Harry Palmer wrote:
Does anyone actually have a production Smarter Mail/Declude server in
use?
We have a production SmarterMail server hosting 27 sites with 1800+
users. SmarterMail replaced IMail here on December 14, 2004.
SmarterMail performance has been very good. We tested Declude with
From: "Darin Cox" [EMAIL PROTECTED]Sent: Friday, November 05, 2004 8:30 AMTo: [EMAIL PROTECTED]Subject: [Declude.JunkMail] Huge increase in spam in the last 2 days Anyone else seeing this? Wednesday our incoming spam increased by about 80%, and yesterday it increased another 50%...so there was a
Bud Durland wrote:
There's been an almost hysterical reaction to the ICS announcement.
People have right to be angry disappointed over it; but traffic on
he iMail list almost seems like a knee-jerk reaction: Good lord
that's a lot of money -- I'm buying something else right now. If GM
or that they are harvesting data to make themselves attractive
to buy in order to obtain that data?
--
Joshua Levitsky, MCSE, CISSP
System Engineer
http://www.foist.org/
[5957 F27C 9C71 E9A7 274A 0447 C9B9 75A4 9B41 D4D1]
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com
, The User's Information and his/her
membership in the Plaxo
Contact NetworksT will, in most instances, be part of the assets
transferred. The user will
be notified of an ownership change pursuant to Notification of Changes
section of the
privacy statement.
--
Joshua Levitsky, MCSE, CISSP
System Engineer
Please everyone be sure to patch your IMail 8 installations with the hotfix
for the LDAP vulnerability.
- Original Message -
From: 3APA3A [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, February 24, 2004 11:19 AM
Subject: [Full-Disclosure] Scans for IPSwitch IMail LDAP
- Original Message -
From: Iván Rodriguez Almuiña [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Thursday, February 19, 2004 10:04 AM
Subject: iMail 8.05 LDAP service remote exploit
iMail 8.05 LDAP service remote exploit can be found at:
.
--
Joshua Levitsky, MCSE, CISSP
System Engineer
Time Inc. Information Technology
[5957 F27C 9C71 E9A7 274A 0447 C9B9 75A4 9B41 D4D1]
- Original Message -
From: Omar K. [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Saturday, January 31, 2004 5:22 PM
Subject: RE: [Declude.JunkMail] OT: Domain
- Original Message -
From: R. Scott Perry [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Saturday, January 31, 2004 9:14 AM
Subject: Re: [Declude.JunkMail] Question about MAILBOX action.
Received: from SMTP32-FWD by joshie.com
(SMTP32) id A047C0052; Fri, 30 Jan 2004 20:31:00
This
Status: NOT REGISTERED: No activation code.
End of diagnostics.
--
Joshua Levitsky, MCSE, CISSP
System Engineer
Time Inc. Information Technology
[5957 F27C 9C71 E9A7 274A 0447 C9B9 75A4 9B41 D4D1]
---BeginMessage---
Hey Root, just thought i would let you know what this GSC is all about
Guess they have 60,000 very very greedy
individuals. Of course they also have probably 60,000 people violating their
Terms of Service so when I report them through SpamCop they are likely to lose
their DSL / Cable line if they have a respectable ISP.
http://www.virtualmda.com/
--Joshua
Underscores can be valid but they were made an
acceptable character because of SRV records. Still someone could have a
mailserver with an _ in the domain. (I think anyway.)
http://www.faqs.org/rfcs/rfc2782.html
--Joshua Levitsky, MCSE, CISSPSystem EngineerTime Inc.
Information Technology
That's one of those Habeas header emails.
Whitelisting them lately has been a very bad idea. It's nice though that they
always seem to mark their spam with a low priority. I just sort by priority and
I can select all the offenders and forward them to spamcop.
--Joshua Levitsky, MCSE
64.81.214.117 -A 64.81.214.117,64.81.214.120
(I am not sure you need to list the server itself in the -A but I did it
just in case.)
