitelist, nothing is even checked and it goes through regardless. Jim Rooth Klotron, Inc. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Lenny Bauman Sent: Thursday, September 26, 2002 19:42 To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] SPAMCOP:[SNIFFER Sniffer test failed]Declude.JunkMail and Message Sniffer Hello all I have Junkmail running and it has cut down on the spam somewhat I am still getting a lot of spam so I though I would give Message Sniffer a try I installed it about 24 hours ago and it has catauh a large amount of the message that I was getting as spam. The problem that I am seeing is that I am getting a lot of newsletter marked as failing the sniffer test. Newsletter from places like Columbia House, The WWE, ISP World. Am I missing something or do I have to whitelist these site so that my customer can continue to receive there newsletter that they subcribed to. Below is a small list of the site that have been reported to me as failing the sniffer test that the customer has requested to receive mail from. Any help you can give me will be greatly appreacted.I like the fact that sniffer is catuching what gets through Junkmail I just am not sure how to handle the False Positive messages.Thanks in advance for any help you can give me. Lenny Bauman From: [EMAIL PROTECTED] From: Strive.To Word [EMAIL PROTECTED] From: eWEEK News [EMAIL PROTECTED] From: ArcaMax [EMAIL PROTECTED] From: Just Say Wow [EMAIL PROTECTED] From: [EMAIL PROTECTED] From: [EMAIL PROTECTED] From: Webmonkey Frontdoor [EMAIL PROTECTED] From: ISPworld [EMAIL PROTECTED] From: [EMAIL PROTECTED] From: Wired News [EMAIL PROTECTED] From: [EMAIL PROTECTED] From: [EMAIL PROTECTED] From: [EMAIL PROTECTED] From: WWE Newsletter [EMAIL PROTECTED] From: Columbia House DVD Club [EMAIL PROTECTED] From: bizjournals.com Solutions [EMAIL PROTECTED] From: ISPworld [EMAIL PROTECTED] From: TESSCO...Your Total Source [EMAIL PROTECTED] From: McAfee.com Services [EMAIL PROTECTED] From: [EMAIL PROTECTED] --- [This E-mail scanned for viruses by LRBCG.COM, Inc.] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] spam rec'd using internal return address
One way is to use myfilter.txt. Include some of the obvious wordings in it such as : SUBJECTCONTAINS 10 disgusting words BODYCONTAINS 10 disgusting verbage MAILFROM 10 sorry individual Jim Rooth Klotron, Inc. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Sharyn Schmidt Sent: Tuesday, September 24, 2002 07:27 To: Declude Junkmail List Subject: [Declude.JunkMail] spam rec'd using internal return address Good morning :) One of my users is receiving some really disgusting porn email. The logs show that the sender is actually using HER address as the return address. Here is a snip from the IMAIL log: 09:23 23:13 SMTPD(29B2013E) [200.231.59.131] HELO aleph.inbrac.com.br 09:23 23:13 SMTPD(29B2013E) [200.231.59.131] MAIL FROM:[EMAIL PROTECTED] (this is NOT the IP address of my mail server) 09:23 23:13 SMTPD(29B2013E) [200.231.59.131] RCPT TO:[EMAIL PROTECTED] 09:23 23:13 SMTPD(29B2013E) [200.231.59.131] D:\IMAIL\spool\Dd85c13e.SMD 1329 09:23 23:13 SMTP-(0A84) processing D:\IMAIL\spool\Qd85c13e.SMD 09:23 23:13 SMTP-(0A84) ldeliver todhunter.com scarbo-main (1) [EMAIL PROTECTED] 1598 09:23 23:13 SMTP-(0A84) finished D:\IMAIL\spool\Qd85c13e.SMD status=1 According to the Dec0923.log, the only test this message failed was the reverse DNS and obviously I don't rely solely on that test to block or attach spam. What is the best way to block this? Does Declude blacklist IP addresses or do I have to do this in IMAIL? Should this post go to the IMAIL users list? If so, my apologies! TIA, Sharyn We are the worldwide producer and marketer of the award winning Cruzan Single Barrel Rum, judged Best in the World at the annual San Francisco Wine and Spirits Championships. For more information, please click (go to) htmla href=http://www.cruzanrums.com;www.cruzanrums.com/a/html --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Winmail.dat
