Hi Scott,
Had to watch the Dolphins loose... I/m
back now.
Here are the default file, global file, header and
logs. Sorry, I only had low logging at the time. Can you tell why
this one made ut through?
Thanks..
GLOBAL FILE:
DSBL ip4r list.dsbl.org * 6 0
MONKEYFORMMAIL ip4r formmail.relays.monkeys.com * 7 0
MONKEYPROXIES ip4r proxies.relays.monkeys.com * 7 0
ORDB ip4r relays.ordb.org * 5 0
OSDUL ip4r relays.osirusoft.com 127.0.0.3 5 0
OSFORM ip4r relays.osirusoft.com 127.0.0.8 6 0
OSLIST ip4r relays.osirusoft.com 127.0.0.7 5 0
OSPROXY ip4r relays.osirusoft.com 127.0.0.9 7 0
OSRELAY ip4r relays.osirusoft.com 127.0.0.2 5 0
OSSMART ip4r relays.osirusoft.com 127.0.0.5 5 0
OSSOFT ip4r relays.osirusoft.com 127.0.0.6 5 0
OSSRC ip4r relays.osirusoft.com 127.0.0.4 8 0
SPAMCOP ip4r bl.spamcop.net 127.0.0.2 10 0
MONKEYFORMMAIL ip4r formmail.relays.monkeys.com * 7 0
MONKEYPROXIES ip4r proxies.relays.monkeys.com * 7 0
ORDB ip4r relays.ordb.org * 5 0
OSDUL ip4r relays.osirusoft.com 127.0.0.3 5 0
OSFORM ip4r relays.osirusoft.com 127.0.0.8 6 0
OSLIST ip4r relays.osirusoft.com 127.0.0.7 5 0
OSPROXY ip4r relays.osirusoft.com 127.0.0.9 7 0
OSRELAY ip4r relays.osirusoft.com 127.0.0.2 5 0
OSSMART ip4r relays.osirusoft.com 127.0.0.5 5 0
OSSOFT ip4r relays.osirusoft.com 127.0.0.6 5 0
OSSRC ip4r relays.osirusoft.com 127.0.0.4 8 0
SPAMCOP ip4r bl.spamcop.net 127.0.0.2 10 0
DSN rhsbl dsn.rfc-ignorant.org 127.0.0.2 3 0
NOABUSE rhsbl abuse.rfc-ignorant.org 127.0.0.4 3 0
NOPOSTMASTER rhsbl postmaster.rfc-ignorant.org 127.0.0.3 3 0
NOABUSE rhsbl abuse.rfc-ignorant.org 127.0.0.4 3 0
NOPOSTMASTER rhsbl postmaster.rfc-ignorant.org 127.0.0.3 3 0
BADHEADERS badheaders x x 8 0
BASE64 base64 x x 4 0
HELOBOGUS helovalid x x 8 0
MAILFROM envfrom x x 12 0
#IPNOTINMX ipnotinmx x x 2 -4
PERCENT percent x x 10 0
REVDNS revdnsexists x x 4 0
ROUTING spamrouting x x 4 0
SPAMHEADERS spamheaders x x 3 0
BASE64 base64 x x 4 0
HELOBOGUS helovalid x x 8 0
MAILFROM envfrom x x 12 0
#IPNOTINMX ipnotinmx x x 2 -4
PERCENT percent x x 10 0
REVDNS revdnsexists x x 4 0
ROUTING spamrouting x x 4 0
SPAMHEADERS spamheaders x x 3 0
#SNIFFER external nonzero "C:\IMail\Declude\Sniffer\sniffer.exe
authentication" 7 0
WEIGHT10 weight x x 10 0
#CATCHALLMAILS catchallmails x x 0 0
DEFAULT FILE:
BADHEADERS WARN
MAILFROM WARN
PERCENT WARN
ROUTING WARN
SPAMCOP WARN
#
SPAMHEADERS WARN
HELOBOGUS WARN
ORDB WARN
DSBL WARN
BASE64 WARN
OSDUL WARN
OSFORM WARN
OSLIST WARN
OSRELAY WARN
OSSMART WARN
OSSOFT WARN
OSSRC WARN
DSN WARN
NOABUSE WARN
NOPOSTMASTER WARN
