Consider this to be constructive as I'm still on the fence about the
whole thing.
I've been seeing more and more zombie spam that is coming from the
client computer using an address on their ISP, and sent through the
ISP's mail server. I'm not seeing a lot of it, but it is most
definitely
Scott,
It took about 1 minute to figure out that this will be a very valuable
test as I'm seeing similar hit rates. What matters most though is the
type of thing that will FP, and what other tests will generally fail
along with it. I'm guessing that an FP with CMDSPACE will probably also
BADHEADERS will FP a whole lot more, even on Outlook and other Microsoft
mailers if they don't include a To address, and it only hits about 35%
of the time. With it being over 99% accurate, I still only score it at
40% of my hold weight, and that's what I'm applying to this test...to
start.
Yes.
XBL integrates CBL now, and maybe more.
Matt
Kami Razvan wrote:
Matt:
Is CBL this: CBL:*:cbl.abuseat.org
Kami
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Matthew Bramble
Sent: Wednesday, January 07, 2004 6:01 AM
To: [EMAIL PROTECTED
a zombie.
It's hitting about 62% of my total mail volume.
Matt
System Administrator wrote:
on 1/7/04 6:35 AM, Matthew Bramble wrote:
BADHEADERS will FP a whole lot more,
Over 95% of the outgoing messages from our subscribers are failing the
CMDSPACE test (75+ messages in about 50
Also, please add the score in on the low setting, preferrably at the
beginning of the line. Note that this reduced my log file size by 80% :)
Matt
Andy Schmidt wrote:
Hi Scott:
With this latest build, the log file no longer has single line entries for
each failed test? I don't have a big
Second FP to report. Also, the last FP was from that company using
software better associated with spamware than for legit server apps.
This FP was automated from a server doing a small mail blast:
Received: from nbc_cmg_srv1.xx [xx] by mx1.mailpure.com
(SMTPD32-7.15) id AE7913B02A8;
Markus,
Something is happening because you're also failing SPAMHEADERS on
Scott's server. I think that's Outlook 2003. Scott???
If those #*$(#@ ruin our tests...grrr.
Matt
Markus Gufler wrote:
Do you have a firewall that interferes with SMTP transactions
(such as Cisco)?
No, not
System Administrator wrote:
on 1/7/04 9:39 AM, Matthew Bramble wrote:
FP to report.
Here's what I'm seeing.
The Outlook, Outlook Express and Eudora programs are all on the same XP
computer.
New message from Outlook to me. Failure.
Reply message from Outlook to me. Failure.
New message from
Another FP. This one also has the X-EM headers which is related to
something most often used in spamware, though it appears to be commonly
used for mailer software on legit companies.
Received: from progressive.com [67.39.105.65] by mx1.mailpure.com with ESMTP
(SMTPD32-7.15) id A5E08FC01DA;
4th FP, they're starting to flow now. This is the first personal
E-mail, though I think it came by way of Exchange's Web mail if I'm not
mistaken???
Received: from recreation.bombardier.com [207.236.181.3] by igaia.com
with ESMTP
(SMTPD32-7.15) id A9F2D92023A; Wed, 07 Jan 2004 10:46:58
Just a thought...if this is primarily a Microsoft thing, affecting
several of their products, then maybe the pattern can be excluded.
For the most part, WHITELIST AUTH should resolve issues with mail
clients connecting directly to your server, but it's these Web scripts
and Web mail programs
Kami,
If you're asking for a fool proof way to add a lot of points for
randomized TLD's, then I don't think it can be done reliably with a lot
of weight. You have to hit this from every end possible, and this is
where custom filters come in. I can't think of current functionality
that would
Not really garbled, though I'm not sure if it's compliant.
=2E is the same thing as a period. I think they call this MIME
encoding, though I'm not sure. I also see that they are marking the To,
From and Subject as US-ASCII, which is totally useless, possibly
non-compliant, and very, very
Scott,
Forgive me for being repetitive, I think that you might have missed this
request. If you could add the total score in at the low setting, that
would provide a critical piece that I think everyone would like to have
without bloating the line excessively. If not, I can always use an
Thanks again :)
R. Scott Perry wrote:
Forgive me for being repetitive, I think that you might have missed
this request. If you could add the total score in at the low
setting, that would provide a critical piece that I think everyone
would like to have without bloating the line excessively.
