SPAMC32 0.5.55 is available for download at
http://www.mailmage.com/download/software/freeutils/spamc32/release
Users anticipating the big RegEx rollout will have to wait a little
longer, but there are some very powerful new features and performance
improvements in this release:
- You can
Yes, I'm still using LogLevel=MID.
Never changed it - unless someone tells me that LOW or HIGH are more
appopriate.
There is a new 1.77i16 at http://www.declude.com/interim that addresses
this and some other issues that have come up with 1.77i15.
Should the Tests Failed summary line be complete, e.g., should it
replace every single Failed line that appears in the HIGH log mode? This
way, log analyzers can simply parse the Tests Failed summary and learn about
every test AND every action?
Correct.
If so, I believe there may be one issue.
At 05:05 PM 1/12/2004, Sanford Whiteman wrote:
I guess that was a noble try... but it didn't work.
Well, it probably worked, just not enough. :)
Yeah, I'll buy that! :)
I'm going to try to separate the spamd/spamc processes and see how
that goes.
That will alleviate the utilization
At 05:52 PM 1/12/2004, Matt wrote:
Russ,
I'm not sure what actions will result in bypassing Declude Virus, but HOLD
and DELETE surely do. Since over 80% of E-mail is spam on the typical
system, that should save you a great deal over processing everything with
Virus, though JunkMail is where
Scott,Would it be possible, or desirable by others to name the interim executable files with the version name (ie Declude_1.77i15)? Sometimes by the time I read of a new interim release described as 1.77i15 and download it, it has become 1.77i17. Just an idea.Neal M.[EMAIL PROTECTED] wrote:
I think I just realized why you might not want to do this - it would probably break some auto updating programs out there. Any other options?Neal M.[EMAIL PROTECTED] wrote: -To: [EMAIL PROTECTED]From: [EMAIL PROTECTED]Sent by: [EMAIL PROTECTED]Date: 01/13/2004 08:49AMSubject: RE:
I blocked them years ago after they ignored hundreds of spam complaints.
I've had one person complain and since she is an employee I told her to have
it sent to her hotmail account.
David Daniels
Administrator
Starfish Internet Service
[EMAIL PROTECTED]
- Original Message -
From: Glen
Hi Scott:
Okay - that's fair enough.
So one should think of the line labeled Tests failed: as a line that
really contains Actions taken:
Best Regards
Andy Schmidt
Phone: +1 201 934-3414 x20 (Business)
Fax:+1 201 934-9206
---
[This E-mail was scanned for viruses by Declude Virus
Russ,
Another idea would be to block SBL with IMail 8 so that stuff never gets
to Declude. SBL can be as much as 25% of my traffic, and I weight that
in Declude so that it deletes on just that one hit. This could
potentially save you a good deal of processing power and be huge for
your
At 03:57 AM 1/13/2004, Sanford Whiteman wrote:
SPAMC32 0.5.55 is available for download at
http://www.mailmage.com/download/software/freeutils/spamc32/release
Users anticipating the big RegEx rollout will have to wait a little
longer, but there are some very powerful new features and
http://www.openhandhome.com/howtosa.html
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Russ
Uhte (Lists)
Sent: Tuesday, January 13, 2004 10:00 AM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.JunkMail] SPAMC32 (SpamAssassin SPAMC
for Declude)
- Original Message -
From: Matt [EMAIL PROTECTED]
Another idea would be to block SBL with IMail 8 so that stuff never gets
to Declude. SBL can be as much as 25% of my traffic, and I weight that
in Declude so that it deletes on just that one hit. This could
potentially save you a
Has anyone else see this.
After upgrading from 1.77i12 to 1.77i15 I get this I revert back to 1.77i12
and I am fine.
01/12/2004 18:39:34 Q303603930282ebed ERROR: nTests corrupted (1)
01/12/2004 18:39:35 Q303603930282ebed (Error 5 at 4234ac v1.77i15)
01/12/2004 18:39:35 Q303603930282ebed (log part
- Original Message -
From: Russ Uhte (Lists) [EMAIL PROTECTED]
Well, this did help considerably... but not quite enough. I moved the
SpamD server onto a server that currently does nothing but DNS. It is a
dual PIII 1GHz machine that usually runs between 0 and 5 %
utilization. With
- Original Message -
From: Frederick Samarelli [EMAIL PROTECTED]
Has anyone else see this.
