] On Behalf Of IS -
Systems Eng. (Karl Drugge)
Sent: Monday, May 14, 2007 10:23 PM
To: declude.junkmail@declude.com
Subject: RE: [Declude.JunkMail] Header Information Util...
Message tracking won't tell me what specific email in an exchange email
box is the one I am interested in.
Maybe I'm not explaining
I am hoping the people here can help me. It's not Declude specific, but
I consider the experts here as the most knowledgeable on SMTP and Email.
I am looking for a script/utility to pull the header information out of
every email in an Outlook/Exchange inbox. I want to be able to pull the
sending
be used to do it.
Darin.
- Original Message -
From: IS - Systems Eng. (Karl Drugge) [EMAIL PROTECTED]
To: declude.junkmail@declude.com
Sent: Monday, May 14, 2007 5:45 PM
Subject: [Declude.JunkMail] Header Information Util...
I am hoping the people here can help me. It's not Declude specific
.
- Original Message -
From: IS - Systems Eng. (Karl Drugge) [EMAIL PROTECTED]
To: declude.junkmail@declude.com
Sent: Monday, May 14, 2007 6:13 PM
Subject: RE: [Declude.JunkMail] Header Information Util...
Because the emails I have left are from a range of times/dates, and
they're on an Exchange
Anyone else seeing a major reduction is spam the past week ?
I usually see about 14-15k messages daily, but since Monday have dropped
off to about 8k... Did the recent arrests and law suits have a result
this early ?
Karl Drugge
B.S.I.T., A.S., M.C.S.E. ( NT 4.0, 2000, 2003 ), M.C.S.A. (
This shouldn't be an issue for most of us. My DMZ boxes are already as
hardened as I can get them, with the firewall ( ingress and egress ),
patches, and IP filtering. I would think that most ISP's and corporate
networks would be using the same techniques. We gave up relying on M$
and other vendor
: IS - Systems Eng. \(Karl Drugge\)
[EMAIL PROTECTED]
Sent: Wednesday, March 21, 2007 9:35 AM
To: declude.junkmail@declude.com
Subject: RE: [Declude.JunkMail] Filtering question
Oh well, didn't think there was. I just wanted to get a statistical
sampling of what I was deleting.
Karl
I am trying to get some stats off of my Declude. It would help if I
could set Declude to send me every fifth, or tenth, or one hundredth
email that I have set to delete, or route-to.
Is there a way to do this ?
Karl Drugge
---
This E-mail came from the Declude.JunkMail mailing list. To
@declude.com
Subject: RE: [Declude.JunkMail] Filtering question
Hi Karl,
Unfortunately not, we don't count emails other than in the console.txt
file
David
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of IS -
Systems Eng. (Karl Drugge)
Sent: Wednesday, March 21
Those are not the only DNS attacks...
TWC had one as well, I believe. One of their servers was knocked off the
net two days ago. I was monitoring my DNS changes at network solutions,
waiting for propagation and I kept getting random packet loss on it.
Karl Drugge
-Original
Anyone seeing a reduction in incoming SPAM ? I've been looking at my
morning reports, and my incoming mail is off by 30 percent or so for the
past two weeks.
Typically, I'll see 12-15k messages a day, but lately it's been 9-12k. I
can't believe I'm the only lucky one...
Karl Drugge
at twtelecom.net ?
Andrew.
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of IS - Systems Eng. (Karl Drugge)
Sent: Wednesday, January 31, 2007 5:23 AM
To: declude.junkmail@declude.com
Subject
Guess they got the issues fixed in Asia that was keeping the spammers
offline
Karl Drugge
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail. The archives can be found
at
Looking for a tool that works with Outlook/Exchange..
I'd like to be able to pull all the header info out of any messages in a
particular folder.. like last-hop IP, domain name, that kind of stuff.
Once a week, I copy all messages sent/rev'd in the past few days into a
sort folder, and then
EXACTLY why we have the city attorney and another legal specialist
helping to formulate our own new policy. Best to invest some real $$$
now, before we get sued for our ignorance ( and )
later.
