Only when regular expressions are added to Declude :)
Oh, and I'd also have to learn regular expressions :)
Maybe something else is in the works :)
No promises.
Matt
nick wrote:
Done!
Wicked easy. I really love a lot of tests [as someone else noted]
Will keep a watch on things and see what
of the stuff that I am trying
to pass.
Matt
Colbeck, Andrew wrote:
Nick:
Here's an example from my global.cfg to test the very-generous demo
setup of Sniffer:
# It provides content inspection. See www.sortmonster.com
#Note that the only value normally returned for our non-registered
is the domain of a Yahoo hosting site. I saw a
Nigerian scam two days ago from another Yahoo site and the same mail
server. Could it be that these guys are signing up with stolen credit
cards or hacking accounts in order to gain access?
This stuff is troublesome...very troublesome.
Matt
multiple hops. I guess that's better than being stumped :)
Thanks for the info, it was enlightening.
Matt
Colbeck, Andrew wrote:
Matt, I don't what my observation is worth but the only spam I've noticed in
the past year from Yahoo! servers was always from the *.bizmail.yahoo.com
servers
that's on in
every different cable system, and I would think that there is much less
data needed to get this to work. When things become more
commercialized, I would imagine that stuff like this will come. I'd do
it myself but I'm booked through 2020.
Matt
Colbeck, Andrew wrote:
massive snip
,
5508, etc.) [216.218.163.32 - 216.218.163.47] - 12/26/2003
They have many more blocks that are listed in SBL as well. As of 12/26,
the above were not. Needless to say, these are banned from my system.
Matt :)
--
=
MailPure custom filters
I stopped giving Habeas any credit on my system a couple of weeks ago
after seeing repeated spam containing these headers. I'll reconsider
the first time that I see an FP containing them.
Matt
Dave Doherty wrote:
I've gotten six of these from six different IP addresses relayed through six
.
Matt
R. Scott Perry wrote:
Do most people use WHITELIST HABEAS? I'm thinking of turning this off
since
the large majority of spammers have already demonstrated their
willingness
to ignore the legality of their activities.
That's kind of like asking if you should move your store to another
in technical tests, where you can apply weights. Other have been
using JunkMail Pro with filters to deduct points for a headers search.
Personally, I have turned all of that off, and it's most definitely
being abused right now.
Matt
Larry Craddock wrote:
Do most people use WHITELIST HABEAS
Scott,
Whatever happened to the feature where Declude spits out a million dollars?
Eagerly waiting, but getting frustrated.
Matt :)
R. Scott Perry wrote:
Could you move this from whitelisting to weighting in order to help
protect from such things for non-Pro users? That might make a lot
through surrounding blocks with reverse DNS to see if there are even
larger blocks present. Lastly, report your findings to the board :)
Matt
John Tolmachoff (Lists) wrote:
Is there legit e-mail that comes from Bigpond mail servers, or can I heavily
weight REVDNS ENDSWITH .bigpond.com?
John
. There's a ton of
it. I'm not sure what to do about this situation. Maybe someone else
has some ideas.
Matt
Matt wrote:
John,
Looks like a spam house to me.
http://www.senderbase.org/search?searchString=bigpond.com
Block by IP. Google shows that they've used different domains from
to ever see my processors pegged due to the fact
that the machine currently performs many tasks besides E-mail.
Matt
Russ Uhte (Lists) wrote:
At 01:23 PM 1/12/2004, Sanford Whiteman wrote:
This server normally processes about 200,000 emails a day, running
sniffer, most of the MailPure
a bulk mailing spam source).
Matt
Russ Uhte (Lists) wrote:
At 05:52 PM 1/12/2004, Matt wrote:
Russ,
I'm not sure what actions will result in bypassing Declude Virus, but
HOLD and DELETE surely do. Since over 80% of E-mail is spam on the
typical system, that should save you a great deal over
.
Matt
Bill Landry wrote:
- Original Message -
From: "Matt" [EMAIL PROTECTED]
Another idea would be to block SBL with IMail 8 so that stuff never gets
to Declude. SBL can be as much as 25% of my traffic, and I weight that
in Declude so that it deletes on just th
at first, but this is more of the malware
variety. There's a good reason for Topica to be listed. I've
explained this one caveat many times here, but a spam house is a spam
house in my book.
You should have explained with your stats how these were mostly or even
all from the same source :)
Matt
that far exceeds my own on my system.