-Josh
--
Joshua Levitsky, MCSE, CISSP
System Engineer
Time Inc. Information Technology
[5957 F27C 9C71 E9A7 274A 0447 C9B9 75A4 9B41 D4D1]
---
[This E-mail was scanned
to a PTR or
an IP or such but the content based tests could still happen? Just a rough
idea but I think for some of the more major ISPs you might want to not
consider them for ip4r tests but you would want to look for encoded URLs or
dirty words or yadda yadda...
-Josh
--
Joshua Levitsky, MCSE
If you could do .gz files rather than .zip files then this is free...
http://www.gzip.org/
--
Joshua Levitsky, MCSE, CISSP
System Engineer
Time Inc. Information Technology
[5957 F27C 9C71 E9A7 274A 0447 C9B9 75A4 9B41 D4D1]
- Original Message -
From: ISPhuset Nordic AS [EMAIL PROTECTED
machine every Friday for
nasties. A nice thing about the bundled app is we can update it via TOD
updates. (The thing that sometimes happens when you sign off AOL.)
-Josh
--
Joshua Levitsky, MCSE, CISSP
System Engineer
Time Inc. Information Technology
[5957 F27C 9C71 E9A7 274A 0447 C9B9 75A4 9B41 D4D1
tion can be used in any of the Declude JunkMail
configuration files, it will only be used in whatever configuration file that
Declude JunkMail is using for an E-mail. For example, if you have a REDIRECT
line in the \IMail\Declude\example.com\$default$.JunkMail file, Declude JunkMail
won't use i
nce
makes spam even worse for all. You shouldn't enable spammers, and your use of
their lists is doing just that.
--Joshua Levitsky, MCSE,
CISSPSystem EngineerTime Inc. Information Technology[5957 F27C 9C71
E9A7 274A 0447 C9B9 75A4 9B41 D4D1]
- Original Message -
From:
Bill
of their business and you are ultimately making the Internet a slightly
worse place to be.
--Joshua Levitsky, MCSE, CISSPSystem EngineerTime Inc.
Information Technology[5957 F27C 9C71 E9A7 274A 0447 C9B9 75A4 9B41
D4D1]
- Original Message -
From:
Bill
Landry
To: [EMAIL PROTECTED
On their website you can report the spam and they will go after them... in
theory... but for now because so many people are bundling the headers in
spam you should probably not whitelist Habeas headers.
--
Joshua Levitsky, MCSE, CISSP
System Engineer
Time Inc. Information Technology
[5957 F27C
that.
--
Joshua Levitsky, MCSE, CISSP
System Engineer
Time Inc. Information Technology
[5957 F27C 9C71 E9A7 274A 0447 C9B9 75A4 9B41 D4D1]
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just
language.ok_locales
all
--Joshua Levitsky, MCSE, CISSPSystem EngineerTime
Inc. Information Technology[5957 F27C 9C71 E9A7 274A 0447 C9B9 75A4 9B41
D4D1]
confused about your email because there is no line showing your
server ever received the email so I know the headers provided are not
complete.
--
Joshua Levitsky, CISSP, MCSE
System Engineer
AOL Time Warner
[5957 F27C 9C71 E9A7 274A 0447 C9B9 75A4 9B41 D4D1]
---
[This E-mail was scanned
ask OpSec or someone here about if that was a mistake or
if the documentation on postmaster.aol.com is wrong?
-Josh
--
Joshua Levitsky, CISSP, MCSE
System Engineer
AOL Time Warner
[5957 F27C 9C71 E9A7 274A 0447 C9B9 75A4 9B41 D4D1]
---
[This E-mail was scanned for viruses by Declude Virus (http
example email to support how I believe our systems
work.
--
Joshua Levitsky, CISSP, MCSE
System Engineer
AOL Time Warner
[5957 F27C 9C71 E9A7 274A 0447 C9B9 75A4 9B41 D4D1]
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from
STATES-destination
Precedence: bulk
Sender: [EMAIL PROTECTED]
X-AOL-IP: 64.124.116.40
--
Joshua Levitsky, CISSP, MCSE
System Engineer
AOL Time Warner
[5957 F27C 9C71 E9A7 274A 0447 C9B9 75A4 9B41 D4D1]
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E
) with ESMTP id
RELAYIN6-
I imagine you would need a rule for mx.aol.com and mail.aol.com (good
thing
Josh has confirmed that mail.aol.com is never used!).
