As you can see it does not have any declude info and no Imail spam info either.
Received: from 64.95.220.80 [217.96.6.120] by deepspace.i360.net (SMTPD32-8.14) id AB6D3008E; Thu, 16 Dec 2004 00:30:05 -0600 Received: from beforehand.purpossz.com ([59.208.20.202]) by esophagi.purpossz.com (Sun Java System Messaging Server 6.1 HotFix 0.07 (built Aug 27 2004)) with ESMTP id <[EMAIL PROTECTED]> for [EMAIL PROTECTED]; Thu, 16 Dec 2004 02:22:15 -0400 (IST) Received: from bobble.disppopp.com ([32.192.160.12]) by beforehand.purpossz.com (Sun Java System Messaging Server 6.1 HotFix 0.06 (built Aug 27 2004)) with ESMTP id <[EMAIL PROTECTED]> for [EMAIL PROTECTED] (ORCPT [EMAIL PROTECTED]); Thu, 16 Dec 2004 03:24:15 -0300 (IST) Received: from sycophant.disppopp.com ([130.50.0.160]) by bobble.disppopp.com with Microsoft SMTPSVC(6.0.2951.707); Thu, 16 Dec 2004 02:25:15 -0400 Date: Thu, 16 Dec 2004 09:29:15 +0300 From: "Josefa Yu" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Subject: ,,,,,Best Online Pharmacy,,,, Sender: "Josefa Yu" <[EMAIL PROTECTED]> Message-Id: <[EMAIL PROTECTED]> MIME-Version: 1.0 Content-type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7Bit X-RCPT-TO: <[EMAIL PROTECTED]> Status: U X-UIDL: 397200687
This one came in a few hours later and you see the Declude headers:
Received: from 3D1 [12.96.0.66] by 3dnetsolutions.com with ESMTP
(SMTPD32-8.14) id A46A3EE0122; Thu, 16 Dec 2004 06:49:46 -0600
From: "David Brauner" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Subject: Stone Store
Date: Thu, 16 Dec 2004 06:45:45 -0600
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0006_01C4E33A.E063C620"
X-Mailer: Microsoft Office Outlook, Build 11.0.6353
Thread-Index: AcTjbSjjgbGMUjKmTO+xUhD2Mk6M8g==
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
Message-Id: <[EMAIL PROTECTED]>
X-Declude-Sender: [EMAIL PROTECTED] [12.96.0.66]
X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam.
X-Spam-Tests-Failed: Whitelisted [0]
X-Country-Chain: UNITED STATES->destination
X-Note: This E-mail was sent from fw01.aumgt.com ([12.96.0.66]).
X-RCPT-TO: <[EMAIL PROTECTED]>
Status: U
X-UIDL: 397200690
Heimir Eidskrem wrote:
Imail's anti spam is turned off.
Atleast I think it is.
I have nothing in the DNS list and do not have the antispam option under the domains.
Here is another header and it does not show the Imail spam header: Note that is only show weight75 but with a score of 540
Received: from FIREWALL [200.228.80.2] by deepspace.i360.net
(SMTPD32-8.14) id AD04801DC; Thu, 16 Dec 2004 00:36:52 -0600
Received: from dns0.keromail.com ([132.146.16.88]) by 1swk-wkl15.200.228.80.2 with Microsoft SMTPSVC(5.0.3243.5389);
Thu, 16 Dec 2004 05:30:07 -0100
Reply-To: "Your wife sleeps around man" <[EMAIL PROTECTED]>
From: "Your wife sleeps around man" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: MILF looking for fun
Date: Thu, 16 Dec 2004 02:27:07 -0400
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="--9567293821psrq3033"
Message-Id: <[EMAIL PROTECTED]>
X-RBL-Warning: DSBL: "http://dsbl.org/listing?200.228.80.2";
X-RBL-Warning: SPAMCOP: "Blocked - see http://www.spamcop.net/bl.shtml?200.228.80.2";
X-RBL-Warning: NJABLPROXIES: "open proxy -- 1096166403"
X-RBL-Warning: FIVETENSRC: "miscellaneous address blocks that have sent spam here"
X-RBL-Warning: CBL: "Blocked - see http://cbl.abuseat.org/lookup.cgi?ip=200.228.80.2";
X-RBL-Warning: BHOLE-BRAZIL: "Brazil blocked by brazil.blackholes.us"
X-RBL-Warning: NOLEGITCONTENT: No content unique to legitimate E-mail detected.