I'd drop them substantially in weighting if I felt that their standards
were lacking.
Matt
Bill Landry wrote:
Matt, legitimate messages are
legitimate no matter the source that they come from, would you not
agree with this? You would have deleted
is a spam house, and on their supposed
legit service, they maintain relationships with known spammers despite
abuse reports. They are leaving us with no choice, because they left
us with no good way to differentiate. Topica is a bad, bad company.
Matt
Bill Landry wrote:
Wow, what does any
their list servers. They were a Habeas client, but
they had their status pulled very quickly. Now they have tricked
Bonded Sender into list them, and I assure you, that won't last long
either if Bonded Sender wants to maintain any clout in the community
(be your own judge).
Matt
John Tolmachoff
my system like a hawk, and I use over 100 different tests, with
only two capable of deleting a message based on one hit (the other
being my own IP blacklist). When I find a problem, I always fix it,
though some need further verification and monitoring.
Matt
Bill Landry wrote:
So I
r elements that need be
present.
Matt
David Dodell (by way of R. Scott Perry )
wrote:
I get
email from the susd.org domain on a regular basic, but they are
poorly setup. The headers appear as such:
X-Declude-Sender: [EMAIL PROTECTED] [204.228.60.250]
X-Spam-Tests-Failed: BASE64, HELOBOGUS,
.
rant=off
Matt
--
=
MailPure custom filters for Declude JunkMail Pro.
http://www.mailpure.com/software/
=
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com
I'm wondering about similar things along these lines. I assume that
Diskeeper does a better job and is more efficient and has nice
reporting tools, but is this more of a convenience for those with lower
volume servers? I'm particularly interested in the effect on RAID 5.
Thanks,
Matt
Omar
on a
stressed server as every bit counts, and the automation acts
pre-emptively.
Matt
Omar K. wrote:
This is good stuff, other than the obvious scheduling capability, does
diskeeper do a better job than the built-in defrag in windows server?
-Original Message-
From: [EMAIL PROTECTED
these problems.
The less reliable a test is, the less value it offers.
Matt
Dan Geiser wrote:
Matt,
Did you ever consider that they tagged 2 different AOL mail servers because
they were sending spam?
Dan Geiser
[EMAIL PROTECTED]
- Original Message -
From: "Matt" [EMAIL
could disable SpamCop when it also hit AHBL-GOOD with a net score of 0,
but not credit AHBL-GOOD otherwise. Of course, SpamCop could just fix
their issues with ISP mail servers. Who knows, maybe their stance is to
force ISP's into active defenses against zombies relaying through them???
Matt
and
broadband mail servers. Seems like common sense to me.
Matt
R. Scott Perry wrote:
SpamCop is a very important test, and I would imagine that with a
week's work, they could correct all issues with tagging mail servers
that handle over 50% of legitimate E-mail traffic in the US.
For years, I
, in
which case the value is even lower or nonexistent.
SpamCop is a very important test because it tags over 50% of the
typical mail volume, however I'm not looking to support a crusade
against AOL by blocking their E-mail.
Matt
Sanford Whiteman wrote:
Who knows, maybe their stance
technical tests.
Matt
Colbeck, Andrew wrote:
Matt,
That would be an excellent combination. Much as SPAMCOP plus SBL would be a
very, very good combination. And SPAMCOP plus SBL plus [insert favorite
DYNA/DUL test] would be practically perfect.
For my inbound mail, I don't mind
one's
mistake/oversight be corrected without me having to jump through hoops
to counteract it in some way. SpamCop is one of the most widely used
RBL's, and there appears to be nothing in their system that prevents
this mistake from happening ove
large ISP mail
servers are the most likely to have REVDNS spoofed.
Matt
Joshua Levitsky wrote:
Scott,
I was thinking about this whole FP thing and was wondering... can you
make like...
BYPASSip4r PTRmail.aol.com
BYPASSip4r IP 64.81.214.12/24
BYPASS
server though
causes me great pause.
Matt
Andy Schmidt wrote:
Hi,
Well, I simply use SPF PASS to assign a negative weight. Since AOL
implemented SPF, that automatically reduces any SpamCop effect to a
tolerable level, e.g.,
The following email had a weight of -13. Even if it was listed
uld fix this problem and greatly improve on their present reliability.