172.20.75.169 and 172.31.37.4 aren't even IPs we list as mail
servers. Are you sure that mail was received that wasn't forged ?
--
Joshua Levitsky
from I don't believe that I was stating something
where I could be wrong? If I'm wrong then I'm wrong and if
documentation is wrong in postmaster.aol.com then I could tell someone
at work.
Being nasty and personal however gets you nowhere.
--
Joshua Levitsky, CISSP, MCSE
System Engineer
AOL
.aol.com and only MX
is used for our mail servers. (Nobody here has seen actual email from
aol.com coming from something other than *.mx.aol.com right?)
-Josh
--
Joshua Levitsky, CISSP, MCSE
System Engineer
AOL Time Warner
[5957 F27C 9C71 E9A7 274A 0447 C9B9 75A4 9B41 D4D1]
---
[This E-mail
members' outbound mail
imo-d[01-10].mx.aol.com
imo-r[01-10].mx.aol.com
imo-m[01-10].mx.aol.com
--
Joshua Levitsky, CISSP, MCSE
System Engineer
AOL Time Warner
[5957 F27C 9C71 E9A7 274A 0447 C9B9 75A4 9B41 D4D1]
to work.
-Josh
--
Joshua Levitsky, CISSP, MCSE
System Engineer
AOL Time Warner
[5957 F27C 9C71 E9A7 274A 0447 C9B9 75A4 9B41 D4D1]
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just
. IN A
;; AUTHORITY SECTION:
com.10800 IN SOA a.gtld-servers.net.
nstld.verisign-grs.com. 2003100400 1800 900 604800 86400
--
Joshua Levitsky, CISSP, MCSE
System Engineer
AOL Time Warner
[5957 F27C 9C71 E9A7 274A 0447 C9B9 75A4 9B41 D4D1
Ok. This spam is scary. It has my actual home address and phone number. I'm guessing they cropped it from WHOIS maybe... but that wouldn't make sense since many WHOIS contacts are technical people that wouldn't fall for this. Anyone else get this variation of the typical financial fraud with your
On Sep 22, 2003, at 3:05 PM, Matthew Bramble wrote:
do see the reasoning in either owning the domain or using a fake TLD. Eventually the fake TLDs though could come back and haunt users if they are ever allowed to be registered for Internet use. I believe that will happen some day.
I have
I know, but was just showing that people are writing things with the assumption that .local will never exist.
On Sep 22, 2003, at 5:47 PM, Matthew Bramble wrote:
Josh,
>From that RFC:
The IESG notes that this mechanism makes use of the .local top-level domain (TLD) internally when handling
On Sep 21, 2003, at 11:03 AM, DLAnalyzer Support wrote:
With this test most people do not assign weight to this test because
it catches a lot of legit mail. Most apply reverse weight if it
passes (i.e. if the IP addresses matches a MX record for the senders
mail from domain.) This is ideally
Begin forwarded message:
Resent-From: Joshua Levitsky [EMAIL PROTECTED]>
From: Matt Larson [EMAIL PROTECTED]>
Date: September 20, 2003 2:01:39 PM EDT
To: [EMAIL PROTECTED]
Subject: VeriSign SMTP reject server updated
Folks,
One piece of feedback we received multiple times after the ad
Below is the declude warnings from an email I got. I was wondering how IPNOTINMX tripped when as per HELOBOGUS there are no MX or A records? Since there is no MX record isn't it impossible for there to be an IP in a record that doesn't exist?
Am I right about my logic above? Am I just up too
Scott,
Does the new Declude poll every time to your box to see what is
forging and what is not or does it keep a cache? (Just thinking about
your bandwidth and also if.. g-d forbid... your network connection goes
down.)
-Josh
On Sep 19, 2003, at 8:21 AM, System Administrator wrote:
on
On Sep 17, 2003, at 12:17 PM, Sheldon Koehler wrote:
Scott,
Will adding 64.94.110.0/24 to the ipfile block these?
BLACKLISTIP ipfile D:\IMail\Declude\ipfile.txt x 20
Bill posted this in response to my posting about being able to use
this...
