At 10:39 AM 7/9/2004, Dan Geiser wrote:
Is this guy serious when he says The test is available for
download. What do we have to download? What version number includes
this test? What is the format of the test? Is it just an IP4R
test? What host name do we use?
I found that kinda strange as
At 10:49 AM 7/9/2004, Jay Calvert wrote:
I don't think I have ever had an username and password with
Declude. Where do we find this information?
All we ever had to provide as verification was our Hostname.
I never had one either, so I just clicked new user, and it asked me for an
email
At 01:38 PM 7/9/2004, Dan Horne wrote:
Ah, but you DO recognize that ICMP is a threat, and so you have set
access-rules on it. That was my main point. And as Sandy pointed out,
Obviously ICMP _CAN_ be a security risk, but so is having your network
connected to the Internet. I know a lot of
At 03:03 PM 7/9/2004, Dan Horne wrote:
if you block ICMP, you break IP. That's the bottom line, and nobody can
argue that.
Sorry, but I can and will argue with that. ICMP relies on IP, not the other
way around. IP works with or without ICMP. RFC792, which defines ICMP,
states The purpose of
At 03:45 PM 7/9/2004, Doug Anderson wrote:
Actually Russ, ICMP still works. Can you ping 127.0.0.1, the local loop
back? Can you ping other items on your local network?
It comes down intranet vs internet separated by a firewall. Many
corporations kill ICMP externally, but it works fine
internally
At 03:59 PM 7/9/2004, Andy Schmidt wrote:
Hi Scott:
As a rule of thumb, when people ask me for assistance regarding troubles
reaching a computer and I can't ping it, I tell them that it can't be
pinged, and they have to take care of it from there. If you disable a vital
networking tool, you need
At 04:44 PM 7/9/2004, Andy Schmidt wrote:
one case that comes to mind is PMTU. I've seen first
hand instances where a corporation blocked all ICMP traffic, and then some
of my users couldn't access that companies website. For whatever reason,
the remote web server had a smaller than normal MTU
At 04:49 PM 7/9/2004, Andy Schmidt wrote:
You've never had to request additional IP blocks from an upstream
provider
have you??
Do that occasionally - the last time in May.
I fill out the form, and voila, half a day later Quest assigns another
C-class for my T3s.
Boy, that would be nice. ATT's
At 01:50 PM 6/25/2004, Jeff Maze wrote:
Oh darn.. The page didn't open in Opera 7.51 and Norton Antivirus 2004
caught the download.ject worm.. :)
I've just recently been turned on to FireFox
http://www.mozilla.org/products/firefox/ I love it... Nice, simple, it
works, and it's not vulnerable
At 11:21 AM 6/2/2004, Rick Davidson wrote:
Is it me or did ARIN drop of the face of the Internet today?
It appears that they have fallen off the face of the Internet :) If you
go to http://ops.sprint-canada.net/ you can use a bunch of different
service providers to look at BGP route entries
At 12:43 PM 6/2/2004, Pete McNeil wrote:
No problem getting there from here.
multi-homed through Savvis and Sprint on a pair of T1s.
_M
If you take a look at the BGP looking classes, you can see that the route
has been flapping, and therefor being penalized. Usually BGP route
flapping is
At 10:08 AM 5/27/2004, Bridges, Samantha wrote:
I believe you need to add the IP address of the GW server to your hosts
file for resolution. You are pulling out an MX record somewhere that is
saying send to the Trend server. At least that's how I get to my GW
server.
I did - In the
At 02:34 PM 5/20/2004, Mike Wiegers wrote:
Started getting these lately and needed to find out if they are forged and
if Declude site is setup to handle them as forged.
Exploit-ObjectData trojan
Yep...and
Downloader-IU!zip trojan
Yep...
-Russ
---
[This E-mail scanned for viruses by Declude
At 01:28 PM 5/18/2004, Goran Jovanovic wrote:
Kevin,
I tried the link below and was unable to get there???
Change the b in blabeta to a d
-Russ
at
http://www.ssc-isp.net/blabeta/DLAApp.zip
It fixes a few bugs.
---
[This E-mail scanned for viruses by Declude Virus]
---
[This E-mail was scanned
At 11:00 AM 5/13/2004, R. Scott Perry wrote:
You are correct -- I'll see if I can get a new interim release online
which will take care of this.
There is a new interim release 1.79i7 at
http://www.declude.com/version/interim . It takes care of the issue of
the ALLRECIPS filter not working
At 03:38 PM 5/13/2004, Matt wrote:
Scott,
I've been thinking about this for a while as a way to increase spam
detection and do things that are otherwise more difficult to do, and then
the other day I found that MailPolice was actually promoting their RHSBL's
for use on both the Mail From and
At 04:01 PM 5/13/2004, Matt wrote:
Currently, to the best of my knowledge, 'rhsbl' tests in Declude only work
on the Mail From and not the reverse DNS value. I'm interested in the
reverse DNS value to be added.
