[Declude.JunkMail] SPAMC32 (SpamAssassin SPAMC for Declude) 0.5.55 released
SPAMC32 0.5.55 is available for download at http://www.mailmage.com/download/software/freeutils/spamc32/release Users anticipating the big RegEx rollout will have to wait a little longer, but there are some very powerful new features and performance improvements in this release: - You can add a SKIPIFWEIGHT-type threshold to ensure that no SpamAssassin tests will be run if the message is already over a certain weight: SPAMC32 will pass (0) such messages immediately. See the -cw/-sw combo. - You can specify a Declude-specific SpamAssassin weightrange regardless of SPAMD's 'required_hits' directive. This is useful if you want to create several different Declude tests with different Declude weights; if you don't have/don't want control over a remote SPAMD server; or if you want to change the effective SpamAssassin threshold without restarting the daemon. See the -lt/-ht combo. - SPAMC32 -? and relNotes.txt are still the main sources of documentation. I'll get there soon. :) SPAMC32 Release 0.5.55 1/12/2004 * IMPORTANT NOTE: Several defaults have been changed with this version to better fit with anticipated deployments of Declude/IMail/SPAMC32. While I know this is somewhat poor development practice, the installed base of SPAMC32 is small enough that I felt it would be better to use more appropriate defaults from this point forward. In addition, if you are currently using the suggested GLOBAL.CFG test description displayed by SPAMC32 -?, there are no necessary changes, though you will be passing redundant data. All current users *must* review the [*] entries in the release notes to see if you're trusting certain defaults in your installation. * Release notes for this version: [ + Added feature] [ * Improved/changed feature ] [ - Bug fix ] [ ^ Cosmetic/naming change ] [+] Added switches '-cw' (current weight) and '-sw' (skip-if weight) to allow short-circuiting SpamAssassin tests if the current Declude weight of the message exceeds a set threshold. (These switches must be used together.) [+] Added switches 'lt' (low threshold) and 'ht' (high threshold) to allow admins to set spam parameters on the client side, rather than using SPAMD's required_hits setting. SPAMD results between the low and high values will be considered spam regardless of the required_hits setting, allowing for multiple tests and live updates without restarting SPAMD. (These switches must be used together.) [*] Changed default reporting behavior (when not using '-c', '-r', '-s', '-y' switches) to '-c' (check only) for performance considerations. [*] Removed 'process' option completely: is redundant w/Declude as aggregator. [*] Changed default maximum message size (when not using '-a' switch) to 32000. [*] Changed default timeout (when not using '-t' switch) to 10. [*] Changed suggested Declude test description for GLOBAL.CFG to leave out values that are now defaults (timeout and message size), and fixed error that suggested that the %QUEUENAME% parameter needed to be specifically added to the command line (Declude appends the %QUEUENAME% automatically. Existing users are urged to review this change. [^] Various code segments consolidated for performance. Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] 1.77i15 Log Issues
Yes, I'm still using LogLevel=MID. Never changed it - unless someone tells me that LOW or HIGH are more appopriate. There is a new 1.77i16 at http://www.declude.com/interim that addresses this and some other issues that have come up with 1.77i15. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] More 1.77i15 Log Issues
Should the Tests Failed summary line be complete, e.g., should it replace every single Failed line that appears in the HIGH log mode? This way, log analyzers can simply parse the Tests Failed summary and learn about every test AND every action? Correct. If so, I believe there may be one issue. My Tests Failed line don't seem to itemize ANY negative test results, not even word filters. Could it be, that your Tests Failed is using the HIDETESTS definitions to suppress information? The one that shows the negative weights (the one that ends with Total weight = ) appears at LOGLEVEL MID and higher, and is separate from the new one (that starts with Tests failed). The new one replaces the LOGLEVEL LOW log file entries, and therefore will only record the tests that would have generated a log file entry. This is appropriate as the negative weights affect the total weight of the E-mail (Total weight = line), but do not affect the actions that are taken (Tests failed line). Note that the HIDETESTS option does not affect what is shown in either line. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[4]: [Declude.JunkMail] SpamD/SpamC for Declude
At 05:05 PM 1/12/2004, Sanford Whiteman wrote: I guess that was a noble try... but it didn't work. Well, it probably worked, just not enough. :) Yeah, I'll buy that! :) I'm going to try to separate the spamd/spamc processes and see how that goes. That will alleviate the utilization issue, for sure. Depending on the age of your server, you should think about adding an additional processor. I find that that's one fun part about running mail on old boxes with new disks: as it gives you ability to scale up processing on the cheap as needed, while still giving peak performance for disk-starved tasks. A lot of people inadvertently err on the side of processor power by buying new boxes and ignoring DASD optimization. Unfortunately, this particular server is out of space for new drives internally. Now realistically, I could rebuild it and do it right, and it would probably last a very long time. When I got the server, it had 4 drives configured for Raid 5 in a single logical drive with 3 partitions. I added two more drives in a mirrored set, and moved the spool to this. That helped drastically. I may look into external scsi drives... I know this server is grossly underpowered for what I'm trying to do, but I inherited it this way, and I don't think I'm gonna get to buy a new one here anytime soon. The person before didn't understand how to spec out a mailserver. Gotcha. One thing you should know about that I'm building into SPAMC32 right now is a SKIPIFWEIGHT option that will return 0 immediately if a (Declude) weight has already been exceeded, thus saving processing for way out-of-range spam. Now that would be awesome. If there's anything I can do to help, let me know. I don't know a much about VB (I think that's what it's written in?) but I'd be willing to help in anyway I can. Thanks, Russ --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] SpamD/SpamC for Declude
At 05:52 PM 1/12/2004, Matt wrote: Russ, I'm not sure what actions will result in bypassing Declude Virus, but HOLD and DELETE surely do. Since over 80% of E-mail is spam on the typical system, that should save you a great deal over processing everything with Virus, though JunkMail is where most of the processing goes when you are running custom filters. I'm not sure if you have upgraded to 1.77i7+ yet, but the SKIPIFWEIGHT, MAXWEIGHT and END functionality was a huge savings for my server. Even re-ordering your custom filters to put the bigger hogs with the least impact and rarest hits at the bottom was a big help with SKIPIFWEIGHT. Probably more than 80% of my spam never hits a custom filter, and 97% of my spam never hits every filter file. Yeah, I'm currently running 1.77i15 as of this morning, and I've been using your latest filters. Previously, I had to remove your old filters due to processing limitations, but the new ones are great!! Yeah, I guess it makes since that if I'm stopping 160,000 of the message with Junkmail, that I now only have to scan 40,000 messages for virii. I just upgraded to IMail 8 and am using WHITELIST AUTH and PREWHITELIST ON, and that also saves on processing. I'm nowhere near your utilization, but I hate to ever see my processors pegged due to the fact that the machine currently performs many tasks besides E-mail. I haven't yet turned those options on, but I guess I probably should. I hate to see a server this busy as well, but fortunately, all it does is mail. I'm still debating on a gateway mail server (like IMGate)... Still weighing all the Pros and Cons to try and determine if it's worth my time to learn a whole new mail server software package. Only time will tell... -Russ --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] 1.77i15 Log Issues
Scott,Would it be possible, or desirable by others to name the interim executable files with the version name (ie Declude_1.77i15)? Sometimes by the time I read of a new interim release described as 1.77i15 and download it, it has become 1.77i17. Just an idea.Neal M.[EMAIL PROTECTED] wrote: -To: [EMAIL PROTECTED]From: "R. Scott Perry" [EMAIL PROTECTED]Sent by: [EMAIL PROTECTED]Date: 01/13/2004 08:14AMSubject: RE: [Declude.JunkMail] 1.77i15 Log IssuesYes, I'm still using LogLevel=MID.Never changed it - unless someone tells me that LOW or HIGH are moreappopriate.There is a new 1.77i16 at http://www.declude.com/interimthat addresses this and some other issues that have come up with 1.77i15. -Scott---Declude JunkMail: The advanced anti-spam solution for IMail mailservers.Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection.Find out what you've been missing: Ask about our free 30-day evaluation.---[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]---This E-mail came from the Declude.JunkMail mailing list. Tounsubscribe, just send an E-mail to [EMAIL PROTECTED], andtype "unsubscribe Declude.JunkMail". The archives can be foundat http://www.mail-archive.com.--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] 1.77i15 Log Issues
I think I just realized why you might not want to do this - it would probably break some auto updating programs out there. Any other options?Neal M.[EMAIL PROTECTED] wrote: -To: [EMAIL PROTECTED]From: [EMAIL PROTECTED]Sent by: [EMAIL PROTECTED]Date: 01/13/2004 08:49AMSubject: RE: [Declude.JunkMail] 1.77i15 Log IssuesScott, Would it be possible, or desirable by others to name the interim executable files with the version name (ie Declude_1.77i15)? Sometimes by the time I read of a new interim release described as 1.77i15 and download it, it has become 1.77i17. Just an idea. Neal M. [EMAIL PROTECTED] wrote: - To: [EMAIL PROTECTED] From: "R. Scott Perry" [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] Date: 01/13/2004 08:14AM Subject: RE: [Declude.JunkMail] 1.77i15 Log Issues Yes, I'm still using LogLevel=MID. Never changed it - unless someone tells me that LOW or HIGH are more appopriate. There is a new 1.77i16 at http://www.declude.com/interim that addresses this and some other issues that have come up with 1.77i15. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus ( http://www.declude.com )] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com . --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Bigpond
I blocked them years ago after they ignored hundreds of spam complaints. I've had one person complain and since she is an employee I told her to have it sent to her hotmail account. David Daniels Administrator Starfish Internet Service [EMAIL PROTECTED] - Original Message - From: Glen Harvy [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, January 13, 2004 1:04 AM Subject: RE: [Declude.JunkMail] Bigpond ha ha ha send them an email at [EMAIL PROTECTED] and we'll all have a giggle :-) good luck and happy hunting. better still - just blacklist them and you'll wipe out 75% of all emails coming from down under :-) _ Glen Harvy Aquarius Communications for all your Internet Needs. Phone 9977 3788 Fax 9977 3844 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of John Tolmachoff (Lists) Sent: Tuesday, 13 January 2004 12:06 To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Bigpond Then they better clean up their act and take are hardball stance on all spam flowing through their servers. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Glen Harvy Sent: Monday, January 12, 2004 3:12 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Bigpond Importance: High Hi, I suspect they most certainly will - legal action that is. Bigpond is 51% Australian Government owned and the rest is listed on the sharemarket. They are Australia's largest internet provider capturing over 70% of the market. They have a monopoly via Telstra - Australia's largest telephone company. They have a similar attitude to Microsoft - sue first and negotiate later. _ Glen Harvy Aquarius Communications for all your Internet Needs. Phone 9977 3788 Fax 9977 3844 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of John Tolmachoff (Lists) Sent: Tuesday, 13 January 2004 04:47 To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Bigpond I was just going to say, almost all of those IP addresses are from the same ISP in Australia. If we want to play hardball, block all the IPs, and then the ISP will have to take action. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Matt Sent: Monday, January 12, 2004 9:36 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Bigpond Let me correct something. BigPond.com isn't a spam house, they are a DSL provider in Australia. They however have a large number of mail servers that consistently relay spam. It's almost like they are hosting spammers, and have them relay through their own servers instead of direct delivery. There's a ton of it. I'm not sure what to do about this situation. Maybe someone else has some ideas. Matt Matt wrote: John, Looks like a spam house to me. http://www.senderbase.org/search?searchString=bigpond.com Block by IP. Google shows that they've used different domains from these blocks, and the REVDNS entry could be gone tomorrow. Use Scott's CIDR tool if you are uncertain about the ranges. Dig through surrounding blocks with reverse DNS to see if there are even larger blocks present. Lastly, report your findings to the board :) Matt John Tolmachoff (Lists) wrote: Is there legit e-mail that comes from Bigpond mail servers, or can I heavily weight REVDNS ENDSWITH .bigpond.com? John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL
RE: [Declude.JunkMail] More 1.77i15 Log Issues
Hi Scott: Okay - that's fair enough. So one should think of the line labeled Tests failed: as a line that really contains Actions taken: Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] SpamD/SpamC for Declude
Russ, Another idea would be to block SBL with IMail 8 so that stuff never gets to Declude. SBL can be as much as 25% of my traffic, and I weight that in Declude so that it deletes on just that one hit. This could potentially save you a good deal of processing power and be huge for your system. You can still keep track of statistics by using IMail's daily report to show you how many messages got stopped that way and adding them into your Declude results. I think Kami sets IMail to delete a message after hitting a certain number of RBL's, this too may be a further savings if you are careful about it. You could probably get rid of over 50% of your traffic that way and leave Declude to do the heavy lifting for what's left over. I'm not yet familiar with this setup yet since I just upgraded, but I'm sure Kami would explain how he has it working. BTW, on non-gatewayed domains, I'm pre-whitelisting about 15% of my traffic now because of WHITELIST AUTH (most of it) and AUTOWHITELIST ON (from the Web mail address book, but this can cause some false negatives, especially if people have their own E-mail listed, however they aren't very likely at all to have included a bulk mailing spam source). Matt Russ Uhte (Lists) wrote: At 05:52 PM 1/12/2004, Matt wrote: Russ, I'm not sure what actions will result in bypassing Declude Virus, but HOLD and DELETE surely do. Since over 80% of E-mail is spam on the typical system, that should save you a great deal over processing everything with Virus, though JunkMail is where most of the processing goes when you are running custom filters. I'm not sure if you have upgraded to 1.77i7+ yet, but the SKIPIFWEIGHT, MAXWEIGHT and END functionality was a huge savings for my server. Even re-ordering your custom filters to put the bigger hogs with the least impact and rarest hits at the bottom was a big help with SKIPIFWEIGHT. Probably more than 80% of my spam never hits a custom filter, and 97% of my spam never hits every filter file. Yeah, I'm currently running 1.77i15 as of this morning, and I've been using your latest filters. Previously, I had to remove your old filters due to processing limitations, but the new ones are great!! Yeah, I guess it makes since that if I'm stopping 160,000 of the message with Junkmail, that I now only have to scan 40,000 messages for virii. I just upgraded to IMail 8 and am using WHITELIST AUTH and PREWHITELIST ON, and that also saves on processing. I'm nowhere near your utilization, but I hate to ever see my processors pegged due to the fact that the machine currently performs many tasks besides E-mail. I haven't yet turned those options on, but I guess I probably should. I hate to see a server this busy as well, but fortunately, all it does is mail. I'm still debating on a gateway mail server (like IMGate)... Still weighing all the Pros and Cons to try and determine if it's worth my time to learn a whole new mail server software package. Only time will tell... -Russ --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] SPAMC32 (SpamAssassin SPAMC for Declude) 0.5.55 released
At 03:57 AM 1/13/2004, Sanford Whiteman wrote: SPAMC32 0.5.55 is available for download at http://www.mailmage.com/download/software/freeutils/spamc32/release Users anticipating the big RegEx rollout will have to wait a little longer, but there are some very powerful new features and performance improvements in this release: - You can add a SKIPIFWEIGHT-type threshold to ensure that no SpamAssassin tests will be run if the message is already over a certain weight: SPAMC32 will pass (0) such messages immediately. See the -cw/-sw combo. Well, this did help considerably... but not quite enough. I moved the SpamD server onto a server that currently does nothing but DNS. It is a dual PIII 1GHz machine that usually runs between 0 and 5 % utilization. With SpamD running on it, it averaged about 70% utilization. Now my mailserver wasn't noticeably affected by the SpamC process. That was using a -sw entry of 20 (my hold weight) So, I think if I want to utilize SA, I'm going to have to do something drastic... I'm open to suggestions if anyone has any!! :) -Russ --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] SPAMC32 (SpamAssassin SPAMC for Declude) 0.5.55 released
http://www.openhandhome.com/howtosa.html -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Russ Uhte (Lists) Sent: Tuesday, January 13, 2004 10:00 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] SPAMC32 (SpamAssassin SPAMC for Declude) 0.5.55 released At 03:57 AM 1/13/2004, Sanford Whiteman wrote: SPAMC32 0.5.55 is available for download at http://www.mailmage.com/download/software/freeutils/spamc32/release Users anticipating the big RegEx rollout will have to wait a little longer, but there are some very powerful new features and performance improvements in this release: - You can add a SKIPIFWEIGHT-type threshold to ensure that no SpamAssassin tests will be run if the message is already over a certain weight: SPAMC32 will pass (0) such messages immediately. See the -cw/-sw combo. Well, this did help considerably... but not quite enough. I moved the SpamD server onto a server that currently does nothing but DNS. It is a dual PIII 1GHz machine that usually runs between 0 and 5 % utilization. With SpamD running on it, it averaged about 70% utilization. Now my mailserver wasn't noticeably affected by the SpamC process. That was using a -sw entry of 20 (my hold weight) So, I think if I want to utilize SA, I'm going to have to do something drastic... I'm open to suggestions if anyone has any!! :) -Russ --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. ___ Virus Scanned and Filtered by http://www.FamHost.com E-Mail System. ___ Virus Scanned and Filtered by http://www.FamHost.com E-Mail System. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] SpamD/SpamC for Declude
- Original Message - From: Matt [EMAIL PROTECTED] Another idea would be to block SBL with IMail 8 so that stuff never gets to Declude. SBL can be as much as 25% of my traffic, and I weight that in Declude so that it deletes on just that one hit. This could potentially save you a good deal of processing power and be huge for your system. You can still keep track of statistics by using IMail's daily report to show you how many messages got stopped that way and adding them into your Declude results. Deleting messages based on a single test result is very bad advice. No test is 100% accurate, and in my experience they are typically less than 90%. If it works for you, and you and your users don't care about the legitimate messages you are most likely deleting, that's fine. But to make this recommendation to others without the appropriate caviate is irresponsible. Bill --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] 1.77i15 Bug