Below is the right hand side test you can use
On Sep 17, 2003, at 2:59 PM, Matthew Bramble wrote:
False positives will come from users that misspell their domain name
in their mail client. I have had that happen. There are also lots of
forms being used on Web sites that take the user's input and construct
a message using their address
On Sep 17, 2003, at 7:31 PM, Todd Holt wrote:
1. x-tad-biggerCan this filter distinguish between ADSL and SDSL? If not, is this acceptable?/x-tad-bigger
2. x-tad-biggerIs the filter doing this?/x-tad-bigger
3. x-tad-biggerAre there any unique instructions for doing this/x-tad-bigger
On Sep 17, 2003, at 8:21 PM, Matthew Bramble wrote:
I think that the following is a candidate for exclusion:
rrcs-nys-###-###-###-###.biz.rr.com
Matthew,
In the case of Road Runner I would put ENSWITH rr.com in the DYNAMIC and in the AntiDYNAMIC I would put ENDSWITH biz.rr.com because
I believe that Message-ID: header was added by your IMail because the
email didn't have it. It failed the test because it should have had it
prior to IMail getting the email.
-Josh
On Sep 17, 2003, at 11:55 PM, Marc Catuogno wrote:
This E-mail has a bogus Message-ID: header.
Received: from
I think Matthew's GIBBERISH test he posted to the list would catch
that. Also the address naturalherbal.biz you could add to a URL
filter using filter file. Make sense?
On Sep 16, 2003, at 8:28 AM, Stanley Lyzak wrote:
I have to admin, the level of help I get from this forum is great!
On Sep 16, 2003, at 8:05 PM, R. Scott Perry wrote:
We do have an interim release at http://www.declude.com/release/175i/declude.exe that includes this ability (if you are running a version of IMail that supports it, such as 8.x). A line WHITELIST AUTH in the \IMail\Declude\global.cfg file will
On Sep 15, 2003, at 11:11 PM, wayne wrote:
In [EMAIL PROTECTED] Matt Larson
[EMAIL PROTECTED] writes:
Today VeriSign is adding a wildcard A record to the .com and .net
zones. The wildcard record in the .net zone was activated from
10:45AM EDT to 13:30PM EDT. The wildcard record in the .com
Interesting side effect of Verislime's move. Just setup a ip4r test that goes to a bogus domain and then all the bad addresses result in an answer of 64.94.110.11. Maybe this is how we can take advantage of this?
If i made an ip4r test of aklsjlajkdjkhskljdkjldhsjdshkhklshdkjl.comthen I'd
On Sep 12, 2003, at 10:15 PM, Frederick Samarelli wrote:
Matt,
How well does this work.
BODY -5 CONTAINS attachment
I noticed it did not counter weight a photo attachment.
I think what would help this filter and others like it would be if
Scott could make it so you could have a line in a
All I have to say is things have a way of coming around...
That was a comment to you, and nobody here knows the B.S. Comments you've
sent me off list because I don't send personal emails to lists. I am leaving
the list after this email. I only came back on because I saw your email in
the
- Original Message -
From: Bill B. [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Sunday, July 27, 2003 10:50 AM
Subject: Re: [Declude.JunkMail] New spamcop style RBL..
I just registered and turned it on, and it seems to have a lot of spam IPs
listed. I'll keep an eye out for false
- Original Message -
From: Omar K. [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Sunday, July 27, 2003 12:32 PM
Subject: RE: [Declude.JunkMail] New spamcop style RBL..
Yes, same here, I noticed that it is tagging IP's that have not been
caught
by easynet or osirusoft.
Another
- Original Message -
From: Smart Business Lists [EMAIL PROTECTED]
To: Joshua Levitsky [EMAIL PROTECTED]
Sent: Sunday, July 27, 2003 11:40 AM
Subject: Re: [Declude.JunkMail] New spamcop style RBL..
The problem I have is that I have no way of knowing the cost of
this service
- Original Message -
From: Bill B. [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Sunday, July 27, 2003 11:29 AM
Subject: Re: [Declude.JunkMail] New spamcop style RBL..
Hmm... I wonder how effectively that data could be used to generate lists
of IPs to block at the firewall level.
