All these get held on my system because
you send it from your e-mail address without authenticating, so it
never gets whitelisted with Whitelist Auth and it fails my spam domains test.
But if you arent seeing them at all, Id guess it is the
attachment size.
Marc
-Original
Title: Message
http://reviews.zdnet.co.uk/software/internet/0,39024165,39188758,00.htm
Sorry for the re-post from Imail forum,
but incase any of you dont follow it.
Any plans for Declude to integrate with Kerio???
: )
On 1 Mar 2005 at 12:07, Andy Schmidt wrote:
I have noticed from day one, that suddenly really obvious Spam that
had failed countless tests and should have been deleted (with REALLY
high weights) was actually being delivered.
I have seen the same thing with v2.05, sent log snippits TWICE and
In the current german computer magazine c't an article talks about phishing
with cyrillic char-sets.
It's possible to combine IDN-Domain names supported by Opera, Firefox and MS
Explorer (IE only with plugin) and cyrillic char-sets to show up an URL
absolutely like the original one.
More info's
Hi,
Yes, cross-posting seems like a good idea - so that we can monitor for
developing patterns.
Also, I did check my weight settings (I don't use the CATCHALL test) - and I
don't think the previous explanations fit my scenario:
WEIGHTKILL weight x x 20 0
WEIGHT10
I am using the copyto action to send myself a copy of every email that
ends up with an attach action, like so:
WEIGHT16-19cCOPYTO [EMAIL PROTECTED]
WEIGHT16-19sATTACH
Where WEIGHT16-19s and c are both the same. This works perfectly,
attaching the message and delivering
Title: Message
Sorry, I guess I misunderstood twice in this regard. I suppose that
for now, the old format is fine and the logging is better than before
being that it is only once per message instead of once per each
recipient. A normalized single line format would be preferable
overall,
I send these pictures to a whitelisted email
address..No Declude Filteringand they still won't come thru if I send them
"Best for Email"
From the headers it looks like it goes to a Kodak
server then back to me...but it should still come thru..
If I copy the picture into outlook
Title: Message
All these get held on
my system because you send it from your e-mail address without authenticating,
so it never gets whitelisted with Whitelist Auth and it fails my spam domains
test. But if you arent seeing them at all, Id guess it is the attachment
size.
Marc - can you
Title: Message
Hi
Richard:
I
don't know what other measures you have taken. Pardon me, if my suggestions are
repetitive:
a) It
looks as if your email is routed through:
Received: by
spamwall.apid.com (Postfix, from userid 777)id 68F9B46B76; Sat, 26 Feb
2005 10:35:22 -0600 (CST)before
Has something happened to Mailpolice? I've not seen a log entry on any of
their DB's since late Monday afternoon. I've double checked the global and
default.junkmail files and everything looks fine. After revisiting their
website, I did combine fraud, bulk, and porn into block as suggested, but
I have attachments set at 4MG and these are only
around 1MB..so I dont think that is it..
Richard FarrisEthixs Online1.270.247.
Office1.800.548.3877 Tech Support"Crossroads to a Cleaner
Internet"
- Original Message -
From:
Marc Catuogno
To:
Have you checked your Declude Virus log file yet? Also, the IMail log
should also have a record of this message if it actually reached your
server. If you can't determine what happened after checking, then you
should try posting the log file snippets to the list and maybe someone
here can
Working fine here:
03/02/2005 10:01:34 Qe34c0efd01549ce3 Msg failed MAILPOLICE-BULK (This
E-mail came from transtorm.com, a potential spam source listed in
MAILPOLICE-BULK.). Action=WARN.
- Original Message -
From: John Carter [EMAIL PROTECTED]
To: Declude.JunkMail@declude.com
Sent:
Title: Message
Im having someone try to send me
something from a dock in a little bit as soon as I have the headers I will
post.
-Original
Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy Schmidt
Sent: Wednesday, March 02, 2005
11:46 AM
To:
Here are the headers I have something with Kodak in my negative headers to
try to let this stuff through
Received: from snj-us-pcwp-708.us.kodak.com [63.240.114.217] by
mail.prudentialrand.com with ESMTP
(SMTPD32-8.05) id A37246900BC; Wed, 02 Mar 2005 14:26:42 -0500
Received: from
I just sent a 2 copies to Andy at [EMAIL PROTECTED]
so we will see what he says...one copy is Original 1.4 Mb and the other is
Best for Email .68 Mb
I know that most are not interested in this but it is really bugging me why
the pictures won't come thru..
thanxs for your help..
Richard
Oops, that is argos.net
Richard Farris
Ethixs Online
1.270.247. Office
1.800.548.3877 Tech Support
Crossroads to a Cleaner Internet
- Original Message -
From: Richard Farris [EMAIL PROTECTED]
To: Declude.JunkMail@declude.com
Sent: Wednesday, March 02, 2005 1:52 PM
Subject: Re:
Hi Richard:
Well ONE copy came through (with the subject Sent Best For Email). I
appears to have a good reverse DNS, a good HELO.
It is using YOUR email address as the MAIL FROM - which is fine, unless your
postfix mail gateway does not allow email from the outside to have your
domain name?
I
Hi Richard:
Based on the two headers that we saw, let's look:
A) in your Dec0302.log file:
03/02/2005 14:40:42 Qxx Subject: Sent Best for Email
03/02/2005 14:40:42 Qxx From: [EMAIL PROTECTED] To: xxx IP: 63.240.114.202
Scan for the Subject you used and scan for 63.240.114.
B) in your
A question for all:
Once in a while, I get a false positive
in part because the sender's machine does not have a complete domain
name.