Has anyone else see this. After upgrading from 1.77i12 to 1.77i15 I get this I revert back to 1.77i12 and I am fine. 01/12/2004 18:39:34 Q303603930282ebed ERROR: nTests corrupted (1) 01/12/2004 18:39:35 Q303603930282ebed (Error 5 at 4234ac v1.77i15) 01/12/2004 18:39:35 Q303603930282ebed (log part 2 saved as C:\declude.gp2) 01/12/2004 18:39:35 Q303603930282ebed (log part 1 saved as C:\declude.gp1) 01/12/2004 18:40:00 Q304f0288029c4e8f ERROR: nTests corrupted (1) 01/12/2004 18:40:00 Q303803930282f265 ERROR: nTests corrupted (1 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] SPAMC32 (SpamAssassin SPAMC for Declude) 0.5.55 released
- Original Message - From: Russ Uhte (Lists) [EMAIL PROTECTED] Well, this did help considerably... but not quite enough. I moved the SpamD server onto a server that currently does nothing but DNS. It is a dual PIII 1GHz machine that usually runs between 0 and 5 % utilization. With SpamD running on it, it averaged about 70% utilization. Now my mailserver wasn't noticeably affected by the SpamC process. That was using a -sw entry of 20 (my hold weight) So, I think if I want to utilize SA, I'm going to have to do something drastic... I'm open to suggestions if anyone has any!! :) Russ, a not too drastic option would be to run SA on a linux mail gateway sitting in front of your IMail server and then track the hit=xx.x header counts with Declude. That's what we do here, and it has worked great for us. With this configuration you could also set IMail to gateway all outbound mail to the SA box for all external mail delivery, thus taking this load off of your IMail server. Just a thought... Bill --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] 1.77i15 Bug
- Original Message - From: Frederick Samarelli [EMAIL PROTECTED] Has anyone else see this. After upgrading from 1.77i12 to 1.77i15 I get this I revert back to 1.77i12 and I am fine. 01/12/2004 18:39:34 Q303603930282ebed ERROR: nTests corrupted (1) 01/12/2004 18:39:35 Q303603930282ebed (Error 5 at 4234ac v1.77i15) 01/12/2004 18:39:35 Q303603930282ebed (log part 2 saved as C:\declude.gp2) 01/12/2004 18:39:35 Q303603930282ebed (log part 1 saved as C:\declude.gp1) 01/12/2004 18:40:00 Q304f0288029c4e8f ERROR: nTests corrupted (1) 01/12/2004 18:40:00 Q303803930282f265 ERROR: nTests corrupted (1 I think this may be one of the log issues Scott was talking about in a earlier post that is fixed in 1.77i16. Bill --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] SpamD/SpamC for Declude
I think that I've pointed out the caveats many times over on blocking with SBL. SBL is though more accurate than my system as a whole, and I have never seen a true false positive with it. I've asked this several times; has anyone ever seen a false positive with SBL? I've not ever received a single reply to that question, though this is the 3rd time I've asked it now. I'm sure that human error can come into play, but they are the most respected RBL out there by a mile, and if you find yourself listed on SBL, there's a 99.99% chance that it is for good reason, and if not, you need to get your IP out of these because you are surely being blocked by many, many organizations. The only time that this should happen is if you inherited a spam block and your provider didn't bother getting the block delisted, or if you are unfortunate enough to have hosted your server at a well known spam house. This is the only RBL that I even weight at or above my hold weight. I'm quite anal about false positives as well, but until someone points out a flaw in SBL, I'm going to trust them absolutely. I think your advice is well founded, however it is a generalization and exceptions may apply. Matt Bill Landry wrote: - Original Message - From: "Matt" [EMAIL PROTECTED] Another idea would be to block SBL with IMail 8 so that stuff never gets to Declude. SBL can be as much as 25% of my traffic, and I weight that in Declude so that it deletes on just that one hit. This could potentially save you a good deal of processing power and be huge for your system. You can still keep track of statistics by using IMail's daily report to show you how many messages got stopped that way and adding them into your Declude results. Deleting messages based on a single test result is very bad advice. No test is 100% accurate, and in my experience they are typically less than 90%. If it works for you, and you and your users don't care about the legitimate messages you are most likely deleting, that's fine. But to make this recommendation to others without the appropriate caviate is irresponsible. Bill --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =
Re[2]: [Declude.JunkMail] SPAMC32 (SpamAssassin SPAMC for Declude) 0.5.55 released
Russ, a not too drastic option would be to run SA on a linux mail gateway sitting in front of your IMail server and then track the hit=xx.x header counts with Declude. That's what we do here, and it has worked great for us. With this configuration you could also set IMail to gateway all outbound mail to the SA box for all external mail delivery, thus taking this load off of your IMail server. Of course, you could also (a) use a Windows-based gateway and run SpamD on that with Declude (on your mailbox server) as the client, (b) use a Windows-based gateway and offload all of your gateway, SpamD, *and* Declude duties to it, (c) use a *nix-based gateway and run SpamD on that with Declude as the client...the point is that, if you're going to buy a new box, it could be put to many purposes with your choice of OS. But your current hardware setup and load isn't going to fly with a new processor-intensive content scanner. You're maxed out, and the least painless way out (from a skills standpoint) is still going to cost some bucks. --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.mailmage.com/download/software/freeutils/SPAMC32/Release/ --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] 1.77i15 Bug
Ok. When I download the latest version. http://www.declude.com/interim It shows as 1.77i15 - Original Message - From: Bill Landry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, January 13, 2004 11:32 AM Subject: Re: [Declude.JunkMail] 1.77i15 Bug - Original Message - From: Frederick Samarelli [EMAIL PROTECTED] Has anyone else see this. After upgrading from 1.77i12 to 1.77i15 I get this I revert back to 1.77i12 and I am fine. 01/12/2004 18:39:34 Q303603930282ebed ERROR: nTests corrupted (1) 01/12/2004 18:39:35 Q303603930282ebed (Error 5 at 4234ac v1.77i15) 01/12/2004 18:39:35 Q303603930282ebed (log part 2 saved as C:\declude.gp2) 01/12/2004 18:39:35 Q303603930282ebed (log part 1 saved as C:\declude.gp1) 01/12/2004 18:40:00 Q304f0288029c4e8f ERROR: nTests corrupted (1) 01/12/2004 18:40:00 Q303803930282f265 ERROR: nTests corrupted (1 I think this may be one of the log issues Scott was talking about in a earlier post that is fixed in 1.77i16. Bill --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Log File Changes
Hi, I am starting work on re-writing my log file analysis program for the new format. The information that I want to extract is: Fail tests with weight Total weight Action Taken From e-mail address To e-mail address Date/Time File Name I am assuming that for this information, I need MID log level. On visual inspection of the MID log file, it looks like this format is: 00/00/00 00:00:00 Qx FailedTest1Name:weight FailedTest2Name:weight TOTALWEIGHT = weight. 00/00/00 00:00:00 Qx Subject: message subject 00/00/00 00:00:00 Qx From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] IP: x.x.x.x ID: 00/00/00 00:00:00 Qx FailedTest1Name:action FailedTest2Name:action . And for multiple recipients, the last three lines are repeated (not sure why subject line is repeated?) for each user with the new TO address appended to the previous TO line. i.e.: To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] [EMAIL PROTECTED] To: [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] Etc. Are my assumptions correct? Thanks, Bill --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Tests Used for Deleting?
Hi Bill, This is of course prudent advice in general. Let me share my experiences (I'm not at all suggesting that this applies to anyone else's scenario). However, after a few years of tinkering, I did realize that (at least based on messages received by my mix of business clients) *I* was able to use some tests to outright delete 13% of all incoming mail (an additional 50% gets deleted by weight): BLITZEDALL DELETE NJABLPROXIES DELETE AHBLPROXIES DELETE SORBS-HTTP DELETE SORBS-SOCKS DELETE SORBS-MISC DELETE MAILFROMDELETE PERCENT DELETE (At first I was using HOLD for these tests but after many months that I never ever had to release a single held email.) Apparently, when someone is ignorant enough running an open proxy (or an infected zombie workstation) on a particular IP there is a very low likelihood that this particular machine is ALSO used as their legitimate SMTP server. When someone uses an invented from domain or tries the percent hack to force email routing - then it is our policy that the email should not be processed. (It's okay to use an unattended from mailbox - but there is never a reason to use bogus domain names, preventing our server from sending notifications or such.) Of course, ideally I would want to hang up on those connections during SMTP protocol - but unfortunately, neither Imail not Declude currently offers that option. (I'm using ORF from VAMSOFT to do exactly that on my backup MX running MS SMTP (IIS), as lots of spam now gets directed against the backup MXs). Best Regards Andy Schmidt Argos Networks 600 East Crescent Avenue, Suite 203 Upper Saddle River, NJ 07458-1846 Phone: +1 201 934-9411 x20 (Business) Fax:+1 201 934-9206 http://www.Argos.net/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bill Landry Sent: Tuesday, January 13, 2004 11:21 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] SpamD/SpamC for Declude - Original Message - From: Matt [EMAIL PROTECTED] Another idea would be to block SBL with IMail 8 so that stuff never gets to Declude. SBL can be as much as 25% of my traffic, and I weight that in Declude so that it deletes on just that one hit. This could potentially save you a good deal of processing power and be huge for your system. You can still keep track of statistics by using IMail's daily report to show you how many messages got stopped that way and adding them into your Declude results. Deleting messages based on a single test result is very bad advice. No test is 100% accurate, and in my experience they are typically less than 90%. If it works for you, and you and your users don't care about the legitimate messages you are most likely deleting, that's fine. But to make this recommendation to others without the appropriate caviate is irresponsible. Bill --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] 1.77i16?
Same here - downloaded this morning after the announcement and my headers still read: X-Declude: Version 1.77i15; D1bad042a01feaf36.SMD from chris.usa.hm-software.com [63.107.174.138] Best Regards Andy -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Frederick Samarelli Sent: Tuesday, January 13, 2004 11:41 AM Ok. When I download the latest version. http://www.declude.com/interim It shows as 1.77i15 - Original Message - From: Bill Landry [EMAIL PROTECTED] Sent: Tuesday, January 13, 2004 11:32 AM I think this may be one of the log issues Scott was talking about in a earlier post that is fixed in 1.77i16. Bill --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] 1.77i15 Bug
Ok. When I download the latest version. http://www.declude.com/interim It shows as 1.77i15 This is very strange. Our log files show that 1.77i16 was uploaded twice, yet downloading it shows 1.77i15. Even after deleting the file from the web server, it can still be downloaded -- but as 1.77i15. The HTTP headers don't show any caching program interfering -- but there definitely is one. I'm going to have to look into this to see why it is happening. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] 1.77i15 Bug
1.77i16 here.. Perhaps a local cache? ~Rick Ok. When I download the latest version. http://www.declude.com/interim It shows as 1.77i15 This is very strange. Our log files show that 1.77i16 was uploaded twice, yet downloading it shows 1.77i15. Even after deleting the file from the web server, it can still be downloaded -- but as 1.77i15. The HTTP headers don't show any caching program interfering -- but there definitely is one. I'm going to have to look into this to see why it is happening. ___ Virus Scanned and Filtered by http://www.FamHost.com E-Mail System. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] SPAMC32 (SpamAssassin SPAMC for Declude) 0.5.55 released
I tried this without success. Sandy's port for me is *much* slicker - -Nick Hayer From: Rick Klinge [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject:RE: [Declude.JunkMail] SPAMC32 (SpamAssassin SPAMC for Declude) 0.5.55 released Date sent: Tue, 13 Jan 2004 10:04:08 -0600 Send reply to: [EMAIL PROTECTED] http://www.openhandhome.com/howtosa.html -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Russ Uhte (Lists) Sent: Tuesday, January 13, 2004 10:00 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] SPAMC32 (SpamAssassin SPAMC for Declude) 0.5.55 released At 03:57 AM 1/13/2004, Sanford Whiteman wrote: SPAMC32 0.5.55 is available for download at http://www.mailmage.com/download/software/freeutils/spamc32/release Users anticipating the big RegEx rollout will have to wait a little longer, but there are some very powerful new features and performance improvements in this release: - You can add a SKIPIFWEIGHT-type threshold to ensure that no SpamAssassin tests will be run if the message is already over a certain weight: SPAMC32 will pass (0) such messages immediately. See the -cw/-sw combo. Well, this did help considerably... but not quite enough. I moved the SpamD server onto a server that currently does nothing but DNS. It is a dual PIII 1GHz machine that usually runs between 0 and 5 % utilization. With SpamD running on it, it averaged about 70% utilization. Now my mailserver wasn't noticeably affected by the SpamC process. That was using a -sw entry of 20 (my hold weight) So, I think if I want to utilize SA, I'm going to have to do something drastic... I'm open to suggestions if anyone has any!! :) -Russ --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. ___ Virus Scanned and Filtered by http://www.FamHost.com E-Mail System. ___ Virus Scanned and Filtered by http://www.FamHost.com E-Mail System. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] messagescreen.com
Does anyone have any info on this service. messagescreen.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] 1.77i15 Bug
Downloaded and installed about 5 minutes ago: Declude 1.77i16 (C) Copyright 2000-2004 Computerized Horizons. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Tuesday, January 13, 2004 9:12 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] 1.77i15 Bug Ok. When I download the latest version. http://www.declude.com/interim It shows as 1.77i15 This is very strange. Our log files show that 1.77i16 was uploaded twice, yet downloading it shows 1.77i15. Even after deleting the file from the web server, it can still be downloaded -- but as 1.77i15. The HTTP headers don't show any caching program interfering -- but there definitely is one. I'm going to have to look into this to see why it is happening. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Log File Changes
I am assuming that for this information, I need MID log level. On visual inspection of the MID log file, it looks like this format is: 00/00/00 00:00:00 Qx FailedTest1Name:weight FailedTest2Name:weight TOTALWEIGHT = weight. 00/00/00 00:00:00 Qx Subject: message subject 00/00/00 00:00:00 Qx From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] IP: x.x.x.x ID: 00/00/00 00:00:00 Qx FailedTest1Name:action FailedTest2Name:action . That is correct. Some of those lines appear at LOGLEVEL LOW, but to get them all, you would need LOGLEVEL MID (or LOGLEVEL HIGH). And for multiple recipients, the last three lines are repeated (not sure why subject line is repeated?) for each user with the new TO address appended to the previous TO line. i.e.: To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] [EMAIL PROTECTED] To: [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] Etc. Are my assumptions correct? That is correct. I'll look into getting the Subject: line to only appear once. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] SpamD/SpamC for Declude
- Original Message - From: Matt I think that I've pointed out the caveats many times over on blocking with SBL. SBL is though more accurate than my system as a whole, and I have never seen a true false positive with it. I've asked this several times; has anyone ever seen a false positive with SBL? I've not ever received a single reply to that question, though this is the 3rd time I've asked it now. Because people didn't respond doesn't mean anything. All RBLs produce false-positives. How could they not, they are run by humans. I think your advice is well founded, however it is a generalization and exceptions may apply. There are no exceptions when it comes to anything run by humans, there WILL be errors. Just from yesterdays logs, legitimate mailing list messages blocked by SBL: 20 Subject: RE: [MS SMS] What are YOU doing to remove spyware? 2004 Edition 19 Subject: RE: [MS SMS] OT: Football 12 Subject: RE: [myOT] Alias 10 Subject: RE: [MS SMS] SMS 2003: WMI 9 Subject: RE: [MS SMS] Installing a DP over the wire. 9 Subject: RE: [myOT] MMS 2004 7 Subject: RE: [MS SMS] VBS Question 6 Subject: RE: [myOT] Stargate season opener tonight... 5 Subject: RE: [MS SMS] Central Site 5 Subject: RE: [MS SMS] Error in scan tool 4 Subject: RE: [MS SMS] ROI for 2003 4 Subject: RE: [MS SMS] SMS 2: Clients failed to connect to APM server 4 Subject: RE: [MS SMS] XP clients 3 Subject: RE: [MS SMS] SMS and Tablet PC 3 Subject: RE: [MS SMS] SMS on VMWare 3 Subject: RE: [MS SMS] SMS2003 - How to re-trigger advertisement on client 2 Subject: RE: [MS SMS] MakeColl.exe for SMS 2003? 2 Subject: RE: [MS SMS] OT: Anyone from the UK going to the MMS? 2 Subject: RE: [MS SMS] OT: Read Receipts on List messages 2 Subject: RE: [MS SMS] SMS SUSFP Updates 2 Subject: [MS SMS] XP clients 1 Subject: RE: [myOT] New Bill and Monica pics... 1 Subject: RE: [MS SMS] advanced client prestaging 1 Subject: RE: [MS SMS] FW: Clarification on recent email from Shavlik Technologies 1 Subject: RE: [MS SMS] FW: Clarification on recent email from Shavlik Technologies 1 Subject: RE: [MS SMS] FW: Clarification on recent email from Shavlik Technologies 1 Subject: RE: [MS SMS] Security scan tool upgrade 1 Subject: RE: [MS SMS] SMS 2003 MP problem 1 Subject: RE: [MS SMS] SMS Office Updates 1 Subject: RE: [MS SMS] SUS Distribute software updates wizard doesn't show up 1 Subject: NWCYCLING: FW: 2004 Mt. Hood Cycling Classic 1 Subject: NWCYCLING: USCF Rulebook 2004 Changes - online 1 Subject: NWCYCLING: WSBA Junior Informational Meeting Tonight 1 Subject: MEDITECH Issue PP #3714704 - Open 1 Subject: [partb-l] HCPCS codes 1 Subject: [NPinfo] Interesting article on the physician shortage. 1 Subject: [myOT] Test 1 Subject: [myOT] Alias 1 Subject: [MS SMS] VBS Question 1 Subject: [MS SMS] SUS Distribute software updates wizard doesn't show up 1 Subject: [MS SMS] SMS2003 - How to re-trigger advertisement on client 1 Subject: [MS SMS] SMS Office Updates 1 Subject: [MS SMS] SMS and Tablet PC 1 Subject: [MS SMS] SMS 2003: WMI 1 Subject: [MS SMS] SMS 2003 Bug 1 Subject: [MS SMS] ROI for 2003 1 Subject: [MS SMS] Query help needed 1 Subject: [MS SMS] OT: Read Receipts on List messages 1 Subject: [MS SMS] OT: Guest Account 1 Subject: [MS SMS] OT: Anyone from the UK going to the MMS? 1 Subject: [MS SMS] MakeColl.exe for SMS 2003? 1 Subject: [MS SMS] Installing a DP over the wire. 1 Subject: [MS SMS] Holy Replicating Servers Batman! 1 Subject: [MS SMS] Couple backup questions 1 Subject: [MS SMS] Central Site 1 Subject: [MS SMS] Adobe Acrobat 6 Deployment I also found at least a dozen personal messages that were flagged by SBL, but were delivered anyway because of the way we weight our tests. Again, this is just from yesterday. Instead of applying a huge weight to a single test, why not apply a small weight to may tests? That way you at least get corroboration from multiple tests, thus negating the human factor. Bill --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Tests Used for Deleting?