- Original Message -
From: Matt Robertson [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Sunday, July 27, 2003 1:35 PM
Subject: RE: [Declude.JunkMail] New spamcop style RBL..
One thing I was REALLY not happy about was their method of adding
default positives (i.e. the originally
- Original Message -
From: Matt Robertson [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Sunday, July 27, 2003 2:44 PM
Subject: RE: [Declude.JunkMail] New spamcop style RBL..
I just verified a piece of spam that originated from a dialup IP. Now
its in my list and I see Trustic has
- Original Message -
From: Matt Robertson [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Sunday, July 27, 2003 4:08 PM
Subject: RE: [Declude.JunkMail] New spamcop style RBL..
Could that have been the idea in the first place? Who knows anything
about these guys?
While I can only speak
- Original Message -
From: Matt Robertson [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Sunday, July 27, 2003 4:08 PM
Subject: RE: [Declude.JunkMail] New spamcop style RBL..
I'd leave this service alone for awhile so they can get their act
together. They may call this a beta but it
- Original Message -
From: Matt Robertson [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Sunday, July 27, 2003 7:14 PM
Subject: RE: [Declude.JunkMail] New spamcop style RBL..
63.149.203.45
5 automated positive recommendations and a trusted server.
But here they're listed on
- Original Message -
From: Smart Business Lists [EMAIL PROTECTED]
To: Joshua Levitsky [EMAIL PROTECTED]
Sent: Sunday, July 27, 2003 8:26 PM
Subject: Re: [Declude.JunkMail] New spamcop style RBL..
Sunday, July 27, 2003 you wrote:
JL I'm not trying to make this an argument.
That's
This is kind of cool... I'm using it now as an RBL...
http://www.trustic.com/
Trustic is a new solution to the problem of unsolicited email. By
aggregating recommendations from its large community of members, Trustic
maintains a list of email servers that can't be trusted to prevent spam.
This
: [Declude.JunkMail] New spamcop style RBL..
Josh,
What is the entry you have put in your config file? (If you don't mind
sharing)
Thanks
Jason
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Joshua Levitsky
Sent: Saturday, July 26, 2003 9
stats?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Joshua Levitsky
Sent: Sunday, July 27, 2003 4:11 AM
To: [EMAIL PROTECTED]
Subject: [Declude.JunkMail] New spamcop style RBL..
This is kind of cool... I'm using it now as an RBL...
http
Has anyone else here gotten these bull responses from Inflow? Anyone know
Brett Pollard's email because I'd really like to tell him about all the
great products I'd like to sell him so he can fully understand what spam is.
If anyone knows all the segments Inflow owns off-hand please pass them on
In my eagerness I found
http://www.blackholes.us
Such a cool blackhole list.
-Josh
- Original Message -
From: Joshua Levitsky [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, July 25, 2003 12:27 PM
Subject: [Declude.JunkMail] Fw: - Resolution of Suspected AUP
Violation -(INFLOW
- Original Message -
From: Rifat Levis [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, July 25, 2003 5:07 PM
Subject: Re: [Declude.JunkMail] Fw: - Resolution of Suspected AUP
Violation -(INFLOW:36688) ([SpamCop id:347295673])
ABOUT http://www.blackholes.us
As long as it is not
to do that.
in that 2 second i have around 80 spam in my box :)
Rifat
- Original Message -
From: Joshua Levitsky [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Saturday, July 26, 2003 12:34 AM
Subject: Re: [Declude.JunkMail] Fw: - Resolution of Suspected AUP
Violation -(INFLOW
I really like that idea. Right now I'm using Imail 8's URL filtering but I
would move my filters over to Declude if I could filter on a BODYURL. I
catch dozens of emails each day with the URL filter on Imail 8 and it does
similar cleanup before applying the filter.
-Josh
- Original Message
Title: Re: [Declude.JunkMail] dashes in domains
Seems like if there was a wildcard character we could use in the filter files then you could do
HELO 8 CONTAINS -*-
MAILFROM 8 CONTAINS -*-*@
Assuming * was our wildcard then that would do it no? But since * is valid in an email youd have to
: Joshua Levitsky [EMAIL PROTECTED]
Date: Thu, 24 Jul 2003 12:59:58 -0400
To: [EMAIL PROTECTED]
Subject: Re: [Declude.JunkMail] dashes in domains
Seems like if there was a wildcard character we could use in the filter files then you could do
HELO 8 CONTAINS -*-
MAILFROM 8 CONTAINS -*-*@
Assuming
Title: Re: [Declude.JunkMail] dashes in domains
Question on SpamDomains...