After upgrading from 1.77i12 to 1.77i15 I get this I revert back to
1.77i12
and I am fine.
01/12/2004 18:39:34 Q303603930282ebed ERROR: nTests corrupted (1)
01/12/2004 18:39:35
I think that I've pointed out the caveats many times over on blocking
with SBL. SBL is though more accurate than my system as a whole, and I
have never seen a true false positive with it.
I've asked this several times; has anyone ever seen a false positive
with SBL? I've not ever received a
Russ, a not too drastic option would be to run SA on a linux mail
gateway sitting in front of your IMail server and then track the
hit=xx.x header counts with Declude. That's what we do here, and it
has worked great for us. With this configuration you could also set
IMail to
Ok. When I download the latest version.
http://www.declude.com/interim
It shows as 1.77i15
- Original Message -
From: Bill Landry [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, January 13, 2004 11:32 AM
Subject: Re: [Declude.JunkMail] 1.77i15 Bug
- Original Message -
Hi,
I am starting work on re-writing my log file analysis program for the
new format. The information that I want to extract is:
Fail tests with weight
Total weight
Action Taken
From e-mail address
To e-mail address
Date/Time
File Name
I am assuming that for this information, I need MID log
Hi Bill,
This is of course prudent advice in general. Let me share my experiences
(I'm not at all suggesting that this applies to anyone else's scenario).
However, after a few years of tinkering, I did realize that (at least based
on messages received by my mix of business clients) *I* was able
Same here - downloaded this morning after the announcement and my headers
still read:
X-Declude: Version 1.77i15; D1bad042a01feaf36.SMD from
chris.usa.hm-software.com [63.107.174.138]
Best Regards
Andy
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Ok. When I download the latest version.
http://www.declude.com/interim
It shows as 1.77i15
This is very strange. Our log files show that 1.77i16 was uploaded twice,
yet downloading it shows 1.77i15. Even after deleting the file from the
web server, it can still be downloaded -- but as
1.77i16 here.. Perhaps a local cache?
~Rick
Ok. When I download the latest version.
http://www.declude.com/interim
It shows as 1.77i15
This is very strange. Our log files show that 1.77i16 was
uploaded twice,
yet downloading it shows 1.77i15. Even after deleting the
file from
I tried this without success. Sandy's port for me is *much* slicker -
-Nick Hayer
From: Rick Klinge [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject:RE: [Declude.JunkMail] SPAMC32 (SpamAssassin SPAMC for
Declude) 0.5.55
Does anyone have any info on this service.
messagescreen.com
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe
Downloaded and installed about 5 minutes ago:
Declude 1.77i16 (C) Copyright 2000-2004 Computerized Horizons.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-Original Message-
From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
[EMAIL PROTECTED] On Behalf Of R. Scott Perry
I am assuming that for this information, I need MID log level. On
visual inspection of the MID log file, it looks like this format is:
00/00/00 00:00:00 Qx FailedTest1Name:weight FailedTest2Name:weight
TOTALWEIGHT = weight.
00/00/00 00:00:00 Qx Subject: message subject
- Original Message -
From: Matt
I think that I've pointed out the caveats many times
over on blocking with SBL. SBL is though more
accurate than my system as a whole, and I have
never seen a true false positive with it.
I've asked this several times; has anyone ever seen
a false
- Original Message -
From: Andy Schmidt [EMAIL PROTECTED]
This is of course prudent advice in general.
Let me share my experiences (I'm not at all
suggesting that this applies to anyone else's
scenario).
However, after a few years of tinkering, I
did realize that (at least based
It now shows 1.77i16 but still the same error.
1/13/2004 12:44:03 Q2e6302780262ca7c (Error 5 at 4127f8 v1.77i16)
01/13/2004 12:44:03 Q2e6302780262ca7c (log part 2 saved as C:\declude.gp2)
01/13/2004 12:44:03 Q2e6302780262ca7c (log part 1 saved as C:\declude.gp1)
- Original Message -
Confirmed:
X-Declude: Version 1.77i16; D2edc073800b6a083.SMD from
corner-office.usa.hm-software.com [63.107.174.136]
Scott - I assume this does not yet fix the SPF bug that I reported (Just
asking because it was not acknowledged in any way.)