Perhaps a little off the subject but since it was mentioned... I have a client who cannot send attachments with .xls. They come through as winmail.dat and are unreadable. Based on what I read here, so I check and see if he is sending it as RTF and have him try to send as Plain or HTML? Jim Rooth Klotron, Inc. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of R. Scott Perry Sent: Thursday, September 05, 2002 18:06 To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] More encoded spam How is RTF (Outlook) email sent? Also, Exchange RTF is not the same as plain Outlook RTF composed messages. Outlook/Exchange's proprietary RTF is done through a winmail.dat file that is sent as an attachment -- instead of a text/plain content type, it's sent as application/ms-tnef. So that won't be a problem. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.385 / Virus Database: 217 - Release Date: 09/04/2002 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.385 / Virus Database: 217 - Release Date: 09/04/2002 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
DORKZTL:RE: [Declude.JunkMail] dictionary attacks
Perhaps a disgruntled employee or 'friend' trying for a Denial of Service attack. 2 people in a domain...I thought I had some small accounts...LOL Jim Rooth Klotron, Inc. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Smart Business Lists Sent: Friday, August 16, 2002 5:15 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] dictionary attacks Yesterday we recorded dictionary attack(s) from 42 different IP's. For the most part these were in different network ranges. Most attempts tried 24 addresses but several were fewer and 3 were more. Sometimes 10 or 15 minutes between attack and later in the day maybe an hour. Can't say if it was one attack or several but is continuing today as well although at a reduced pace. I've counted 3 so far in similar pattern - apparently random IP's and trying 24 addresses. Kind of funny in a way to think of the spammer expending all those resources to harvest addresses from a domain used by 2 people. Terry Fritts --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.381 / Virus Database: 214 - Release Date: 8/2/2002 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.381 / Virus Database: 214 - Release Date: 8/2/2002 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
DORKZTL:RE: [Declude.JunkMail] Who are these guys?
The first is a Spanish site...almost like Excite. It list place for friends and lovers, news, chat room, etc. The second looks like an email program of some sort... Jim Rooth Klotron, Inc. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Tom Sent: Saturday, August 03, 2002 5:17 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Who are these guys? Since I do not understand other languages I could not figure out what these sites were. I was hopping someone could help otherwise I can not place them on the kill list. I'm not sure what this one is, it looks like it's in Spanish: http://www.24horas.com Just need an opinion on this one, it's in English: http://www.zoanmail.com/login.php (this one looks like a mail Thanks, Tom Image`fx --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.381 / Virus Database: 214 - Release Date: 8/2/2002 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.381 / Virus Database: 214 - Release Date: 8/2/2002 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
DORKZTL:RE: [Declude.JunkMail] What Action Do you take?