X-RBL-Warning: SPAMDOMAINS: Spamdomain 'netscape.' found: Address of [EMAIL PROTECTED] sent from invalid
r2d2.aoltw.net
The above header was in an email to me from a netscape employee I work
with. (changed it to
question
Joshua,
What about...
netscape. .aol
?
Dan
- Original Message -
From:
Joshua
Levitsky
To: [EMAIL PROTECTED]
Sent: Thursday, July 24, 2003 6:26
PM
Subject: [Declude.JunkMail] Spamdomains
question
A Wiki would be perfect for this. I would run one, but my only spare box has
no hard drives in it. :(
-josh
From: John Tolmachoff \(Lists\) [EMAIL PROTECTED]
Organization: eServices For You
Reply-To: [EMAIL PROTECTED]
Date: Tue, 22 Jul 2003 10:14:56 -0700
To: [EMAIL PROTECTED]
Subject:
From: Omar K. [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
Date: Mon, 21 Jul 2003 15:38:52 +0200
To: [EMAIL PROTECTED]
Subject: RE: [Declude.JunkMail] Legitimate email syntax?
Nevertheless, I think having a test that would look at invalid, or like this
case, rarely used format in a
- Original Message -
From: Rifat Levis [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, July 21, 2003 8:17 PM
Subject: [Declude.JunkMail] Yahoo Groups.
People can put their config files and share it with others, we can use the
database feature.
Using the bookmarks ,we can put
I had a problem once with an app generating mails where it put in a return
after the email address when it shouldn't have. This made the headers appear
to end, and so headers would end up in the mail message and it was all goofy
looking. I noticed that the headers stopped after the From line in
;
Sun, 20 Jul 2003 01:34:08 +
X-Originating-IP: [64.81.214.124]
X-Originating-Email: [EMAIL PROTECTED]
From: Joshua Levitsky [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: from hotmail to abuse
Date: Sat, 19 Jul 2003 21:33:30 -0400
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary
Before anyone mentions it... sorry the subject line is wrong on my last
email... didn't mean to.
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL
Of Joshua Levitsky
Sent: Saturday, July 19, 2003 9:47 PM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.JunkMail] OT: National Do Not Call Registry
Using Declude 1.70 i21 JunkMail Pro
In my global config I put...
PREWHITELIST ON
WHITELIST TO abuse@
WHITELIST TO postmaster
Think of the companies that offer spammers a haven. If you could block
everything hosted by that ISP it would be wicked nice. There's no end to the
mail servers these bastards can setup, but registered DNS servers is a whole
other story. I don't take mail if there's no PTR, and the HELO has no A
From: R. Scott Perry [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
Date: Mon, 14 Jul 2003 08:11:55 -0400
To: [EMAIL PROTECTED]
Subject: Re: [Declude.JunkMail] question about filters
And wouldn't it be an IP address and/or a in-addr.arpa PTR when they connect?
No reverse DNS entry
If I have a user that is on a Verizon DSL. They go
to email me from their Outlook Express, and they login to my server to send
mail. Doesn't their mail client send a HELO/EHLO to my server when they go to
send? And wouldn't it be an IP address and/or a in-addr.arpa PTR when they
connect?
In trying to come up with filters I was thinking of
checking for PTRs that end in in-addr.arpa and HELOs that begin with a [
but then it hit me... when one of my users sends mail to another user on the
server then the mail is inbound mail and those filters apply to them.. that of
course is
Below is a log section that I'm curious about. The
weight on MYFILTER is -88, but when it lists the failure of the test is puts
(14) next to the test. Doesn't that mean declude thinks it has a weight of 14
when it was actually -88 ? I'm running the latest interim release of 1.70. (just
got
Oh... dumb me... thanks Scott...