Best Regards
Andy
---
[This E-mail was scanned for
Bill,
It appears that your entire list is from one source, Topica.
Search the archives for a discussion of Topica, how their lack of
message list verification results in lots of spam, and how they are
also a spam house, even sending spam from the same block of IP's. I
thought this was an FP
For those who have downloaded/currently using DLAnalyzer to process thier
Declude Junkmail Logs an update is available that supports the new log file
format found in 1.77i15+. It is also backward compatible and will still
continue to work with the older log files as well.
Please see the read
declude.gp1 file.
(Error 5 at 4127f8 v1.77i16)
(attempt to read at 73c098)
(004127F8 0012C700 (00470AB4 0012FF68) C:\IMail\Declude.exe)
(004101C5 0012C868 ( ) C:\IMail\Declude.exe)
(0040D3B6 0012FF80 (0002 00620B80) C:\IMail\Declude.exe)
(004322E0 0012FFC0 ( )
MessageScreen is a sophisticated anti-spam, anti-virus, and content
filtering solution that is tightly integrated with Novell GroupWise,
Microsoft Exchange, and Lotus Domino email platforms. MessageScreen's
gateway-level filtering technology stops over 97% of spam and produces
virtually no false
Matt, legitimate messages are legitimate no matter
the source that they come from, would you not agree with this? You would
have deleted all of these messages, as well the other dozen or so legitimate
personal messages I found. I don't see any credibility in your position
here that it is
... the SPF bug that I reported (Just asking because it was not
acknowledged in any way.)
That is currently being investigated.
-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
Declude Virus: Catches known
HI,
I'm getting spam, and it is being whitelisted because of HABEAS... Here are
the headers.
These emails are definately spam. Looks like HABEAS has been compromised?
Comments Please.
thanks, Andy
Received: from cs78191007.pp.htv.fi [62.78.191.7] by thumpernet.com
(SMTPD32-6.06) id
It now shows 1.77i16 but still the same error.
1/13/2004 12:44:03 Q2e6302780262ca7c (Error 5 at 4127f8 v1.77i16)
01/13/2004 12:44:03 Q2e6302780262ca7c (log part 2 saved as C:\declude.gp2)
01/13/2004 12:44:03 Q2e6302780262ca7c (log part 1 saved as C:\declude.gp1)
There is a v1.77i17 that has been
I'm getting spam, and it is being whitelisted because of HABEAS... Here are
the headers.
These emails are definately spam. Looks like HABEAS has been compromised?
Yes; the pharmacourt.biz spammers have infringed on the Habeas intellectual
property rights. Habeas is going after them. Until
These emails are definately spam. Looks like HABEAS has been compromised?
More like spammers are forging habeas headers and challenging habeus'
ability to prosecute.
Larry Craddock
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from
Fwiw.. I would never whitelist any email based solely because they warranted
it to be spam free... Email headers can and do get forged all the time. I
have recently sent them a letter and a lot of porno and spam email for them
to review..
~Rick
-Original Message-
From: [EMAIL
I received 13 of these today in my personal e-mail. I changed Habeas
from whitelist to weight -5 and it seems to have fixed the problem.
Don't know yet if non spam is getting blocked but I doubt it.
Here is a log entry after change (weight was 36 even with the -5):
01/13/2004 11:09:12
At 11:30 AM 1/13/2004, Bill Landry wrote:
Russ, a not too drastic option would be to run SA on a linux mail gateway
sitting in front of your IMail server and then track the hit=xx.x header
counts with Declude. That's what we do here, and it has worked great for
us. With this configuration you
But how does it work? Good --- bad
- Original Message -
From: Rick Klinge [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, January 13, 2004 1:02 PM
Subject: RE: [Declude.JunkMail] messagescreen.com
MessageScreen is a sophisticated anti-spam, anti-virus, and content
filtering
I got that this morning as well.
I commented out the HABEAS test.
- Original Message -
From: andyb [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, January 13, 2004 1:13 PM
Subject: [Declude.JunkMail] whitelisted
HI,
I'm getting spam, and it is being whitelisted because of
More weirdness. It may only be mine.