I'm not trying to knock SPF in this discussion, I just don't see it as
a real fix, especially for something this obvious. You don't blacklist
an AOL server after receiving less than 10 p
never know.
Thanks,
Matt
Andy Schmidt wrote:
Message
SpamCop has a very serious and obvious
problem, and I think it might be the result of a bug or something
because clearly this wasn't always the case. Imperfect as they may be,
SpamCop could fix this problem and greatly improve
Done.
Matt
Colbeck, Andrew wrote:
Message
Matt,
Option
1: http://www.spamcop.net/forum.shtml
which
provides a web page to the various forums and how to get to them
(web/nntp) and also a one-shot web forum post form for those not
interested in joining a forum. If you're
.
Matt
--
=
MailPure custom filters for Declude JunkMail Pro.
http://www.mailpure.com/software/
=
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E
engages in the
practice of spamming, then that should disqualify any IP address
belonging to them from consideration. Topica is of course another such
example, though they're not spamming from the bonded IP's...yet.
Matt
From [EMAIL PROTECTED] Sat Jan
17 13:54:17 2004
Received: from vm208-78
term to maintain bounce functionality in the
face of a problem that will likely get much worse over time. For now at
least, the issue is mostly mitigated since most such things utilize fake
users on joe-jobbed domains.
Matt
--
=
MailPure custom
feel like I was scammed. No big deal, it was easy enough
to fix. I might suggest that some consideration be made to Declude's
default inclusion and/or weighting of this test (scored at -20
currently).
Matt
Orin Wells wrote:
Forgive me if this has been addressed before, but I would like to
, for whatever
effect that may have. If others feel that I am wrong to do so, I would
encourage them to voice their opinions as well.
Thanks,
Matt
Cyan Callihan wrote:
Please send all of your complaints about virtumundo to [EMAIL PROTECTED].
I will investigate.
Cyan
-Original Message
(and report
itself to a site for tracking zombies). I guess the current crop of
zombified machines have been too heavily used and they want some clean
IP's to work with...
Matt
Dan Geiser wrote:
Hello,
I don't know if this type of test has been recommended before so I apologize
, pulled
their Bonded Sender status.
Matt
Kami Razvan wrote:
I
guess this qualifies as things that make you go h...
http://www.mailserveruser.com/email_deployment.html
Regards,
Kami
--
=
MailPure custom filters
that he uses
(which changes every week or so).
Matt
Marc Hilliker wrote:
Kami,
Maybe you already know this but just in case you or others don't,
mailserveruser.com is a domain that belongs to Green Horse Corporation (aka
atriks.com). There is quite a list of domains (60+?) that this group
introduced in JunkMail Pro v1.77 are not linked to from the site, and
won't be until there is a final release that supports this
functionality. For now, I will continue to share updates here with the
disclaimer in order to avoid confusion.
Matt
which
slipped through their system (became PayPal several years ago).
Might be a good idea to update the MAILFROM test for these.
Matt
Kami Razvan wrote:
Hi;
Can
a domain name have underscore in it?
If
not then we should really be in a position not to accept email from
domain
it would be fairly
likely to be someone like me just typing it in.
Sorry for the confusion with the empty domain string, I should have
checked this first before wondering out loud.
Matt
Pete McNeil wrote:
I don't
think Mailfrom can do it because parsing is limited.
In Message Sniffer I can code
first-party/identified messages
from a separate address block than the one above?
Matt
BTW, Josh, regardless of that RFC, you can't currently register a domain
name with an underscore, at least not a dot-com or dot-net. The fact
that Microsoft wrote that RFC makes it circumspect
that men do. I think that might have something to do
with women trusting things more, or at least being less skeptical. My
sample is still fairly small though.
Matt
Colbeck, Andrew wrote:
They're at least a self-inflicted nuisance, but I don't know if they're
spammers. I lump e-mail advertising
passing in a current score and
having the individual external tests handle what they do on their own.
I'm thinking that this might already be possible though, but I'm not
sure about what order they are processed in, and I'm not sure that
among others, Sniffer handles such a thing currently.
Matt
I was going to ask about this. If filters support this, only the most
recent interim release could be used. I think this might have been
Scott's way of announcing new functionality :)
Matt
Kris McElroy wrote:
I can't get this whitelisted any suggestions? The path to the filter file
BADHEADERS
hit?
