Title: Message
Hi
Scott:
I know you are busy
with viruses - but I can't figure THIS one out. I have thousands of emails
in the log file, where SORBS-DUHL is discovered, logged and treated properly.
But at least this ONE got through and I have no explanation.
Firstlet's
look at a mail 10
I know you are busy with viruses - but I can't figure THIS one out. I
have thousands of emails in the log file, where SORBS-DUHL is discovered,
logged and treated properly. But at least this ONE got through and I have
no explanation.
The issue here isn't that the test wasn't logged -- Declude
What do we do when we find Junkmail passing the SPF Test.
Is there a place to report it.
Fred
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL
IE this url: //205.159.%372.%32%30/mort/ obviously gets translated and I
could do so also. It would take a lot of extra time. I copy the url out of
headers of spam that gets through and put it into my filter file. These are
bothersome however.
Is there a way that we could just mark these kind
Where is this set in imail? Is it antispam of imail as we do not use it.
Harry Vanderzand
inTown Internet Computer Services
11 Belmont Ave. W.
Kitchener, ON
N2M 1L2
519-741-1222
Did you know we offer:
- Province wide dial-up and high speed internet access
- Web accessible email with
It is a rule. They are located in a rules.ima (inbound rules file).
The rules.ima file gets placed in the top directory of the domain that
you want to use it on. There is lots of data about this in the
knowledge base on Imails web site.
Regards,
Jason
-Original Message-
From:
I am not sure if my request here is being understood.
I would not want to mark all messages with an IP in the url as spam. Only
those messages that use %nnn%nnn%nnn etc. When you view source of an html
message you can see this kind of coding. As in this case:
//205.159.%372.%32%30/mort/
We
Well, let us ask the entire list if there are valid reasons that people
would send an IP in a URL. I tested this for 2 months and didn't have a
single legitimate e-mail like this. We did have people sending IP
addresses, but not as a url. For example: My server IP is
156.23.140.10. Not one
This is the offending header.
Received: from mail13.americanfamilydeals.com ([69.56.11.46])
by DNS2.tcbinc.net (SAVSMTP 3.1.3.37) with SMTP id M2004031909522726515
for [EMAIL PROTECTED]; Fri, 19 Mar 2004 09:52:29 -0500
Message-ID:
[EMAIL PROTECTED]
Date: Fri, 19 Mar 2004 08:52:30 -0600 (CST)
So zombie spamers forge Habeas, and ROKSO spammers give themselves SPF
records. Not a surprise.
You can't stop them from doing this, so I might suggest not crediting
any points to those that pass.
Matt
Frederick Samarelli wrote:
This is the offending header.
Received: from
Title: Message
Makes perfect
sense to me. Everyone, including ROKSO spammers, can benefit from
implementing SPF defensively, resulting in a valid SPFPASS. And *their*
doing so dilutes the incentive for antispammers to reward those who implement
SPF defensively, which in turn dilutes SPF.
Well, assuming that you have Declude JunkMail Pro and thus text filtering
features available, yes.
See:
http://www.mailpure.com/software/decludefilters/
for the IPFilter tests which would give you a very good example to get you
started.
However, I think that:
a) You don't need to,
I have to agree with Matt. I am starting to see quite a few spam messages
from the same spammer that has now implemented SPF for the following three
domains:
yfdvdsmail.com
freefamilydeals.com
americanfamilydeals.com
I primarily now use SPF for adding negative weight for SPF fails.
Bill
-
I am against subtracting points from and email based on an exturnal test. We
only add weight unless we are counterweighting a known issue with valid
email.
Kevin Bilbee
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Bill Landry
Sent: Friday, March 19,
As noted in the last 2 weeks, current wisdom is to add points to
those senders that trigger a SPFFAIL, and that rewarding a SPFPASS
or SPFUNKNOWN will reveal no joy.
I've never done anything but penalize SPF FAIL. It's pretty common
knowledge, as you say.
--Sandy
Watch out for this rule. There will be false positives. We've tried it long
ago in sniffer. It turns out that there are quite a few legit messages sent
with numbered links in them... so now we only code rules for specific
numbered links (or stubs of them anyway).
You might try rules for
16 matches
Mail list logo