- Original Message - From: Andy Schmidt [EMAIL PROTECTED] This is of course prudent advice in general. Let me share my experiences (I'm not at all suggesting that this applies to anyone else's scenario). However, after a few years of tinkering, I did realize that (at least based on messages received by my mix of business clients) *I* was able to use some tests to outright delete 13% of all incoming mail (an additional 50% gets deleted by weight): BLITZEDALL DELETE NJABLPROXIES DELETE AHBLPROXIES DELETE SORBS-HTTP DELETE SORBS-SOCKS DELETE SORBS-MISC DELETE MAILFROM DELETE PERCENT DELETE Other than the PERCENT test, I can produce false-positives from each of the RBL tests listed above for everyday of the week. I guess it depends on your customer base and mail volume, but anyone running spam tests in an ISP environment would be foolish and running great risk of deleting legitimate messages by basing delete decisions on the results of any single RBL test criteria. And I feel that if you have a weight system available to you, why take that risk at all? Bill --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] 1.77i15 Bug
It now shows 1.77i16 but still the same error. 1/13/2004 12:44:03 Q2e6302780262ca7c (Error 5 at 4127f8 v1.77i16) 01/13/2004 12:44:03 Q2e6302780262ca7c (log part 2 saved as C:\declude.gp2) 01/13/2004 12:44:03 Q2e6302780262ca7c (log part 1 saved as C:\declude.gp1) - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, January 13, 2004 12:12 PM Subject: Re: [Declude.JunkMail] 1.77i15 Bug Ok. When I download the latest version. http://www.declude.com/interim It shows as 1.77i15 This is very strange. Our log files show that 1.77i16 was uploaded twice, yet downloading it shows 1.77i15. Even after deleting the file from the web server, it can still be downloaded -- but as 1.77i15. The HTTP headers don't show any caching program interfering -- but there definitely is one. I'm going to have to look into this to see why it is happening. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] 1.77i16 Live... Really!
Confirmed: X-Declude: Version 1.77i16; D2edc073800b6a083.SMD from corner-office.usa.hm-software.com [63.107.174.136] Scott - I assume this does not yet fix the SPF bug that I reported (Just asking because it was not acknowledged in any way.) Best Regards Andy --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] SpamD/SpamC for Declude
Bill, It appears that your entire list is from one source, Topica. Search the archives for a discussion of Topica, how their lack of message list verification results in lots of spam, and how they are also a spam house, even sending spam from the same block of IP's. I thought this was an FP at first, but this is more of the malware variety. There's a good reason for Topica to be listed. I've explained this one caveat many times here, but a spam house is a spam house in my book. You should have explained with your stats how these were mostly or even all from the same source :) Matt Bill Landry wrote: - Original Message - From: Matt I think that I've pointed out the caveats many times over on blocking with SBL. SBL is though more accurate than my system as a whole, and I have never seen a true false positive with it. I've asked this several times; has anyone ever seen a false positive with SBL? I've not ever received a single reply to that question, though this is the 3rd time I've asked it now. Because people didn't respond doesn't mean anything. All RBLs produce false-positives. How could they not, they are run by humans. I think your advice is well founded, however it is a generalization and exceptions may apply. There are no exceptions when it comes to anything run by humans, there WILL be errors. Just from yesterdays logs, legitimate mailing list messages blocked by SBL: 20 Subject: RE: [MS SMS] What are YOU doing to remove spyware? 2004 Edition 19 Subject: RE: [MS SMS] OT: Football 12 Subject: RE: [myOT] Alias 10 Subject: RE: [MS SMS] SMS 2003: WMI 9 Subject: RE: [MS SMS] Installing a DP over the wire. 9 Subject: RE: [myOT] MMS 2004 7 Subject: RE: [MS SMS] VBS Question 6 Subject: RE: [myOT] Stargate season opener tonight... 5 Subject: RE: [MS SMS] Central Site 5 Subject: RE: [MS SMS] Error in scan tool 4 Subject: RE: [MS SMS] ROI for 2003 4 Subject: RE: [MS SMS] SMS 2: Clients failed to connect to APM server 4 Subject: RE: [MS SMS] XP clients 3 Subject: RE: [MS SMS] SMS and Tablet PC 3 Subject: RE: [MS SMS] SMS on VMWare 3 Subject: RE: [MS SMS] SMS2003 - How to re-trigger advertisement on client 2 Subject: RE: [MS SMS] MakeColl.exe for SMS 2003? 2 Subject: RE: [MS SMS] OT: Anyone from the UK going to the MMS? 2 Subject: RE: [MS SMS] OT: Read Receipts on List messages 2 Subject: RE: [MS SMS] SMS SUSFP Updates 2 Subject: [MS SMS] XP clients 1 Subject: RE: [myOT] New Bill and Monica pics... 1 Subject: RE: [MS SMS] advanced client prestaging 1 Subject: RE: [MS SMS] FW: Clarification on recent email from Shavlik Technologies 1 Subject: RE: [MS SMS] FW: Clarification on recent email from Shavlik Technologies 1 Subject: RE: [MS SMS] FW: Clarification on recent email from Shavlik Technologies 1 Subject: RE: [MS SMS] Security scan tool upgrade 1 Subject: RE: [MS SMS] SMS 2003 MP problem 1 Subject: RE: [MS SMS] SMS Office Updates 1 Subject: RE: [MS SMS] SUS Distribute software updates wizard doesn't show up 1 Subject: NWCYCLING: FW: 2004 Mt. Hood Cycling Classic 1 Subject: NWCYCLING: USCF Rulebook 2004 Changes - online 1 Subject: NWCYCLING: WSBA Junior Informational Meeting Tonight 1 Subject: MEDITECH Issue PP #3714704 - Open 1 Subject: [partb-l] HCPCS codes 1 Subject: [NPinfo] Interesting article on the physician shortage. 1 Subject: [myOT] Test 1 Subject: [myOT] Alias 1 Subject: [MS SMS] VBS Question 1 Subject: [MS SMS] SUS Distribute software updates wizard doesn't show up 1 Subject: [MS SMS] SMS2003 - How to re-trigger advertisement on client 1 Subject: [MS SMS] SMS Office Updates 1 Subject: [MS SMS] SMS and Tablet PC 1 Subject: [MS SMS] SMS 2003: WMI 1 Subject: [MS SMS] SMS 2003 Bug 1 Subject: [MS SMS] ROI for 2003 1 Subject: [MS SMS] Query help needed 1 Subject: [MS SMS] OT: Read Receipts on List messages 1 Subject: [MS SMS] OT: Guest Account 1 Subject: [MS SMS] OT: Anyone from the UK going to the MMS? 1 Subject: [MS SMS] MakeColl.exe for SMS 2003? 1 Subject: [MS SMS] Installing a DP over the wire. 1 Subject: [MS SMS] Holy Replicating Servers Batman! 1 Subject: [MS SMS] Couple backup questions 1 Subject: [MS SMS] Central Site 1 Subject: [MS SMS] Adobe Acrobat 6 Deployment I also found at least a dozen personal messages that were flagged by SBL, but were delivered anyway because of the way we weight our tests. Again, this is just from yesterday. Instead of applying a huge weight to a single test, why not apply a small weight to may tests? That way you at least get corroboration from multiple tests, thus negating the human factor. Bill --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. -- =
[Declude.JunkMail] DLAnalyzer - Update Available For The New Log File Changes
For those who have downloaded/currently using DLAnalyzer to process thier Declude Junkmail Logs an update is available that supports the new log file format found in 1.77i15+. It is also backward compatible and will still continue to work with the older log files as well. Please see the read me notes that addresses some new features added as well as some bug fixes for the GUI configuration utility. You can download the update from our site http://www.dlanalyzer.com. Darrell --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] 1.77i15 Bug
declude.gp1 file. (Error 5 at 4127f8 v1.77i16) (attempt to read at 73c098) (004127F8 0012C700 (00470AB4 0012FF68) C:\IMail\Declude.exe) (004101C5 0012C868 ( ) C:\IMail\Declude.exe) (0040D3B6 0012FF80 (0002 00620B80) C:\IMail\Declude.exe) (004322E0 0012FFC0 ( ) C:\IMail\Declude.exe) (7C5987E7 0012FFF0 (0043222C ) C:\WINNT\system32\KERNEL32.dll) - Original Message - From: Frederick Samarelli [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, January 13, 2004 12:47 PM Subject: Re: [Declude.JunkMail] 1.77i15 Bug It now shows 1.77i16 but still the same error. 1/13/2004 12:44:03 Q2e6302780262ca7c (Error 5 at 4127f8 v1.77i16) 01/13/2004 12:44:03 Q2e6302780262ca7c (log part 2 saved as C:\declude.gp2) 01/13/2004 12:44:03 Q2e6302780262ca7c (log part 1 saved as C:\declude.gp1) - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, January 13, 2004 12:12 PM Subject: Re: [Declude.JunkMail] 1.77i15 Bug Ok. When I download the latest version. http://www.declude.com/interim It shows as 1.77i15 This is very strange. Our log files show that 1.77i16 was uploaded twice, yet downloading it shows 1.77i15. Even after deleting the file from the web server, it can still be downloaded -- but as 1.77i15. The HTTP headers don't show any caching program interfering -- but there definitely is one. I'm going to have to look into this to see why it is happening. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] messagescreen.com
MessageScreen is a sophisticated anti-spam, anti-virus, and content filtering solution that is tightly integrated with Novell GroupWise, Microsoft Exchange, and Lotus Domino email platforms. MessageScreen's gateway-level filtering technology stops over 97% of spam and produces virtually no false positives. http://www.messagescreen.com/Products/MessageScreen/index.htm -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Frederick Samarelli Sent: Tuesday, January 13, 2004 11:30 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] messagescreen.com Does anyone have any info on this service. messagescreen.com ___ Virus Scanned and Filtered by http://www.FamHost.com E-Mail System. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] SpamD/SpamC for Declude
Matt, legitimate messages are legitimate no matter the source that they come from, would you not agree with this? You would have deleted all of these messages, as well the other dozen or so legitimate personal messages I found. I don't see any credibility in your position here that it is okay to delete legitimate messages based on where they are delivered from. Bill - Original Message - From: Matt To: [EMAIL PROTECTED] Sent: Tuesday, January 13, 2004 9:45 AM Subject: Re: [Declude.JunkMail] SpamD/SpamC for Declude Bill,It appears that your entire list is from one source, Topica.Search the archives for a discussion of Topica, how their lack of message list verification results in lots of spam, and how they are also a spam house, even sending spam from the same block of IP's. I thought this was an FP at first, but this is more of the malware variety. There's a good reason for Topica to be listed. I've explained this one caveat many times here, but a spam house is a spam house in my book.You should have explained with your stats how these were mostly or even all from the same source :)MattBill Landry wrote: - Original Message - From: Matt I think that I've pointed out the caveats many times over on blocking with SBL. SBL is though more accurate than my system as a whole, and I have never seen a true false positive with it. I've asked this several times; has anyone ever seen a false positive with SBL? I've not ever received a single reply to that question, though this is the 3rd time I've asked it now. Because people didn't respond doesn't mean anything. All RBLs produce false-positives. How could they not, they are run by humans. I think your advice is well founded, however it is a generalization and exceptions may apply. There are no exceptions when it comes to anything run by humans, there WILL be errors. Just from yesterdays logs, legitimate mailing list messages blocked by SBL: 20 Subject: RE: [MS SMS] What are YOU doing to remove spyware? 2004 Edition 19 Subject: RE: [MS SMS] OT: Football 12 Subject: RE: [myOT] Alias 10 Subject: RE: [MS SMS] SMS 2003: WMI 9 Subject: RE: [MS SMS] Installing a DP over the wire. 9 Subject: RE: [myOT] MMS 2004 7 Subject: RE: [MS SMS] VBS Question 6 Subject: RE: [myOT] Stargate season opener tonight... 5 Subject: RE: [MS SMS] Central Site 5 Subject: RE: [MS SMS] Error in scan tool 4 Subject: RE: [MS SMS] ROI for 2003 4 Subject: RE: [MS SMS] SMS 2: Clients failed to connect to APM server 4 Subject: RE: [MS SMS] XP clients 3 Subject: RE: [MS SMS] SMS and Tablet PC 3 Subject: RE: [MS SMS] SMS on VMWare 3 Subject: RE: [MS SMS] SMS2003 - How to re-trigger advertisement on client 2 Subject: RE: [MS SMS] MakeColl.exe for SMS 2003? 2 Subject: RE: [MS SMS] OT: Anyone from the UK going to the MMS? 2 Subject: RE: [MS SMS] OT: Read Receipts on List messages 2 Subject: RE: [MS SMS] SMS SUSFP Updates 2 Subject: [MS SMS] XP clients 1 Subject: RE: [myOT] New Bill and Monica pics... 1 Subject: RE: [MS SMS] advanced client prestaging 1 Subject: RE: [MS SMS] FW: Clarification on recent email from Shavlik Technologies 1 Subject: RE: [MS SMS] FW: Clarification on recent email from Shavlik Technologies 1 Subject: RE: [MS SMS] FW: Clarification on recent email from Shavlik Technologies 1 Subject: RE: [MS SMS] Security scan tool upgrade 1 Subject: RE: [MS SMS] SMS 2003 MP problem 1 Subject: RE: [MS SMS] SMS Office Updates 1 Subject: RE: [MS SMS] SUS Distribute software updates wizard doesn't show up 1 Subject: NWCYCLING: FW: 2004 Mt. Hood Cycling Classic 1 Subject: NWCYCLING: USCF Rulebook 2004 Changes - online 1 Subject: NWCYCLING: WSBA Junior Informational Meeting Tonight 1 Subject: MEDITECH Issue PP #3714704 - Open 1 Subject: [partb-l] HCPCS codes 1 Subject: [NPinfo] Interesting article on the physician shortage. 1 Subject: [myOT] Test 1 Subject: [myOT] Alias 1 Subject: [MS SMS] VBS Question 1 Subject: [MS SMS] SUS Distribute software updates wizard doesn't show up 1 Subject: [MS SMS] SMS2003 - How to re-trigger advertisement on client 1 Subject: [MS SMS] SMS Office Updates 1 Subject: [MS SMS] SMS and Tablet PC 1 Subject: [MS SMS] SMS 2003: WMI 1 Subject: [MS SMS] SMS 2003 Bug 1 Subject: [MS SMS] ROI for 2003 1 Subject: [MS SMS] Query help needed 1 Subject: [MS SMS] OT: Read Receipts on List messages 1 Subject: [MS SMS] OT: Guest Account 1 Subject: [MS SMS] OT: Anyone from the UK going to the MMS? 1 Subject: [MS SMS] MakeColl.exe for SMS 2003? 1 Subject: [MS SMS] Installing a DP over the wire. 1 Subject: [MS SMS] Holy Replicating Servers Batman! 1 Subject: [MS SMS] Couple backup questions 1 Subject: [MS SMS] Central Site 1 Subject: [MS SMS] Adobe Acrobat 6 Deployment I also found at least a dozen personal messages that were flagged by SBL, but were delivered anyway because of the way we weight our tests. Again, this is just from yesterday. Instead of applying
RE: [Declude.JunkMail] 1.77i16 Live... Really!