REVDNS WARN
IPNOTINMX WARN
DSBL WARN
MONKEYFORMMAIL WARN
MONKEYPROXIES WARN
OSPROXY WARN
WEIGHT10 ROUTETO [EMAIL PROTECTED]
MAILFROM WARN
PERCENT WARN
ROUTING WARN
SPAMCOP WARN
#
SPAMHEADERS WARN
HELOBOGUS WARN
ORDB WARN
DSBL WARN
BASE64 WARN
OSDUL WARN
OSFORM WARN
OSLIST WARN
OSRELAY WARN
OSSMART WARN
OSSOFT WARN
OSSRC WARN
DSN WARN
NOABUSE WARN
NOPOSTMASTER WARN
REVDNS WARN
IPNOTINMX WARN
DSBL WARN
MONKEYFORMMAIL WARN
MONKEYPROXIES WARN
OSPROXY WARN
WEIGHT10 ROUTETO [EMAIL PROTECTED]
LOG AROUND THE TIME:
2/21/2002 11:10:26 Q9270526301ac10f6 Msg failed
DSBL (http://dsbl.org/listing.php?211.184.87.125). Action="">12/21/2002 11:10:26 Q9270526301ac10f6 Msg
failed OSPROXY ((2002/12/15) Open Proxy: http(8080)). Action="">12/21/2002
11:10:26 Q9270526301ac10f6 Msg failed SPAMCOP (Blocked - see http://spamcop.net/bl.shtml?211.184.87.125). Action="">12/21/2002 11:10:26 Q9270526301ac10f6 Msg failed
NOABUSE (Not supporting abuse@domain).
Action="">12/21/2002 11:10:26 Q9270526301ac10f6 Msg failed NOPOSTMASTER
(Not supporting postmaster@domain).
Action="">12/21/2002 11:10:26 Q9270526301ac10f6 Msg failed BADHEADERS
(This E-mail was sent from a broken mail client [c020020d].).
Action="">12/21/2002 11:10:26 Q9270526301ac10f6 Msg failed REVDNS (This
E-mail was sent from a MUA/MTA 211.184.87.125 with no reverse DNS entry.).
Action="">12/21/2002 11:10:26 Q9270526301ac10f6 Msg failed SPAMHEADERS
(This E-mail has headers consistent with spam [c020020d].).
Action="">12/21/2002 11:10:26 Q9270526301ac10f6 Msg failed WEIGHT10
(Weight of 44 reaches or exceeds the limit of 10.).
Action="">12/21/2002 11:10:28 Q9266525e01acecf9 Msg failed DSBL
(http://dsbl.org/listing.php?213.16.148.195). Action="">12/21/2002 11:10:28 Q9266525e01acecf9 Msg failed
SPAMCOP (Blocked - see http://spamcop.net/bl.shtml?213.16.148.195). Action="">12/21/2002 11:10:28 Q9266525e01acecf9 Msg failed
NOABUSE (Not supporting abuse@domain).
Action="">12/21/2002 11:10:28 Q9266525e01acecf9 Msg failed NOPOSTMASTER
(Not supporting postmaster@domain).
Action="">12/21/2002 11:10:28 Q9266525e01acecf9 Msg failed BADHEADERS
(This E-mail was sent from a broken mail client [c020020d].).
Action="">12/21/2002 11:10:28 Q9266525e01acecf9 Msg failed SPAMHEADERS
(This E-mail has headers consistent with spam [c020020d].).
Action="">12/21/2002 11:10:28 Q9266525e01acecf9 Msg failed WEIGHT10
(Weight of 33 reaches or exceeds the limit of 10.).
Action="">12/21/2002 11:10:35 Q927a526f01ac37ba Msg failed BADHEADERS
(This E-mail was sent from a broken mail client [c004020e].).
