Looking at Scott's response below, I'd like to have the Refuse Null
Sender switch off, but we have a situation where spammers are forging
valid e-mail addresses. We have thousands of bounces showing up for
messages never sent from valid accounts here. For example,
[EMAIL
I have re-enabled 'Refuse Null Senders' to relieve this problem, but
would like to find a more compliant solution. Does any one know how to
attack this issue in another way?
This is a very, very common problem -- if you look at the return addresses
of your spam, you'll see that about 90% or so
Hi Scott
Nothing urgent but I've had now several time the same situation:
Some IP (mostly DUL or xDSL-lines) is listed in several spam databases. The
Spam Database lookup is very usefull to find out where this IP is
blacklisted.
But there are a lot of Databases and I've not configured all in
Title: Filter question
Good morning,
For the spam that doesnt contain a URL that I can block in my URL filter, I have taken to trying to find phrases that I can block in my BODY filter.
My question is
Should I be blocking these phrases using the text in the email that I can see, or
I hate to say this but what about using a bounce message? As the postmaster
you will get all the undeliverable from the spammers using any banned words
and legitimate mailers can contact you if they get an erroneous bounce
because and encoded attachment had a random convergence that resulted in a
For the spam that doesn t contain a URL that I can block in my URL filter,
I have taken to trying to find phrases that I can block in my BODY filter.
My question is
Should I be blocking these phrases using the text in the email that I can
see, or should I be blocking phrases that appear when
It should be very usefull if we can specifiy optionaly a list of Databases
to ask for.
So I can see in the result list immediatly how much ip4r and rhbsl tests
I've in use that return a positive result.
That's a good idea -- I'll see if we can add an option that will let you
list which databases
We make extensive use of filters based on keywords. With short keywords
like like S_e_x we sometimes run into problems with keyword being triggered
based on base64 encoding of an attachment.
Example:
10/13/2003 00:00:36 Q236256fe026ef9a4 Triggered CONTAINS filter WORDFILTER
on sex [weight-2;
This is a perfect example of my body filter not working..
In my BODY filter, I have the following line:
BODY 0 CONTAINS Bachelors and other higher education available in your
fields
I have the attach action set to this entire filter, yet the email below
came through, unattached.
For those of
Ok, that was weird.
My filter nabbed my email to the declude list, but didn't catch the
original email.
I have checked the per user configs and the attach action is set to both
my account and the original account that the email was sent to.
Sharyn
We are the worldwide producer and marketer of
I am having a problem with a test machine. I would like to put it into production but
am not sure without checking with the more learned.
Win2003
Imail8.03 HF1
Declude AV 1.76b
Declude JM 1.76b
Message Sniffer as an external test
P4 2.4GHz 1 GB ram
Right now I have only one domain on it with
Im using the latest release.
In this last example that everyone's filter probably caught, the
original email came through unflagged, but when I forwarded it to the
list, the filter caught it.
I have double checked the per user configs to ensure both my personal
email account (where the forwarded
I am using PopWeasel to collect mail from another pop server (spam trap)
and send it to one of the users to try to set Declude JM up. It has
seemed to be working good for the last 3 days. This AM Popweasel dumped
179 messages into the system. Within a few minutes most of the messages
were
In this last example that everyone's filter probably caught, the
original email came through unflagged, but when I forwarded it to the
list, the filter caught it.
Remember that failing a test and flagging (or any other action) are very
different. In this case, the original question made it seem
Does anyone know of any good spam tests that I can add to my weighting to
help cut down on the amount of SPAM getting through?
I currently have the following tests run:
DSBLWARN
DNSRBL-SPAM WARN
ORDBWARN
CBL WARN
SPAMCOP
As a follow up to my previous issue with overflowing overflow, bad luck continues
today with a mail bomb consisting of the Nigerian scam to a specific user...38,000
copies give or take a few. So, a lesson in mail bomb recovery...
Hence my question, is there a decent utility or script to
Thanks for the notes...DNS seemed to be OK, but ended up restarting the server and the
queue started being processed normally upon restart. Thanks again!