Thanks,
Matt
Received: from mm-outgoing-101.amazon.com [207.171.188.101] by
**.com with ESMTP
(SMTPD32-8.05) id AA4B4210244; Tue, 20 Jan 2004 10:33:31 -0500
Received: from mail-ems-101.amazon.com by mm-outgoing-101.amazon.com
with ESMTP
(crosscheck: mail-ems-101.amazon.com
it
might already be enabled by Declude. The RBL's alone handle about 50%
to 65% of my deletions, and DNS caching probably makes quick work of
this stuff since the number of hosts is much smaller than the number of
messages, especially for legitimate E-mail.
Matt
Todd Holt wrote
(at least on my system). When sending from an
Exchange Web mail client, the BASE64 test also gets tripped, so this can
be problematic based on associations as well.
Would you please remove this from hitting, or at least give us an entry
to turn it off?
Thanks,
Matt
I'm using i20 currently. Note that IE and probably Exchange as well,
will allow a CC field with no To and it would previously produce the
same results, I mention this because you didn't mention the exception ,
only the BCC exception. People do of course send out to lists using the
CC field,
and JavaScript decoder built in...For now though, this technique
may very well prove more damaging than the non-obfuscated version if you
use that body check.
Matt
R. Scott Perry wrote:
How would you decode the zipped attachment to see what it is doing?
It is a
java script.
The attachment
Very much appreciated. Back when I did a review of hits for this, I
think it was over 95% FP's. Even if that isn't accurate, it's
problematic enough to allow us to turn it off.
Thanks,
Matt
R. Scott Perry wrote:
I'm using i20 currently. Note that IE and probably Exchange as well
, but it would provide
benefit if done properly. SKIPIFWEIGHT could also just simply be
appended with two number fields, one high, and one low, and Scott could
make that backwards compatible I'm sure.
Matt
Todd Holt wrote:
I would like to see the SKIPIFWEIGHT option removed. If we had
will prevent an all inclusive weightrange test
from taking action on an E-mail.
Matt
paul wrote:
Message
Hey guys, I asked this on Imail's
list as well, but thought I'd see what Declude users do/think:
What I'd like to be able to do, is
block all mail to a certain account, except
ems most
appropriate to discussions relating to spam though.
Matt
paul wrote:
This isn't something that I would generally try to
promote because of the complexity of maintaining it in most
cases, but for one's own daughter, it might make perfect sense.
Something of course though
will likely still find yourselves vulnerable to places like
SpamCop.
Basic Mailing List Management Guidelines for Preventing Abuse
http://www.mail-abuse.org/manage.html
Matt
Andy Ognenoff wrote:
The first thing I would do is check to see if your Internet provider has a
TOS
also does a good job with this stuff, so
between the two, I think I'm pretty well protected.
Attached is a copy of Kami's filter that was modified as described
above. I think this may improve your results.
Matt
Kevin Bilbee wrote:
I have been testing Kami's Nigerian filter and found
and was held.
MED-MAILPURE - Scored between 13 and 24 and was held.
LOW-MAILPURE - Scored between 16 and 24 and was held.
DELETE - Scored 25+ and was deleted.
Matt
TEST # FAILED Percentage
NOLEGITCONTENT...22,816...86.96%
DELETE...21,592...82.30%
IPNOTINMX
ps?hl=enlr=ie=ISO-8859-1scoring=dq=EmailLabs+group%3A*abuse*btnG=Google+Search
Also search for the domains that they use, which you should be able to
find.
Matt
Andy Ognenoff wrote:
Basic Mailing List Management Guidelines for Preventing Abuse
http://www.mail-abuse.org/manage.html
up.
Since I monitor this list closely, I'm very much ahead of the curve,
though not completely, and for those that don't read every message
here, they lose out on a lot of things.
Matt
Mike K wrote:
Scott:
Your abilities as a writer are fine. I have seem many of your explanations
on use
of this (i.e. too much discussion).
Matt
paul wrote:
I'll add my .02 worth to this
discussion:
What I feel would be the best as a
user:
1: Maybe instead of 1.76 betato
1.77 beta, it should've been 1.76 Release, with an update to the manual
about the new features of 1.76.
2
(almost
1/10th the size). Would you please consider adding the IP to this log
level.
If others think this is unnecessary, please chime in, I don't want to
push features that are exclusive to my own needs.
Thanks,
Matt
--
=
MailPure custom filters
I'll give that a try tonight. This might be a very nice happy medium.
