Hello All,
I've been searching the archives to do with false positives with the
outlook Boundary Space Gap vulnerability, and found a post
(http://www.mail-archive.com/declude.virus@declude.com/msg12093.html)
that seems to cover the same problem as I've found, whereby the senders
use Outlook
Hi David,
They are .sm$ files which all seem to be spam that have been 'ATTACHED'.
What is the content of the D file? Eg, is it spam, legit,
list request ?
David B
www.declude.com
Email checked by UKsubnet anti-virus service
To prevent
Hi, just noticed I have orphan D files in the proc/work directory. Why
would this be? Shouldn't they at least be moved back into \spool ?
Regards,
Lyndon Eaton
E: [EMAIL PROTECTED]
T: +44(0)8712360301
F: +44(0)8712360300
For all your consumable requirements
www.premier-consumables.co.uk
.
What am I missing? Could anyone point me in the right direction?
Thanks.
Lyndon Eaton.
Email checked by UKsubnet anti-virus service
To prevent email abuse block spam
contact [EMAIL PROTECTED]
Tel: +44(0)9063407727 (calls cost £1.50/minute)
Fax: +44
OK thanks for confirming.
Regards,
Lyndon Eaton
John is correct we are replacing the Console with new
functionality. This is currently in design and we will update
you just as soon as we have a clearer picture of the delivery date.
Email
the paramerters for LOGLEVEL changed, or is it a bug?
Regards,
Lyndon Eaton
E: [EMAIL PROTECTED]
T: +44(0)8712360301
F: +44(0)8712360300
Email checked by UKsubnet anti-virus service
To prevent email abuse block spam
contact [EMAIL PROTECTED]
Tel: +44(0
PROTECTED]
Subject: Re: [Declude.JunkMail] Attach action
Why don't you just report on the Declude logs? Then you can
parse it to see how many spam and non-spam messages are sent
and received.
Darin.
- Original Message -
From: Lyndon Eaton [EMAIL PROTECTED]
To: [EMAIL
, but does anybody have any
other ideas as to how this can be done?
Regards,
Lyndon Eaton (CASE)
E: [EMAIL PROTECTED]
T: +44(0)8712360301
F: +44(0)8712360300
Email checked by UKsubnet anti-virus service
To prevent email abuse block spam
contact
Thought you all might like to have a laugh at this:
www.unsubscribenow.org
Bit of a con really...
Email checked by UKsubnet anti-virus service
To prevent email abuse block spam
contact [EMAIL PROTECTED]
Tel: +44(0)8712360301 Web:
Thanks Scott,
I did just work this out and was about to post back to the list when I
read your reply.
Many thanks for your response!
Lyndon.
-Original Message-
From: R. Scott Perry [mailto:[EMAIL PROTECTED]
Sent: 14 May 2004 17:06
To: [EMAIL PROTECTED]
Subject: Re:
Hi Jeffrey,
You'll need to provide a little more information than that. All that log
snippet shows is that domain.com isn't local, which in itself is not an
issue or a reason to not deliver an email (providing you are allowing
relay for the sender).
Declude HiJack will only block emails based on
I should be able to help you there, what's the problem?
-Original Message-
From: serge [mailto:[EMAIL PROTECTED]
Sent: 17 April 2004 16:06
To: [EMAIL PROTECTED]
Subject: [Declude.JunkMail] MS DNS and SPF
Need assitance setting my SPF records on windows DNS
Anyone ?
I'm interested.
Thanks.
Original Message
From: Bud Durland
Subject: [Declude.JunkMail] New test
Date: Wed, 14 Apr 2004 06:05:40 -0700
I am testing a small external test program. A message fails the test if
there is an discernable IP address in the HELO entry of the message.
These
So that makes it unusable for dial up connections.
Still can be usefull for our wireless clients, those are
assigned fixed IPs. But we will have to hijack white list
all the Dial up IPs, correct ?
No it still works for dialups - We have dynamic static users and have
not had this problem.
I only know the answer to point 1, this would count as 20 messages.
Don't think 2 or 3 are possible.
I also have a question about HiJack... Authenticated users are still
bound to the hijack limits aren't they?
-Original Message-
From: Serge [mailto:[EMAIL PROTECTED]
Sent: 06 April
We've just upgraded from Imail 6.06 to 8.05 (but now 8.1 is out).
I really wanted to upgrade because there are a number of issues with v6
(and I believe pre 7) that I didn't think were good at all. Small % of
miss deliveries, trying to send mail to domain A records instead of MX,
display bug
Hi Scott,
Having added PREWHITELIST ON in my GLOBAL.CFG file, my server still
seems to be running the SPFFAIL test on 'local'/whitelisted IP
addresses. Any ideas?
Thanks,
Lyndon.
Email checked by UKsubnet anti-virus service
To prevent email
Sorry, I also have a WHITELIST AUTH.