Karl Drugge
-Original Message-
From: [EMAIL PROTECTED]
applicability to your own needs. Your needs are
governed by Florida's Government-in-the-Sunshine laws which allow for
public inspection of most records.
Matt
IS - Systems Eng. (Karl Drugge) wrote:
EXACTLY why we have the city attorney and another legal specialist
helping to formulate our own new
in question.
.
.
Lots of good stuff
.
.
.
Matt
IS - Systems Eng. (Karl Drugge) wrote:
True, I'm covered by different laws..
But in regards to keeping 'legal', in all senses of the word, especially
when you are discussing 'home grown' versus 'off the shelf
List up ? Nothing in a day or so
Karl Drugge
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail. The archives can be found
at http://www.mail-archive.com.
---
This E-mail
Interesting.. I ran some scripts against the blklst.txt file, and it
shows I am already blocking the most active connections. About the only
thing I can really see, is that the SPAM is coming from hundreds of
IP's, with only a few from each one. I was kind of shocked by the extent
of it, figuring
.
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of IS -
Systems Eng. (Karl Drugge)
Posted At: Monday, December 11, 2006 4:33 PM
Posted To: Lists - Declude JunkMail
Conversation: [Declude.JunkMail] New Reporting Tool
Subject: RE: [Declude.JunkMail
This keeps track of all emails processed ?
Karl Drugge
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
David Barker
Sent: Monday, December 11, 2006 5:12 PM
To: declude.junkmail@declude.com
Subject: RE: [Declude.JunkMail] blklst ON
I must have
.
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of IS -
Systems Eng. (Karl Drugge)
Posted At: Thursday, December 07, 2006 1:53 PM
Posted To: Lists - Declude JunkMail
Conversation: New Reporting Tool
Subject: [Declude.JunkMail] New Reporting Tool
The newest PERL script
The newest PERL script. Slices, dices, etc ... Throw it in a directory,
edit a few environment variables at the top of the script, dump in a few
Declude logs, run it, enjoy. Requires PERL, of course.
Added two command line switches : 'day' and 'week' . Day does the
previous day, week does
Subject: RE: [Declude.JunkMail] Undocumented Directive 4.x
Mmm maybe I had them put it in a bit later. I think it is definitely in
4.3.14 ...
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of IS -
Systems Eng. (Karl Drugge)
Sent: Monday, December 04, 2006 2:11
Running v4.3.7 for SmarterMail, and I don't have any blklst.txt file
anywhere on my disk Do I need to upgrade to a newer version ?
Karl Drugge
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
David Barker
Sent: Monday, December 04, 2006
:[EMAIL PROTECTED]
Sent: Thursday, November 02, 2006 3:45 PM
To: IS - Systems Eng. (Karl Drugge)
Subject: RE: [Declude.JunkMail] Results ! 92.9 percent delete rate...
Importance: High
Hi Karl,
I have to ask Off List and hope you don't mind.
Would you consider selling me a copy or a license
Wow ! FUN weekend ! Internal Exchange server lost two drives
simultaneously on a RAID 5 stripe early Friday... Then on rebuild
started dropping random drives. Needless to say, Dell backplanes are a
little hard to come by on a weekend.
Anyway, after we get the Exchange box back Saturday, it turns
Hi,
Where did you get the declude log reader from?
Kindest Regards
Craig Edmonds
123 Marbella Internet
W: www.123marbella.com
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of IS -
Systems Eng. (Karl Drugge)
Sent: Thursday, November 02, 2006 7:13 PM
I did DL a copy some time ago, and it didn't really fit my needs, hence
writing my own. Not to say DLAnalyzer isn't a good product, but for the
4 or 5 things I need done on a regular basis, mine works better for me
and my site. If I was running multiple servers, or needed some of the
advanced
I've been using my own, written in VB.net . Quick and dirty, but it gets
the job done.
Been thinking of porting it to run under a web page and selling it for
cheap if there was an interest.
Karl Drugge
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
.