Action="">12/21/2002 11:10:35 Q927a526f01ac37ba Msg failed HELOBOGUS
(Domain 10.10.10.11 has no MX or A records.). Action="">12/21/2002
11:10:35 Q927a526f01ac37ba Msg failed SPAMHEADERS (This E-mail has headers
consistent with spam [c004020e].). Action="">12/21/2002 11:10:35
Q927a526f01ac37ba Msg failed WEIGHT10 (Weight of 19 reaches or exceeds the limit
of 10.). Action="">12/21/2002 11:10:40 Q927f527701ac4dac Msg failed
BADHEADERS (This E-mail was sent from a broken mail client [c004020e].).
Action="">12/21/2002 11:10:40 Q927f527701ac4dac Msg failed HELOBOGUS
(Domain 10.10.10.9 has no MX or A records.). Action="">12/21/2002 11:10:40
Q927f527701ac4dac Msg failed SPAMHEADERS (This E-mail has headers consistent
with spam [c004020e].). Action="">12/21/2002 11:10:40 Q927f527701ac4dac
Msg failed WEIGHT10 (Weight of 19 reaches or exceeds the limit of 10.).
Action="">
I think it's this one, but why does
it say IGNORE for the actions when I have WARN
FYI: I do have two
subdirectories set up for domains that I have IGNORE set for
everything.
They are atcvoicedata.com and
ggoldberg.com. I would suspect them but this mail did not come in to them,
it was addressed to igdc.com. Let me know if you need anything
else. I can turn on full debugging if you want to try and capture
this.
12/21/2002 11:11:05 Q929683690294a8b4 Msg failed
SPAMCOP (Blocked - see http://spamcop.net/bl.shtml?203.238.211.219). Action="">12/21/2002 11:11:05 Q929683690294a8b4 Msg failed
NOABUSE (Not supporting abuse@domain).
Action="">12/21/2002 11:11:05 Q929683690294a8b4 Msg failed NOPOSTMASTER
(Not supporting postmaster@domain).
Action="">12/21/2002 11:11:05 Q929683690294a8b4 Msg failed BADHEADERS
(This E-mail was sent from a broken mail client [c020020d].).
Action="">12/21/2002 11:11:05 Q929683690294a8b4 Msg failed REVDNS (This
E-mail was sent from a MUA/MTA 203.238.211.219 with no reverse DNS entry.).
Action="">12/21/2002 11:11:05 Q929683690294a8b4 Msg failed SPAMHEADERS
(This E-mail has headers consistent with spam [c020020d].).
Action="">12/21/2002 11:11:05 Q929683690294a8b4 Msg failed WEIGHT10
(Weight of 31 reaches or exceeds the limit of 10.). Action="">12/21/2002
11:11:05 Q929683690294a8b4 R1 Message OK
12/21/2002 11:11:06 Q929683690294a8b4 Msg failed SPAMCOP (Blocked - see http://spamcop.net/bl.shtml?203.238.211.219). Action="">12/21/2002 11:11:06 Q929683690294a8b4 Msg failed NOABUSE (Not supporting abuse@domain). Action="">12/21/2002 11:11:06 Q929683690294a8b4 Msg failed NOPOSTMASTER (Not supporting postmaster@domain). Action="">12/21/2002 11:11:06 Q929683690294a8b4 Msg failed BADHEADERS (This E-mail was sent from a broken mail client [c020020d].). Action="">12/21/2002 11:11:06 Q929683690294a8b4 Msg failed REVDNS (This E-mail was sent from a MUA/MTA 203.238.211.219 with no reverse DNS entry.). Action="">12/21/2002 11:11:06 Q929683690294a8b4 Msg failed SPAMHEADERS (This E-mail has headers consistent with spam [c020020d].). Action="">12/21/2002 11:11:06 Q929683690294a8b4 Msg failed WEIGHT10 (Weight of 31 reaches or exceeds the limit of 10.). Action="">12/21/2002 11:11:06 Q929683690294a8b4 R2 Message OK