... the SPF bug that I reported (Just asking because it was not acknowledged in any way.) That is currently being investigated. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] whitelisted
HI, I'm getting spam, and it is being whitelisted because of HABEAS... Here are the headers. These emails are definately spam. Looks like HABEAS has been compromised? Comments Please. thanks, Andy Received: from cs78191007.pp.htv.fi [62.78.191.7] by thumpernet.com (SMTPD32-6.06) id A0E113013E; Tue, 13 Jan 2004 12:54:41 -0500 Received: from 240.80.76.18 by 81.218.114.4; Tue, 13 Jan 2004 03:42:04 -0200 Message-ID: [EMAIL PROTECTED] X-Habeas-SWE-1: winter into spring X-Habeas-SWE-2: brightly anticipated X-Habeas-SWE-3: like Habeas SWE (tm) X-Habeas-SWE-4: Copyright 2002 Habeas (tm) X-Habeas-SWE-5: Sender Warranted Email (SWE) (tm). The sender of this X-Habeas-SWE-6: email in exchange for a license for this Habeas X-Habeas-SWE-7: warrant mark warrants that this is a Habeas Compliant X-Habeas-SWE-8: Message (HCM) and not spam. Please report use of this X-Habeas-SWE-9: mark in spam to http://www.habeas.com/report/. From: Blaine Shaffer [EMAIL PROTECTED] Reply-To: Blaine Shaffer [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: GOT Valï(u)m, Viagr@, X(a)[EMAIL PROTECTED], Som@ Di3t Pills Many M3ds Y5iov Date: Tue, 13 Jan 2004 04:49:04 -0100 X-Mailer: NetJunction (NetJunction 5.0-p1)/MIME MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=--891940459175399 X-Priority: 5 X-Declude-Sender: [EMAIL PROTECTED] [62.78.191.7] X-RBL-Warning: Total weight: 0 X-Note: Total spam weight of this E-mail is 0. X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. X-Spam-Tests-Failed: Whitelisted [0] X-RCPT-TO: [EMAIL PROTECTED] X-UIDL: 370486507 Status: U --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] 1.77i15 Bug
It now shows 1.77i16 but still the same error. 1/13/2004 12:44:03 Q2e6302780262ca7c (Error 5 at 4127f8 v1.77i16) 01/13/2004 12:44:03 Q2e6302780262ca7c (log part 2 saved as C:\declude.gp2) 01/13/2004 12:44:03 Q2e6302780262ca7c (log part 1 saved as C:\declude.gp1) There is a v1.77i17 that has been placed online to deal with this. However, given the mystery caching problem, you may or may not be able to get 1.77i17 (we're still getting i15 when we try to download from here, even though i17 is online). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] whitelisted
I'm getting spam, and it is being whitelisted because of HABEAS... Here are the headers. These emails are definately spam. Looks like HABEAS has been compromised? Yes; the pharmacourt.biz spammers have infringed on the Habeas intellectual property rights. Habeas is going after them. Until this dies down, you may want to temporarily comment out the WHITELIST HABEAS line in the \IMail\Declude\global.cfg file. You should also report it to them (the spammer was nice enough to include the URL to report it at in the headers!). Reporting is important because although Habeas knows that this has happened, they are collecting as much information as possible. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] whitelisted
These emails are definately spam. Looks like HABEAS has been compromised? More like spammers are forging habeas headers and challenging habeus' ability to prosecute. Larry Craddock --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] whitelisted
Fwiw.. I would never whitelist any email based solely because they warranted it to be spam free... Email headers can and do get forged all the time. I have recently sent them a letter and a lot of porno and spam email for them to review.. ~Rick -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of andyb Sent: Tuesday, January 13, 2004 12:13 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] whitelisted HI, I'm getting spam, and it is being whitelisted because of HABEAS... Here are the headers. These emails are definately spam. Looks like HABEAS has been compromised? Comments Please. thanks, Andy Received: from cs78191007.pp.htv.fi [62.78.191.7] by thumpernet.com (SMTPD32-6.06) id A0E113013E; Tue, 13 Jan 2004 12:54:41 -0500 Received: from 240.80.76.18 by 81.218.114.4; Tue, 13 Jan 2004 03:42:04 -0200 Message-ID: [EMAIL PROTECTED] X-Habeas-SWE-1: winter into spring X-Habeas-SWE-2: brightly anticipated X-Habeas-SWE-3: like Habeas SWE (tm) X-Habeas-SWE-4: Copyright 2002 Habeas (tm) X-Habeas-SWE-5: Sender Warranted Email (SWE) (tm). The sender of this X-Habeas-SWE-6: email in exchange for a license for this Habeas X-Habeas-SWE-7: warrant mark warrants that this is a Habeas Compliant X-Habeas-SWE-8: Message (HCM) and not spam. Please report use of this X-Habeas-SWE-9: mark in spam to http://www.habeas.com/report/. From: Blaine Shaffer [EMAIL PROTECTED] Reply-To: Blaine Shaffer [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: GOT Valï(u)m, Viagr@, X(a)[EMAIL PROTECTED], Som@ Di3t Pills Many M3ds Y5iov Date: Tue, 13 Jan 2004 04:49:04 -0100 X-Mailer: NetJunction (NetJunction 5.0-p1)/MIME MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=--891940459175399 X-Priority: 5 X-Declude-Sender: [EMAIL PROTECTED] [62.78.191.7] X-RBL-Warning: Total weight: 0 X-Note: Total spam weight of this E-mail is 0. X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. X-Spam-Tests-Failed: Whitelisted [0] X-RCPT-TO: [EMAIL PROTECTED] X-UIDL: 370486507 Status: U --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. ___ Virus Scanned and Filtered by http://www.FamHost.com E-Mail System. ___ Virus Scanned and Filtered by http://www.FamHost.com E-Mail System. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] whitelisted
I received 13 of these today in my personal e-mail. I changed Habeas from whitelist to weight -5 and it seems to have fixed the problem. Don't know yet if non spam is getting blocked but I doubt it. Here is a log entry after change (weight was 36 even with the -5): 01/13/2004 11:09:12 Q26340f0201364351 HABEAS:-5 AHBL:6 CBL:4 DSBL:6 SORBS-SOCKS:5 SORBS-DUHL:4 SPAMCOP:7 SNIFFER2:9 . Total weight = 36. 01/13/2004 11:09:12 Q26340f0201364351 Msg failed HABEAS (). Action=IGNORE. 01/13/2004 11:09:12 Q26340f0201364351 Msg failed AHBL (Open Proxy - http://www.ahbl.org/tools/lookup.php?ip=68.57.145.231;). Action=IGNORE. 01/13/2004 11:09:12 Q26340f0201364351 Msg failed CBL (Blocked - see http://cbl.abuseat.org/lookup.cgi?ip=68.57.145.231;). Action=IGNORE. 01/13/2004 11:09:12 Q26340f0201364351 Msg failed DSBL (http://dsbl.org/listing?ip=68.57.145.231;). Action=IGNORE. 01/13/2004 11:09:12 Q26340f0201364351 Msg failed SORBS-SOCKS (Dynamic IP Address See: http://www.dnsbl.sorbs.net/cgi-bin/lookup?IP=68.57.145.231;). Action=IGNORE. 01/13/2004 11:09:12 Q26340f0201364351 Msg failed SORBS-DUHL (Dynamic IP Address See: http://www.dnsbl.sorbs.net/cgi-bin/lookup?IP=68.57.145.231;). Action=IGNORE. 01/13/2004 11:09:12 Q26340f0201364351 Msg failed SPAMCOP (Blocked - see http://www.spamcop.net/bl.shtml?68.57.145.231;). Action=IGNORE. 01/13/2004 11:09:12 Q26340f0201364351 Msg failed WEIGHT10 (Weight of 36 reaches or exceeds the limit of 10.). Action=HOLD. 01/13/2004 11:09:12 Q26340f0201364351 Msg failed WEIGHT15 (Weight of 36 reaches or exceeds the limit of 15.). ction=IGNORE. 01/13/2004 11:09:12 Q26340f0201364351 Msg failed WEIGHT20 (Weight of 36 reaches or exceeds the limit of 20.). Action=IGNORE. 01/13/2004 11:09:12 Q26340f0201364351 Msg failed SNIFFER2 (Message failed SNIFFER2: 52.). Action=IGNORE. 01/13/2004 11:09:12 Q26340f0201364351 Subject: Got Pills?Valï(u)m, V|@gra, X(a)[EMAIL PROTECTED], S0ma Di3t Pills Many M3ds brEWTRhNhf 01/13/2004 11:09:12 Q26340f0201364351 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] IP: 68.57.145.231 ID: Here is the change in Global.cfg: #WHITELIST HABEAS HABEAS habeas x x -5 0 Bill -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of andyb Sent: Tuesday, January 13, 2004 12:13 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] whitelisted HI, I'm getting spam, and it is being whitelisted because of HABEAS... Here are the headers. These emails are definately spam. Looks like HABEAS has been compromised? Comments Please. thanks, Andy Received: from cs78191007.pp.htv.fi [62.78.191.7] by thumpernet.com (SMTPD32-6.06) id A0E113013E; Tue, 13 Jan 2004 12:54:41 -0500 Received: from 240.80.76.18 by 81.218.114.4; Tue, 13 Jan 2004 03:42:04 -0200 Message-ID: [EMAIL PROTECTED] X-Habeas-SWE-1: winter into spring X-Habeas-SWE-2: brightly anticipated X-Habeas-SWE-3: like Habeas SWE (tm) X-Habeas-SWE-4: Copyright 2002 Habeas (tm) X-Habeas-SWE-5: Sender Warranted Email (SWE) (tm). The sender of this X-Habeas-SWE-6: email in exchange for a license for this Habeas X-Habeas-SWE-7: warrant mark warrants that this is a Habeas Compliant X-Habeas-SWE-8: Message (HCM) and not spam. Please report use of this X-Habeas-SWE-9: mark in spam to http://www.habeas.com/report/. From: Blaine Shaffer [EMAIL PROTECTED] Reply-To: Blaine Shaffer [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: GOT Valï(u)m, Viagr@, X(a)[EMAIL PROTECTED], Som@ Di3t Pills Many M3ds Y5iov Date: Tue, 13 Jan 2004 04:49:04 -0100 X-Mailer: NetJunction (NetJunction 5.0-p1)/MIME MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=--891940459175399 X-Priority: 5 X-Declude-Sender: [EMAIL PROTECTED] [62.78.191.7] X-RBL-Warning: Total weight: 0 X-Note: Total spam weight of this E-mail is 0. X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. X-Spam-Tests-Failed: Whitelisted [0] X-RCPT-TO: [EMAIL PROTECTED] X-UIDL: 370486507 Status: U --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] SPAMC32 (SpamAssassin SPAMC for Declude) 0.5.55 released
At 11:30 AM 1/13/2004, Bill Landry wrote: Russ, a not too drastic option would be to run SA on a linux mail gateway sitting in front of your IMail server and then track the hit=xx.x header counts with Declude. That's what we do here, and it has worked great for us. With this configuration you could also set IMail to gateway all outbound mail to the SA box for all external mail delivery, thus taking this Bill... This is what I would like to do, but there are a couple issues/questions I have. 1. How do I reject messages with an invalid RCPT TO: command? 2. What size machine do I need? Let's say I process 200,000 messages a day, and I want to plan for 20% growth before this box is retired. I understand that fast hard drives and proper partitioning are still extremely important, but what about processor/memory requirements? I'm guessing this would be pretty high need as well. Thanks, Russ --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] messagescreen.com
But how does it work? Good --- bad - Original Message - From: Rick Klinge [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, January 13, 2004 1:02 PM Subject: RE: [Declude.JunkMail] messagescreen.com MessageScreen is a sophisticated anti-spam, anti-virus, and content filtering solution that is tightly integrated with Novell GroupWise, Microsoft Exchange, and Lotus Domino email platforms. MessageScreen's gateway-level filtering technology stops over 97% of spam and produces virtually no false positives. http://www.messagescreen.com/Products/MessageScreen/index.htm -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Frederick Samarelli Sent: Tuesday, January 13, 2004 11:30 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] messagescreen.com Does anyone have any info on this service. messagescreen.com ___ Virus Scanned and Filtered by http://www.FamHost.com E-Mail System. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] whitelisted
I got that this morning as well. I commented out the HABEAS test. - Original Message - From: andyb [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, January 13, 2004 1:13 PM Subject: [Declude.JunkMail] whitelisted HI, I'm getting spam, and it is being whitelisted because of HABEAS... Here are the headers. These emails are definately spam. Looks like HABEAS has been compromised? Comments Please. thanks, Andy Received: from cs78191007.pp.htv.fi [62.78.191.7] by thumpernet.com (SMTPD32-6.06) id A0E113013E; Tue, 13 Jan 2004 12:54:41 -0500 Received: from 240.80.76.18 by 81.218.114.4; Tue, 13 Jan 2004 03:42:04 -0200 Message-ID: [EMAIL PROTECTED] X-Habeas-SWE-1: winter into spring X-Habeas-SWE-2: brightly anticipated X-Habeas-SWE-3: like Habeas SWE (tm) X-Habeas-SWE-4: Copyright 2002 Habeas (tm) X-Habeas-SWE-5: Sender Warranted Email (SWE) (tm). The sender of this X-Habeas-SWE-6: email in exchange for a license for this Habeas X-Habeas-SWE-7: warrant mark warrants that this is a Habeas Compliant X-Habeas-SWE-8: Message (HCM) and not spam. Please report use of this X-Habeas-SWE-9: mark in spam to http://www.habeas.com/report/. From: Blaine Shaffer [EMAIL PROTECTED] Reply-To: Blaine Shaffer [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: GOT Valï(u)m, Viagr@, X(a)[EMAIL PROTECTED], Som@ Di3t Pills Many M3ds Y5iov Date: Tue, 13 Jan 2004 04:49:04 -0100 X-Mailer: NetJunction (NetJunction 5.0-p1)/MIME MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=--891940459175399 X-Priority: 5 X-Declude-Sender: [EMAIL PROTECTED] [62.78.191.7] X-RBL-Warning: Total weight: 0 X-Note: Total spam weight of this E-mail is 0. X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. X-Spam-Tests-Failed: Whitelisted [0] X-RCPT-TO: [EMAIL PROTECTED] X-UIDL: 370486507 Status: U --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] 1.77i16 Live... Really!