One of the neat things about Declude is it doesn't let the idiot on the other end know you deleted his spam. If he did, there are those who sit up until the wee hours trying to get around a program just cuz he can. I personally have a huge myfilter.txt file (over 1800 entries) and I have anything set to 35 or higher is lost in the cyber world. Anything over 25 but less than 34 is set to WARN and anything less is sent without recourse. Because of the file I have, I get some Weight values over 100! And I have yet to see one of them over forty that doesn't look like spam. I am sure I am losing a few but I know I am stopping a bunch. The numbers a few minutes ago were 33010 emails and 24783 spam. This is not a large amount of emails seeing as how I have not reset for 8 days. If anyone wants a copy of the myfilter.txt that I use, I would be glad to share. I would warn all first though...there are things I look for that may not be prudent for your clients. The myfilter.txt file has to be set for each individual server. I have found that it is a lot easier removing things that are not germane that gong through tons of spam and trying to find things that are. My file has been compiled from several other's list. Oh yes, it also makes my dec.log bigger. I run around a 2.5 to 3 meg file a day. After reading every post for a month I have tried to incorporate other's ideas into my global.cfg and myfilter.txt. Hope this helps and doe not confuse. Jim Rooth Klotron, Inc. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Darrell L. Sent: Friday, August 02, 2002 2:51 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] What Action Do you take? I am sure most people use the weighting system. For the most part you have certain weights were you know that 99% of the mail triggering that weight is spam. Do you BOUNCE, HOLD, Or DELETE? Right now I am using HOLD, but was considering switching that to BOUNCE. There are defiantly some pro's and con's to both. Any thoughts. Darrell --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.380 / Virus Database: 213 - Release Date: 7/24/2002 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.380 / Virus Database: 213 - Release Date: 7/24/2002 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] another newbie question
Based on the ROUTETO theory, what steps would be needed to send the email on to the original destination if it was found to be legitimate? Jim Rooth Klotron, Inc. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of R. Scott Perry Sent: Monday, July 29, 2002 12:02 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] another newbie question Is there a way to have an email sent to me by the Junkmail software that tells me, personally, as the administrator, that a spam email has been sent to the spam folder? (same idea as the Declude virus sends me a virus notification when someone's email has been quarantined.) The closest thing is with the latest beta, you can use the COPYTO action. For example, WEIGHT10 ROUTETO [EMAIL PROTECTED]. That would route the E-mail to [EMAIL PROTECTED], rather than quarantine it. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.380 / Virus Database: 213 - Release Date: 7/24/2002 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.380 / Virus Database: 213 - Release Date: 7/24/2002 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
RE: Re[2]: [Declude.JunkMail] Adding BOUNCE to your Kill list? GOOD or BAD?
Oh well, so much for my two cents worth...I'll have to keep an eye on it a little closer I reckon...maybe have to have my eyes open??? LOL Jim Rooth Klotron, Inc. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Smart Business Lists Sent: Monday, July 29, 2002 3:08 PM To: Tom Subject: Re[2]: [Declude.JunkMail] Adding BOUNCE to your Kill list? GOOD or BAD? Tom, Monday, July 29, 2002 you wrote: T That is, should we block them or not? You'd have to be careful. T would or could it capture legitimate mail? Yes. Lots of valid mailing lists have bounce in them too. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.380 / Virus Database: 213 - Release Date: 7/24/2002 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.380 / Virus Database: 213 - Release Date: 7/24/2002 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
DORKZTL:RE: [Declude.JunkMail] another newbie question
Thanks, I was more than a little confused. I am sure Scott had told me that but for some reason it just didn't stick. Hopefully it will this time. Jim Rooth Klotron, Inc. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Bill Landry Sent: Monday, July 29, 2002 1:40 PM To: '[EMAIL PROTECTED]' Subject: RE: [Declude.JunkMail] another newbie question Jim, with Declude, inbound messages are passed directly to Declude by IMail for processing and if clean, then dropped directly into the spool directory for delivery. If a legitimate message is held, you can simply move the Q D files of the legit message into the spool directory and IMail will deliver them. Declude does not check the spool directory after the messages have been placed there. HTH, Bill -Original Message- From: Jim Rooth [mailto:[EMAIL PROTECTED]] Sent: Monday, July 29, 2002 11:33 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] another newbie question Ok, let me rephrase...would I be able to go to that email and hit forward and add the original address or would JunkMail catch it again? I guess my question is what stops JunkMail from catching it the second time? Jim Rooth Klotron, Inc. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of R. Scott Perry Sent: Monday, July 29, 2002 12:58 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] another newbie question Based on the ROUTETO theory, what steps would be needed to send the email on to the original destination if it was found to be legitimate? It would need to be forwarded somehow. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.380 / Virus Database: 213 - Release Date: 7/24/2002 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.380 / Virus Database: 213 - Release Date: 7/24/2002 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- [This e-mail was scanned for viruses by Pointshare's Virus Scanning Service] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.380 / Virus Database: 213 - Release Date: 7/24/2002 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.380 / Virus Database: 213 - Release Date: 7/24/2002 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
RE: [Declude.JunkMail] Adding BOUNCE to your Kill list? GOOD or BAD?