Darrell
---
Check out http://www.invariantsystems.com for utilities for Declude,
Imail,
mxGuard, and ORF. IMail/Declude Overflow Queue Monitoring, SURBL/URI
integration, MRTG Integration, and Log Parsers.
IS - Systems Eng. (Karl Drugge) writes
Getting pelted here... Mostly from cinci.rr.com...
Karl Drugge
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Scott Fisher
Sent: Tuesday, September 19, 2006 2:29 PM
To: declude.junkmail@declude.com
Subject: Re: [Declude.JunkMail] Spam Spike
I've been trying to filter some SPAM that is using a false FROM domain.
Stuff is coming from overseas ( spammachine.spamsite.spammer.pl
[99.99.99.99] ), but is using a false from domain, such as (
[EMAIL PROTECTED] ).
This stuff would fail, except DECLUDE shows it as coming from a .edu,
and
Maybe you dont really want to
whitelist
What we do here is use a FROMFILE, and assign
a large negative point value to all domains or individuals on that list. We
still suffer with forged return addresses, but thats fairly minimal.
It tends to work a little bit better then
John,
I had some of the same issues, and cured
all leakage by disabling Hi-Jack. Give it a shot.
Karl Drugge
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John
Doyle
Sent: Monday, July 24, 2006 1:05
PM
To:
I've been seeing it too. I finally tracked it down to Hi-Jack. Disable
Hi-Jack, and you should be good ( I just renamed the config file, so I
can restart it as soon as this is fixed ). Somehow, Hi-jack grabs the
message before Declude kills it.
Karl Drugge
-Original Message-
I looked through the manual, but didn't see this defined...
I want a test that applies 10 points if a certain string appears in the
body of a message a number of times...
So if, for example, 'replikas' appears 5 times, and I want to apply ten
points only if that string is there 5 times or more,
BODY 2 CONTAINS replikas
Michael Thomas
Mathbox
978-683-6718
1-877-MATHBOX (Toll Free)
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of IS - Systems Eng. (Karl Drugge)
Sent: Friday, July 14, 2006 1:52 PM
To: declude.junkmail
Anyone ?
Karl Drugge
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of IS -
Systems Eng. (Karl Drugge)
Sent: Friday, June 30, 2006 10:14 AM
To: declude.junkmail@declude.com
Subject: [Declude.JunkMail] Message Syntax...
I am getting some
I am getting some of the typical messages through... the ones with just
a linked image in the body.. I am wondering how the syntax for the
linked image works .. I have a line :
src=cid:stuffhere$stuffhere$stuffhere
What is the syntax, or what do the sections break down into ? Is it
I've been seeing this for weeks. I reported it, and I believe they are
working on a fix.
Sometimes Declude doesn't put ANYTHING in the headers. Kind of hard to
figure out why something got through in the meantime, though..
Karl Drugge
-Original Message-
From: [EMAIL
I can confirm that.
If a single email address is white listed,
then all of them get white listed.
The
solution was a line like this : BYPASSWHITELIST bypasswhitelist 45 6 0 0
If an
email was over weight 45, AND it also had 6 or more recipients, than it
bypassed the white-listing
Eng. (Karl Drugge)
To: Declude.JunkMail@declude.com
Sent: Tuesday,
January 17, 2006 3:17 PM
Subject: RE:
[Declude.JunkMail] Whitelisting email address
I can confirm that.
If a single email address
is white listed, then all of them get white listed.
The solution
, money and
frustration. It's not fair if it is avoidable. Please reconsider
your choices. Maybe we can help you figure out a better way to deal with
this.
Matt
IS - Systems Eng. (Karl Drugge) wrote:
I hold at 20, bounce at
40, and delete at 60.
I realize bouncing is
bad, but were
I block that entire class A Nothing
but issues with the entire range. If someone gets blocked, they can call a user
and have them request an exception.
Karl Drugge
-Original
Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mike K @
Weve been getting a LOT of emails from 9
particular IPs, Im talking about 60-70% of incoming. Nothing but
30+ recipient emails, with non-existent email addresses on our domain. The
majority of them dont even have one valid address on my domain.