-- Original Message --
From: Matthew Bramble [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
Date:
Remember that failing a test and flagging (or any other action) are very
different. In this case, the original question made it seem as though
the
E-mail wasn't failing the test, whereas it may be that the E-mail did
fail
the test but an action other than the one you wanted was used.
The
Oh, well then you need to visit this site:
http://j-walk.com/other/conf/index.htm
-Original Message-
On Behalf Of Dan Cummings
Subject: [Declude.JunkMail] Selective queue delete based on string?
As a follow up to my previous issue with overflowing overflow, bad luck
continues today
The way I keep track of what version is to add to the header of all incoming
and outgoing emails the version using a Declude variable
In the GLOBAL.CFG file I have added these two lines
XINHEADER X-In-Note: This E-mail was comming into %LOCALHOST% Declude
ver.%VERSION%.
XOUTHEADER X-Out-Note:
Lenny,
I had a similar problem about a month or so ago. I found the
resolution to be a combination of a fragmented paging file on the server and
the use of DNSILLEGAL, DNSMAILLIST, DNSPROMO, and DNSUCE in the decluce
junkmail test. I defragged the paging file and took those test out and
Here's a follow up, please critique!
This seems like it could do the trick...performing findstr in the
/imail/spool/overflow directory (or the spool directory depending)
findstr /m somestringhere *.smd kill.txt
and then manipulating kill.txt into a batch file using ultraedit or the like to
As a follow up to my previous issue with overflowing overflow, bad luck
continues today with a mail bomb consisting of the Nigerian scam to a
specific user...38,000 copies give or take a few. So, a lesson in mail
bomb recovery...
Hence my question, is there a decent utility or script to
Hello List,
I have seen messages in the last couple of day on this list and the
IMail list about the spool directory filling and showing an overflow
directory. I have in the last 4 days seem the spool fill to 68,000 message
with the overflow having a like number of Qxxx-xxx.smd files.I
I took a quick look and here are the extensions I added from the list below
that were not in my original list from Outlook 2002
These seem to be new in Outlook 2003
.app Microsoft FoxPro-generated application
.csh Unix shell script
.fxp Microsoft FoxProR file
.ksh Unix shell script
.mda
Here are the message headers:
X-Spam-Tests-Failed: ROUTING
OK, it did not fail the INBODYFILTER test.
Here is the line in the filter itself:
BODY 0 CONTAINS Bachelors and other higher education available in your
fields
And here is the line, copied and pasted directly from the spam email
that
That's great, thanks...I appreciate a little humor in the midst of my spam-induced
grief ;)
-- Original Message --
From: Sean Fahey [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
Date: Thu, 16 Oct 2003 10:34:01 -0500
Oh, well then you need to visit this
Those do look the same. Did you cut and paste it from what you were
viewing in the E-mail, or from the source?
I cut and pasted it from what I was viewing in the email, NOT from the
source, hence my original question. I did go back and run the -diag and
I am definitely running JM 1.75
Sharyn
You could put in a temporary rule that holds or routes all message with a
blank or as sender, that way the end user will not see them, but you will
still be complying with the requirements.
John Tolmachoff MCSE CSSA
Engineer/Consultant
eServices For You
www.eservicesforyou.com
-Original
Scott, can you clarify something about the DUL and DYNA fragments in the
test name?
I've got an ipfile test that I'd like to only run against the first IP, so
I renamed it YADDA-DYNA but it is still running against my full hop count.
Does the nifty DUL and DYNA name hop restriction only work for
I cut and pasted it from what I was viewing in the email, NOT from the
source, hence my original question. I did go back and run the -diag and
I am definitely running JM 1.75
So now I would ask what the source of the E-mail shows?
-Scott
---
Scott, can you clarify something about the DUL and DYNA fragments in the
test name?
I've got an ipfile test that I'd like to only run against the first IP, so
I renamed it YADDA-DYNA but it is still running against my full hop count.
Does the nifty DUL and DYNA name hop restriction only work for
We have a listing in our spam domains file
mac.com apple.com
this line seems to be tripping off on the following
X-RBL-Warning: SPAMDOMAINS: Spamdomain 'mac.com' found: Address of
[EMAIL PROTECTED] sent from invalid [No Reverse DNS].
How do I prevent the mac.com spam domain entry from
So now I would ask what the source of the E-mail shows?