Forgive me for repeating myself on this one, but I'm a proponent of
blocking outright on SBL. There's a good reason for spammers to be in
their list, and it's not some community project where anyone and
everyone makes nominations, so it's practically flawless.
Another trick for Green Horse is
Matthew Bramble wrote:
I fail on a weight of 10, only score the last hop, and use the
following (see notes below, config updated yesterday for new weights
and tests):
BONDEDSENDERip4rquery.bondedsender.org
127.0.0.10-50
AHBL-RELAYSip4r
I found that the OBFUSCATION filter can FP on UNICODE attachments (which
are uncommon). The new version of this filter fixes this problem.
Note that I'm only updating the version that uses functionality
introduced and fully supported in JunkMail Pro v1.77i7 or higher. For
users of the older
Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Matthew Bramble
Sent: Tuesday, January 06, 2004 6:59 AM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.JunkMail] Atriks - Pt.2
Forgive me for repeating myself on this one, but I'm a proponent of
blocking outright on SBL. There's
Scott,
Virus Bug
==
The first bug is more straightforward, however it is related to Declude
Virus, so please forgive me for not joining that group. In an E-mail
that was forwarded from monstor.com, it tripped on a banned extension of
.com because a cookie reference was
I fail on a weight of 10, only score the last hop, and use the following
(see notes below, config updated yesterday for new weights and tests):
BONDEDSENDERip4rquery.bondedsender.org
127.0.0.10-50
AHBL-RELAYSip4rdnsbl.ahbl.org127.0.0.2
Burzin,
My experience is that this happens while the services are shutting down
and not while they are coming back up. I don't think there is anything
that you can do except to contact IMail. I'm using IMail 7.15r3, but
this also apparently (hearsay) happens with IMail 8.05 still, though
Check out my GIBBERISH filter for a bunch of counterbalances that are
used to detect base64 and UNICODE attachments or other things that use
base64 encoding, and disable the filter when found.
Alternatively, when you have short words, follow them by a space.
Base64 encoding doesn't utilize
I think that Markus is mostly on the same page as I am on this issue.
So far today, I have managed to catch 22 bounces from a Joe Job on one
customer's account that started late last night, and this is only what
my server caught due to the bounces containing the original content that
tripped
not block NDRs (only during rush hours) and whitelist NDRs
containing the original header with some declude specific X-Header lines?
Markus
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Matthew Bramble
Sent: Saturday, January 03, 2004 6:49 PM
during rush hours) and whitelist NDRs
containing the original header with some declude specific X-Header lines?
Markus
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Matthew Bramble
Sent: Saturday, January 03, 2004 6:49 PM
To: [EMAIL PROTECTED
Matthew Bramble wrote:
I'm wondering if spam blocking works for this without me setting up a
separate directory under Declude??? I'll have to test that out, seems
strange that when he forwarded them back to me they were caught, but
not caught when they were coming through my system.
FYI
That ain't all of it by far actually. A very common one is also
mailer-daemon@, however these are often customized, for instance
[EMAIL PROTECTED], or bounce@, postmaster@, etc. To have a complete
filter, you would need to figure out the body text that is unique to
each of the mail servers
Tolmachoff
Engineer/Consultant/Owner
eServices For You
-Original Message-
From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
[EMAIL PROTECTED] On Behalf Of Matthew Bramble
Sent: Saturday, January 03, 2004 3:44 PM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.JunkMail] Any thoughts on blocking
The payload on this goes to a site that pops up a window using Zap The
Ding Bat URL obfuscation to make the URL look like it is the real
Citibank site. Very dangerous and because it's being redirected on that
site, you can't catch the technique in the E-mail.
I contacted the hosting provider
The site's down now. The hosting provider said it was probably signed
up with a stolen credit card. He had it down within just a minute of me
sending the message.