12/21/2002 11:11:06 Q929683690294a8b4 Msg failed SPAMCOP (Blocked - see http://spamcop.net/bl.shtml?203.238.211.219). Action="">12/21/2002 11:11:06 Q929683690294a8b4 Msg failed NOABUSE (Not supporting abuse@domain). Action="">12/21/2002 11:11:06 Q929683690294a8b4 Msg failed NOPOSTMASTER (Not supporting postmaster@domain). Action="">12/21/2002 11:11:06 Q929683690294a8b4 Msg failed BADHEADERS (This E-mail was sent from a broken mail client [c020020d].). Action="">12/21/2002 11:11:06 Q929683690294a8b4 Msg failed REVDNS (This E-mail was sent from a MUA/MTA 203.238.211.219 with no reverse DNS entry.). Action="">12/21/2002 11:11:06 Q929683690294a8b4 Msg failed SPAMHEADERS (This E-mail has headers consistent with spam [c020020d].). Action="">12/21/2002 11:11:06 Q929683690294a8b4 Msg failed WEIGHT10 (Weight of 31 reaches or exceeds the limit of 10.). Action="">12/21/2002 11:11:06 Q929683690294a8b4 R3 Message OK
12/21/2002 11:11:06 Q929683690294a8b4 Msg failed SPAMCOP (Blocked - see http://spamcop.net/bl.shtml?203.238.211.219). Action="">12/21/2002 11:11:06 Q929683690294a8b4 Msg failed NOABUSE (Not supporting abuse@domain). Action="">12/21/2002 11:11:06 Q929683690294a8b4 Msg failed NOPOSTMASTER (Not supporting postmaster@domain). Action="">12/21/2002 11:11:06 Q929683690294a8b4 Msg failed BADHEADERS (This E-mail was sent from a broken mail client [c020020d].). Action="">12/21/2002 11:11:06 Q929683690294a8b4 Msg failed REVDNS (This E-mail was sent from a MUA/MTA 203.238.211.219 with no reverse DNS entry.). Action="">12/21/2002 11:11:06 Q929683690294a8b4 Msg failed SPAMHEADERS (This E-mail has headers consistent with spam [c020020d].). Action="">12/21/2002 11:11:06 Q929683690294a8b4 Msg failed WEIGHT10 (Weight of 31 reaches or exceeds the limit of 10.). Action="">12/21/2002 11:11:25 Q9291527d01ac94ac Msg failed DSBL (http://dsbl.org/listing.php?62.31.215.14). Action="">12/21/2002 11:11:25 Q9291527d01ac94ac Msg failed OSPROXY ((2002/12/17) Open Proxy: socks v4(1080)). Action="">12/21/2002 11:11:25 Q9291527d01ac94ac Msg failed OSSRC ([1] OpenProxy, see http://spews.org/ask.cgi?S1255). Action="">12/21/2002 11:11:25 Q9291527d01ac94ac Msg failed SPAMCOP (Blocked - see http://spamcop.net/bl.shtml?62.31.215.14). Action="">12/21/2002 11:11:25 Q9291527d01ac94ac Msg failed DSN (Not supporting null originator (DSN)). Action="">12/21/2002 11:11:25 Q9291527d01ac94ac Msg failed BASE64 (A binary encoded text or HTML section was found in this E-mail.). Action="">12/21/2002 11:11:25 Q9291527d01ac94ac Msg failed HELOBOGUS (Domain yofcc has no MX or A records.). Action="">12/21/2002 11:11:25 Q9291527d01ac94ac Msg failed WEIGHT10 (Weight of 46 reaches or exceeds the limit of 10.). Action="">
12/21/2002 11:11:06 Q929683690294a8b4 Msg failed SPAMCOP (Blocked - see http://spamcop.net/bl.shtml?203.238.211.219). Action="">12/21/2002 11:11:06 Q929683690294a8b4 Msg failed NOABUSE (Not supporting abuse@domain). Action="">12/21/2002 11:11:06 Q929683690294a8b4 Msg failed NOPOSTMASTER (Not supporting postmaster@domain). Action="">12/21/2002 11:11:06 Q929683690294a8b4 Msg failed BADHEADERS (This E-mail was sent from a broken mail client [c020020d].). Action="">12/21/2002 11:11:06 Q929683690294a8b4 Msg failed REVDNS (This E-mail was sent from a MUA/MTA 203.238.211.219 with no reverse DNS entry.). Action="">12/21/2002 11:11:06 Q929683690294a8b4 Msg failed SPAMHEADERS (This E-mail has headers consistent with spam [c020020d].). Action="">12/21/2002 11:11:06 Q929683690294a8b4 Msg failed WEIGHT10 (Weight of 31 reaches or exceeds the limit of 10.). Action="">12/21/2002 11:11:06 Q929683690294a8b4 R2 Message OK