I personally have MAILFROM 10 CONTAINS bounce in myfilter.txt. I have yet to see it where it wasn't associated with some type of spam. However, bounce alone is not enough for me to kick - it creates a weight of 15 as Myfilter adds a weight of 5. I have my kick weight set at 20 so it means something else has to be a catalyst. I can honestly say I have never had one message with bounce in it come in at less that 30 though. My 2 cents. Jim Rooth Klotron, Inc. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Tom Sent: Monday, July 29, 2002 3:01 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Adding BOUNCE to your Kill list? GOOD or BAD? Post your thoughts on the following addresses... @BOUNCE .BOUNCE BOUNCE. In my research I found these addresses to be typical with spam messages, I'd be curious to hear what your findings are. That is, should we block them or not? would or could it capture legitimate mail? Regards, Tom Image`fx --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.380 / Virus Database: 213 - Release Date: 7/24/2002 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.380 / Virus Database: 213 - Release Date: 7/24/2002 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
DORKZTL:RE: Re[2]: [Declude.JunkMail] Adding BOUNCE to your Kill list? GOOD or BAD?
Oh well, open mouth a little wider and put the other foot in it...you gotta love the list...enough diversity that every subject can be covered and recovered. I do believe I will leave my bounce set up for the time being though...already have both feet in my mouth so can't go too far wrong! Jim Rooth Klotron, Inc. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Smart Business Lists Sent: Monday, July 29, 2002 3:58 PM To: Tom Subject: Re[2]: [Declude.JunkMail] Adding BOUNCE to your Kill list? GOOD or BAD? Tom, Monday, July 29, 2002 you wrote: T Have you ever seen BOUNCE used in legitimate mail? I haven't kept a running database of them but never expected to have to prove anything. But just from today I can list a few: @bounces.spamcop.net - note that bounce is inside bounces these are sent for incident reports @bounce.forbesdigital.com - used by Forbes for subscribers - the first part is the user id @bounce.quris.net - I forget what list this is but one of our clients is subscribed sparklist - also uses bounce but at the front of the address I forget how it works exactly - maybe bounce-listname-subscriberid There are others as well. Keep in mind we are really low volume so I wouldn't think we'd see as many as some of the high volume providers. Of course these things change too. I've been amazed at how often lists change mailing software. Terry Fritts --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.380 / Virus Database: 213 - Release Date: 7/24/2002 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.380 / Virus Database: 213 - Release Date: 7/24/2002 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
RE: Re[2]: [Declude.JunkMail] Adding BOUNCE to your Kill list? GOOD or BAD?
Yes sir, I answered before I read all the replies...my bad. Jim Rooth Klotron, Inc. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Smart Business Lists Sent: Monday, July 29, 2002 4:39 PM To: Jim Rooth Subject: Re[2]: [Declude.JunkMail] Adding BOUNCE to your Kill list? GOOD or BAD? Jim, Monday, July 29, 2002 you wrote: JR I only look for it in the MAILFROM and not in the body or The examples I gave were from MAILFROM not body. They may be in the body but I don't have the messages to check them. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.380 / Virus Database: 213 - Release Date: 7/24/2002 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.380 / Virus Database: 213 - Release Date: 7/24/2002 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
DORKZTL:RE: [Declude.JunkMail] Adding BOUNCE to your Kill list? Conclusion
Basically that is what I have done. I have weight set to 20 before it stops anything so bounce alone cannot do it. Trouble is RVSDNS (5) and spamheaders(5) can. I figure if all three are hit, chances are it is real and not just a poorly run server. Jim Rooth Klotron, Inc. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Tom Sent: Monday, July 29, 2002 4:44 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Adding BOUNCE to your Kill list? Conclusion Here again, I only look for it in the MAILFROM and not in the body or subject. Maybe that is why I haven't had any problems...yet. Knocking on every piece of wood I can find... Ok, after doing some more research I came up with the following conclusion: I created another FROMFILE called WFILE.TXT and placed the following addresses inside of it: - @BOUNCE BOUNCE1 .BOUNCE BOUNCE2 BOUNCE. BOUNCE3 BOUNCE@ BOUNCE4 - Then I set up a test inside the Declude CFG file with a weight of 10: - BFROM fromfiled:\imail\declude\wfile.txt x 10 0 - And finally I set up the test inside the $default$.junkmail file to warn: - BFROM WARN - This way BOUNCE by itself would not fail completely unless it fails more than one test. Hopefully this helps catch more spam using the BOUNCE from address and doesn't disturb legitimate mail. Regards, Tom Image`fx --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.380 / Virus Database: 213 - Release Date: 7/24/2002 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.380 / Virus Database: 213 - Release Date: 7/24/2002 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
RE: Re[6]: [Declude.JunkMail] Adding BOUNCE to your Kill list? BAD?