Say my machine's name is "DAVE" and I did
not set the domain add-on under computer proprties. Then my machine would always
fail HELOBOGUS because that is
Richard:
I just sent a 2 copies to Andy at [EMAIL PROTECTED]
Hm - I checked all my various server logs for anything based on your email
address or the Kodak host names - and all I can see is the ONE email that
had the subject Best for Email.
Are you quite certain that you send two copies? Is
Title: Message
Hi,
this
should only happen with YOUR end users (who use YOUR SMTP server for relaying
outbound messages). Any third party end users would relay messages through THEIR
local providers SMTP server, which would then use that server's HELO
string.
Thus,
all you have to do is
Mail servers should be properly named and should not come with a name
of "DAVE". Client computers are often this way, but they should be
authenticating when connecting directly with your server and you can
whitelist anything that authenticates with IMail 8.x/Declude using
WHITELIST AUTH.
Title: Message
Marc,
I just spoke with Kerio
and though the article says they support 3rd party applications, it
is 3rd party applications they have integrated into their application.
While talking with them in some depth, as of right now their system wouldnt
allow us to be put in the
Title: Message
Hi,
here
is what I use:
PREWHITELIST ONAUTOWHITELIST ON
WHITELIST AUTH
Best
RegardsAndy SchmidtHM Systems Software,
Inc.600 East Crescent Avenue,
Suite 203Upper Saddle River, NJ 07458-1846Phone: +1 201 934-3414 x20
(Business)Fax: +1 201 934-9206http://www.HM-Software.com/
Repost.
Just to clarify: Other than the logging issue you referred to, are there
any known issues with 2.05? If so, is there a list I can review to
determine if we're ready to upgrade?
- Original Message -
From: Darin Cox [EMAIL PROTECTED]
To: Declude.JunkMail@declude.com
Sent:
Does the DNS global.cfg list work in 1.82 or is it only availabel in 2.05.
I just tried to switch to 2.05 and it would not delete email that was at or
above my hold weight. I am thinking it is the copy_all_account issue. I have
reverted back to 1.82.
Kevin Bilbee
---
[This E-mail was scanned
Title: Message
Hi,
I have a strange question, which once against my
astounding ignorance. I just tried using DLAnalyzer Lite on our latest
Declude JM log. For the sample I tested, I got these results:
Total Messages Processed: 11,234Messages That
Failed Defined Test(s): 10,153Percentage
Wow ~ thanks nice response time!
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Ralph Krausse
Sent: Wednesday, March 02, 2005 5:56 PM
To: Declude.JunkMail@declude.com
Subject: RE: [Declude.JunkMail] IMAIL ranks last as exchange alternative:
Marc,
May be old news to some of you
href=http://212.217.10.14/data/secure/certificates/SSL/transaction/resu
bmit/login.htmtthttp://www.paypal.com/cgi-bin/webscr?cmd=_login-iden
tify
It is in Morocco
Goran Jovanovic
The LAN Shoppe
---
[This E-mail was scanned for viruses by Declude
Title: Message
Ben,
There are various conditions that can account for
messages being picked up without being marked with the "CATCHALLMAILS"
test. A good bulk of these instances occur because a message under certain
conditions will not loga "Test failed" line.
One example is "Whitelist
Title: Message
Hi,
As promised, I will
submit this case to Declude support.
This message has a
weight of 21 and should have been DELETEd and it's way PAST my HOLD weight of
10. It also is beyond my BYPASS WHITELISTING weight of 19.
Yet, this message
was delivered to my mailbox!
I'll share a little trick with the phishing stuff. Anything that
contains both a linked IP address and a paypal domain gets enough points
to be automatically held by my system at a minimum. I do the same thing
with banks an other things, and I don't just limit to domain patterns.
For
Title: Message
Hm,
I may
have an idea...
I have the feeling
the problem may be with the "POSTMASTER" filter. The idea behind it is -
if any of the recipients are my [EMAIL PROTECTED] account, then "drop"
all other recipients and ROUTETO that email ONLY to the postmaster
address. This
Title: Message
I saw
the samething today after installing 2.05. I went back to 1.82 after about 10
minutes.
Kevin
Bilbee
-Original Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Andy SchmidtSent: Wednesday, March 02, 2005
8:23 PMTo:
I'd be curious too.
I've made two attempts with the earlier pre 2.05 version to make the jump
forward and have dropped back to 1.82 twice.
It's made me a little gunshy.
I'm not seeing a lot of votes of confidence on the list for 2.05...
- Original Message -
From: Darin Cox [EMAIL
Title: Message
I
don't have actions for different recipients.
So in
my case all recipients have the SAME action.
Except
that now ROUTETO outranks DELETE.
Best
RegardsAndy SchmidtPhone: +1 201 934-3414 x20
(Business)Fax: +1 201 934-9206
-Original Message-From:
[EMAIL
Title: Message
Maybe a bug/config issue with the bypass whitelisting. Here's
something that caught my eye:
03/02/2005
19:42:43 Q5d7c1cc602a2951d Bypassing whitelisting of E-mail
with weight =19 (21) and at least 1 recipients (6).
03/02/2005
19:42:43 Q5d7c1cc602a2951d Bypassing whitelisting
Title: Message
The
message is NOT whitelisted (see log and header), sothe bypass whitelisting
WORKED. The log and headers look differently, if whilelisting is
effective.
The
purpose of the bypass whitelisting is:
if
weight = 12 and recipients = 6 - bypass the
whitelist
if
weight = 14
Title: Message
One thing I noticed
from our logs is some tests seem to run before WHITELIST AUTH is checked. If
WHITELIST AUTH ie enabled Declude should not even run or look at the filters if
a user authed.
Here is a message
that ran the HELO filter and the BODY filter before whitlisting
41 matches
Mail list logo