Good deed done for the day :)
Matt
Matthew Bramble wrote:
The payload on this goes to a site that pops up a window using Zap
a
weight of say nor more that 5 would help.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-Original Message-
From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
[EMAIL PROTECTED] On Behalf Of Matthew Bramble
Sent: Friday, January 02, 2004 9:14 AM
To: [EMAIL PROTECTED]
Subject: Re
) wrote:
FYI, I did add this for it:
HEADERS 15 CONTAINS citibanksecure
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-Original Message-
From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
[EMAIL PROTECTED] On Behalf Of Matthew Bramble
Sent: Friday, January 02, 2004 9:30 AM
and add a
weight of say nor more that 5 would help.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-Original Message-
From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
[EMAIL PROTECTED] On Behalf Of Matthew Bramble
Sent: Friday, January 02, 2004 9:14 AM
To: [EMAIL PROTECTED
BADCOUNTRYNOREVDNS would have stopped this.
http://www.mailpure.com/software/decludefilters/badcountrynorevdns/BadCountryNoREVDNS_v1-0-0.zip
This was sent from an IP block where at least the entire class C belongs
to spammers that host in China. Even before I added this filter, over
99%
Scott,
I just noticed that one of my users has listed his own address in his
Web address book, and I'm thinking this could become an occasional
circumstance with unintended consequences. Since I turned AUTOWHITELIST
ON, this means that anything with a MAILFROM that forges his personal
R. Scott Perry wrote:
I'll see if we can do this. It may get a bit tricky with the various
combinations of user aliases, host aliases, and forwarding, but we
could probably get it to work in most cases.
I'll bet that you could fix 95% or more of the potential issue with just
the real account
Glenn \\ WCNet wrote:
Yes, that happened to me. I had entered my address in the WebMail addy book
for one of my accounts (don't recall why), and I started getting spam that
showed as WHITELISTED. It wasn't obvious why at first because I wasn't the
primary To recipient on the spam, but I finally
Andrew,
Did you reboot SMTP or the server? There's an issue where it doesn't
seem to call Declude while it is in the process of shutting down, but
it's only a matter of a few seconds. I'm not sure if this has been
reported to Ipswitch either, although Scott and Kami are aware of it.
Matt
Sanford Whiteman wrote:
Do I target all bounces for deletion?
Not if you want to retain your customers.
Well, that's what this is about. I'm starting to get calls about people
wanting me to block this stuff. I'm not getting any calls asking about
where one's message went.
In
I think this is something that good use could be made of in general with
your conditional statements, i.e. NOTCONTAINS, NOTIS, NOTENDSWITH, etc.
I would have to really rethink filtering again though :) I've been
trying not to ask you for too much, but since the topic came up and you
agreed,
Ahh, great! Thanks again.
This will work nicely with the whitelisting capability that you
discussed as well.
Matt
R. Scott Perry wrote:
I'm sure this might have come up before, but it would be real nice,
especially with the new functionality, to have the ability to match
IP's to CIDR
statements.. He just agreed to one.
I think you are making hidden subliminal suggestions :)
Regards,
Kami
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Matthew Bramble
Sent: Monday, December 29, 2003 10:03 AM
To: [EMAIL PROTECTED]
Subject: Re
Here's what I've done. A subject filter for three points, a body filter
for 1 point, my FOREIGN/TLD filters (most of this comes from China), and
some body filters for about 4 different domain names. I had the body
and subject filters in the first day that I heard about the video :)
This was
Scott,
I'm sure this might have come up before, but it would be real nice,
especially with the new functionality, to have the ability to match IP's
to CIDR ranges in custom filters as opposed to blacklist files or ipfile
types. Something like the following, though I understand that the
Kami,
Anything in these days is a legit HTML tag unfortunately. At the
same time, most of these patterns aren't used and can be filtered for.
If this one spammer wants to keep using that one pattern, nail him with
the following:
BODY 30 CONTAINS alt=3D
I've been coding
Kami,
This guy also links to the following:
http://users.adelphia.net/~equalizer/web-o-trust.txt
Which includes what appears to be all of Adelphia.
I'm not sure if people are paying attention, but I pointed both of these
files out when the topic first came up. Now the mistakes have
Chuck,
All of those products need to be trained by the user, and they work
primarily on heuristics instead of the types of things we do with
Declude, so they won't be nearly as effective, nor as reliable. I'm not
aware of a plug-in for Eudora, but Netscape and new versions of Outlook
have
Merry Christmas everyone.