More weirdness. It may only be mine. I just used wget to fetch the current interim, which was 1.77i17 and when I did a declude.exe -diag all looked good. Then I copied it to the IMail server and tried there, and got the report I'm putting in the attached text file. From my log, it looks like I started getting this: 01/13/2004 10:31:49 Q398554ca00983e88 (Error 5 at 410bae v1.77i17) 01/13/2004 10:31:49 Q398554ca00983e88 (log part 2 saved as C:\declude.gp2) 01/13/2004 10:31:49 Q398554ca00983e88 (log part 1 saved as C:\declude.gp1) 01/13/2004 10:31:49 Q399410e600bc7874 Skipping E-mail from IP 10.192.0.215 ; whitelisted [10.192.0.215]. 01/13/2004 10:31:49 Q399410e600bc7874 ERROR: nTests corrupted (1b): 3d485349 in my log. I hope that helps. I've switched back to the interim I was happy with, v1.77i12 YMMV Andrew 8) -Original Message- From: R. Scott Perry [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 13, 2004 10:10 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] 1.77i16 Live... Really! ... the SPF bug that I reported (Just asking because it was not acknowledged in any way.) That is currently being investigated. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. Declude 1.77i17 (C) Copyright 2000-2004 Computerized Horizons. Diagnostics ON (Declude v1.77i17). Declude JunkMail: Config file found (d:\imail\Declude\global.CFG). Declude Virus: Not installed (no d:\imail\Declude\Virus.CFG file). Declude Hijack:Not installed (no d:\imail\Declude\Hijack.CFG file). Declude Confirm: Not installed (no d:\imail\Declude\Confirm.CFG file). 1028150089 spam tests defined: IPNOTINMX NOLEGITCONTENT BASE64 BADHEADERS HELOBOGUS MAILFROM PERCENT REVDNS ROUTING SPAMHEADERS WEIGHT20 COMMENTS SUBJSPACE10 SUBJSPACE15 SUBJSPACE25 LONGSUBJECT NONENGLISH CMDSPACE COUNTRY SPAMDOMAINS DSBL DSBLMULTI PIGS DSN NOABUSE NOPOSTMASTER ORDB SPAMCOP BONDEDSENDER-DYNA AHBL-GOOD FLOWGO SPAMHAUS XBL-DYNA NJABL NJABLDUL NJABLSOURCES NJABLMULTI FIVETENSRC FIVETENMULTI FIVETENSINGLE FIVETENWEBFORM NJABL-DYNABLOCK BH-CNKR BH-WANADOO BH-CIBERLYNX BH-CYBERCON BR-RU BR-BR BR-JP BLITZEDALL SORBS-HTTP-DYNA SORBS-SOCKS-DYNA SORBS-MISC-DYNA SORBS-SMTP-DYNA SORBS-SPAM-DYNA SORBS-WEB SORBS-BLOCK SORBS-ZOMBIE SORBS-DYNA SORBS-BADCONF SORBS-NOMAIL HIL DRBL-RU DNSRBL-SPAM WYTNIJ PSBL RELAYWATCHER-DYNA MAILPOLICE-BULK MAILPOLICE-PORN SPAMBAG SECURITYSAGE WILDCARD-DOMAIN-AC WILDCARD-DOMAIN-CC WILDCARD-DOMAIN-CX WILDCARD-DOMAIN-MP WILDCARD-DOMAIN-MUSEUM WILDCARD-DOMAIN-NU1 WILDCARD-DOMAIN-NU2 WILDCARD-DOMAIN-PH WILDCARD-DOMAIN-PW1 WILDCARD-DOMAIN-PW2 WILDCARD-DOMAIN-SH WILDCARD-DOMAIN-TD WILDCARD-DOMAIN-TK1 WILDCARD-DOMAIN-TK2 WILDCARD-DOMAIN-TM WILDCARD-DOMAIN-WS SBBL AHBL-RELAY-DYNA AHBL-PROXY-DYNA AHBL-SOURCE-DYNA AHBL-MAYBE AHBL-FORMMAIL AHBL-SUPPDIRECT AHBL-SUPPINDIR AHBL-ENDUSER-DYNA AHBL-SHOOT AHBL-NOABUSE AHBL-IGNORE5XX AHBL-NONRFC AHBL-OTHER SOLID BENTALLIPWL BENTALLIPBL BENTALLKILLFILE ANTIGIBBERISHSUB ANTIGIBBERISH GIBBERISHSUB GIBBERISH DYNAMIC BENTALLHABEAS BENTALLBOUNCEIN COMCAST-DYNA SHAWCABLE-DYNA BENTALLKILLDEL BENTALLSPAM BENTALLSPAMSUBJ BENTALLVIRUS BENTALLNEGTEXT BENTALLSPAMHINT BENTALLURL1203 BENTALLHTML BENTALLURLHINT BENTALLURLHOSTS BENTALLSPAMUNSUB BENTALLSPAMURLPORN BENTALLHOAX SNIFFER SNIFFERMALWARE SNIFFERGREY DSBLALL GIBBERISHBODY BENTALLURLHTML ×!5 rsplow=0012C844 high=0012FFF0
Re: [Declude.JunkMail] Topica and SBL
This took actual research to figure out :) Topica is absolutely a spam house, and I wouldn't be at all surprised to see them populating their database with addresses and list demographics from Topica.com. Many of the lists that Topica sends out are auto-subscribed to by a bot that they operate, so they are merely re-distributing much of the content. Here's the SBL evidence file for the main Topica block: http://www.spamhaus.org/sbl/sbl.lasso?query=SBL12236 Here's one of their blocks that I have blacklisted: http://www.senderbase.org/search?searchString=66.180.244.0%2F25 Here's a nice evidence file from Google: http://groups.google.com/groups?q=topica.com+group:*abuse*start=10hl=enlr=ie=UTF-8scoring=dselm=e1e3rvkq62pvs1mi997tamhk701s571m5a%40thor.wirehub.nlrnum=12 Here's what happens with their unconfirmed list subscriptions (4-9 year old child porn list memberships): http://groups.google.com/groups?q=topica.com+group:*abuse*start=20hl=enlr=ie=UTF-8scoring=dselm=200310170813.h9H8DauA024020%40jupiter.gwalter.demon.co.ukrnum=22 The SBL listing as well as Google Groups suggests strongly that they are using their list business as a part of their address collection, or in the very least they don't hardly at all practice a foolproof method of verifying memberships in their lists as fake addresses get subscribed, and on person even complained about getting subscribed to something like 28 of their lists all at once as suspected retribution for something, hearsay of course, but there's lots more, 5,480 matches in abuse newsgroups in fact. Topica - http://groups.google.com/groups?hl=enlr=ie=ISO-8859-1scoring=dq=Topica+group%3A*abuse*btnG=Google+Search And some other abuse newsgroup hits: tpca.net - http://groups.google.com/groups?scoring=dq=tpca.net+group:*abuse* servitall.com - http://groups.google.com/groups?scoring=dq=Servitall.com+group:*abuse* pl00.com - http://groups.google.com/groups?scoring=dq=pl00.com+group:*abuse* These guys clearly front their listserv business as a way to enable their spam operations, and spamming listserv operators take advantage of their policies in order to gain entry into your system. How could you possibly want to let this stuff into your server? As far as the other SBL FP's that you said you have relating to personal E-mail, I'd be very curious as to what the SBL listing said in relation. SBL has an FP rate that far exceeds my own on my system. I'd drop them substantially in weighting if I felt that their standards were lacking. Matt Bill Landry wrote: Matt, legitimate messages are legitimate no matter the source that they come from, would you not agree with this? You would have deleted all of these messages, as well the other dozen or so legitimate personal messages I found. I don't see any credibility in your position here that it is okay to delete legitimate messages based on where they are delivered from. Bill - Original Message - From: Matt To: [EMAIL PROTECTED] Sent: Tuesday, January 13, 2004 9:45 AM Subject: Re: [Declude.JunkMail] SpamD/SpamC for Declude Bill, It appears that your entire list is from one source, Topica. Search the archives for a discussion of Topica, how their lack of message list verification results in lots of spam, and how they are also a spam house, even sending spam from the same block of IP's. I thought this was an FP at first, but this is more of the malware variety. There's a good reason for Topica to be listed. I've explained this one caveat many times here, but a spam house is a spam house in my book. You should have explained with your stats how these were mostly or even all from the same source :) Matt Bill Landry wrote: - Original Message - From: Matt I think that I've pointed out the caveats many times over on blocking with SBL. SBL is though more accurate than my system as a whole, and I have never seen a true false positive with it. I've asked this several times; has anyone ever seen a false positive with SBL? I've not ever received a single reply to that question, though this is the 3rd time I've asked it now. Because people didn't respond doesn't mean anything. All RBLs produce false-positives. How could they not, they are run by humans. I think your advice is well founded, however it is a generalization and exceptions may apply. There are no exceptions when it comes to anything run by humans, there WILL be errors. Just from yesterdays logs, legitimate mailing list messages blocked by SBL: 20 Subject: RE: [MS SMS] What are YOU doing to remove spyware? 2004 Edition 19 Subject: RE: [MS SMS] OT: Football 12 Subject: RE: [myOT] Alias 10 Subject: RE: [MS SMS] SMS 2003: WMI 9 Subject: RE: [MS SMS] Installing a DP over the wire. 9 Subject: RE: [myOT] MMS 2004 7 Subject:
Re: [Declude.JunkMail] Topica and SBL
Wow, what does any of this have to do with delivering legitimate messages rather than deleting them? I do not intentionally deliver spam from any source, including these - but I do deliver the legitimate messages sent from any source(ah, the true benefits of a spam weighting system). You, on the other hand, summarily delete anything that may come from a source of spam, whether the message is legitimate or not. I simply do not understand this philosophy, nor that you would argue in favor of it. Bill - Original Message - From: Matt To: [EMAIL PROTECTED] Sent: Tuesday, January 13, 2004 10:29 AM Subject: Re: [Declude.JunkMail] Topica and SBL This took actual research to figure out :) Topica is absolutely a spam house, and I wouldn't be at all surprised to see them populating their database with addresses and list demographics from Topica.com. Many of the lists that Topica sends out are auto-subscribed to by a bot that they operate, so they are merely re-distributing much of the content.
Re: [Declude.JunkMail] 1.77i15 Bug
Same problem. 01/13/2004 13:53:21 Q3ea002ea02623b93 ERROR: nTests corrupted (1): 961824839-200 01/13/2004 13:53:22 Q3ea002ea02623b93 (Error 5 at 42351c v1.77i17) 01/13/2004 13:53:22 Q3ea002ea02623b93 (log part 2 saved as C:\declude.gp2) 01/13/2004 13:53:22 Q3ea002ea02623b93 (log part 1 saved as C:\declude.gp1) - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, January 13, 2004 1:09 PM Subject: Re: [Declude.JunkMail] 1.77i15 Bug It now shows 1.77i16 but still the same error. 1/13/2004 12:44:03 Q2e6302780262ca7c (Error 5 at 4127f8 v1.77i16) 01/13/2004 12:44:03 Q2e6302780262ca7c (log part 2 saved as C:\declude.gp2) 01/13/2004 12:44:03 Q2e6302780262ca7c (log part 1 saved as C:\declude.gp1) There is a v1.77i17 that has been placed online to deal with this. However, given the mystery caching problem, you may or may not be able to get 1.77i17 (we're still getting i15 when we try to download from here, even though i17 is online). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] 1.77i15 Bug
Same problem. 01/13/2004 13:53:21 Q3ea002ea02623b93 ERROR: nTests corrupted (1): 961824839-200 There is a 1.77i18 at http://www.declude.com/interim that should fix this. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Log File Changes
From visual inspection, it looks like there is also warning lines in this format: 01/07/2004 00:13:11 Qa376165600fc12a6 WARNING: some type of error report here These are easy enough to ignore during my analysis. Are there other types of lines that may be of concern? Thanks, Bill -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Tuesday, January 13, 2004 11:31 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Log File Changes I am assuming that for this information, I need MID log level. On visual inspection of the MID log file, it looks like this format is: 00/00/00 00:00:00 Qx FailedTest1Name:weight FailedTest2Name:weight TOTALWEIGHT = weight. 00/00/00 00:00:00 Qx Subject: message subject 00/00/00 00:00:00 Qx From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] IP: x.x.x.x ID: 00/00/00 00:00:00 Qx FailedTest1Name:action FailedTest2Name:action . That is correct. Some of those lines appear at LOGLEVEL LOW, but to get them all, you would need LOGLEVEL MID (or LOGLEVEL HIGH). And for multiple recipients, the last three lines are repeated (not sure why subject line is repeated?) for each user with the new TO address appended to the previous TO line. i.e.: To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] [EMAIL PROTECTED] To: [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] Etc. Are my assumptions correct? That is correct. I'll look into getting the Subject: line to only appear once. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] *OT* Web dns management console
Can anyone recommend a web interfaced dns management console for end users? Want end users to be able to manage their own domains eg: adding, deleting, edits. Thanks much! -Nick Hayer --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Topica and SBL
TREADING LIGHTLY I think what Matt maybe saying, is that even if legit messages come through Topica, Topica may be harvesting those addresses from the legit messages for use in unintended ways, AKA spam. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bill Landry Sent: Tuesday, January 13, 2004 10:59 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Topica and SBL Wow, what does any of this have to do with delivering legitimate messages rather than deleting them? I do not intentionally deliver spam from any source, including these - but I do deliver the legitimate messages sent from any source(ah, the true benefits of a spam weighting system). You, on the other hand, summarily delete anything that may come from a source of spam, whether the message is legitimate or not. I simply do not understand this philosophy, nor that you would argue in favor of it. Bill - Original Message - From: Matt To: [EMAIL PROTECTED] Sent: Tuesday, January 13, 2004 10:29 AM Subject: Re: [Declude.JunkMail] Topica and SBL This took actual research to figure out :) Topica is absolutely a spam house, and I wouldn't be at all surprised to see them populating their database with addresses and list demographics from Topica.com. Many of the lists that Topica sends out are auto-subscribed to by a bot that they operate, so they are merely re-distributing much of the content.