I just used wget to fetch the current interim, which was 1.77i17 and when I
did a
declude.exe -diag
all looked good. Then I copied it to the IMail server and tried there, and
got the report I'm putting in the attached text file. From my log, it looks
like
This took actual research to figure out :) Topica is absolutely a spam
house, and I wouldn't be at all surprised to see them populating their
database with addresses and list demographics from Topica.com. Many of
the lists that Topica sends out are auto-subscribed to by a bot that
they
Wow, what does any of this have to do with
delivering legitimate messages rather than deleting them? I do not
intentionally deliver spam from any source, including these - but I do deliver
the legitimate messages sent from any source(ah, the true benefits of a
spam weighting system). You,
Same problem.
01/13/2004 13:53:21 Q3ea002ea02623b93 ERROR: nTests corrupted (1):
961824839-200
01/13/2004 13:53:22 Q3ea002ea02623b93 (Error 5 at 42351c v1.77i17)
01/13/2004 13:53:22 Q3ea002ea02623b93 (log part 2 saved as C:\declude.gp2)
01/13/2004 13:53:22 Q3ea002ea02623b93 (log part 1 saved as
Same problem.
01/13/2004 13:53:21 Q3ea002ea02623b93 ERROR: nTests corrupted (1):
961824839-200
There is a 1.77i18 at http://www.declude.com/interim that should fix this.
-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail
From visual inspection, it looks like there is also warning lines in
this format:
01/07/2004 00:13:11 Qa376165600fc12a6 WARNING: some type of error report
here
These are easy enough to ignore during my analysis. Are there other
types of lines that may be of concern?
Thanks,
Bill
Can anyone recommend a web interfaced dns management console for end
users? Want end users to be able to manage their own domains eg:
adding, deleting, edits. Thanks much!
-Nick Hayer
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This
TREADING LIGHTLY
I think what Matt maybe saying, is that
even if legit messages come through Topica, Topica may be harvesting those
addresses from the legit messages for use in unintended ways, AKA spam.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
- Original Message -
From: Russ Uhte (Lists) [EMAIL PROTECTED]
Bill... This is what I would like to do, but there are a couple
issues/questions I have.
Russ, we should probably take this off-line. But briefly:
1. How do I reject messages with an invalid RCPT TO: command?
There
Andy, Habeas has not been compromised. Since Saturday, a spammer has been
using the Habeas warrant in the headers to get his junk past
configurations like yours.
This header text is easy to insert. Note that the X-Mailer: header is also
being faked. Each of the spams I've seen like this have
Bill,
If this stuff comes from the same IP, both good and bad, then how do
you tell it apart? Do you merely rely on content filters?
Their servers send lots of spam and they are well aware of the
problems. When you combine their semi-legit business with the fact
that they are spamming openly
This was whitelisted as it is/was part of the default config file...
- Original Message -
From: Rick Klinge [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, January 13, 2004 1:25 PM
Subject: RE: [Declude.JunkMail] whitelisted
Fwiw.. I would never whitelist any email based solely
Several spam emails are being whitelisted by declude, I didnt know what was
causing it as I dont have any whitelisting going on, until I noticed the
habeas header.
Am I correct in thinking that this spam messages got whitelisted because of
Habeas? And if so, what next step should I take other
So I got to ask then, is this a good enough reason
to delete legitimate messages?
Bill
- Original Message -
From:
John Tolmachoff (Lists)
To: [EMAIL PROTECTED]
Sent: Tuesday, January 13, 2004 11:17
AM
Subject: RE: [Declude.JunkMail] Topica
and SBL
You did not mention the DNS server being used. like BIND, Simple DNS, MS
DNS???
Kevin Bilbee
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Nick Hayer
Sent: Tuesday, January 13, 2004 11:09 AM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.JunkMail]
I have been reporting as they come up.
Thanks, Andy
- Original Message -
From: R. Scott Perry [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, January 13, 2004 1:13 PM
Subject: Re: [Declude.JunkMail] whitelisted
I'm getting spam, and it is being whitelisted because of HABEAS...
Yup,
http://www.jhsoft.com
Works.. No problems at all
~Rick
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Nick Hayer
Sent: Tuesday, January 13, 2004 1:09 PM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.JunkMail] *OT* Web dns management console
Except that you are contributing to their database
of valid addresses so you get other spam and you are doing "business" with a
spammer... even if it is a free list. The point that Matt makes.. which is a
valid one.. is that Topica shouldn't be used by anyone because their existance
makes
John,
That's part of it, but that part was only speculative. Topica does
harvest from the Web and newsgroups for their spam for sure.
