e to follow the chain up to the ultimate parent organization
and readily find their official abuse contacts - it's not unusual for
attempted spam filters to fail miserably and consider the individual IP
block as missing an abuse contact.
Best Regards
Andy Schmidt
600 East Crescent Avenue, Suit
Uh - okay. The problem is NOT the order (or the fact that the last item
wouldn't have a whitespace character, which could be handled easily).
The real problem is that a match will ONLY be made if every single "token" in
your string is actually included in your list of alternatives. The problem
rker
Mail’s Best Friend
Email : david.bar...@mailsbestfriend.com
Web : www.mailsbestfriend.com
Office: 866.919.2075
-Original Message-
From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On
Behalf Of Andy Schmidt
Sent: Friday, August 26, 2016 1:26
Hi John,
Actually - the "filename" parameter is assigned to the "Content-Disposition"
headers - and that's where I'm used to see it (however, I admit to seldomly
having reason to look for it):
http://www.iana.org/assignments/cont-disp/cont-disp.xhtml
I never noticed that parameter being added
Hm - just consider the possibility that the problem is an INVALID "EOL"
sequence.
SMTP requires a CR/LF combination at the end of a line.
But, some operating systems (like UNIX) just use a "LF", some just a "CR"
(at some time MACs), and sometimes programmers accidentally code "LF/CR".
There
?
David Barker
Mails Best Friend
Email : david.bar...@mailsbestfriend.com Web :
www.mailsbestfriend.com Office : 866.919.2075
-Original Message-
From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com]
On Behalf Of Andy Schmidt
Sent: Thursday, October 22
Hi,
I'm baffled. Have been using this test for years without problems.
Yesterday I encountered the following for this one domain:
10/15/2015 22:35:22.515 q76f2000826a3f7e4.smd Doing envfrom type test on
mardee.com.
10/15/2015 22:35:22.515 q76f2000826a3f7e4.smd Looking up MX/A record for
This vulnerability occurs when it appears as though a MIME segment is
occurring after the end of the MIME body (specifically, a MIME segment with
a boundary other than the one specified appears in the MIME postamble).
Outlook may see this as an attachment.
Although technically valid, there is
Winmail.dat is attached by Outlook when you choose Microsoft's legacy RICH
TEXT as the message format, instead of HTML (or Plain Text.) It predates
SMTP, when there was a pre-Windows 2000 Microsoft Mail system for LANs...
If I remember correctly, there is even a setting buried inside the
As you probably expected, this email apparently was SENT FROM
mailto:it1...@abc.com it1...@abc.com TO mailto:di...@xyz.com
di...@xyz.com - but the previous entries for 3b4d08cb6087 would confirm
that.
My first guess would be that you have Imail connection filters or spam
filters turned on
Send BOUNCE(IFYOUMUST), virus notifications, and other messages from null
sender to avoid bounce loops.
Test sender alignment: MAIL FROM different than From: mail header
Address book whitelisting that does NOT rely on Registry Keys
HLM\software\softalk\WorkgroupShare\setup\DBType
SPAM with good SPF records are actually helpful too.
Since the spammer has now tied a certain IP address to a certain domain name,
both the domain name and the IP address can now be added to blacklists which
can be used in connection-level checks to refuse future emails outright.
Hi Dave,
We absolutely block on -all before we check anything else. And almost
daily I encounter some third party mail server that rejects a registration
email or a mailing list email form one of our clients, because the recipient
is forwarding email between two email services. So there are
Hi,
I have started to assign higher points to several tests, and then use some
sender whitelists to offset the negative increase to hopefully prevent
catching legitimate IP blocks who just happen to suffer abuse because of the
nature of their business (including aol, google, hotmail and many
your post on the 32bit question.
We are running this on a 32bit box and now I'm wondering if we need to wait
until David gets the 32 bit version out.
thanks again
john
On 11/18/2014 11:07 AM, Andy Schmidt wrote:
Hi John,
Here the steps to set up the Gauntlet service without
Hi Dave,
What type of minimum processor and/or operating system is required? Is it a
64-bit application?
D:\IMail\declude\Tools\drgoutflow.exe
Results in:
The image file D:\IMail\declude\Tools\DRGOutflow.exe is valid, but is
for a machine type other than the current machine.
Hi David,
Let me make sure I understand correctly how these values are determined.
Given:
Connecting from: 100.1.2.3
3.2.1.100.in-addr.arpa = rdnshost.subdomain.rndsdom.com
HELO helohost.subdomain.helodom.com
MAIL FROM: mail...@mailhost.maildom.com
What precisely would then
Dito!
-Original Message-
From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On
Behalf Of Michael Cummins
Sent: Tuesday, November 04, 2014 8:29 AM
To: community@mailsbestfriend.com
Subject: [MBF] Re: Thoughts on how to deal with the current SPAM campaigns
That all
@mailsbestfriend.com
Subject: [MBF] Re: DECLUDE vs. Address Book WhiteListing - Two bugs
Hi Andy,
Got it. Will have dev look at it and give you some feedback based on
findings.
