Doesn't the newer versions of Declude Virus catch the IFRAME vulnerability?
Isn't this a post for the virus list?
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-Original Message-
From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
[EMAIL PROTECTED] On Behalf Of Dave
We only use Imail as a Gateway.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of sbsi lists
Sent: Tuesday, November 09, 2004 5:01 PM
To: Markus Gufler
Subject: Re[2]: [Declude.JunkMail] Question on Dell Poweredge 1750
Hi Markus,
Interested in
On 9 Nov 2004 at 22:54, Bill Landry wrote:
Nick, I cannot think of any RHSBLs that would be candidates for
urirhssub, other than the SURBLs that currently use bitmasked
responses.
I did not have any in mind but I was looking over the setups and this
scenerio came to mind..
Thanks for you
For what it's worth, I don't have the Declude Virus product. The Declude
Virus product may catch the IFRAME technique in HTML, but you won't see this
technique in HTML, which is why Dave probably thought it was a useful
heads-up in the antispam forum.
I can add to Dave's description:
Trend Micro
Hello, All,
We have a new web site and we would like to put links on the contact page
which allow people to click on the links and send us an e-mail but we don't
want those addresses to be scanned and added to the latest spammers mailing
list. Are there any common practices for obfuscating the
Pull them from a database dynamicly so the page actually has to be visited
to display the addys
Rick Davidson
National Systems Manager
North American Title Group
-
- Original Message -
From: Dan Geiser [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, November 10, 2004 11:26 AM
On 10 Nov 2004 at 11:26, Dan Geiser wrote:
Dan,
This works I do believe however there maybe better solutions -
script language=Javascript
!--
emailname = EmailRecipient
emailserver = server.example.com
document.write(font face='Verdana' size=2);
document.write(a href='mailto:; + emailname
hey thats pretty cool!
:-)
Rick Davidson
National Systems Manager
North American Title Group
-
script language=Javascript
!--
emailname = EmailRecipient
emailserver = server.example.com
document.write(font face='Verdana' size=2);
document.write(a href='mailto:; + emailname + @ + emailserver +
Most spiders actually visit the page anyway so this doesn't help.
The Javascript method usually works best.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rick Davidson
Sent: Wednesday, November 10, 2004 11:44 AM
To: [EMAIL PROTECTED]
Subject: Re:
Use javascript that pulls a seperate page that pulls the emailaddress
w/Redirect.
Spiders will pull an email address out of the source, but normally don't
execute
javascript, if they did, simply add a Javascript Question.
or,
Just have a webforum, and have that email them to confirm the email
Hi Scott,
Below are 2 headers sent by Imail1.exe v8.12
1- Why did only one fail the HELOBOGUS test and not the other ? they both do
not have HELO/EHLO in the heading (or i am missing something).
2- When will declude fix the problem of using the first IP in the BODY as
the remote IP ?
3- How to
Has anyone had better luck with habeas lately. I turned things off since the
spammers jumped on.
Jeff Kratka
TymeWyse Internet
P.O.Box 84 - 110 Ecklund St., Canyonville, OR 97417
tel/fax: (541) 839-6027 - [EMAIL PROTECTED]
Below are 2 headers sent by Imail1.exe v8.12
1- Why did only one fail the HELOBOGUS test and not the other ? they both do
not have HELO/EHLO in the heading (or i am missing something).
You won't see HELO or EHLO in the headers (that's the name of the SMTP
command). In this case, you don't even
I give it a small negative weight, and then a big positive weight with the
HIL IP4R test.
I see very little of bad-guy spammers using the Habeas warrant. I also see
very little in the way of useful mailers taking advantage of the warrant.
So from my traffic, Habeas is a failure.
Andrew 8)
- Original Message -
From: Jeff Kratka [EMAIL PROTECTED]
Has anyone had better luck with habeas lately. I turned things off since
the
spammers jumped on.
Don't use the Declude JunkMail habeas whitelist feature:
WHITELIST HABEAS
nor
HABEAS habeas x x -3 0
the watermark
You won't see HELO or EHLO in the headers (that's the name of the SMTP
command). In this case, you don't even see the hostname from the
HELO/EHLO
in the headers, since there are no Received: headers.
I'm guessing that the server failure response from the DNS server was an
abnormal response,
Habeas by itself was useless. A trivial amount of spammers using it.
I turned Habeas-HIL off... Too few responses to be useful. Twice in the last
year they were false positiving on AOL, so when I was using it, their weight
kept dropping.
I won't use Habeas-HUL because I refuse to complete their
In this particular case, what does declude ask the DNS for ?
Message-Id: [EMAIL PROTECTED] ?
The helobogus is run on mydomain.net from the line above ? or on what ?
In this case, it is actually blank, since this is an oddball message -- one
without a Received: header (it seems that a recent
Thanks, Andrew-
That is exactly why I gave this wider dissemination than I normally would
do. The email is completely innocuous, nothing to detect, except for the
link, which I believe will change as to IP address and port as this
progresses.
-d
- Original Message -
From: Colbeck,
- Original Message -
From: Scott Fisher [EMAIL PROTECTED]
Habeas by itself was useless. A trivial amount of spammers using it.
I turned Habeas-HIL off... Too few responses to be useful. Twice in the
last
year they were false positiving on AOL, so when I was using it, their
weight
Hello All,
We have our Declude/Imail server setup as a gateway to our
exchange server. We had a user that used to get a ton of spam. We
gave him a new email address, but a bunch of junk is still coming to his old
email address that doesnt exist anymore. It then gets stuck in our
spool
ALLRECIPS with IS test:
It
needs to be "[EMAIL PROTECTED], [EMAIL PROTECTED] (where the first
"[EMAIL PROTECTED] is the name entered by the user, and the second one is the one
that IMail uses)
ALLRECIPS480IS[EMAIL PROTECTED], [EMAIL PROTECTED]
- Original Message -
From:
Title: Message
Or if
this guy's email address is an indicator of spam
ALLRECIPS 480 CONTAINS [EMAIL PROTECTED]
so if
the president of the company and [EMAIL PROTECTED] are in the To:, CC: or BCC:,
the message will still get held or deleted for everyone.
That
might be handy for you, but
Thanks for the clarification.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-Original Message-
From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
[EMAIL PROTECTED] On Behalf Of Dave Doherty
Sent: Wednesday, November 10, 2004 2:17 PM
To: [EMAIL PROTECTED]
Subject: Re:
I guess I am confused. My Imail is setup
as a mail gateway, so this user is not local. So what would be the imail user
then?
Thanks.
matt
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Scott Fisher
Sent: Wednesday, November 10, 2004
7:01 PM
To: [EMAIL
25 matches
Mail list logo