Topica is a very shifty company that likes to juggle address blocks.
In order to avoid listings, they have an active campaign to encourage
people to whitelist
Hi,
If people can use Habeas headers to get their spam delivered, then Habeas
HAS been compromised. To say otherwise is a symantic difference that I
don't care to debate. Bottom line is that Habeus Warrant doesn't mean
anything right now.
As for a configuration like mine, as I said, this is
GENERAL WARNING.
More control available to the end user means more problems can be created by
the end user.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-Original Message-
From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
[EMAIL PROTECTED] On Behalf Of Nick Hayer
When the messages come from a system that
participates in building spam lists and the distribution of spam then yes. You
must take a stand that you won't have anything to do with a company like Topica.
By using the legitimate part of their business you are feeding their corrupt
part of
On their website you can report the spam and they will go after them... in
theory... but for now because so many people are bundling the headers in
spam you should probably not whitelist Habeas headers.
--
Joshua Levitsky, MCSE, CISSP
System Engineer
Time Inc. Information Technology
[5957 F27C
I'm not deleting legitimate messages the last time I checked.
If my customers want to sign up for Topica, they can add them to their
Web mail address book. I figure that this is only a transition period
until Topica loses all of their legit business due to their practices.
Clearly, I am well
Hi Nick,
I put together a simple one in .NET for MS DNS that uses SQL2K and the
dnscmd utility to manage the most common functions in DNS (adding, deleting
Host and MX records). Note that it does currently require IIS, the .NET
framework, and SQL2K on the MS DNS server. If you're interested, we
I'm using bind 8x but I would switch no problem to have the user
interface...
-Nick
From: Kevin Bilbee [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject:RE: [Declude.JunkMail] *OT* Web dns management console
Date sent: Tue, 13 Jan
- Original Message -
From: Joshua Levitsky
Except that you are contributing to their database
of valid addresses so you get other spam and you
are doing business with a spammer... even if it is
a free list. The point that Matt makes.. which is a
valid one.. is that Topica shouldn't
Title: Message
I
guess this goes towards where one chooses to draw the line - spammersvs.
"organizations supporting spammers". Someone who knowingly gets involved with a
spammer, should probably expect that their email will not longer be delivered
reliably.
Similar to blocking an
I whole heartedly agree. Allowing end users, who usually know nothing about
how DNS works, to manage their own domain zone files I think is a recipe for
disaster.
Just me 2 cents...
Bill
- Original Message -
From: John Tolmachoff (Lists) [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent:
Totally agree, John. That's why the simple interface I put together has
multiple security levels: one for users that could get into trouble by
accidentally deleting their MX records and www, etc. hostsand another
for more educated users who can be trusted to manage those. Generally
shared
I believe I found a bug in your SPF implementation.
http://www.infinitepenguins.net/SPF/check.php?action=spfcheckipv4=195.127.133.117helo=uli4[EMAIL PROTECTED]http://www.infinitepenguins.net/SPF/check.php?action=spfcheckipv4=195.127.133.117helo=uli4[EMAIL PROTECTED]
will PASS, because
- Original Message -
From: Bill Landry [EMAIL PROTECTED]
Sent: Tuesday, January 13, 2004 3:31 PM
Subject: Re: [Declude.JunkMail] Topica and SBL
Guess what, the rules for ISPs and other businesses are different then
those
that are applied to private e-mail domains like joshie.com.
- Original Message -
From: Joshua Levitsky
When the messages come from a system that
participates in building spam lists and the
distribution of spam then yes. You must take
a stand that you won't have anything to do with
a company like Topica. By using the legitimate
part of their
- Original Message -
From: Joshua Levitsky [EMAIL PROTECTED]
Guess what, the rules for ISPs and other businesses are different then
those
that are applied to private e-mail domains like joshie.com.