X-RBL-Warning: HELOBOGUS: Domain FIREWALL has no MX or A records [0301].
X-RBL-Warning: IPNOTINMX:
X-RBL-Warning: REVDNS: This E-mail was sent from a MUA/MTA 200.228.80.2 with no reverse DNS entry.
X-RBL-Warning: ROUTING: This E-mail was routed in a poor manner consistent with spam [6000030f].
X-RBL-Warning: SPAMHEADERS: This E-mail has headers consistent with spam [6000030f].
X-RBL-Warning: CMDSPACE: Space found in RCPT TO: command.
X-RBL-Warning: COUNTRYFILTER: Message failed COUNTRYFILTER test (line 29, weight 20)
X-RBL-Warning: SNIFFER: Message failed SNIFFER: 54.
X-RBL-Warning: WEIGHT75: Weight of 540 reaches or exceeds the limit of 75.
X-Declude-Sender: [EMAIL PROTECTED] [200.228.80.2]
X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam.
X-Spam-Tests-Failed: DSBL, SPAMCOP, NJABLPROXIES, FIVETENSRC, CBL, BHOLE-BRAZIL, NOLEGITCONTENT, HELOBOGUS, IPNOTINMX, REVDNS, ROUTING, SPAMHEADERS, CMDSPACE, COUNTRYFILTER, SNIFFER, WEIGHT75, WEIGHT100, WEIGHT350, CATCHALLMAILS [540]
X-Country-Chain: 'EU' [corrupt RIPE data]->BRAZIL->destination
X-Note: This E-mail was sent from [No Reverse DNS] ([200.228.80.2]).
Matt wrote:
From the attached issue #2 headers I saw the following that suggests the issue:
X-IMAIL-SPAM-STATISTICS: (fe1a000200328ac4, 0.9892)
You need to make sure that IMail's spam stuff is turned off. It seems like IMail might be screwing this up for Declude. I am guessing that this isn't intended and could be the cause of at least issue #2.
Matt
Heimir Eidskrem wrote:
Matt,
Don't think so since im still seeing this.
Also, I notice that the my weight350 test is not triggered.
I only see the weight75 test with 846 points for example and not the other ones.
So far I have not found any messages with declude headers in my weight350 directory.
H
Matt wrote:
Stopping and starting IMail's SMTP and Queue Manager services will cause IMail to pass messages for a couple seconds without sending them to external programs (Declude). This will happen mostly when you perform a restart on your Windows server. To prevent this, you must stop the IMail SMTP service before the restart. This will also occur when you stop and restart both the SMTP and Queue Manager services in a certain order and/or rapid succession (I never nailed that one down).
Could this be your issue, or is this a continual issue?
Matt
Heimir Eidskrem wrote:
Hello there,
I did an upgrade to 8.14 tonight and im seeing a few things thats are different.
Tech info:
Imail 8.14
Declude 1.81 (Junkmail/virus Pro)
Server 2.6Ghz Xeon/1GB Ram
I am capturing spam so I know Declude is working.
Issue 1.
I hold on weigth100 and on weight350 I do a copyfile d:\imail\spool\spam\weight350.
I see several emails in the normal hold directory with a weight higher then 350 that should have been saved in the weight350 directory
Also the emails in the weight350 directory does not have ANY declude headers?