- Original Message -
From: R. Scott Perry [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, July 11, 2003 5:39 PM
Subject: Re: [Declude.JunkMail] Question about filter test
Below is a log section that I'm curious about. The weight on MYFILTER is
Yah.. Something is wack with your mail server...
telnet exmail.macombisd.org 25
Trying 64.88.82.249...
Connected to exmail.macombisd.org.
Escape character is '^]'.
220
2*
From: David [EMAIL
Title: Greylisting
Just saw this on /. and thought that you all might be interested...
http://projects.puremagic.com/greylisting/
I've just published a paper on a new and unique spam blocking method called Greylisting. The best thing about it other than achieving better than 97%
At the moment I can't find any other virusname to skip.
For the recip.eml I've set
SKIPIFVIRUSNAMEHAS Vulnerability
And I've creted a new vulnerability.eml with
SKIPIFVIRUSNAMEDOESNOTHAVE Vulnerability
So I can send out two different warnings for a real virus and a
vulnerability
From: Sheldon Koehler [EMAIL PROTECTED]
Organization: www.tenforward.com
Reply-To: [EMAIL PROTECTED]
Date: Fri, 13 Jun 2003 08:48:07 -0700
To: [EMAIL PROTECTED]
Subject: [Declude.JunkMail] Spamdomains: att.net
I had a spam get through that only failed sniffer. It said it came from
From: Darrell LaRock [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
Date: Tue, 10 Jun 2003 12:30:21 -0400
To: [EMAIL PROTECTED]
Subject: RE: [Declude.JunkMail] DSN:Let it all through
You would use the whitelist to command in the global config file.
Darrell
Would that work the same as
Thank you sooo much. I had a total failure of my RAID array on my mail
server. I was up all night last night fixing it and when I replaced the
drives, re-installed windows, restored from backup, and then got back
online I found that I didn't know how to get Declude to do that and
since I had
On Thursday, May 29, 2003, at 07:23 PM, Bill B. wrote:
Somebody mentioned aol.com and netscape.com a while ago, but I cant
recall which format it was. Perhaps somebody else remembers...
aol.com netscape.com
AND/OR
netscape.comaol.com
Bill
I think you mean netscape.net no? I might be
- Original Message -
From: William Baumbach [EMAIL PROTECTED]
Sent: Saturday, March 29, 2003 12:40 PM
I used IMail Antivirus for several months and found it let many viruses
pass
right through, I know this because on the local client computer running
Norton Anti-Virus would then catch
and pick properties and then on the Details
tab there is a button that says Message Source. It is the raw message if you
click on that.
--
Joshua Levitsky, MCSE, MCSA, CISSP, EMTD, MCP+I, MCP
Desktop Systems Engineer
AOL Time Warner
---
[This E-mail was scanned for viruses by Declude Virus (http
What about a JavaScript test? There's something that should not be in
non-spam email. Or an ActiveX control detection. Both of these are big clues
that it is spam.
-Josh
--
Joshua Levitsky, MCSE, CISSP, EMTD
Desktop Systems Engineer
AOL Time Warner
- Original Message -
From: Mark
back
trying to be nice and say they got the email by accident somehow. The spam
harvester now has a verified mail account to add to its list of addresses to
spam.
Just an idea...
--
Joshua Levitsky, MCSE, CISSP, EMTD
Desktop Systems Engineer
AOL Time Warner
- Original Message -
From
Aghh you work for AOL...your the Devil!!
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Joshua Levitsky
Sent: Thursday, March 28, 2002 1:26 AM
To: [EMAIL PROTECTED]
Subject: Re: Re[2]: [Declude.JunkMail] Road Runner blocking email
- Original
- Original Message -
From: andyb@thumpernet [EMAIL PROTECTED]
Sent: Wednesday, March 27, 2002 2:52 PM
Subject: Re[2]: [Declude.JunkMail] Road Runner blocking email
And if was an issue with my mail servers, the spirit of co-operation
that normally governs such things on the Internet
Read the instructions... even if someone sends spam through a server that
goes so the new spam list they won't get the server listed. The message to
boycott a server must have special tags in the first 6 lines of the email
message to explain why the server is being boycotted.
If you ask me this
1 - 100 of 103 matches
Mail list logo