Guess what? I work for AOL. Just because I happen to run my own domain
doesn't
A quick google search of BIND WEB INTERFACE gave me lots of hits.
try www.DNSZONE.ORG
Kevin Bilbee
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Nick Hayer
Sent: Tuesday, January 13, 2004 12:33 PM
To: [EMAIL PROTECTED]
Subject: RE:
SPF counts for the past couple of weeks:
==
1 1st.net PASS
1 accesscomm.ca FAIL
8 alta-vista.com FAIL
1 alta-vista.com FAIL
3 altavista.co.kr FAIL
2 altavista.co.uk FAIL
106 altavista.com FAIL
12 altavista.com FAIL
2 altavista.de FAIL
3 altavista.fr FAIL
2 altavista.fr
Thanks for sharing, Bill.
Can you also shed some light on these for us?
35 pointshare.com FAIL
39 Pointshare.com FAIL
10 pointshare.com FAIL
17 pointshare.com PASS
1 pointshare.com UNKNOWN
Andrew 8)
-Original Message-
From: Bill Landry [mailto:[EMAIL PROTECTED]
Sent: Tuesday,
- Original Message -
From: Colbeck, Andrew [EMAIL PROTECTED]
Thanks for sharing, Bill.
Can you also shed some light on these for us?
35 pointshare.com FAIL
39 Pointshare.com FAIL
10 pointshare.com FAIL
17 pointshare.com PASS
1 pointshare.com UNKNOWN
The passes are from a
Scott, is there currently any way to distinguish between the following
unknown records:
- unknown (record exists)
- unknown (record does not exist)
Bill
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing
I appreciate the explanation Bill. I won't be implementing SPF until it's
aged a little and I am confident that I understand it aright.
The score of 35 and 10 look like the same domain; were they to mail hosts
with different MX records? I assume that the 39 score is separate because
of
I get email from the susd.org domain on a regular basic, but they are
poorly setup. The headers appear as such:
X-Declude-Sender: [EMAIL PROTECTED] [204.228.60.250]
X-Spam-Tests-Failed: BASE64, HELOBOGUS, REVDNS, WEIGHT10 [10]
X-Country-Chain: UNITED STATES-destination
X-Note: This E-mail was
Scott, is there currently any way to distinguish between the following
unknown records:
- unknown (record exists)
- unknown (record does not exist)
Not currently (per the specs for SPF). However, there have been people
using SPF on other platforms that have been requesting a distinction, so
And now to go into SPF for Dummies territory, the mailfroms were
definitely spoofed, or in the normal course of events could have been
mailing list or greeting card invitations that unwisely put in the
sender's address in the mailfrom instead of their own?
It could be either. However, the burden
Don't whitelist, negative weight if you are the administrator. There
are two things to go after, the MAILFROM, or the REMOTEIP. It appears
that the school district has only one mail server, in which case you
could create a filter file called PSEUDO-WHITE and add in the following
line:
Has there been any real stance on what people are actually doing with this
test? negative weight is it returns PASS, adding weight if it fails?
Darrell
Bill Landry writes:
SPF counts for the past couple of weeks:
==
1 1st.net PASS
1 accesscomm.ca FAIL
8 alta-vista.com FAIL
Personally I try not to whitelist. If the mail comes from a few servers
than you can setup a reverse weight IPFILE for there specific IP addresses.
Whitelisting is very suspectible to forging. I learned the hardway by
whitelisting @dell.com and a spammer took me to town with that. Now I
http://www.the-carrot-and-the-stick.com
http://www.the-carrot-and-the-stick.com/How_To/index.php?VIEW=direct_query
ip4raccept.the-carrot-and-the-stick.com127.0.0.5
ip4rreject.the-carrot-and-the-stick.com127.0.0.10
Bill
---
[This E-mail was scanned for viruses by Declude Virus
That looks like a joke to me? A company that actually thinks email marketing
is legit? I don't believe any email marketing company. Period. That site
looks so phony they don't even have a email point of contact.. At least none
that I could easily find. All I could discern is that they have a web
Hi all,
bad headers, broken mail clients and so on ar logged together with error numbers like 804e.
Where can we review explanations of these error codes?
Thanks!
Roland
--
Dr. Roland Braun
Max Planck Institute for Comparative Public Law
and International Law
Im Neuenheimer Feld 535;
- Original Message -
From: Roland Braun [EMAIL PROTECTED]
bad headers, broken mail clients and so on ar logged together with error
numbers like 804e.
Where can we review explanations of these error codes?
There is a code look-up page at http://www.declude.com/tools/header.php
97 matches
Mail list logo