Weigth350 header:
eceived: from 64.95.220.80 [211.221.13.162] by deepspace.i360.net
(SMTPD32-8.14) id A02C2900C6; Wed, 15 Dec 2004 21:25:32 -0600
Received: from dotcool.com ([142.67.185.186])
by infinite.audioseek.com
(InterMail vK.4.04.00.00 583-722-824 license 9jh638vy1934o4xw8h8ozi6348a0igq4)
with ESMTP id <[EMAIL PROTECTED]>
for <[EMAIL PROTECTED]>; Fri, 05 Dec 2003 15:08:11 +0200
Date: Fri, 05 Dec 2003 15:09:11 +0200
From: "Jodi Luna" <[EMAIL PROTECTED]>
Subject: our discussion on december 21th
To: <[EMAIL PROTECTED]>
References: <[EMAIL PROTECTED]>
In-Reply-To: <[EMAIL PROTECTED]>
Message-ID: <[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7Bit
Weight100 Header
Received: from outmail-01.supplyleadb.com [209.216.105.34] by deepspace.i360.net
(SMTPD32-8.14) id A0519B0146; Wed, 15 Dec 2004 22:34:25 -0600
From: Family Pictures <[EMAIL PROTECTED]>
Subject: Something the whole family can enjoy...a free Panasonic Camcorder
To: [EMAIL PROTECTED]
MIME-Version: 1.0
Date: Wed, 15 Dec 2004 23:33:36 EST
Message-ID: <q7AA1,[EMAIL PROTECTED]>
X-Mailer: 3.2.2-23 [Dec 14 2004, 19:36:15]
Content-Type: text/html; charset=us-ascii; class-id=1:311TXBIMpInmBEs1BI131sYMp1:1787079
Content-Transfer-Encoding: 7bit
X-Spam-Status: Possible SPAM, hits=8.000000 required=5.000000
tests=BAYES_80:2.200000
tests=HTTP_WITH_EMAIL_IN_URL:1.600000
tests=NAI_BAD_URI:4.200000
X-RBL-Warning: SPAMCOP: "Blocked - see http://www.spamcop.net/bl.shtml?209.216.105.34";
X-RBL-Warning: SBL: "http://www.spamhaus.org/SBL/sbl.lasso?query=SBL18575";
X-RBL-Warning: AHBL: "1100493921 bruns - Spam Source - 209.216.105.0/24 - demandconnection.com, SubscriberBASE, animateddeliverye.com"
X-RBL-Warning: FIVETEN-SPAMSUPPORT: "added 2003-05-30; spam support - hosting admanmail, emailbucks"
X-RBL-Warning: MAILPOLICE-BULK: This E-mail came from stderr.supplyleadb.com, a potential spam source listed in MAILPOLICE-BULK.
X-RBL-Warning: SUBJECTSPACES7: Subject with at least 7 spaces found.
X-RBL-Warning: NOLEGITCONTENT: No content unique to legitimate E-mail detected.
X-RBL-Warning: BADHEADERS: This E-mail was sent from a broken mail client [8008000e].
X-RBL-Warning: IPNOTINMX:
X-RBL-Warning: EFFILTER: Message failed EFFILTER test (line 1, weight 0)
X-RBL-Warning: EFFILTER5-9: Message failed EFFILTER5-9 test (line 4, weight 40)
X-RBL-Warning: GIBBERISH: Message failed GIBBERISH test (line 400, weight 60) (weight capped at 60)
X-RBL-Warning: SNIFFER: Message failed SNIFFER: 57.
X-RBL-Warning: WEIGHT75: Weight of 438 reaches or exceeds the limit of 75.
X-Declude-Sender: [EMAIL PROTECTED] [209.216.105.34]
X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam.
X-Spam-Tests-Failed: SPAMCOP, SBL, AHBL, FIVETEN-SPAMSUPPORT, MAILPOLICE-BULK, SUBJECTSPACES7, NOLEGITCONTENT, BADHEADERS, IPNOTINMX, EFFILTER, EFFILTER5-9, GIBBERISH, SNIFFER, WEIGHT75, WEIGHT100, WEIGHT350, CATCHALLMAILS [438]
X-Country-Chain: UNITED STATES->destination
X-Note: This E-mail was sent from outmail-01.supplyleadb.com ([209.216.105.34]).
Issue 2. I did recive an email in my inbox with no Declude headers. Any idea why?
Received: from host44.200-45-196.telecom.net.ar [200.45.196.44] by deepspace.i360.net
(SMTPD32-8.14) id AE1E20032; Wed, 15 Dec 2004 21:16:46 -0600
Received: from .striker.ottawa.on.ca ([101.154.58.194] helo=mail.nitros5.org)
by .striker.ottawa.on.ca with esmtp ( 3.35 #1 ())
id 450nlc-0078MM-00
for <[EMAIL PROTECTED]>; Thu, 16 Dec 2004 17:07:25 -0200
Message-Id: <[EMAIL PROTECTED]>
X-Sender: [EMAIL PROTECTED] Date: Thu, 16 Dec 2004 21:13:25 +0200
From: "Deena Sumner" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: You Need This Heimir
X-IMAIL-SPAM-STATISTICS: (fe1a000200328ac4, 0.9892)
X-RCPT-TO: <[EMAIL PROTECTED]>
Status: R
X-UIDL: 397200679
I did search the declude log file for [EMAIL PROTECTED] but could not find anything..
Thanks, Heimir
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