Any way...the problem was eluded to before, in fact the listings that
caused this problem have always been there:
http://www.mail-archive.com/[EMAIL PROTECTED]/msg13918.html
We shouldn't be trusting ISP mail servers. If isolated instances like
this aren't enough,
Cyan,
Thanks for coming on board. If you don't mind, I would like to jump
right into a early Christmas Eve discussion on the topic :)
Recently I came across a service that was listed in both Bonded Sender
as well as Spamhaus, out003.toptx.com - 38.113.200.23. The company,
Topica (
SpamCop and MailPolice both got demoted on my system by a point today,
and I hope to bring them down another point soon (after measuring the
effect on my system).
When I see ISP mail servers listed, it is generally due to one of two
things...they either have no controls on someone doing a bulk
Scot,
The E-mail that comes in for accounts that are no longer hosted on that
server can be safely refused after 2 days passes. I believe a lot of
mail servers will try the A record when delivery fails to the MX, or the
MX can't be resolved. The E-mail should be queued on the sending server
Scot,
If you delete the domain from the old IMail server, and leave the HOSTS
entry in there along with the relay settings, I believe that the old
IMail server will forward the E-mail from the default domain's IP
address. The trick is to delete the domain from IMail, then you can
IPBYPASS
If I recall correctly, when you IPBYPASS a single hop message, this can
throw off some of the technical tests that are built into Declude since
there will be no data element for the IP, REVDNS and HELO. If that's
the case, it's because it wasn't designed for that use. This can be
tested by
This came to a customer that recently move over to our service from
Verizon because they were deluged with spam. I found it to be funny
that we blocked it since most of it points to a very poorly configured
mail server, and the topic of the announcement from Verizon was E-mail
maintenance.
Scott,
I know this has been discussed at least in pieces in the past, but I was
hoping that maybe you could put it all together for me (and maybe also
add the order to the manual when the new functionality finds its way
into a full release).
Could you give me an idea about the order of
]
[mailto:[EMAIL PROTECTED] On Behalf Of Matthew Bramble
Sent: Monday, December 22, 2003 9:47 PM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.JunkMail] Overflow
Nick,
I think I might have been asking the question the other way around,
though I'm not positive it was taken the wrong way.
The theory
as the filter contents are resequenced by my system.
George
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Matthew Bramble
Sent: Monday, December 22, 2003 10:32 PM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.JunkMail] GIBBERISH 2.0.1, single file
filter
Scott,
I was wondering about the progress of a couple of things. First, has
the END functionality been fixed in a recent release, and second, has
the weight listed in the WARN action been updated to include the sum of
the Global.cfg and filter file weights?
Thanks,
Matt
---
[This E-mail
I don't recall seeing this posted here, but while doing a little
research on the NJABL blocklists, I came upon a page on their site
saying that they were integrating the now defunct EASYNET-DYNA:
http://njabl.org/dynablock.html
The following line should work for integrating this test:
Very cool Scott, my test scores now add up :) I'll have to try the END
functionality later on today though.
Any chance of exposing a %WEIGHT% and a %LINE% or %LINES% variable for
the WARN action? I can't say that I've tried these in the last month,
but I couldn't get anything like this to
I've made some huge leaps forward recently in terms of the processing
power required to run Declude with the custom filters that I have
installed. This was done by way of the SKIPIFWEIGHT functionality
introduced in the latest beta, but also by way of re-ordering my filters
in the Global.cfg
I would use the following:
HEADERS 15 CONTAINS quill.com
This message was sent through a third-party bulk mailer, and the
MAILFROM address may change from server to server, but they are using a
Reply-To address that will get picked up with that line.
Matt
Doug Anderson
Just another follow-up. This might be dangerous to blacklist anything
from quill.com since they are an ecommerce site and you may very well be
blocking receipts and other order related information. It would then be
safer to go after the MAILFROM, though this won't work if they change
the
Scott,
I have a feeling that one of the recent changes created a bug in the way
that scores are added in combination from the Global.cfg and the custom
filter file when combined. Here's an example:
X-MailPure: ==
X-MailPure:
Is this all being found on Windows 2003? I'm a couple of months away
from adding a new server and this would definitely resolve any questions
that I might have about Windows 2003 being an option. I know why John
needs to play with the latest and greatest, but I have no such
inclination or
on a continual rather that a fairly static
filter such as these two.