Re: [Declude.JunkMail] SPAMC32 (SpamAssassin SPAMC for Declude) 0.5.55 released
- Original Message - From: Russ Uhte (Lists) [EMAIL PROTECTED] Bill... This is what I would like to do, but there are a couple issues/questions I have. Russ, we should probably take this off-line. But briefly: 1. How do I reject messages with an invalid RCPT TO: command? There are a couple of ways you can handle this, depending on where you host your IMail user database. 2. What size machine do I need? Let's say I process 200,000 messages a day, and I want to plan for 20% growth before this box is retired. I understand that fast hard drives and proper partitioning are still extremely important, but what about processor/memory requirements? I'm guessing this would be pretty high need as well. Personally, I would much rather setup two smaller gateway servers with equal MX settings then one big gateway server. The reason for this is that it allows you to split the load and also be able to loose a server or take it off-line for maintenance and still keep delivering mail. Please contact me off-list if you would like to discuss this further. Bill --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] whitelisted
Andy, Habeas has not been compromised. Since Saturday, a spammer has been using the Habeas warrant in the headers to get his junk past configurations like yours. This header text is easy to insert. Note that the X-Mailer: header is also being faked. Each of the spams I've seen like this have come through a zombie on a consumer broadband computer. And is advertising one of three domain names. The general consensus is that you shouldn't WHITELIST on any easily forged text, including the Habeas warrant. Check the archive in the last few days for this list for more discussion and sample configurations that have shared. http://www.mail-archive.com/[EMAIL PROTECTED]/ Andrew 8) -Original Message- From: andyb [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 13, 2004 10:13 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] whitelisted HI, I'm getting spam, and it is being whitelisted because of HABEAS... Here are the headers. These emails are definately spam. Looks like HABEAS has been compromised? Comments Please. thanks, Andy Received: from cs78191007.pp.htv.fi [62.78.191.7] by thumpernet.com (SMTPD32-6.06) id A0E113013E; Tue, 13 Jan 2004 12:54:41 -0500 Received: from 240.80.76.18 by 81.218.114.4; Tue, 13 Jan 2004 03:42:04 -0200 Message-ID: [EMAIL PROTECTED] X-Habeas-SWE-1: winter into spring X-Habeas-SWE-2: brightly anticipated X-Habeas-SWE-3: like Habeas SWE (tm) X-Habeas-SWE-4: Copyright 2002 Habeas (tm) X-Habeas-SWE-5: Sender Warranted Email (SWE) (tm). The sender of this X-Habeas-SWE-6: email in exchange for a license for this Habeas X-Habeas-SWE-7: warrant mark warrants that this is a Habeas Compliant X-Habeas-SWE-8: Message (HCM) and not spam. Please report use of this X-Habeas-SWE-9: mark in spam to http://www.habeas.com/report/. From: Blaine Shaffer [EMAIL PROTECTED] Reply-To: Blaine Shaffer [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: GOT Valï(u)m, Viagr@, X(a)[EMAIL PROTECTED], Som@ Di3t Pills Many M3ds Y5iov Date: Tue, 13 Jan 2004 04:49:04 -0100 X-Mailer: NetJunction (NetJunction 5.0-p1)/MIME MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=--891940459175399 X-Priority: 5 X-Declude-Sender: [EMAIL PROTECTED] [62.78.191.7] X-RBL-Warning: Total weight: 0 X-Note: Total spam weight of this E-mail is 0. X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. X-Spam-Tests-Failed: Whitelisted [0] X-RCPT-TO: [EMAIL PROTECTED] X-UIDL: 370486507 Status: U --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Topica and SBL
Bill, If this stuff comes from the same IP, both good and bad, then how do you tell it apart? Do you merely rely on content filters? Their servers send lots of spam and they are well aware of the problems. When you combine their semi-legit business with the fact that they are spamming openly from 10 or more different address blocks, and they use 100's of domains, I think the right thing to do becomes obvious. I'm sure that this is what led SBL to finally list them. The fact is that if I was knowingly selling bulk mail services to spammers from my own server as well as sending personal E-mail from it, you would be justified in blocking me. Topica's practices will probably end up converting their service over to virtually all spam over time, because legit senders will find their service to be a poor choice based on their business practices. The bottom line remains, Topica is a spam house, and on their supposed legit service, they maintain relationships with known spammers despite abuse reports. They are leaving us with no choice, because they left us with no good way to differentiate. Topica is a bad, bad company. Matt Bill Landry wrote: Wow, what does any of this have to do with delivering legitimate messages rather than deleting them? I do not intentionally deliver spam from any source, including these - but I do deliver the legitimate messages sent from any source(ah, the true benefits of a spam weighting system). You, on the other hand, summarily delete anything that may come from a source of spam, whether the message is legitimate or not. I simply do not understand this philosophy, nor that you would argue in favor of it. Bill - Original Message - From: Matt To: [EMAIL PROTECTED] Sent: Tuesday, January 13, 2004 10:29 AM Subject: Re: [Declude.JunkMail] Topica and SBL This took actual research to figure out :) Topica is absolutely a spam house, and I wouldn't be at all surprised to see them populating their database with addresses and list demographics from Topica.com. Many of the lists that Topica sends out are auto-subscribed to by a bot that they operate, so they are merely re-distributing much of the content. -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =
Re: [Declude.JunkMail] whitelisted
This was whitelisted as it is/was part of the default config file... - Original Message - From: Rick Klinge [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, January 13, 2004 1:25 PM Subject: RE: [Declude.JunkMail] whitelisted Fwiw.. I would never whitelist any email based solely because they warranted it to be spam free... Email headers can and do get forged all the time. I have recently sent them a letter and a lot of porno and spam email for them to review.. ~Rick -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of andyb Sent: Tuesday, January 13, 2004 12:13 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] whitelisted HI, I'm getting spam, and it is being whitelisted because of HABEAS... Here are the headers. These emails are definately spam. Looks like HABEAS has been compromised? Comments Please. thanks, Andy Received: from cs78191007.pp.htv.fi [62.78.191.7] by thumpernet.com (SMTPD32-6.06) id A0E113013E; Tue, 13 Jan 2004 12:54:41 -0500 Received: from 240.80.76.18 by 81.218.114.4; Tue, 13 Jan 2004 03:42:04 -0200 Message-ID: [EMAIL PROTECTED] X-Habeas-SWE-1: winter into spring X-Habeas-SWE-2: brightly anticipated X-Habeas-SWE-3: like Habeas SWE (tm) X-Habeas-SWE-4: Copyright 2002 Habeas (tm) X-Habeas-SWE-5: Sender Warranted Email (SWE) (tm). The sender of this X-Habeas-SWE-6: email in exchange for a license for this Habeas X-Habeas-SWE-7: warrant mark warrants that this is a Habeas Compliant X-Habeas-SWE-8: Message (HCM) and not spam. Please report use of this X-Habeas-SWE-9: mark in spam to http://www.habeas.com/report/. From: Blaine Shaffer [EMAIL PROTECTED] Reply-To: Blaine Shaffer [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: GOT Valï(u)m, Viagr@, X(a)[EMAIL PROTECTED], Som@ Di3t Pills Many M3ds Y5iov Date: Tue, 13 Jan 2004 04:49:04 -0100 X-Mailer: NetJunction (NetJunction 5.0-p1)/MIME MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=--891940459175399 X-Priority: 5 X-Declude-Sender: [EMAIL PROTECTED] [62.78.191.7] X-RBL-Warning: Total weight: 0 X-Note: Total spam weight of this E-mail is 0. X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. X-Spam-Tests-Failed: Whitelisted [0] X-RCPT-TO: [EMAIL PROTECTED] X-UIDL: 370486507 Status: U --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. ___ Virus Scanned and Filtered by http://www.FamHost.com E-Mail System. ___ Virus Scanned and Filtered by http://www.FamHost.com E-Mail System. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Habeas fraud?
Several spam emails are being whitelisted by declude, I didnt know what was causing it as I dont have any whitelisting going on, until I noticed the habeas header. Am I correct in thinking that this spam messages got whitelisted because of Habeas? And if so, what next step should I take other than turning off Habeas whitelisting? Received: from ACB83BEE.ipt.aol.com [172.184.59.238] by jeeran.com (SMTPD32-6.06) id AE443C3010A; Tue, 13 Jan 2004 19:43:32 +0200 Received: from 179.46.253.160 by 172.184.59.238; Tue, 13 Jan 2004 03:45:03 -0200 Message-ID: [EMAIL PROTECTED] X-Habeas-SWE-1: winter into spring X-Habeas-SWE-2: brightly anticipated X-Habeas-SWE-3: like Habeas SWE (tm) X-Habeas-SWE-4: Copyright 2002 Habeas (tm) X-Habeas-SWE-5: Sender Warranted Email (SWE) (tm). The sender of this X-Habeas-SWE-6: email in exchange for a license for this Habeas X-Habeas-SWE-7: warrant mark warrants that this is a Habeas Compliant X-Habeas-SWE-8: Message (HCM) and not spam. Please report use of this X-Habeas-SWE-9: mark in spam to http://www.habeas.com/report/. From: Rodolfo Horner [EMAIL PROTECTED] Reply-To: Rodolfo Horner [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Want Meds? S(o)mA, X(a)[EMAIL PROTECTED], Valï(u)m, V|@gra. Di3t Pills Many M3ds 40cw7H Date: Tue, 13 Jan 2004 01:38:03 -0400 X-Mailer: Z-Mail (3.2.3 08feb96 MediaMail) MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=--546890453042068292 X-Priority: 5 X-Declude-Sender: [EMAIL PROTECTED] [172.184.59.238] X-Note: This E-mail was scanned by jeeran.com for spam. X-Spam-Tests-Failed: Whitelisted [0] X-RCPT-TO: [EMAIL PROTECTED] X-UIDL: 351356022 Status: U --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Topica and SBL
So I got to ask then, is this a good enough reason to delete legitimate messages? Bill - Original Message - From: John Tolmachoff (Lists) To: [EMAIL PROTECTED] Sent: Tuesday, January 13, 2004 11:17 AM Subject: RE: [Declude.JunkMail] Topica and SBL TREADING LIGHTLY I think what Matt maybe saying, is that even if legit messages come through Topica, Topica may be harvesting those addresses from the legit messages for use in unintended ways, AKA spam. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bill LandrySent: Tuesday, January 13, 2004 10:59 AMTo: [EMAIL PROTECTED]Subject: Re: [Declude.JunkMail] Topica and SBL Wow, what does any of this have to do with delivering legitimate messages rather than deleting them? I do not intentionally deliver spam from any source, including these - but I do deliver the legitimate messages sent from any source(ah, the true benefits of a spam weighting system). You, on the other hand, summarily delete anything that may come from a source of spam, whether the message is legitimate or not. I simply do not understand this philosophy, nor that you would argue in favor of it. Bill - Original Message - From: Matt To: [EMAIL PROTECTED] Sent: Tuesday, January 13, 2004 10:29 AM Subject: Re: [Declude.JunkMail] Topica and SBL This took actual research to figure out :) Topica is absolutely a spam house, and I wouldn't be at all surprised to see them populating their database with addresses and list demographics from Topica.com. Many of the lists that Topica sends out are auto-subscribed to by a bot that they operate, so they are merely re-distributing much of the content.
RE: [Declude.JunkMail] *OT* Web dns management console
You did not mention the DNS server being used. like BIND, Simple DNS, MS DNS??? Kevin Bilbee -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Nick Hayer Sent: Tuesday, January 13, 2004 11:09 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] *OT* Web dns management console Can anyone recommend a web interfaced dns management console for end users? Want end users to be able to manage their own domains eg: adding, deleting, edits. Thanks much! -Nick Hayer --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] whitelisted
I have been reporting as they come up. Thanks, Andy - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, January 13, 2004 1:13 PM Subject: Re: [Declude.JunkMail] whitelisted I'm getting spam, and it is being whitelisted because of HABEAS... Here are the headers. These emails are definately spam. Looks like HABEAS has been compromised? Yes; the pharmacourt.biz spammers have infringed on the Habeas intellectual property rights. Habeas is going after them. Until this dies down, you may want to temporarily comment out the WHITELIST HABEAS line in the \IMail\Declude\global.cfg file. You should also report it to them (the spammer was nice enough to include the URL to report it at in the headers!). Reporting is important because although Habeas knows that this has happened, they are collecting as much information as possible. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] *OT* Web dns management console
Yup, http://www.jhsoft.com Works.. No problems at all ~Rick -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nick Hayer Sent: Tuesday, January 13, 2004 1:09 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] *OT* Web dns management console Can anyone recommend a web interfaced dns management console for end users? Want end users to be able to manage their own domains eg: adding, deleting, edits. Thanks much! -Nick Hayer ___ Virus Scanned and Filtered by http://www.FamHost.com E-Mail System. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Topica and SBL
Except that you are contributing to their database of valid addresses so you get other spam and you are doing "business" with a spammer... even if it is a free list. The point that Matt makes.. which is a valid one.. is that Topica shouldn't be used by anyone because their existance makes spam even worse for all. You shouldn't enable spammers, and your use of their lists is doing just that. --Joshua Levitsky, MCSE, CISSPSystem EngineerTime Inc. Information Technology[5957 F27C 9C71 E9A7 274A 0447 C9B9 75A4 9B41 D4D1] - Original Message - From: Bill Landry To: [EMAIL PROTECTED] Sent: Tuesday, January 13, 2004 1:58 PM Subject: Re: [Declude.JunkMail] Topica and SBL Wow, what does any of this have to do with delivering legitimate messages rather than deleting them? I do not intentionally deliver spam from any source, including these - but I do deliver the legitimate messages sent from any source(ah, the true benefits of a spam weighting system). You, on the other hand, summarily delete anything that may come from a source of spam, whether the message is legitimate or not. I simply do not understand this philosophy, nor that you would argue in favor of it. Bill - Original Message - From: Matt To: [EMAIL PROTECTED] Sent: Tuesday, January 13, 2004 10:29 AM Subject: Re: [Declude.JunkMail] Topica and SBL This took actual research to figure out :) Topica is absolutely a spam house, and I wouldn't be at all surprised to see them populating their database with addresses and list demographics from Topica.com. Many of the lists that Topica sends out are auto-subscribed to by a bot that they operate, so they are merely re-distributing much of the content.