This particular one, came in plain text, I just realized. That is
probably why I didn't use the source to begin with.
When I right click on it, view source is greyed out.
I would be happy to forward the email to the list but I did that
I have seen messages in the last couple of day on this list and the
IMail list about the spool directory filling and showing an overflow
directory. I have in the last 4 days seem the spool fill to 68,000 message
with the overflow having a like number of Qxxx-xxx.smd files.I see some
- Original Message -
From: Darrell LaRock [EMAIL PROTECTED]
We have a listing in our spam domains file
mac.com apple.com
this line seems to be tripping off on the following
X-RBL-Warning: SPAMDOMAINS: Spamdomain 'mac.com' found: Address of
[EMAIL PROTECTED] sent from invalid [No
Does anyone know of a way you can display the sender in the Web Mail for
IMAIL.
I am Routing email to a Web account and would like to display both the TO:
and FROM:
Thanks.
Fred
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the
Thanks Scott and others - this approach did the trick.
-- Original Message --
From: R. Scott Perry [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
Date: Thu, 16 Oct 2003 12:15:24 -0400
As a follow up to my previous issue with overflowing overflow, bad
I do pretty much the same thing, though I use Killer Web Mail for this
purpose.
I think you are talking about the list of messages, in which case you
might have to re-code your Web Mail templates to get that to work. You
can though do things like add the weight to the subject and probably
Hello, All,
If I use Declude JunkMail to do Spam Filtering on a domain name, e.g.
acme.com, that I am doing IMail Store and Forward
(http://support.ipswitch.com/kb/IM-19980116-DM01.htm) for can I exert
control over the per-domain spam filtering by creating an acme.com directory
(with associated
If I use Declude JunkMail to do Spam Filtering on a domain name, e.g.
acme.com, that I am doing IMail Store and Forward
(http://support.ipswitch.com/kb/IM-19980116-DM01.htm) for can I exert
control over the per-domain spam filtering by creating an acme.com directory
(with associated
Hello, Darrell,
It depends on the FQDN (Fullly Qualified Domain Name) that you extracted
mac.com from. For example, if legit e-mail sometimes uses either @mac.com
or @host.mac.com you could add two entries to your Spam Domain text
file...
@mac.com apple.com
.mac.com apple.com
Later,
Dan Geiser
Where do you get Kill Web Mail? Does it come with iMail 8?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Frederick Samarelli
Sent: Thursday, October 16, 2003 3:01 PM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.JunkMail] Imail/Web mail
I use Killer
My log file shows the test nHELOBOGUS with a weight of 2, but nHELOBOGUS
doesn't appear in either the global or junkmail files. The test HELOBOGUS
is in both the log and the global or junkmail files. What is nHELOBOGUS and
where could it be coming from? Example of log below:
10/16/2003
My log file shows the test nHELOBOGUS with a weight of 2, but nHELOBOGUS
doesn't appear in either the global or junkmail files.
10/16/2003 00:00:08 Q25d7164f0020f12d SPAMCOP:8 EASYNET-DNSBL:8
nHELOBOGUS:2 SNIFFER:7 . Total weight = 25
The n means negative. You have the HELOBOGUS test set to
Fred, you can't by default. If you are savvy with their code, you
could probably change the templates to list the To: address in place of
the From: address in their list interface (probably a matter of
changing a single variable in a single file), but be careful not to
apply the changes to a
http://www.ipswitch.com/Support/IMail/templates.html
- Original Message -
From: Jeff Maze - Hostmaster [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, October 16, 2003 4:03 PM
Subject: RE: [Declude.JunkMail] Imail/Web mail
Where do you get Kill Web Mail? Does it come with iMail
Greetings all
I have some users who are starting to get spam with nothing in the subject
and nothing in the body, save a single link to a picture on the internet. Is
there a test for nothing in subject? I already have the subjectchars test
setup, but that only tests for subjects over a certian
Thanks. Looked at the code. Beyond
me
- Original Message -
From:
Matthew Bramble
To: [EMAIL PROTECTED]
Sent: Thursday, October 16, 2003 4:36
PM
Subject: Re: [Declude.JunkMail] Imail/Web
mail
Fred, you can't by default. If you are savvy with their
If you have JunkMail Pro, you can create a filter text file with a line
like:
SUBJECT 0 ISBLANK
The weight, of course, is up to you.