George
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Matthew Bramble
Sent: Monday, December 22, 2003 9:52 AM
To: [EMAIL PROTECTED]
Subject: [Declude.JunkMail] GIBBERISH 2.0.1, single file
I've been rethinking my strategy for dealing with dictionary attacks on
my server. While the nobody alias has proved to be problematic, so does
not having a nobody alias due to the possibility of being dictionary
attacked.
I'm thinking of setting up all the nobody aliases to redirect E-mail
on in the FILTER files
Bill
- Original Message -
From: Matthew Bramble [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, December 22, 2003 12:17 PM
Subject: Re: [Declude.JunkMail] GIBBERISH 2.0.1, single file filter with END
functionality. functionality.
George,
That's good data to have. I
the
validity of the statistical data which is now skewed by my filtering
control.
George
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Matthew Bramble
Sent: Monday, December 22, 2003 3:17 PM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.JunkMail] GIBBERISH
Nick,
I think I might have been asking the question the other way around,
though I'm not positive it was taken the wrong way.
The theory here is that domains which accept every E-mail address in the
HELO won't be dictionary attacked past a few attempts because the
attacker's software will
John Tolmachoff (Lists) wrote:
This is a cache only setup, no domains. Cost is a concern at this time,
unless I can prove that would be the answer. However, as I said earlier, the
problem was first experienced using BIND DNS servers. I need to follow up on
this.
Keith had a problem after a
R. Scott Perry wrote:
The problem is that it is nearly impossible to determine which are
valid HTML tags and which are not -- that would require a database of
known good HTML tags, which would need to be constantly updated.
This was the first filter that I tried writing actually :) I got a
Kami,
I'm using a trick to show %ALLRECIPS% only when a message is held. I
added an extra weight test as the hold weight and added the WARN action
as follows:
- Global.cfg -
HIGH-RECIPSweightxx100
- $Default$.junkmail
HIGH-RECIPSWARN
I was worried when I saw another message come through last night without
Declude headers in it considering that the queue issue has only been
fixed in IMail 8.05 and not 7.15H3 which is what I'm using (and I don't
yet care to upgrade, though I'm starting to get tempted with that fix).
What
Keith,
I would imagine that this affects versions all the way back to 7.0 and
quite possibly far before then. The issue is very rare on an IMail 7
server because the window of opportunity for swiping a message by a
queue run is so much smaller due to the speed at which something is
passed on
Bill,
This can result in two copies of the file, one passed to Declude, and
one stolen by the running of the queue. So it can still appear in the
Declude logs, and chances are probably 80% that the Declude copy will at
least be held on one of our systems and therefore we may not know about
Kami Razvan wrote:
I wish we could also skip the tests for negative weight.. Because right now
the emails that we want to be delivered by negative weight actually will go
through all tests since none can exit on a negative limit.
I believe the idea here is to place the negative weight filters
Scott,
I've been looking over this trying to figure out how to best implement
it for my domains. It seems that since they are all on one class C, I
should do the following:
v=spf1 +a/24 +mx/24 -all
Now three very important questions...
1) If I implement this, will intra-server E-mail
R. Scott Perry wrote:
I'm not sure if this is in the RFC, but it would be a lot more
accurate if you could compare the HELO to the SPF data. Some scripts
to also falsify the HELO, but no where near the number of forged
domains in MAILFROM.
The original design for SPF allowed for that, but
Pete McNeil wrote:
A tip-off is that the counter to this argument is up-front in their
proposal. Specifically that they will create and manage a mechanism that
tracks the end-user's subscrbe/unsubscribe requests... I think this is a
lot like putting the foxes in charge of the hen house.
I
Darrell,
It looks like your name server records were maybe munged for a period of
time from a root update that is now fixed. Those munged records though
are being cached and they should get a good copy once they expire. This
might explain why all of us seem to be able to resolve your domain,
...or at least one of them. There's no way this guy gets past Elliot
Spitzer. I hope they take away his passport for obvious reasons.