12/21/2002 11:11:06 Q929683690294a8b4 Msg failed SPAMCOP (Blocked - see http://spamcop.net/bl.shtml?203.238.211.219). Action="">12/21/2002 11:11:06 Q929683690294a8b4 Msg failed NOABUSE (Not supporting abuse@domain). Action="">12/21/2002 11:11:06 Q929683690294a8b4 Msg failed NOPOSTMASTER (Not supporting postmaster@domain). Action="">12/21/2002 11:11:06 Q929683690294a8b4 Msg failed BADHEADERS (This E-mail was sent from a broken mail client [c020020d].). Action="">12/21/2002 11:11:06 Q929683690294a8b4 Msg failed REVDNS (This E-mail was sent from a MUA/MTA 203.238.211.219 with no reverse DNS entry.). Action="">12/21/2002 11:11:06 Q929683690294a8b4 Msg failed SPAMHEADERS (This E-mail has headers consistent with spam [c020020d].). Action="">12/21/2002 11:11:06 Q929683690294a8b4 Msg failed WEIGHT10 (Weight of 31 reaches or exceeds the limit of 10.). Action="">12/21/2002 11:11:06 Q929683690294a8b4 R3 Message OK
12/21/2002 11:11:06 Q929683690294a8b4 Msg failed SPAMCOP (Blocked - see http://spamcop.net/bl.shtml?203.238.211.219). Action="">12/21/2002 11:11:06 Q929683690294a8b4 Msg failed NOABUSE (Not supporting abuse@domain). Action="">12/21/2002 11:11:06 Q929683690294a8b4 Msg failed NOPOSTMASTER (Not supporting postmaster@domain). Action="">12/21/2002 11:11:06 Q929683690294a8b4 Msg failed BADHEADERS (This E-mail was sent from a broken mail client [c020020d].). Action="">12/21/2002 11:11:06 Q929683690294a8b4 Msg failed REVDNS (This E-mail was sent from a MUA/MTA 203.238.211.219 with no reverse DNS entry.). Action="">12/21/2002 11:11:06 Q929683690294a8b4 Msg failed SPAMHEADERS (This E-mail has headers consistent with spam [c020020d].). Action="">12/21/2002 11:11:06 Q929683690294a8b4 Msg failed WEIGHT10 (Weight of 31 reaches or exceeds the limit of 10.). Action="">12/21/2002 11:11:25 Q9291527d01ac94ac Msg failed DSBL (http://dsbl.org/listing.php?62.31.215.14). Action="">12/21/2002 11:11:25 Q9291527d01ac94ac Msg failed OSPROXY ((2002/12/17) Open Proxy: socks v4(1080)). Action="">12/21/2002 11:11:25 Q9291527d01ac94ac Msg failed OSSRC ([1] OpenProxy, see http://spews.org/ask.cgi?S1255). Action="">12/21/2002 11:11:25 Q9291527d01ac94ac Msg failed SPAMCOP (Blocked - see http://spamcop.net/bl.shtml?62.31.215.14). Action="">12/21/2002 11:11:25 Q9291527d01ac94ac Msg failed DSN (Not supporting null originator (DSN)). Action="">12/21/2002 11:11:25 Q9291527d01ac94ac Msg failed BASE64 (A binary encoded text or HTML section was found in this E-mail.). Action="">12/21/2002 11:11:25 Q9291527d01ac94ac Msg failed HELOBOGUS (Domain yofcc has no MX or A records.). Action="">12/21/2002 11:11:25 Q9291527d01ac94ac Msg failed WEIGHT10 (Weight of 46 reaches or exceeds the limit of 10.). Action="">
MAIL HEADER:
Received: from mx1.mail.yahoo.com [203.238.211.219]
by reliant.igdc.com
(SMTPD32-7.13) id A29683690294; Sat, 21 Dec 2002 11:11:02 -0500
From: headless <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Subject: Think you know your faces
MIME-Version: 1.0
Content-Type: text/html; charset="US-ASCII"
Content-transfer-encoding: 7bit
Message-Id: <[EMAIL PROTECTED]>
X-RBL-Warning: SPAMCOP: Blocked - see http://spamcop.net/bl.shtml?203.238.211.219
X-RBL-Warning: NOABUSE: Not supporting abuse@domain
X-RBL-Warning: NOPOSTMASTER: Not supporting postmaster@domain
X-RBL-Warning: BADHEADERS: This E-mail was sent from a broken mail client [c020020d].