David
On 8/26/2014 11:06 AM, Andy Schmidt wrote:
Hi,
Address-book whitelisting is a crucial feature, as it puts
: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com]
On Behalf Of Andy Schmidt
Sent: Wednesday, September 24, 2014 12:30 PM
To: community@mailsbestfriend.com
Subject: [MBF] Re: DECLUDE vs. Address Book WhiteListing - Two bugs
Hi David,
No difference, even in latest verison. Since
http://www.ahbl.org/content/changes-ahbl
Changes In The AHBL
So, this has been a long time coming, but figured I'd make the announcement.
I'm winding down the public DNSbl services of the AHBL.
This means the dnsbl.ahbl.org, ircbl.ahbl.org, rhsbl.ahbl.org lists are all
going away, as is
Sorry - running 32 bit.
Is the problem ONLY when you launch InvURIBL from within Declude - or do you
have a problem just testing InvURIBL from a the Windows commandline?
-Original Message-
From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On
Behalf Of
We just need to get Sniffer back into API mode instead of the costly command
line mode.
-Original Message-
From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com] On
Behalf Of David Barker
Sent: Thursday, November 21, 2013 9:53 AM
To: community@mailsbestfriend.com
John – NOT reproducible on 2008 R2!
One possible explanation is – someone turned off the 8.3 filename creation for
performance reasons for THAT partition at some LATER date. That will NOT REMOVE
any “old” 8.3 filenames created prior, but will not cease to create any NEW 8.3
filenames for
Hi John,
I know you tried the Dir /X and you saw spaces where the 8.3 should appear.
Can you please elaborate? I just want to make sure you didn't accidentally try:
DIR /X C:\Program Files\ESET NOD32 Antivirus\ecls.exe
Naturally THAT would result in a blank field for ecls.exe, because
Hi John,
But that's to be expected!?
If you ran DIR /X from within the ESET NOD32 Antivirus directory then it will
indeed display a blank short name for ecls.exe because THAT name truly is
LESS than 8+3 characters.
If you are trying to find the short name for \ESET NOD32 Antivirus\, you have
Hi John,
I may be asking the obvious:
But given that this is a new 64 bit system, any chance that you or some other
admin had disabled 8.3 file name creation for that NTFS volume for performance
reasons? THAT would explain how you could possibly have a LONG directory name
but NO 8.3
John,
Rather than guessing, just use the command link DIR command with the /X
option.
Start at the C: drive and then work your way through the two subfolders.
The /X option will tell you the 8.3 MSDOS style name for each folder/file.
Best Regards,
Andy
-Original Message-
From:
Yes, you'd have to use the -DYNA in the test name for specific return codes
to let Declude know NOT to check past the most recent hop, e.g.:
SBL ip4rzen.spamhaus.org127.0.0.2 7 0
CBL-DYNAip4rzen.spamhaus.org127.0.0.4 1
Hi Daniel,
I've had problems in the past - specially when larger mass mailings lead to
thousands of vacation, bounce and delay messages hitting the server in a
short time span. But there had also been times where individual emails
caused crashes in either Imail or Declude.
I had created a small
Hi,
I remember others discussing / running into problems with the Imail Addressbook
Whitelist feature (“AutoWhitelist ON”) of Declude – so I wanted to share the
final outcome.
After we solved the problem of Declude not using the proper ODBC DNS, but
rather relying on a certain Registry
Hi Todd,
So you’re saying the “all@” wildcard DOES work correctly for SmarterMail? (I
didn’t make this clear before: the whitelist of individual email addresses DOES
work under Imail – just not using the “all@” domain wildcard).
If all@ works for SmarterMail, then that would be an even
Unfortunately, this is another activist black list that thrives to better
the world against any practical considerations. The rule is that it's more
important for valid emails to reach the intended sender than to block spam.
For a list to be useful, we can't simply block Microsoft's servers.
Hi Dave,
I just bought two support incidents - so I'd like to use ONE incident to
debug this issue.
Here the problem:
- Declude v4.12.02 for Imail
- Log message recurring through the day:
DataBase Error = [Could not find file '(unknown)'. Driver's
SQLSetConnectAttr failed ]
Finish Address
ORF
You can even integrate it with Sniffer!
From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com]
On Behalf Of Carl Wagar
Sent: Tuesday, July 02, 2013 11:31 AM
To: community@mailsbestfriend.com
Subject: [MBF]anti-spam solutions for ms-exchange
Does anyone have a
Hi Dave,
What a relieve!
Let us know about your business plan and how we can pay our share to
facilitate bug fixes and advances.
Best Regards,
Andy
From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com]
On Behalf Of David Barker
Sent: Tuesday, July 02, 2013
36 matches
Mail list logo