I'm not. Been around fighting with these stupid square headed girl friends since '73 when they were huge boxes with 32 and 64 Kb of ram. I learned a long time ago no matter what you say, someone can justifiably prove you wrong. So I try to beat them to the punch...LOL Jim Rooth Klotron, Inc. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Tom Sent: Monday, July 29, 2002 4:48 PM To: [EMAIL PROTECTED] Subject: Re[6]: [Declude.JunkMail] Adding BOUNCE to your Kill list? BAD? Importance: Low Oh well, open mouth a little wider and put the other foot in it...you gotta love the list...enough diversity that every subject can be covered and recovered. I do believe I will leave my bounce set up for the time being though...already have both feet in my mouth so can't go too far wrong! I wouldn't worry about it, this list is here for all of us and this is how we learn to use DECLUDE. Hopefully share information and/or create new tools to help us battle this VIRUS they call spam! Best Regards, Tom Image`fx --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.380 / Virus Database: 213 - Release Date: 7/24/2002 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.380 / Virus Database: 213 - Release Date: 7/24/2002 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
RE: Re[6]: [Declude.JunkMail] Adding BOUNCE to your Kill list? BAD?
This is the kind of mail I am seeing: Subject: Motorola Cell Phone+ $50 Cash Back X-List-Unsubscribe: [EMAIL PROTECTED] From: Melissa H. [EMAIL PROTECTED] Reply-To: Melissa H. [EMAIL PROTECTED] Return-Path: [EMAIL PROTECTED] So I have bounce listed as well as dealseveryday. Also $ and cash. This particular item had a weight of 35 after spamcop finished with it. I tell most of my subscribers not to try to unsub as it usually ends up putting their names on another list for the spammers to sell. I may be wrong...no cherry there either...LOL Jim Rooth Klotron, Inc. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of John Tolmachoff Sent: Monday, July 29, 2002 5:21 PM To: [EMAIL PROTECTED] Subject: RE: Re[6]: [Declude.JunkMail] Adding BOUNCE to your Kill list? BAD? I'm not. Been around fighting with these stupid square headed girl friends since '73 when they were huge boxes with 32 and 64 Kb of ram. I learned a long time ago no matter what you say, someone can justifiably prove you wrong. So I try to beat them to the punch...LOL LOL John Tolmachoff IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.380 / Virus Database: 213 - Release Date: 7/24/2002 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.380 / Virus Database: 213 - Release Date: 7/24/2002 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
KITHRUP:RE: [Declude.JunkMail] Declude and Sniffer
I would be interested in seeing what some of you have as myfilter.txt list. I have been adding to mine and find it is a time consuming experience to say the least. One that has been paying for itself though. Being inexperienced in this endeavor, though, I realize I may be going into overkill. What say you? Jim Rooth Klotron, Inc. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Todd Ryan Sent: Sunday, July 28, 2002 2:27 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Declude and Sniffer Jeff, I just purchased Message Sniffer this past week. Before that, I ran the trial version for 30 days and then produced some statistics to prove to myself and my boss that it was worth buying. What it boiled down to was that I was catching 12.5% more definite spam with Message Sniffer than without it. A couple things that are worth mentioning... By definite spam, I'm being very conservative. I don't consider anything that has a legitimate unsubscribe method to be spam. Many would disagree. We're a higher education institution so free speech is a very important factor. So you may find it even more effective than I do because it will also block some of the newsletters that we as mail administrators find to be at the top of the spam scale. I was using the demo for 30 days so that means no updates. Using it with frequent updates will probably produce even better results. Also, I have some very tweaked JunkMail weights and rules. I only use Message Sniffer only in the weighting