Aha... I figured it was something obvious...
-Russ
---
[This E-mail scanned for
At 02:09 PM 5/12/2004, Matt wrote:
Scott,
I have a filter called FOREIGN that I have been defeating with END
statements for certain domains with international traffic like so
- Foreign.txt -
ALLRECIPSENDCONTAINS@clientdomain.com
Matt,
Are you using an interim version of
At 02:31 PM 5/12/2004, R. Scott Perry wrote:
Are you using an interim version of Declude? I just recently had this
problem, and contact [EMAIL PROTECTED] They told me there was a bug with the
ALLRECIPS in the current interim, and that it would be resolved in a
future interim. For now, I've
At 04:53 PM 4/19/2004, Markus Gufler wrote:
After installing the latest release of cygwin (1.5.9-1) I can open the
command prompt but I cant start cpan
I've tried:
bash-2.05b$ ls egrep
egrep
Ok, egrep is in the current directory
bash-2.05b$ egrep
Usage: egrep
At 11:35 AM 3/12/2004, TC Online Support wrote:
We are currently looking to upgrade our mail server. Lately the
processing of the CPU has causing the SMTP to be working real slow,
causing a lot of timeouts. We currently we are running a P3 1.133GHz
with 512MB RAM. We are looking to upgrade to a
I've setup a gateway mailserver using postfix and amavisd. I want to make
sure that the IP for this gateway server is skipped, but I'm kinda confused
since the postfix box hands off the message a few times. Below are the
received headers from one of the messages, and also what I put in my
At 09:09 AM 3/1/2004, R. Scott Perry wrote:
I've setup a gateway mailserver using postfix and amavisd. I want to
make sure that the IP for this gateway server is skipped, but I'm kinda
confused since the postfix box hands off the message a few times. Below
are the received headers from one
At 10:02 AM 2/4/2004, Sharyn Schmidt wrote:
I have been asked to research Intrusion Detection Software.
I have done a Google search, but most of what I see is an actual appliance.
All I am looking for is software that will notify me when something
suspicious attempts to hit our network.
At 03:36 PM 1/23/2004, Mike K wrote:
Scott:
Your abilities as a writer are fine. I have seem many of your explanations
on use of features and for most I think they would suffice. They just need
to be put in the online manual at the same time you post a message to the
list.
I agree that beta
At 08:13 AM 1/15/2004, ISPhuset Nordic AS wrote:
Hi a little off topic
Anyone knowing off a free or nearly free zip utility which can pack some
files to a zip archive.
unpacking isn't a problem
It is a must that it can run for a command prompt
WinRar. It's command line features blow WinZip
At 08:47 AM 1/15/2004, ISPhuset Nordic AS wrote:
Yes i know but i hvae to distribute this on 150 boxes and that is a lot of
licenses :-)
so free or nearly free are the keyword here
Ohhh... I think WinRar is like $5.40 a liscense in that case, which is
still pretty expensive. I _believe_ the
At 12:47 PM 1/14/2004, Timothy Bohen wrote:
My imail server is obviously hugely fragmented. If I spend the money on
diskeeper will it be able to keep up with the fragmentation on a very busy
imail server? I know this isn't a diskeeper mailing list but I always get
the best/fastest answers on
At 01:54 PM 1/14/2004, Omar K. wrote:
This is good stuff, other than the obvious scheduling capability, does
diskeeper do a better job than the built-in defrag in windows server?
I found that I had to run windows defrag a few times before it would
effectively defrag the drive. By the time it was
At 02:29 PM 1/14/2004, Matt wrote:
I'm wondering about similar things along these lines. I assume that
Diskeeper does a better job and is more efficient and has nice reporting
tools, but is this more of a convenience for those with lower volume
servers? I'm particularly interested in the
At 05:05 PM 1/12/2004, Sanford Whiteman wrote:
I guess that was a noble try... but it didn't work.
Well, it probably worked, just not enough. :)
Yeah, I'll buy that! :)
I'm going to try to separate the spamd/spamc processes and see how
that goes.