Email checked by UKsubnet anti-virus service
To prevent email abuse block spam
contact [EMAIL PROTECTED]
Tel: +44(0)8712360301 Web: www.uksubnet.net
Fax: +44(0)8712360300
Powered by UKsubnet Internet Service
Hi Scott,
I'm running 1.78i28.
PREWHITELIST is only entered once in the global.cfg, so no overriding. I
have 7 whitelist lines in the global.cfg, three are IP ranges, three are
domains, and the 7th is an ANYWHERE whitelist. In the Global.cfg,
PREWHITELIST ON is above my WHITELISTs (if that makes
Hello all,
I've recently added SPF records to all our domains and want to keep a
close eye on which users are not sending mail out through our server
(via my DNS server logs), and which emails we are receiving that are
failing SPF checks.
I'm getting a lot of fails in the SPF log from my own
To do that, you can add a line PREWHITELIST ON to the
\IMail\Declude\global.cfg file. With that line, Declude
JunkMail will
prevent tests from being run for many of the various types of
whitelists
(including the WHITELIST IP lines in the global.cfg file).
Ahh brilliant. Thanks for
Last week (I think) I sent an email asking how I can see why an email
failed the BADHEADERS test when I'm also using the ATTACH action.
The answer was that the WARN headers would have been displayed in the
spamattach email.
I've had another email where I could do with identifying why an email
Hi!
I'm running Declude v1.78i28 and have just noticed the HiJack info is
not appearing in the console. I've had a look through the archive and
noticed a previous interim has this problem, the post indicated
upgrading to a later interim...
Regards,
Lyndon.
My fault! Sorry...
The console was appearing, and everything in it but the relay section. I
didn't wait long enough for a host that wasn't whitelisted to send to me
:)
Sorry
Lyndon.
-Original Message-
From: R. Scott Perry [mailto:[EMAIL PROTECTED]
Sent: 26 March 2004 18:12
In that case what registrar do you use Todd? Im with Tucows and never
had such calls either.
-Original Message-
From: Dave Doherty [mailto:[EMAIL PROTECTED]
Sent: 25 March 2004 19:46
To: [EMAIL PROTECTED]
Subject: Re: [Declude.JunkMail] OT: Sales call on new domain
Todd-
Have you tried WHITELISTing your internal IP range?
-Original Message-
From: Kaj Søndergaard Laursen [mailto:[EMAIL PROTECTED]
Sent: 24 March 2004 14:22
Hi
I finally got spf set up for my domain. I'm running Imail +
declude as a
gateway scanner, so it only relays mail to and
Hello guys,
I may be wrong but I think I read somewhere on the list that an email
failed the CMDSPACE test when it shouldn't have?
Would somebody mind checking these headers to see if this email should
have failed the CMDSPACE test also? If you need anything else please let
me know, Thanks!
They also fail the helobogus. These would not normally be a problem
because the vast majority of clients are within our dialup/xDSL or lease
line range that is already white listed. This client unfortunately has
broadband through another provider!
I had a (mini) brain storm and added WHITELIST
WHITELIST AUTH can work only if you use SMTP-Authentication
to allow relaying trough your server.
Yep I know. But as we're only using Imail 6 ATM the WHITELIST AUTH does
not work (although the clients are authing).
If your clients connects from a defined IP range(s) you can
use the same
SPF does not prevent SPAM, only spoofing - which in turn can reduce
spam. I don't even run the SPFPASS test because I think its quite
pointless. If I receive an SPFFAIL on the other hand I block the email
straight away - don't even bother weighting it.
If a spammer adds SPF to their own domain,
-Original Message-
From: Kevin Bilbee [mailto:[EMAIL PROTECTED]
Sent: 17 March 2004 22:03
To: [EMAIL PROTECTED]
Subject: RE: [Declude.JunkMail] Block on HELO
Yes, it would do the trick. As long as they never travel,
dial another ISP, and use your server.
Kevin Bilbee
In
There are certain domains that we used to use the WARN action for say
the BADHEADERS test, and the warning would give you a little code to
find out what exactly was wrong with the header.
The WARN action on this test is still there, but another one of the
tests uses the ATTACH action.
In the
So they are - apologies.
Didn't think they'd be there because that's the email from my server,
but I guess it makes sense.
-Original Message-
From: R. Scott Perry [mailto:[EMAIL PROTECTED]
Sent: 18 March 2004 17:26
To: [EMAIL PROTECTED]
Subject: RE: [Declude.JunkMail] WARN
I've seen a few spams that use the IP address of my server (the
receiving server) as their HELO:
Received: from 194.164.103.70 [219.128.180.36] by mail.uksubnet.net
(SMTPD32-6.06) id AB451525028C; Wed, 17 Mar 2004 04:59:49 +
194.164.103.70 is my IP address, they use it, but are really in
While you are att it you will also see many spoofs of you domain name
I would also suggest adding
HELO xx IS mydomainname
Kevin Bilbee
Good thinking, thanks.