Re: [Declude.JunkMail] Topica and SBL
John, That's part of it, but that part was only speculative. Topica does harvest from the Web and newsgroups for their spam for sure. Topica is a very shifty company that likes to juggle address blocks. In order to avoid listings, they have an active campaign to encourage people to whitelist their list servers. They were a Habeas client, but they had their status pulled very quickly. Now they have tricked Bonded Sender into list them, and I assure you, that won't last long either if Bonded Sender wants to maintain any clout in the community (be your own judge). Matt John Tolmachoff (Lists) wrote: TREADING LIGHTLY I think what Matt maybe saying, is that even if legit messages come through Topica, Topica may be harvesting those addresses from the legit messages for use in unintended ways, AKA spam. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Bill Landry Sent: Tuesday, January 13, 2004 10:59 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Topica and SBL Wow, what does any of this have to do with delivering legitimate messages rather than deleting them? I do not intentionally deliver spam from any source, including these - but I do deliver the legitimate messages sent from any source(ah, the true benefits of a spam weighting system). You, on the other hand, summarily delete anything that may come from a source of spam, whether the message is legitimate or not. I simply do not understand this philosophy, nor that you would argue in favor of it. Bill - Original Message - From: Matt To: [EMAIL PROTECTED] Sent: Tuesday, January 13, 2004 10:29 AM Subject: Re: [Declude.JunkMail] Topica and SBL This took actual research to figure out :) Topica is absolutely a spam house, and I wouldn't be at all surprised to see them populating their database with addresses and list demographics from Topica.com. Many of the lists that Topica sends out are auto-subscribed to by a bot that they operate, so they are merely re-distributing much of the content. -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =
Re: [Declude.JunkMail] whitelisted
Hi, If people can use Habeas headers to get their spam delivered, then Habeas HAS been compromised. To say otherwise is a symantic difference that I don't care to debate. Bottom line is that Habeus Warrant doesn't mean anything right now. As for a configuration like mine, as I said, this is included in the default config files obtained directly from Declude. Call me ignorant, that's fine. I have to trust the makers of the software to know what they are doing until I find out/learn otherwise. The purpose of the list is to share info. I could have just taken care of this quietly but instead chose to share the issue on the list because if it was happening to me, I'm sure it is happening to others. I'm sorry if my tone sounds a little indignant. I'm not a stupid person, just a busy one with way too much information to process at times. Thanks, Andy - Original Message - From: Colbeck, Andrew [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, January 13, 2004 1:46 PM Subject: RE: [Declude.JunkMail] whitelisted Andy, Habeas has not been compromised. Since Saturday, a spammer has been using the Habeas warrant in the headers to get his junk past configurations like yours. This header text is easy to insert. Note that the X-Mailer: header is also being faked. Each of the spams I've seen like this have come through a zombie on a consumer broadband computer. And is advertising one of three domain names. The general consensus is that you shouldn't WHITELIST on any easily forged text, including the Habeas warrant. Check the archive in the last few days for this list for more discussion and sample configurations that have shared. http://www.mail-archive.com/[EMAIL PROTECTED]/ Andrew 8) -Original Message- From: andyb [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 13, 2004 10:13 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] whitelisted HI, I'm getting spam, and it is being whitelisted because of HABEAS... Here are the headers. These emails are definately spam. Looks like HABEAS has been compromised? Comments Please. thanks, Andy Received: from cs78191007.pp.htv.fi [62.78.191.7] by thumpernet.com (SMTPD32-6.06) id A0E113013E; Tue, 13 Jan 2004 12:54:41 -0500 Received: from 240.80.76.18 by 81.218.114.4; Tue, 13 Jan 2004 03:42:04 -0200 Message-ID: [EMAIL PROTECTED] X-Habeas-SWE-1: winter into spring X-Habeas-SWE-2: brightly anticipated X-Habeas-SWE-3: like Habeas SWE (tm) X-Habeas-SWE-4: Copyright 2002 Habeas (tm) X-Habeas-SWE-5: Sender Warranted Email (SWE) (tm). The sender of this X-Habeas-SWE-6: email in exchange for a license for this Habeas X-Habeas-SWE-7: warrant mark warrants that this is a Habeas Compliant X-Habeas-SWE-8: Message (HCM) and not spam. Please report use of this X-Habeas-SWE-9: mark in spam to http://www.habeas.com/report/. From: Blaine Shaffer [EMAIL PROTECTED] Reply-To: Blaine Shaffer [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: GOT Valï(u)m, Viagr@, X(a)[EMAIL PROTECTED], Som@ Di3t Pills Many M3ds Y5iov Date: Tue, 13 Jan 2004 04:49:04 -0100 X-Mailer: NetJunction (NetJunction 5.0-p1)/MIME MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=--891940459175399 X-Priority: 5 X-Declude-Sender: [EMAIL PROTECTED] [62.78.191.7] X-RBL-Warning: Total weight: 0 X-Note: Total spam weight of this E-mail is 0. X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. X-Spam-Tests-Failed: Whitelisted [0] X-RCPT-TO: [EMAIL PROTECTED] X-UIDL: 370486507 Status: U --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] *OT* Web dns management console
GENERAL WARNING. More control available to the end user means more problems can be created by the end user. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Nick Hayer Sent: Tuesday, January 13, 2004 11:09 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] *OT* Web dns management console Can anyone recommend a web interfaced dns management console for end users? Want end users to be able to manage their own domains eg: adding, deleting, edits. Thanks much! -Nick Hayer --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Topica and SBL
When the messages come from a system that participates in building spam lists and the distribution of spam then yes. You must take a stand that you won't have anything to do with a company like Topica. By using the legitimate part of their business you are feeding their corrupt part of their business and you are ultimately making the Internet a slightly worse place to be. --Joshua Levitsky, MCSE, CISSPSystem EngineerTime Inc. Information Technology[5957 F27C 9C71 E9A7 274A 0447 C9B9 75A4 9B41 D4D1] - Original Message - From: Bill Landry To: [EMAIL PROTECTED] Sent: Tuesday, January 13, 2004 2:32 PM Subject: Re: [Declude.JunkMail] Topica and SBL So I got to ask then, is this a good enough reason to delete legitimate messages? Bill
Re: [Declude.JunkMail] whitelisted
On their website you can report the spam and they will go after them... in theory... but for now because so many people are bundling the headers in spam you should probably not whitelist Habeas headers. -- Joshua Levitsky, MCSE, CISSP System Engineer Time Inc. Information Technology [5957 F27C 9C71 E9A7 274A 0447 C9B9 75A4 9B41 D4D1] - Original Message - From: andyb [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, January 13, 2004 1:13 PM Subject: [Declude.JunkMail] whitelisted HI, I'm getting spam, and it is being whitelisted because of HABEAS... Here are the headers. These emails are definately spam. Looks like HABEAS has been compromised? Comments Please. thanks, Andy Received: from cs78191007.pp.htv.fi [62.78.191.7] by thumpernet.com (SMTPD32-6.06) id A0E113013E; Tue, 13 Jan 2004 12:54:41 -0500 Received: from 240.80.76.18 by 81.218.114.4; Tue, 13 Jan 2004 03:42:04 -0200 Message-ID: [EMAIL PROTECTED] X-Habeas-SWE-1: winter into spring X-Habeas-SWE-2: brightly anticipated X-Habeas-SWE-3: like Habeas SWE (tm) X-Habeas-SWE-4: Copyright 2002 Habeas (tm) X-Habeas-SWE-5: Sender Warranted Email (SWE) (tm). The sender of this X-Habeas-SWE-6: email in exchange for a license for this Habeas X-Habeas-SWE-7: warrant mark warrants that this is a Habeas Compliant X-Habeas-SWE-8: Message (HCM) and not spam. Please report use of this X-Habeas-SWE-9: mark in spam to http://www.habeas.com/report/. From: Blaine Shaffer [EMAIL PROTECTED] Reply-To: Blaine Shaffer [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: GOT Valï(u)m, Viagr@, X(a)[EMAIL PROTECTED], Som@ Di3t Pills Many M3ds Y5iov Date: Tue, 13 Jan 2004 04:49:04 -0100 X-Mailer: NetJunction (NetJunction 5.0-p1)/MIME MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=--891940459175399 X-Priority: 5 X-Declude-Sender: [EMAIL PROTECTED] [62.78.191.7] X-RBL-Warning: Total weight: 0 X-Note: Total spam weight of this E-mail is 0. X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. X-Spam-Tests-Failed: Whitelisted [0] X-RCPT-TO: [EMAIL PROTECTED] X-UIDL: 370486507 Status: U --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Topica and SBL
I'm not deleting legitimate messages the last time I checked. If my customers want to sign up for Topica, they can add them to their Web mail address book. I figure that this is only a transition period until Topica loses all of their legit business due to their practices. Clearly, I am well aware of this issue :) I'm much more concerned about the personal E-mail that you said was also blocked by SBL. I would definitely consider dropping their weight based on your claim that you saw 10 such messages in a day. Also, don't assume that I am irresponsible in regard to weighting. I watch my system like a hawk, and I use over 100 different tests, with only two capable of deleting a message based on one hit (the other being my own IP blacklist). When I find a problem, I always fix it, though some need further verification and monitoring. Matt Bill Landry wrote: So I got to ask then, is this a good enough reason to delete legitimate messages? Bill - Original Message - From: John Tolmachoff (Lists) To: [EMAIL PROTECTED] Sent: Tuesday, January 13, 2004 11:17 AM Subject: RE: [Declude.JunkMail] Topica and SBL TREADING LIGHTLY I think what Matt maybe saying, is that even if legit messages come through Topica, Topica may be harvesting those addresses from the legit messages for use in unintended ways, AKA spam. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Bill Landry Sent: Tuesday, January 13, 2004 10:59 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Topica and SBL Wow, what does any of this have to do with delivering legitimate messages rather than deleting them? I do not intentionally deliver spam from any source, including these - but I do deliver the legitimate messages sent from any source(ah, the true benefits of a spam weighting system). You, on the other hand, summarily delete anything that may come from a source of spam, whether the message is legitimate or not. I simply do not understand this philosophy, nor that you would argue in favor of it. Bill - Original Message - From: Matt To: [EMAIL PROTECTED] Sent: Tuesday, January 13, 2004 10:29 AM Subject: Re: [Declude.JunkMail] Topica and SBL This took actual research to figure out :) Topica is absolutely a spam house, and I wouldn't be at all surprised to see them populating their database with addresses and list demographics from Topica.com. Many of the lists that Topica sends out are auto-subscribed to by a bot that they operate, so they are merely re-distributing much of the content. -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =
Re: [Declude.JunkMail] *OT* Web dns management console
Hi Nick, I put together a simple one in .NET for MS DNS that uses SQL2K and the dnscmd utility to manage the most common functions in DNS (adding, deleting Host and MX records). Note that it does currently require IIS, the .NET framework, and SQL2K on the MS DNS server. If you're interested, we can talk offline to see if it is a fit for your needs. Darin. - Original Message - From: Nick Hayer [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, January 13, 2004 2:09 PM Subject: Re: [Declude.JunkMail] *OT* Web dns management console Can anyone recommend a web interfaced dns management console for end users? Want end users to be able to manage their own domains eg: adding, deleting, edits. Thanks much! -Nick Hayer --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. _ [This E-mail virus scanned by 4C Web] _ [This E-mail virus scanned by 4C Web] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] *OT* Web dns management console
I'm using bind 8x but I would switch no problem to have the user interface... -Nick From: Kevin Bilbee [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject:RE: [Declude.JunkMail] *OT* Web dns management console Date sent: Tue, 13 Jan 2004 11:56:12 -0800 Send reply to: [EMAIL PROTECTED] You did not mention the DNS server being used. like BIND, Simple DNS, MS DNS??? Kevin Bilbee -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Nick Hayer Sent: Tuesday, January 13, 2004 11:09 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] *OT* Web dns management console Can anyone recommend a web interfaced dns management console for end users? Want end users to be able to manage their own domains eg: adding, deleting, edits. Thanks much! -Nick Hayer --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Topica and SBL
- Original Message - From: Joshua Levitsky Except that you are contributing to their database of valid addresses so you get other spam and you are doing business with a spammer... even if it is a free list. The point that Matt makes.. which is a valid one.. is that Topica shouldn't be used by anyone because their existance makes spam even worse for all. You shouldn't enable spammers, and your use of their lists is doing just that. Oh yeah, well let me know how that works for you when you advise your customers and users that they cannot subscribe to legitimate lists hosted by topica (and others) because some of there address space has been know to send spam. I'm sure that will go over real big. When your customers are ready to drop your services because of this, be sure to send them my way, since I will always deliver their legitimate messages to them, no matter the source, and make every effort to block spam from being delivered to them. Guess what, the rules for ISPs and other businesses are different then those that are applied to private e-mail domains like joshie.com. Bill --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Topica and SBL
Title: Message I guess this goes towards where one chooses to draw the line - spammersvs. "organizations supporting spammers". Someone who knowingly gets involved with a spammer, should probably expect that their email will not longer be delivered reliably. Similar to blocking an infected/Zombie machine by IP. I do realize that this machine could ALSO generate legitimate requests from my server - but it is up to them to fix their problem so that the block can be removed. -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bill LandrySent: Tuesday, January 13, 2004 02:33 PMTo: [EMAIL PROTECTED]Subject: Re: [Declude.JunkMail] Topica and SBL So I got to ask then, is this a good enough reason to delete legitimate messages? Bill
Re: [Declude.JunkMail] *OT* Web dns management console
I whole heartedly agree. Allowing end users, who usually know nothing about how DNS works, to manage their own domain zone files I think is a recipe for disaster. Just me 2 cents... Bill - Original Message - From: John Tolmachoff (Lists) [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, January 13, 2004 11:30 AM Subject: RE: [Declude.JunkMail] *OT* Web dns management console GENERAL WARNING. More control available to the end user means more problems can be created by the end user. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Nick Hayer Sent: Tuesday, January 13, 2004 11:09 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] *OT* Web dns management console Can anyone recommend a web interfaced dns management console for end users? Want end users to be able to manage their own domains eg: adding, deleting, edits. Thanks much! -Nick Hayer --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. .com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] *OT* Web dns management console
Totally agree, John. That's why the simple interface I put together has multiple security levels: one for users that could get into trouble by accidentally deleting their MX records and www, etc. hostsand another for more educated users who can be trusted to manage those. Generally shared hosting users can get access to the simple things like adding and deleting , and collocated customers can perform somewhat more advanced tasks like MX and common host (www, ftp, mail, etc.) record management. Overall, it saves us a small amount of support time and makes some of our customers happy when they have the power to make changes themselves without having to contact someone else to do it. Darin. - Original Message - From: John Tolmachoff (Lists) [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, January 13, 2004 2:30 PM Subject: RE: [Declude.JunkMail] *OT* Web dns management console GENERAL WARNING. More control available to the end user means more problems can be created by the end user. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Nick Hayer Sent: Tuesday, January 13, 2004 11:09 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] *OT* Web dns management console Can anyone recommend a web interfaced dns management console for end users? Want end users to be able to manage their own domains eg: adding, deleting, edits. Thanks much! -Nick Hayer --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. _ [This E-mail virus scanned by 4C Web] _ [This E-mail virus scanned by 4C Web] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] SPF Bug!
I believe I found a bug in your SPF implementation. http://www.infinitepenguins.net/SPF/check.php?action=spfcheckipv4=195.127.133.117helo=uli4[EMAIL PROTECTED]http://www.infinitepenguins.net/SPF/check.php?action=spfcheckipv4=195.127.133.117helo=uli4[EMAIL PROTECTED] will PASS, because 195.127.133.117 matches a:roedermark.hm-software.com/25 Yet, Declude (and DNSStuff) FAILS the same combination: http://www.dnsstuff.com/tools/[EMAIL PROTECTED]ip=195.127.133.117http://www.dnsstuff.com/tools/[EMAIL PROTECTED]ip=195.127.133.117 There does seem to be an issue with our SPF parsing when a: is used along with a CIDR range. This will be fixed for the next interim release. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Topica and SBL
- Original Message - From: Bill Landry [EMAIL PROTECTED] Sent: Tuesday, January 13, 2004 3:31 PM Subject: Re: [Declude.JunkMail] Topica and SBL Guess what, the rules for ISPs and other businesses are different then those that are applied to private e-mail domains like joshie.com. Guess what? I work for AOL. Just because I happen to run my own domain doesn't mean I don't apply these same thought processes to internal policies and I have worked at T.I.A.C. (now owned by Earthlink) as a NOC engineer as well as IDT. So don't try to brush me off with putz comments like that. -- Joshua Levitsky, MCSE, CISSP System Engineer Time Inc. Information Technology [5957 F27C 9C71 E9A7 274A 0447 C9B9 75A4 9B41 D4D1] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Topica and SBL
- Original Message - From: Joshua Levitsky When the messages come from a system that participates in building spam lists and the distribution of spam then yes. You must take a stand that you won't have anything to do with a company like Topica. By using the legitimate part of their business you are feeding their corrupt part of their business and you are ultimately making the Internet a slightly worse place to be. Obviously coming from someone that knows nothing about the IPS business. I would venture to guess that you do not even have the faintest idea of how many legitimate lists topica hosts or you would probably be singing a different song. And again, it's easy to make these kinds irrational judgement call when the only e-mail messages you will be affecting are those to your own little vanity domain. Bill --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Topica and SBL
- Original Message - From: Joshua Levitsky [EMAIL PROTECTED] Guess what, the rules for ISPs and other businesses are different then those that are applied to private e-mail domains like joshie.com. Guess what? I work for AOL. Just because I happen to run my own domain doesn't mean I don't apply these same thought processes to internal policies and I have worked at T.I.A.C. (now owned by Earthlink) as a NOC engineer as well as IDT. So don't try to brush me off with putz comments like that. And do you have any roll in setting e-mail policy for AOL? I bet AOL doesn't block legitimate list e-mail from topica or any other legitimate list source. Bill --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] *OT* Web dns management console
A quick google search of BIND WEB INTERFACE gave me lots of hits. try www.DNSZONE.ORG Kevin Bilbee -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Nick Hayer Sent: Tuesday, January 13, 2004 12:33 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] *OT* Web dns management console I'm using bind 8x but I would switch no problem to have the user interface... -Nick From: Kevin Bilbee [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] *OT* Web dns management console Date sent:Tue, 13 Jan 2004 11:56:12 -0800 Send reply to:[EMAIL PROTECTED] You did not mention the DNS server being used. like BIND, Simple DNS, MS DNS??? Kevin Bilbee -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Nick Hayer Sent: Tuesday, January 13, 2004 11:09 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] *OT* Web dns management console Can anyone recommend a web interfaced dns management console for end users? Want end users to be able to manage their own domains eg: adding, deleting, edits. Thanks much! -Nick Hayer --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] SFP is catching on...