That will alleviate the utilization
At 05:52 PM 1/12/2004, Matt wrote:
Russ,
I'm not sure what actions will result in bypassing Declude Virus, but HOLD
and DELETE surely do. Since over 80% of E-mail is spam on the typical
system, that should save you a great deal over processing everything with
Virus, though JunkMail is where
At 03:57 AM 1/13/2004, Sanford Whiteman wrote:
SPAMC32 0.5.55 is available for download at
http://www.mailmage.com/download/software/freeutils/spamc32/release
Users anticipating the big RegEx rollout will have to wait a little
longer, but there are some very powerful new features and
At 11:30 AM 1/13/2004, Bill Landry wrote:
Russ, a not too drastic option would be to run SA on a linux mail gateway
sitting in front of your IMail server and then track the hit=xx.x header
counts with Declude. That's what we do here, and it has worked great for
us. With this configuration you
At 09:23 AM 1/12/2004, R. Scott Perry wrote:
The *ONLY* changes that were made were [1] To move the Msg failed
logging from LOGLEVEL LOW to LOGLEVEL HIGH, and [2] To add a one-line
summary to LOGLEVEL LOW. No other changes were made. LOGLEVEL MID is not
involved (except that it will also get
I'm trying to get this set up on a couple of test machines. It appears as
if I have spamd up and running successfully. I can telnet to the ip
address of the spamd server on port 783, and I see the message logged by
spamd on the console. However, when I go to run spamc from a machine, it
At 10:02 AM 1/12/2004, Russ Uhte \(Lists\) wrote:
I'm trying to get this set up on a couple of test machines. It appears as
if I have spamd up and running successfully. I can telnet to the ip
address of the spamd server on port 783, and I see the message logged by
spamd on the console
At 11:10 AM 1/12/2004, Nick Hayer wrote:
Hi Russ,
I have it set for 8. I hold on 10 delete on 30. It runs on my
mailserver.
Awesome!! When you installed all the CPAN stuff, did you also install the
HTML::parser? It told me when I went to make the spamassassin package,
that it was missing. I
At 12:39 PM 1/12/2004, Sanford Whiteman wrote:
Okay... forget this question... RTFM...
Wow, and here I thought I was still working on the manual. :)
Yeah... not really the manual, but the spamd -? works too!! :)
I just installed it on my server which is a pretty busy server. I think
someone
At 01:23 PM 1/12/2004, Sanford Whiteman wrote:
This server normally processes about 200,000 emails a day, running
sniffer, most of the MailPure filters, and antivirus. Normally the
processor utilization during peak times is right around 40-50% on a
1 minute average.
That's pretty high
At 10:34 AM 12/22/2003, John Tolmachoff \(Lists\) wrote:
If any one is experiencing the overflow folder filling up and it is not
attributable to server load, please contact me. I am having this problem and
am narrowing it down.
John,
Do you run Sniffer? If so, are you running the wide beta
Greetings,
I feel like I've been making progress teaching myself a lot about the log
files, and the unix tools. I've created a batch file that will hopefully
count the total number of viruses, the total number of vulnerabilities, a
few spam tests, and finally the total number of messages. I'm
Well, my answer was that Declude can, but the risks of accidentally deleting
good mail outweighed the convenience of not having to hit delete. She went
over my head and got the bosses on her side. Now I've gotta have a meeting
with them and come up with a solution. Any suggestions?
I'm by no
At 07:42 AM 10/6/2003, Jeff Maze - Hostmaster wrote:
I know this is off-topic, but I've attempted numerous times to put our
server behind a firewall, but upon doing so, the queue grows to an enormous
proportion and the only way to clear it is to remove it from behind the
firewall.
Besides the
Greetings-
I've attempted to setup classless reverse DNS delegation for a customer of
mine. I think I have it done correctly, but I don't understand exactly
what I'm seeing on www.dnsstuff.com when I do a reverse DNS query. The
specific address I'm testing is 12.161.105.129. It appears that
If you would like to try it out let me know and I will make it available..
I'll jump on the bandwagon. I'd love to try that out as well.
-Russ
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
What is happening here is that the spammer is using their own software
(spamware) to send the spam. Knowing that many people don't scan E-mail
that comes through their backup mailserver(s), their spamware chooses to
try the backup mailservers first.
If your Exchange server isn't running any
Finally getting around to updating my Declude Junkmail config. I would
like to use the REDIRECT command, but want to make sure I'm using it
correctly before throwing myself to the wolves! :)
1. Using the REDIRECT command, I don't need the domain folders. For
example: I'm a mail gateway for
2. In the archives, ( This message specifically
http://www.mail-archive.com/[EMAIL PROTECTED]/msg09131.html)
it says to put the configuration in the global.cfg file. However, if I'm
reading the manual correctly, it says to put the configuration in
$default$.junkmail.
It should actually be
At 02:39 PM 7/9/2003, you wrote:
I had this problem with a domain that was not on my server and wanted to use
REDIRECT to point ot another junkmail file. But it always used the outbound
settings in the global.cfg.
You said when I had the issue you were going to have this fixed in a future
beta
What I'm looking for is a way to monitor store and forward domains. It
appears that the domlist tool doesn't count messages for these domains. Am
I missing something with domlist, or does anybody know of a tool that will
be able to give me stats like the following: Total number of messages
51 matches
Mail list logo