Thanks,
Matt
R. Scott Perry wrote:
This is a feature request concerning the new/interim format of Log
Level Low. It would be nice to have the IP logged at this level, and
the need for this would otherwise cause me
don't care for individual MSG
Failed lines at this log level.
Matt
oid detection. Certainly the less information
you have, the harder it is to identify and track the spammer.
Matt
Keith Johnson wrote:
RE: [Declude.JunkMail] DNS Warnings
Is there a way to have something
we could take action on ifwhen Declude queries the DNS Server andlogs
aWARNING S
, , with 40% of my hold weight in
another filter which also helps protect from Joe-Job bounces, but at
least on my system, it's not causing problems with intercepting
legitimate bounces. Note that spammers will use the null sender
frequently as well.
Matt
Sanford Whiteman wrote:
I've
being
dictionary attacked, and in a distributed manner (Korean/Chineese
servers mostly). I'm sure that they were using someone else's domains
to do it as well.
C/R = BOUNCE
BOUNCE = BAD :(
I wish this wasn't true.
Matt
Todd Holt wrote:
Is it true that AutoWhite only works on WebMail?
Could
Is this maybe because he is using the same test multiple times?
Matt
R. Scott Perry wrote:
I am testing the HEADER action but for some reason it is not working.
Are you using MIME-encoded E-mail? Many mail clients will not display
header in MIME-encoded E-mail (which would nomally
for that eventually so that it can be turned on (HOLD action) during
times of need.
ANTI-AV v1.0.0
http://www.mailpure.com/software/decludefilters/anti-av/Anti-AV_v1-0-0.zip
Matt
--
=
MailPure custom filters for Declude JunkMail Pro.
http
to Scott instead :)
Matt
Kami Razvan wrote:
Matt:
I am curious about this since we recently ran into this issue.
It seems like now IMail (with version 8.x) sends the virus notices to
Declude with IP: 127.0.0.1 and no reverse DNS.
What that has done in our system is the virus alerts were being
of these E-mails, but you can cut down on
the bulk if it exists.
AOL of course is known to have issues, but it would make sense to cover
your bases before you tried to approach them.
Matt
marc catuogno wrote:
I am the e-mail admin for a real-estate company. They have access to a
program that allows
in the
warning that the last possible hit in the file will be noted in the WARN
action. This means that the filter will continue to do searches all the
way to the end of the file. The score though is properly capped. Could
you please take a look at this.
Thanks,
Matt
ously
non-responsive regardless. If he finds the right person and the
process turns out to be easy enough, it's still a good idea to get his
ducks in order so that future problems might be prevented. I'm quite
sure that this is good advice.
Matt
Sanford Whiteman wrote:
The first step woul
of spamliness).
ANTI-AV v1.0.1
http://www.mailpure.com/software/decludefilters/anti-av/Anti-AV_v1-0-1.zip
Matt
--
=
MailPure custom filters for Declude JunkMail Pro.
http://www.mailpure.com/software
Scott,
I'm running 1.77i23 currently. I have verified in other situations that
this seems to work, even with this same filter, however in the example
below, it definitely didn't.
Matt
- KAMI-COMBINED -
SKIPIFWEIGHT28
MAXWEIGHT 8
MAILFROM 8ENDSWITH
Ok, I see it now :)
Damned if I didn't double check that one twice and made the same mistake
both times. Sorry, I didn't mean to send you on a wild goose chase on
this one.
Matt
Matt wrote:
Scott,
I'm running 1.77i23 currently. I have verified in other situations
that this seems
I was
AOL, this wouldn't be such a good thing to do though because they don't
monitor or interact with their customers. Good catch.
Matt
marc catuogno wrote:
Thanks for the discussion. I have my webmaster trying to create an
alternate flyer directly from our website that will not include the URL of
th
and the trouble there). I would imagine that you could separate it out
by using forwarding instead of aliasing, but that would need to be
tested for accuracy.
Matt
Joshua Levitsky wrote:
Scott or anyone else that knows...
Weird thing. I just started using
MAILBOX JunkMail
As an action for mail
.
Matt
Todd wrote:
Anyone using a registrar that they like? I want to get some of my
clients accounts off of NetSol. I have some registered at
www.dotearth.com but I would like a registrar that I can maintain
multiple domains from a central interface like at NetSol.