Andrew 8)
-Original Message-
From: James James [mailto:[EMAIL PROTECTED]
Sent: Thursday, October 16, 2003 2:04 PM
To: [EMAIL PROTECTED]
Subject:
Fred,
I took a look at it and here's what you do.
In the msgsum.html file search for the following string:
!--IMAIL.##From##--
Replace that with:
!--IMAIL.MessageToPlain--
If you have users that also access Killer Web Mail, they will see the
changes you make in the global file, so it
Reply to: John Tolmachoff (Lists)
Re: [Declude.JunkMail] Null Sender Spam for Valid Accounts on Thursday 11:15:50
AM
This is what I was doing but Spam Review might have 2000-10,000 of
bounced mails... too much to do in deleting them...
--
Roger Heath
[EMAIL PROTECTED]
www.rleeheath.com
Wow that worked great. Do you know where they keep
the Column Title"From" I would liketo change it to "TO".
If you every figure out how to add a column to have
both To and From that would be best.
I really appreciate this.
Thanks.
Fred
- Original Message -
From:
Matthew
No trouble, James.
It came up in this list before, which is how I knew it. It's not in the
current manual, but BODY 0 ISBLANK is noted as a new feature in the release
notes web page. MAILFROM 0 ISBLANK can also be useful, but as always, I
stress not going overboard in the weight assigned.
This is the link in the form tag
http://www.muahaha.us/d.php
It asks for username and password and ther redirects to ebay.
Kevin Bilbee
Network Administrator
Standard Abrasives, Inc.
[EMAIL PROTECTED]
(805) 520-5800 x7332
Changing the way industry works.
Fred,
Actually, that doesn't work great. It just repeats the first address
over and over. My mistake.
I looked into this more thoroughly and it appears that the
IMAIL.##From## variable is actually an array, and it isn't specific to
the From address as it will spit out the To address when you
Hello List
Any idea why my spool and overflow directory are buildingThey are at
over 85,000 messages each. I am running a dual P3 866 with one gig memory.
The CPU is going from 5% to 90% up and down all day looks like a nice sine
wave. I am getting mail from 2 days ago in my box now.
Is it me, or is this the third or fourth such message in a day or so?
That's quite strange. It's making me think that maybe a recent
Microsoft, Ipswitch or Declude patch/upgrade might be the root of the
problem (likely the first of course).
Another list member said that rebooting his server
I'm not seeing the value in the hold action... does this mean that an
administrator type has to search the server's hold directory periodically
and scroll through messages looking for false positives? Then I assume you
would want to manually move them back into the recipient's inbox? Seems
I'm not seeing the value in the hold action... does this mean that an
administrator type has to search the server's hold directory periodically
and scroll through messages looking for false positives? Then I assume
you would want to manually move them back into the recipient's inbox?
Seems
I have a client that has a domain that we host. They sent an email through
the mail server and it failed the following tests:
X-Spam-Tests-Failed: EASYNET-DYNA, IPNOTINMX [3]
My question is, what is EASYNET-DYNA? I don't see it in the JunkMail manual.
Thanks,
Mike
[This E-mail scanned for
Hi Michael
EASYNET-DYNA is the blacklist of dynablock.easynet.nl see:
http://www.declude.com/Junkmail/support/ip4r.htm .
Use WHITELIST AUTH in your GLOBAL.CFG file if you have Imail V8.X and
declude V1.75 so authenticated users will be whitelisted or do not check
outgoing emails.
Cheers
Adrian
Mike,
The Easynet-Dyna test is an external ip4r DNS test setup in your global.cfg
file. See the Declude link below to see further info on this.
http://www.declude.com/Junkmail/support/ip4r.htm
Keith
-Original Message-
From: Michael Graveen [mailto:[EMAIL
Another thing to check is your DNS and if it is resolving properly. It
could be that a reboot might resolve problems in DNS, or with IMail
connecting to DNS. It might also be a good idea to configure IMail for
Unfortuantly, Declude does not utilize the second DNS server if specified in
64 matches
Mail list logo