X-RBL-Warning: REVDNS: This E-mail was sent from a MUA/MTA 203.238.211.219 with no reverse DNS entry.
X-RBL-Warning: SPAMHEADERS: This E-mail has headers consistent with spam [c020020d].
X-Declude-Sender: [EMAIL PROTECTED] [203.238.211.219]
X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam.
X-Spam-Tests-Failed: SPAMCOP, NOABUSE, NOPOSTMASTER, BADHEADERS, REVDNS, SPAMHEADERS, WEIGHT10 [31]
Date: Sat, 21 Dec 2002 11:11:06 -0500
X-RCPT-TO: <[EMAIL PROTECTED]>
Status: U
X-UIDL: 293801226
(SMTPD32-7.13) id A29683690294; Sat, 21 Dec 2002 11:11:02 -0500
From: headless <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Subject: Think you know your faces
MIME-Version: 1.0
Content-Type: text/html; charset="US-ASCII"
Content-transfer-encoding: 7bit
Message-Id: <[EMAIL PROTECTED]>
X-RBL-Warning: SPAMCOP: Blocked - see http://spamcop.net/bl.shtml?203.238.211.219
X-RBL-Warning: NOABUSE: Not supporting abuse@domain
X-RBL-Warning: NOPOSTMASTER: Not supporting postmaster@domain
X-RBL-Warning: BADHEADERS: This E-mail was sent from a broken mail client [c020020d].
X-RBL-Warning: REVDNS: This E-mail was sent from a MUA/MTA 203.238.211.219 with no reverse DNS entry.
X-RBL-Warning: SPAMHEADERS: This E-mail has headers consistent with spam [c020020d].
X-Declude-Sender: [EMAIL PROTECTED] [203.238.211.219]
X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam.
X-Spam-Tests-Failed: SPAMCOP, NOABUSE, NOPOSTMASTER, BADHEADERS, REVDNS, SPAMHEADERS, WEIGHT10 [31]
Date: Sat, 21 Dec 2002 11:11:06 -0500
X-RCPT-TO: <[EMAIL PROTECTED]>
Status: U
X-UIDL: 293801226
----- Original Message -----
From: "R. Scott Perry" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Saturday, December 21, 2002 2:18
PM
Subject: Re: [Declude.JunkMail] How did this one
get through
> > The WEIGHT10 is set to
> >WEIGHT10 ROUTETO [EMAIL PROTECTED]
> >And it works for 99.9999% of the email. A few get through like this one.
>
> That is quite unusual. With the "WEIGHT10 ROUTETO [EMAIL PROTECTED]", any
> E-mail failing the WEIGHT10 test should be re-routed to [EMAIL PROTECTED],
> unless [1] the HOLD, BOUNCE, or DELETE actions are used as well, which
> would take priority, [2] the E-mail was outgoing E-mail (not addressed to a
> user local to the IMail server, or [3] There was a problem re-routing the
> E-mail (if the recipient file could not be opened, for example). Are there
> any error messages in the Declude JunkMail log file around this time?
>
> >Is this related to the problem you found with my registry not having the
> >alias for igdc.com in the reliant.igdc.com host record?
>
> It shouldn't be -- the interim release should take care of that issue
> completely.
> -Scott
>
> ---
> [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
>
> ---
> This E-mail came from the Declude.JunkMail mailing list. To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.JunkMail". The archives can be found
> at http://www.mail-archive.com.
>
>