SPF counts for the past couple of weeks: == 1 1st.net PASS 1 accesscomm.ca FAIL 8 alta-vista.com FAIL 1 alta-vista.com FAIL 3 altavista.co.kr FAIL 2 altavista.co.uk FAIL 106 altavista.com FAIL 12 altavista.com FAIL 2 altavista.de FAIL 3 altavista.fr FAIL 2 altavista.fr FAIL 2 altavista.net FAIL 2 altavista.net FAIL 4 altavista.nl FAIL 14 altavista.se FAIL 2 altavista.se FAIL 136 aol.com FAIL 618 aol.com PASS 203 aol.com UNKNOWN 9 arcada.fi UNKNOWN 4 b1.mx0.net PASS 14 b2.mx0.net PASS 28 baschny.de FAIL 7 baschny.de FAIL 1 bayol.com FAIL 2 catchamail.com FAIL 2 celt.dias.ie FAIL 1 chinabytemail.com FAIL 7 citlink.net FAIL 12 citlink.net PASS 2 citlink.net PASS 2 cmc.net PASS 2 columbiamemorial.org PASS 205 declude.com PASS 40 email.cooking.com PASS 5 email.cooking.com UNKNOWN 5 email.cooking.com UNKNOWN 1 eml.coastal.com PASS 1 firstlink.com PASS 4 frontiernet.net FAIL 13 frontiernet.net PASS 3 frontiernet.net PASS 1 globalsite.net FAIL 4 grendelnet.com FAIL 2 guay.com FAIL 4 heifong.phase.org PASS 2 heifong.phase.org PASS 3 HM-Software.com PASS 1 imaginet.co.uk FAIL 2 india-11.com FAIL 1 info.de FAIL 3 inlandnet.com FAIL 1 ipns.com FAIL 2 ipns.com PASS 4 isleuthmail.com FAIL 1 it.uq.edu.au FAIL 1 jauns.com FAIL 1 jbi.hio.no FAIL 2 jbi.hio.no FAIL 1 jmason.org PASS 2 kluge.net PASS 1 kundenserver.de PASS 1 linuxfreemail.com FAIL 10 list.thomsonmedia.com FAIL 19 lists.smarterliving.com PASS 3 lists.smarterliving.com PASS 1 livesafe.com FAIL 1 lu.net FAIL 2 mail.pt UNKNOWN 2 meer.net FAIL 5 mills.gr UNKNOWN 2 mini-mail.com FAIL 5 mx.plaxo.com PASS 1 mx07.roc.ny.frontiernet.net PASS 2 nekodojo.org FAIL 2 netins.net UNKNOWN 1 netradiomail.com FAIL 1 newnorth.net FAIL 3 olesky.com PASS 1 ox.ac.uk UNKNOWN 1 parallax.ws PASS 1 phase.org PASS 1 phase.org PASS 16 pobox.com PASS 6 pobox.com UNKNOWN 35 pointshare.com FAIL 39 Pointshare.com FAIL 10 pointshare.com FAIL 17 pointshare.com PASS 1 pointshare.com UNKNOWN 2 power.net FAIL 2 purpleturtle.com FAIL 16 rambler.ru UNKNOWN 1 rambler.ru UNKNOWN 3 roadrunnernf.net FAIL 16 softhome.net FAIL 1 softhome.net FAIL 2 SoftHome.net PASS 5 speed.net UNKNOWN 4 subdimension.com FAIL 2 symantec.com PASS 1 topmail.de FAIL 3 tvnet.lv FAIL 504 v2.listbox.com PASS 73 v2.listbox.com PASS 32 worldonline.de FAIL == Looks like SPF is starting to catch on. Bill --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] SFP is catching on...
Thanks for sharing, Bill. Can you also shed some light on these for us? 35 pointshare.com FAIL 39 Pointshare.com FAIL 10 pointshare.com FAIL 17 pointshare.com PASS 1 pointshare.com UNKNOWN Andrew 8) -Original Message- From: Bill Landry [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 13, 2004 4:26 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] SFP is catching on... SPF counts for the past couple of weeks: == 1 1st.net PASS 1 accesscomm.ca FAIL 8 alta-vista.com FAIL 1 alta-vista.com FAIL 3 altavista.co.kr FAIL snip --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] SFP is catching on...
- Original Message - From: Colbeck, Andrew [EMAIL PROTECTED] Thanks for sharing, Bill. Can you also shed some light on these for us? 35 pointshare.com FAIL 39 Pointshare.com FAIL 10 pointshare.com FAIL 17 pointshare.com PASS 1 pointshare.com UNKNOWN The passes are from a system that sends notification messages to customer e-mail domains that we host, and since these ip address are include in our SPF record, they pass. The fails are from incoming mail that attempted to forge the from address to look like they were coming from [EMAIL PROTECTED] The unknown is due to a message that came in after I made an error in our SPF record which include a ?all instead of -all. Bill --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] SPF unknown
Scott, is there currently any way to distinguish between the following unknown records: - unknown (record exists) - unknown (record does not exist) Bill --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] SFP is catching on...
I appreciate the explanation Bill. I won't be implementing SPF until it's aged a little and I am confident that I understand it aright. The score of 35 and 10 look like the same domain; were they to mail hosts with different MX records? I assume that the 39 score is separate because of case-sensitivity in your reporting. And now to go into SPF for Dummies territory, the mailfroms were definitely spoofed, or in the normal course of events could have been mailing list or greeting card invitations that unwisely put in the sender's address in the mailfrom instead of their own? Andrew. -Original Message- From: Bill Landry [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 13, 2004 4:56 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] SFP is catching on... - Original Message - From: Colbeck, Andrew [EMAIL PROTECTED] Thanks for sharing, Bill. Can you also shed some light on these for us? 35 pointshare.com FAIL 39 Pointshare.com FAIL 10 pointshare.com FAIL 17 pointshare.com PASS 1 pointshare.com UNKNOWN The passes are from a system that sends notification messages to customer e-mail domains that we host, and since these ip address are include in our SPF record, they pass. The fails are from incoming mail that attempted to forge the from address to look like they were coming from [EMAIL PROTECTED] The unknown is due to a message that came in after I made an error in our SPF record which include a ?all instead of -all. Bill --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] safe way to whitelist this
I get email from the susd.org domain on a regular basic, but they are poorly setup. The headers appear as such: X-Declude-Sender: [EMAIL PROTECTED] [204.228.60.250] X-Spam-Tests-Failed: BASE64, HELOBOGUS, REVDNS, WEIGHT10 [10] X-Country-Chain: UNITED STATES-destination X-Note: This E-mail was sent from [No Reverse DNS] ([204.228.60.250]). X-Hello: pyle.susd.org X-Declude-Date: 01/13/2004 13:46:08 [0] I have the domain setup in a reverse domain test, but that doesn't negative weigh because they don't have a valid reverse DNS. How can I whitelist this domain safely? David --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] SPF unknown
Scott, is there currently any way to distinguish between the following unknown records: - unknown (record exists) - unknown (record does not exist) Not currently (per the specs for SPF). However, there have been people using SPF on other platforms that have been requesting a distinction, so this is something that we may incorporate. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] SFP is catching on...
And now to go into SPF for Dummies territory, the mailfroms were definitely spoofed, or in the normal course of events could have been mailing list or greeting card invitations that unwisely put in the sender's address in the mailfrom instead of their own? It could be either. However, the burden now lies on the greeting card sites (and in rare cases mailing lists) to fix their problem. Specifically, the sites that have a problem are ones that let a web site user enter an E-mail address, and they use that address in the SMTP envelope. Instead, they should be using their own address (which ensures that any bounce messages will go back to them). If it is set up properly, it will work with SPF. But, of course, there are some greeting card sites and similar sites (such as news sites) that aren't properly set up yet. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] safe way to whitelist this
Don't whitelist, negative weight if you are the administrator. There are two things to go after, the MAILFROM, or the REMOTEIP. It appears that the school district has only one mail server, in which case you could create a filter file called PSEUDO-WHITE and add in the following line: REMOTEIP -10 IS 204.228.60.250 Alternatively if you are running the standard version, you can create an ipfile with the following entry and weight it negatively in your Global.cfg: 204.228.60.250/32 If you get susd.org E-mail from various sources, you can try a filter file with MAILFROM, or a fromfile in JunkMail Standard. Choose IP over the mail from address because it is never spoofed from what I can tell (but you should never say never of course). One other thing would be to review your weighting settings because that's a little tight to be holding on IMO. I weight BASE64 at 3 and HELOBOGUS as 4, though that is just one piece of the entire picture of course. I suspect that this message came from Exchange Web mail, and there are 3 Microsoft X-mail headers that you might want to be counterweighting for failing BASE64 because Microsoft will base64 attach plain text in Web mail. Search the archives for "microsoft exchange", I'd rather not post it again. When Scott comes out with some "not" tests, you can help to protect from spammers exploiting such negative weighting by adding some END statements to the filter file since all of these have other required header elements that need be present. Matt David Dodell (by way of R. Scott Perry ) wrote: I get email from the susd.org domain on a regular basic, but they are poorly setup. The headers appear as such: X-Declude-Sender: [EMAIL PROTECTED] [204.228.60.250] X-Spam-Tests-Failed: BASE64, HELOBOGUS, REVDNS, WEIGHT10 [10] X-Country-Chain: UNITED STATES-destination X-Note: This E-mail was sent from [No Reverse DNS] ([204.228.60.250]). X-Hello: pyle.susd.org X-Declude-Date: 01/13/2004 13:46:08 [0] I have the domain setup in a reverse domain test, but that doesn't negative weigh because they don't have a valid reverse DNS. How can I whitelist this domain safely? David --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =
Re: [Declude.JunkMail] SFP is catching on...
Has there been any real stance on what people are actually doing with this test? negative weight is it returns PASS, adding weight if it fails? Darrell Bill Landry writes: SPF counts for the past couple of weeks: == 1 1st.net PASS 1 accesscomm.ca FAIL 8 alta-vista.com FAIL 1 alta-vista.com FAIL 3 altavista.co.kr FAIL 2 altavista.co.uk FAIL 106 altavista.com FAIL 12 altavista.com FAIL 2 altavista.de FAIL 3 altavista.fr FAIL 2 altavista.fr FAIL 2 altavista.net FAIL 2 altavista.net FAIL 4 altavista.nl FAIL 14 altavista.se FAIL 2 altavista.se FAIL 136 aol.com FAIL 618 aol.com PASS 203 aol.com UNKNOWN 9 arcada.fi UNKNOWN 4 b1.mx0.net PASS 14 b2.mx0.net PASS 28 baschny.de FAIL 7 baschny.de FAIL 1 bayol.com FAIL 2 catchamail.com FAIL 2 celt.dias.ie FAIL 1 chinabytemail.com FAIL 7 citlink.net FAIL 12 citlink.net PASS 2 citlink.net PASS 2 cmc.net PASS 2 columbiamemorial.org PASS 205 declude.com PASS 40 email.cooking.com PASS 5 email.cooking.com UNKNOWN 5 email.cooking.com UNKNOWN 1 eml.coastal.com PASS 1 firstlink.com PASS 4 frontiernet.net FAIL 13 frontiernet.net PASS 3 frontiernet.net PASS 1 globalsite.net FAIL 4 grendelnet.com FAIL 2 guay.com FAIL 4 heifong.phase.org PASS 2 heifong.phase.org PASS 3 HM-Software.com PASS 1 imaginet.co.uk FAIL 2 india-11.com FAIL 1 info.de FAIL 3 inlandnet.com FAIL 1 ipns.com FAIL 2 ipns.com PASS 4 isleuthmail.com FAIL 1 it.uq.edu.au FAIL 1 jauns.com FAIL 1 jbi.hio.no FAIL 2 jbi.hio.no FAIL 1 jmason.org PASS 2 kluge.net PASS 1 kundenserver.de PASS 1 linuxfreemail.com FAIL 10 list.thomsonmedia.com FAIL 19 lists.smarterliving.com PASS 3 lists.smarterliving.com PASS 1 livesafe.com FAIL 1 lu.net FAIL 2 mail.pt UNKNOWN 2 meer.net FAIL 5 mills.gr UNKNOWN 2 mini-mail.com FAIL 5 mx.plaxo.com PASS 1 mx07.roc.ny.frontiernet.net PASS 2 nekodojo.org FAIL 2 netins.net UNKNOWN 1 netradiomail.com FAIL 1 newnorth.net FAIL 3 olesky.com PASS 1 ox.ac.uk UNKNOWN 1 parallax.ws PASS 1 phase.org PASS 1 phase.org PASS 16 pobox.com PASS 6 pobox.com UNKNOWN 35 pointshare.com FAIL 39 Pointshare.com FAIL 10 pointshare.com FAIL 17 pointshare.com PASS 1 pointshare.com UNKNOWN 2 power.net FAIL 2 purpleturtle.com FAIL 16 rambler.ru UNKNOWN 1 rambler.ru UNKNOWN 3 roadrunnernf.net FAIL 16 softhome.net FAIL 1 softhome.net FAIL 2 SoftHome.net PASS 5 speed.net UNKNOWN 4 subdimension.com FAIL 2 symantec.com PASS 1 topmail.de FAIL 3 tvnet.lv FAIL 504 v2.listbox.com PASS 73 v2.listbox.com PASS 32 worldonline.de FAIL == Looks like SPF is starting to catch on. Bill --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. Check Out DLAnalyzer a comprehensive reporting tool for Declude Junkmail Logs - http://www.dlanalyzer.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] safe way to whitelist this
Personally I try not to whitelist. If the mail comes from a few servers than you can setup a reverse weight IPFILE for there specific IP addresses. Whitelisting is very suspectible to forging. I learned the hardway by whitelisting @dell.com and a spammer took me to town with that. Now I only reverse weight on DNS or lower weight through an IPFILE. Darrell David Dodell writes: I get email from the susd.org domain on a regular basic, but they are poorly setup. The headers appear as such: X-Declude-Sender: [EMAIL PROTECTED] [204.228.60.250] X-Spam-Tests-Failed: BASE64, HELOBOGUS, REVDNS, WEIGHT10 [10] X-Country-Chain: UNITED STATES-destination X-Note: This E-mail was sent from [No Reverse DNS] ([204.228.60.250]). X-Hello: pyle.susd.org X-Declude-Date: 01/13/2004 13:46:08 [0] I have the domain setup in a reverse domain test, but that doesn't negative weigh because they don't have a valid reverse DNS. How can I whitelist this domain safely? David --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. Check Out DLAnalyzer a comprehensive reporting tool for Declude Junkmail Logs - http://www.dlanalyzer.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Another ip4r paid service site
http://www.the-carrot-and-the-stick.com http://www.the-carrot-and-the-stick.com/How_To/index.php?VIEW=direct_query ip4raccept.the-carrot-and-the-stick.com127.0.0.5 ip4rreject.the-carrot-and-the-stick.com127.0.0.10 Bill --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Another ip4r paid service site
That looks like a joke to me? A company that actually thinks email marketing is legit? I don't believe any email marketing company. Period. That site looks so phony they don't even have a email point of contact.. At least none that I could easily find. All I could discern is that they have a web site via Canada and maybe a legit business address in California. Thanks for the info Bill, ~Rick -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bill Landry Sent: Tuesday, January 13, 2004 9:27 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Another ip4r paid service site http://www.the-carrot-and-the-stick.com http://www.the-carrot-and-the-stick.com/How_To/index.php?VIEW= direct_query ip4raccept.the-carrot-and-the-stick.com127.0.0.5 ip4rreject.the-carrot-and-the-stick.com127.0.0.10 Bill ___ Virus Scanned and Filtered by http://www.FamHost.com E-Mail System. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] explanation of errors, where to find?
Hi all, bad headers, broken mail clients and so on ar logged together with error numbers like 804e. Where can we review explanations of these error codes? Thanks! Roland -- Dr. Roland Braun Max Planck Institute for Comparative Public Law and International Law Im Neuenheimer Feld 535; D-69120 Heidelberg Phone: +49 6221 482 608; Fax: +49 6221 482 278 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] explanation of errors, where to find?
- Original Message - From: Roland Braun [EMAIL PROTECTED] bad headers, broken mail clients and so on ar logged together with error numbers like 804e. Where can we review explanations of these error codes? There is a code look-up page at http://www.declude.com/tools/header.php Bill --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.