Its all getting caught in our
filters and
I am currently using SPAMCOP, and pretty happy with it, but
wouldnt mind adding another.
What is everyone else using for an external RBL ?
Karl Drugge
B.S.I.T., A.S., M.C.S.E. ( NT 4.0 + 2000 ), C.C.N.A.,
C.C.D.A., Network+, A+
I dream of the day when
I will learn to stop asking
Quick question on the global.cfg file
I upgraded to 3.0.5 yesterday. Working great so far. I want
to add the SPFPASS and SPFFAIL tests.. what is the format ? I want to subtract
7 points for a pass, and add 7 points for a fail( if theyre too
stupid to have an SPF by now )
I have this,
Argh. I know this has been covered buy I can't find it in my own
archives from the group..
Where do I define per user tests ? I am trying to use the REDIRECT (
REDIRECT [EMAIL PROTECTED] c:\dir\dir\username.txt ) statement to point at
a username.txt with their own configs in it. Particularly
OK, I guess I can deal with that. A bit processor intensive for one PITA
user, but if that's the way it is...
If I define the tests ( ie: a fromfile ) in the global.cfg, how do I
make it apply for only one person in the $junkmail file ? I thought
points were assigned in the global.cfg, and the
Ahh. OK. I am getting it now. So, to whitelist for that particular users
fromfile, I would set the test to assign weight 0 in my global.cfg, and
then in the users config file ( a renamed copy of the $junkmail file ),
I would use a ROUTETO statement ?
Is this correct ?
Karl Drugge
Do what I do I have
a rule defined that subtracts the points my REVDNS rule adds, and put the
domains I ned to get through in that list. Kind of clunky and mna-power
intensive, but it works for me. I couldnt imagine doing it for hundreds
of domains
Karl Drugge
I don't care how much you monitor, you are NOT going to get a 100%
capture rate with no false positives. If there was a way to do that,
Scott would be a millionaire by now, and have twenty or thirty death
threats from spammers. You can get close, like maybe a 90% or 95% if
you're super particular,
I have a client that is getting HAMMERED
by mass SPAM emailings. In excess of 500,000 emails a
month are getting deleted on an 80 user network. His Internet connection is
totally flooded. Ive been
working with him over the past 9 months or so and have been trying to track things
down to a
Looking at some logs for a client, and was slightly horrified. This guy
runs DECLUDE on a P-3 333mhz machine with 256 meg of RAM, off of half a
T-1. He WAS running about 2/3's of this level last month. Keep in mind,
he only has 80+/- users. He is getting about 95% kill ratio on his SPAM.
He has
Title: RE: [Declude.JunkMail] More and more email getting past Declude
Theyve cleaned up their acts. I am seeing a lot of stuff come straight through with a single hit. It ALMOST seems like if mail fails a few tests, its legit !
Karl Drugge
-Original Message-
From:
Just double checking, but we do NOT have a way to block specific
attachments in Declude JM Pro, correct ?
Karl Drugge, Systems Network Engineer
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.
For anyone who wants this, here's a new script that will sort your
delude log files and gives a simple easy to read report. This ones been
cleaned up since the last one, and takes into account garbled and
corrupt log files. Much easier to use, and no file renaming required.
The only thing you have
Not to bash Scott, who is the freaking GOD of SMTP traffic.. but EEWWW..
yuck. FIND will work, but I'd have to wash my hands afterwards. My
computer is supposed to do my work FOR me, on a daily basis, and mail me
my checks at home ! ( I wish ! )...
Just write up a quick PERL/WSH/Shell script to
While I haven't seen this particular type of attack, I do have one
client that is seeing something very similar. He is getting mail-bombed
from numerous spam sites/IP's.. he is rejecting over 300 an hour, and
this is for a site with only a 512k connection and 50 users... It's been
happening for
This is precisely what we do, although not to the tune of 150k messages
a day. Imail and Declude make an AWESOME gateway mail server. Only when
external contact is required ( in or out ) do we actually have to touch
the Imail/declude box. Our internal Exchange server isn't bothered with
all the
61 matches
Mail list logo