system. It blocks some things that I don't consider junkmail like newsletters from emazing.com and beliefnet.com. So if a message ONLY fails sniffer, I don't bounce it. It has to fail one or two other tests. Hope this helps. For me, I expect a 12%-15% increase in accuracy and that is worth it. I now have what I think is a VERY accurate weighting system. I've only had two instances in about 6 months where a remote postmaster said their mail was bouncing. In both cases they were legitimate companies sending work-related things, but they both were listed in one of the open relay databases so the filters worked correctly. --Todd. - Original Message - From: Jeff Kratka [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, July 26, 2002 4:08 PM Subject: [Declude.JunkMail] Declude and Sniffer Just curious. How many people are using both Declude Junk Mail and the sniffer add-on and has it made a difference if yes. I have been completely pummeled with Spam and am looking for more options. Thanks. Jeff * TymeWyse Internet P.O.Box 84 - 583 N. Main St., Canyonville, OR 97417 tel/fax: (541) 839-6027 - [EMAIL PROTECTED] * --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.377 / Virus Database: 211 - Release Date: 7/15/2002 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.377 / Virus Database: 211 - Release Date: 7/15/2002 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
RE: KITHRUP:RE: [Declude.JunkMail] Declude and Sniffer
I would appreciate it...trying to make sure that I am going in the right direction Jim Rooth Klotron, Inc. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Bill Landry Sent: Sunday, July 28, 2002 3:07 PM To: '[EMAIL PROTECTED]' Subject: RE: KITHRUP:RE: [Declude.JunkMail] Declude and Sniffer Jim, my filter file is rather large (almost 1600 entries and growing). I don't know if it is appropriate to post to the list, but I will send you a copy off-line, if you like. Bill -Original Message- From: Jim Rooth [mailto:[EMAIL PROTECTED]] Sent: Sunday, July 28, 2002 12:59 PM To: [EMAIL PROTECTED] Subject: KITHRUP:RE: [Declude.JunkMail] Declude and Sniffer I would be interested in seeing what some of you have as myfilter.txt list. I have been adding to mine and find it is a time consuming experience to say the least. One that has been paying for itself though. Being inexperienced in this endeavor, though, I realize I may be going into overkill. What say you? Jim Rooth Klotron, Inc. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Todd Ryan Sent: Sunday, July 28, 2002 2:27 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Declude and Sniffer Jeff, I just purchased Message Sniffer this past week. Before that, I ran the trial version for 30 days and then produced some statistics to prove to myself and my boss that it was worth buying. What it boiled down to was that I was catching 12.5% more definite spam with Message Sniffer than without it. A couple things that are worth mentioning... By definite spam, I'm being very conservative. I don't consider anything that has a legitimate unsubscribe method to be spam. Many would disagree. We're a higher education institution so free speech is a very important factor. So you may find it even more effective than I do because it will also block some of the newsletters that we as mail administrators find to be at the top of the spam scale. I was using the demo for 30 days so that means no updates. Using it with frequent updates will probably produce even better results. Also, I have some very tweaked JunkMail weights and rules. I only use Message Sniffer only in the weighting system. It blocks some things that I don't consider junkmail like newsletters from emazing.com and beliefnet.com. So if a message ONLY fails sniffer, I don't bounce it. It has to fail one or two other tests. Hope this helps. For me, I expect a 12%-15% increase in accuracy and that is worth it. I now have what I think is a VERY accurate weighting system. I've only had two instances in about 6 months where a remote postmaster said their mail was bouncing. In both cases they were legitimate companies sending work-related things, but they both were listed in one of the open relay databases so the filters worked