Target Spam: NY AG, Microsoft File $38M Suits
http://www.spamhaus.org/rokso/evidence.lasso?rokso_id=ROK2985
This sounds a lot like the guy (ring) with the
The obfuscation exploit for IE that was reported a week ago is now being
seen on my server (2 times yesterday). Both were PayPal scams, and in
both instances, I would have passed the messages if I didn't have this
filter in place because the only other test they failed was FRAUDDOMAINS
(a
The parm name entry is used outside of ActiveX, maybe not a good idea to
include it here? Also, your scoring is going to be incremental with 4
for the filter in Global.cfg as well as 4 points for each line of the
filter this hits. I'm not sure if that's what you intended.
While this is
Andy,
I'm with you on the idea being that this is much like SPAMDOMAINS,
however, I don't think that I will be subtracting any points for E-mails
that pass. I see spam coming through legit servers every day, and
what's to stop a static spammer from adding these records to their own
server?
R. Scott Perry wrote:
I think whitelisting E-mail based on an SPF PASS probably isn't a wise
idea, but I'm sure that spammers that do use SPF will be much easier
to catch (they are providing a list of IPs that they may be spamming
from G).
If I was a spammer, I would use this to my advantage.
The most troublesome crud spammer of them all (the p-patch guy) is
currently sending out E-mails with the following line in the headers:
X-Ki: random characters
I'm going to throw in a filter for this as follows:
HEADERS 30CONTAINS X-Ki:
I suspect this pattern may be
Why not just require everyone in the world to show the secret sign
before having their E-mail accepted? Sarcasm obviously, but reverse DNS
entries are not necessary for E-mail to function properly, and in many
cases won't even match the domain given in HELO...so why require it?
This also
If you have Declude JunkMail Pro, then the custom filters shared on my
site are all generally good at detecting this sort of thing. This one
in particular would have been it by DYNAMIC, FOREIGN,
TLD-WESTERNEUROPEAN, and TLD-MIDDLEEASTERN for a total of 9 points (or
90% of fail weight
Jeffrey Di Gregorio wrote:
Hello,
Does anyone know of a way to add a weight to a message that has the
recipients name in the subject line?
My experience was that almost all of such stuff that reaches my server
is from one spammer. You can set up a filter as follows if you have
Kami, et al.,
I know it's a bit of a pain to maintain, and it doesn't take away from
the benefits of having some variables for filtering, but there is an
effective filter for something related that I haven't yet shared. The
filter is called ADDRESSSUB, and it's quite simple and highly
Scott,
Your HELO (nerosoft.com) doesn't match your reverse DNS domain
(mail.netbound.com). This could be the result of some idiot at AOL
rejecting your E-mail based on those things not matching.
The switch should be easy enough to test out this theory. Try changing
your domain in IMail to
Sheldon Koehler wrote:
I would LOVE to see AOL start blocking on RDNS! If they do it, then we can
start doing it. Then within a few months, all of the legitimate mail servers
on the planet will have proper RDNS and the Spammers will have a much harder
time with life. Spam will decline a LOT!!!
Maybe not necessarily a reply to your comments, but the problem is that
SMTP wasn't designed for security. Heck, how many years was it before
they came up with SMTP AUTH?
SMTP needs to be reworked, and then you need to give the Internet
another 5 to 10 years to catch up with the new
, Matthew Bramble wrote:
Your HELO (nerosoft.com) doesn't match your reverse DNS domain
(mail.netbound.com). This could be the result of some idiot at AOL
rejecting your E-mail based on those things not matching.
The HELO changes depending on the virtual domain sending the email. If
[EMAIL
I'm somewhat with Paul on this. The only thing is though that one
doesn't need to constantly get time stats in order to judge such a
change, and I don't think that I would personally bother to run this
consistently unless I had an issue that was more suitable for debug mode
in the first
Dave,
Try not to whitelist things over which you have no control over or a
relationship with, and when you do, and use the IP whenever possible.
When it comes to things like this, you should set up a
pseudo-whitelist, which credits some points, but only enough to
mitigate the false postives
R. Scott Perry wrote:
This is an excellent idea -- not just for saving processing time on
filters, but also to enhance the flexibility of whitelisting. This
will be done for the next release. :)
It will actually be *slightly* different, with Whitelist replacing
the weight in the filters, so
1 - 100 of 466 matches
Mail list logo