Thanks,
Todd Hunter
checks out fine, that IMail isn't calling Declude under
the context necessary to log on a network share.
Disclaimer: I'm stabbing in the dark and 9 times out of 10, things like
this turn out to be the result of "user error," affectionately referred
to an "ID ten T" error
Darin,
Scott corrected me shortly after my post. Declude does create a
Subject line when none is found. It was a bug somewhere (Declude,
IMail or otherwise) that created the situation where there was no
Subject present after being scanned with Declude (if that's what
happened).
Matt
Darin
, and their
site is on an address range that is different from their mail server. I
would hate to have to tell clients that they have to change the name of
their SMTP server if it's called mail.
Thanks,
Matt
--
=
MailPure custom filters
= 86400.
This is messed up enough that I'm going to tell the client to point
everything at my server. I've already been through two different issues
with their hosting provider last week and this seems too funky to want
to deal with any more.
Matt
R. Scott Perry wrote:
I have a client
would prefer to not do that for obvious reasons.
Matt
John Tolmachoff (Lists) wrote:
One thing they could do, is restrict incoming e-mail by IP address to only
your server IP.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-Original Message-
From: [EMAIL
think that you could score reliably, and ask questions/discuss
strategies on this list. It won't happen overnight, but it certainly
will improve if you work at it.
Matt
ITG Lists wrote:
Hi all,
RANT
We got hammered today with failed delivery messages, as most of our email
addresses were set
that exceed 1 million messages a day from a single IP address.
Matt
Darin Cox wrote:
Anyone know anything about DRCI Inc.
(www.drci.us)?
I have a hosting customer who signed
up with them (without my knowledge) to send out a mailing to a
supposedly opt-in list
2000.
The newer version is hardly mature, and it appears that just like XP
made the 2000 core unstable, 2003 also repeats many of the same
mistakes. 2003 is of course fancier, but the apps you are looking to
use make little use of what the newer version might provide.
Matt
Hirthe, Alexander
se it's obvious that they only to to their
customers and they have a proper opt-out mechanism. Personally I find
them annoying and too frequent, however some might not agree and I'd
rather give them the choice.
Matt
Darin Cox wrote:
Thanks, Matt. I had followed the
links to see the link to P
.
http://www.onlineworkshop.net/misc/MIME_Types_in_IIS.htm
Matt
Doug Anderson wrote:
That's what I'm trying to get away from. Actually
have it pop up to open or download. my users have problems
understanding right click.
Plus I'm rewriting it so that have to enter
username
"thinks" their E-mail address is.
Maybe a different test would be better, though, maybe this is just as
reliable as the existing MAILFROM tests...but I doubt it.
Matt
Kami Razvan wrote:
Hi Scott:
Thanks ... A while back I was suggesting a simple test that can at least
validate
can't
even handle keeping Windows Explorer functional after cutting and
pasting from a mapped drive, and it's been what, two years since it was
released?
Matt
Mark Smith wrote:
2003.
It's MUCH more secure than 2000 because many services are not enabled by
default which is the case in 2000
Maybe I'm missing something, but why is IMail handing Declude a file
named with an underscore and tilde? This is a locked file according to
Ipswitch. Naturally this might be standard for IMail and Declude, but
I thought the full and unmodified name/file was used???
Matt
Keith Johnson wrote
the domain name to an IP address and look for
patterns.
BTW, was this a large domain that's being attacked, or do these guys
just simply stupid abusive idiots (as opposed to smart abusive idiots I
guess)?
Matt
Dave Doherty wrote:
Hi, everyone-
I've seen dictionary attacks before
directly hacked (therefore exposing the previous
hops). Just guessing of course.
Matt
--
=
MailPure custom filters for Declude JunkMail Pro.
http://www.mailpure.com/software/
=
---
[This E-mail
Blackholes.us has text files for other countries, Taiwan for instance,
but you would need to code this up for your router from what they provide.
Matt
Jason wrote:
Try running Black ICE on the server. It does a pretty decent job of
auto blocking dictionary attacks. We have it set to close
are in constant flux.
Matt
Robert Shubert wrote:
I recently turned on the IPNOTINMX and NOLEGITCONTENT filters to see how
they work. They seem to do more harm than good, for instance I weight 10
SPAMCOP since that service works well for me, but these filters lowered
the weight so that spamcop (only) spams
1 - 100 of 1396 matches
Mail list logo