Email checked by UKsubnet anti-virus service
To prevent email abuse block
If you have a client that say for instance is being blocked
on port 25, they may have Netscape configured with their
E-mail address from your server, but they would be using the
SMTP server of their ISP. The HELO is often passed intact
from the client to the destination.
Really? I
Yes Kevin I think you would be right. A Netscape/Mozilla user sending
mail through another ISP for a domain on my server may pass the
'sending' domain in its HELO to the server, but that server should then
not pass the same onto my server - if it did I guess that ISP would have
big problems.
And
-Original Message-
From: Matt [mailto:[EMAIL PROTECTED]
I think the important lesson is to understand that there are often
exceptions. This filter has hit some of my customers who have boxes
doing automated notifications with their own SMTP engine (such as
Windows 2003), and if
In the global.cfg file the two lines I've added for SPF are:
SPFPASS spf passx
-5 0
SPFFAIL spf failx
8 0
What I would like to know is what SPF responses fall under the SPFFAIL,
and SPFPASS
If the SPF processing produces a result of PASS, then the
SPFPASS test will
be triggered. If the SPF processing produces a result of
FAIL, then the
SPFFAIL test will be triggered. Anything else will not
trigger either of
those tests.
So if there is a match on:
~ softfail
+ pass
?
Hi Scott,
Just trying to test the SPF rule on one of my domains, and set the SPF
record to -all (so that any email from that domain should be an SPFFAIL.
However my IP range is white listed so I can't test it.
Would it be possible for you to add an SPFPASS and SPFFAIL to your Test
Spam Sender
Would adding the following in the global.cfg cause Declude any problems?
What I'm trying to achieve is to use the same 'rule name' in all the per
domain configs for the multiple responses, with some exclusions (like
DUL - Note 127.0.0.2 is not listed among the FIVETEN's and 127.0.0.10 is
not
It turns out
that several of the tests provided in the original config
have since been turned off (no this is not Scotts or Decludes
fault, its our fault/problem for just not having enough time
to read up everything for every single server we have). So we
removed all of the monkeylists
Amazing!
-Original Message-
Yes. Apparently, a small percentage of their customers complained that
the
Message-ID: header included information they did not want others to
see. Instead of adding an option to either disable the Message-ID:
header
or alter the content used in it, they
First I'd heard about SPF. Sounds like a way forward!
On the SPF site is says SPF is supported by Declude, how can I begin to
check inbound emails for SPF?
Regards,
Lyndon.
Email checked by UKsubnet anti-virus service
To prevent email abuse
Thanks for that Scott!
One more question, In the event we want to reject an email that fails
the SPF test for a SPF participating domain, is Declude able to reject
incoming emails before receiving the message body? IE terminate the SMTP
connection?
Regards,
Lyndon.
-Original Message-
What is the best way to implement SRS in Imail? Maybe one for the Imail
list (or SRS somewhere).
Regards,
Lyndon.
Email checked by UKsubnet anti-virus service
To prevent email abuse block spam
contact [EMAIL PROTECTED]
Tel: +44(0)8712360301
You can use SPF to just check. But it would work best when you do both.
Otherwise if nobody implemented, nobody would have anything to check
against - catch 22.
By implementing you also protect your own domain(s) from being spoofed
(providing the recipient checks against SPF). The more publicity
That's a real shame! If you received a negative response from an SPF
participating domain, you should be able to reject the message straight
off. That way you aren't left 'carrying the can' so to speak, and the
email gets stuck with the HiJacked server or the spammer. Similar to how
AOL reject
There are four, - fail, ~ softfail, + pass ? Neutral.
There are also:
error (if the DNS fails)
unknown (if the syntax is unrecognised)
none (if there is no SPF info)
How do these difference responses work? Apologies if these have already
been covered...
-Original Message-
From: Kevin
I get a lot of E-mail that would fail SPF that is in fact valid. A
lot of mail scripts and E-commerce sites are set up to send E-mail
notifications with the Mail From generated from a user submission
(since one can just simply press reply in order to respond).
Many e-commerce sites
Also to add to Matt's comments a lot of problems also come up
with web forms. This is one reason we have not yet
implemented SPF for our server.. Have not taken the time to
figure out ..
Wouldn't this be similar to a mail forwarder? Whereby implementing an
SRS system would get round the
There is also nothing stopping a static bulk mailer from
implementing SPF on their own system, and to my knowledge,
there is no way to stop that from happening.
That is correct. As somebody else has said passing the SPF does not mean
the email isn't spam, and as SPF states it is aimed to
After reading up on SPF, Caller-ID and Domain Keys, I'm backing SPF!
I prefer SPF over caller-id because is looks like SPF is being pushed by
the internet community in general, making it easy to adopt by all.
Caller-id on the other hand is being developed and pushed my Microsoft
(trying to take
The concept behind BONDEDSENDER seems to be the same as HABEAS. But if I
understand things correctly, Declude can not treat the two in the same
way.
To use HABEAS headers you simply enter WHITELIST HABEAS in the
global.cfg. And by using this an email could fail every rule you have
(but pass the
55 matches
Mail list logo