correctly. --Todd. - Original Message - From: Jeff Kratka [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, July 26, 2002 4:08 PM Subject: [Declude.JunkMail] Declude and Sniffer Just curious. How many people are using both Declude Junk Mail and the sniffer add-on and has it made a difference if yes. I have been completely pummeled with Spam and am looking for more options. Thanks. Jeff * TymeWyse Internet P.O.Box 84 - 583 N. Main St., Canyonville, OR 97417 tel/fax: (541) 839-6027 - [EMAIL PROTECTED] * --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.377 / Virus Database: 211 - Release Date: 7/15/2002 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.377 / Virus Database: 211 - Release Date: 7/15/2002 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- [This e-mail was scanned for viruses
RE: KITHRUP:RE: [Declude.JunkMail] Declude and Sniffer
Most of my failures come from my myfile.txt file. I wrote down key phrases or words for a week or two and it seems to kill most of them. Got my first one today since we setup JunkMail four weeks ago! It came through clean as a whistle...I will look forward to setting up phrases in the body of the email. That will kill those that are smart enough to circumvent the system. I have my bounce set at 20 but all my key words and phrases set at ten. That way no one word or phrase will kill the email. Seems to be working...now if I could just get ATT to get off the blacklist so Kithrup and dorkface and those others would go away. I do 90% of my work from home and use ATT cable to access with. Jim Rooth Klotron, Inc. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Tom Baker | Netsmith Inc Sent: Friday, July 26, 2002 3:27 PM To: '[EMAIL PROTECTED]' Subject: RE: KITHRUP:RE: [Declude.JunkMail] Declude and Sniffer That is about average, over 50% of our inbound mail fails at least one test (more like 70%)... This is where the weighing system comes into play. Tests like no postmaster and no abuse fail every message from systems like aol.com, msn.com, earhtlink.net, etc,etc... So they will appear as SPAM in your logfiles. You need to use the weighing system / edit your $default$.junkmail and your global.cfg to meet your needs. There is no cut/dry solution to spam, I have definitely learned monitoring this list that everybody has a different solution that fits their setup. The great thing about declude/sniffer is their flexibility, great mailing lists and frequent updates. (ex: we completely disabled the no postmaster/no abuse tests in our system, they are just too inefficient for our setup, but in other setups they are very useful ) -Original Message- From: Jim Rooth [mailto:[EMAIL PROTECTED]] Sent: Friday, July 26, 2002 3:18 PM To: [EMAIL PROTECTED] Subject: KITHRUP:RE: [Declude.JunkMail] Declude and Sniffer I must be doing something wrong! I looked at the confirm log and I have caught almost half of the 20,000 emails as spam. I have poured through the logs though and have only found four obviously legitimate emails that should not have been caught. I fixed that with the myfilter file. Either I am doing it wrong or the program is great. I suspect the latter... Jim Rooth Klotron, Inc. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Jeff Kratka Sent: Friday, July 26, 2002 3:08 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Declude and Sniffer Just curious. How many people are using both Declude Junk Mail and the sniffer add-on and has it made a difference if yes. I have been completely pummeled with Spam and am looking for more options. Thanks. Jeff * TymeWyse Internet P.O.Box 84 - 583 N. Main St., Canyonville, OR 97417 tel/fax: (541) 839-6027 - [EMAIL PROTECTED] * --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.377 / Virus Database: 211 - Release Date: 7/15/2002 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.377 / Virus Database: 211 - Release Date: 7/15/2002 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com . --- --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.377 / Virus Database: 211 - Release Date: 7/15/2002 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.377 / Virus Database: 211 - Release Date: 7/15/2002 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type