Re: [Declude.JunkMail] Spam not being caught

[Karl Hentschel]

Here are a headers from a few of the messages, with our email address removed, that we have been receiving. We have been receiving tons of these from different domains, IP's.. I have been using IMail filters to catch some of them because Declude hasn't been doing a very good job.   This one didn't fail any Declude tests.   from <[EMAIL PROTECTED]> Wed Nov 08 12:53:17 2006 Received: from host33-74.birch.net [216.212.33.74] by mail.pcfcu.org with ESMTP   (SMTPD32-8.15) id A3A7FB00E8; Wed, 08 Nov 2006 12:52:55 -0800 Return-Path: <[EMAIL PROTECTED]> Received: from 208.65.145.2 (HELO buckeyenissan.com.inbound15.mxlogicmx.net)      by pcfcu.org with esmtp (D70MB482Y 8LJH6)      id IFLT4O-RHJVV5-3H      for xxx@ourdomain.com; Wed, 8 Nov 2006 20:52:49 +0360 From: "Mamie Cabrera" <[EMAIL PROTECTED]> To: <xxx@ourdomain.com> Subject: X-IMail-SPAM-Phrase  Mamie wrote: Date: Wed, 8 Nov 2006 20:52:49 +0360 Message-ID: <[EMAIL PROTECTED]> MIME-Version: 1.0 Content-Type: text/plain;  charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Office Outlook, Build 11.0.6353 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1506 Thread-Index: Aca6Q3OW2X20X4MXS950OD9TUPU55Z== X-Declude-Sender: [EMAIL PROTECTED] [216.212.33.74] X-Declude-Spoolname: D43a700fb00e8c9be.smd X-Declude-Note: Scanned by Declude 3.1.1 for spam. "http://www.declude.com/x-note.htm" X-Declude-Scan: Incoming Score [0] at 12:53:16 on 08 Nov 2006 X-Declude-Fail: None X-Country-Chain: UNITED STATES->destination X-IMAIL-SPAM-PHRASE: (43a700fb00e8c9be, whats the first rule of investing) X-RCPT-TO: xxx@ourdomain.com Status: U X-IMail-Rule: H~x-imail-spam:xxx@ourdomain.comData- X-IMAIL-SPAM-PHRASE  MAMIE WRO X-UIDL: 463003429     This failed a few.   from <[EMAIL PROTECTED]> Thu Nov 09 12:03:16 2006 Received: from APuteaux-152-1-90-68.w86-205.abo.wanadoo.fr [86.205.87.68] by mail.pcfcu.org with ESMTP   (SMTPD32-8.15) id A96664D00D0; Thu, 09 Nov 2006 12:02:46 -0800 Return-Path: <[EMAIL PROTECTED]> Received: from 207.236.26.82 (HELO mail.cableteksystems.com)      by pcfcu.org with esmtp (DEIL1D7SO3 S7E59)      id V714O9-TFHDJZ-CD      for xxx@ourdomain.com; Thu, 9 Nov 2006 20:02:42 -0060 From: "Bud Mora" <[EMAIL PROTECTED]> To: <xxx@ourdomain.com> Subject: X-IMail-SPAM-Phrase  It's Bud :) Date: Thu, 9 Nov 2006 20:02:42 -0060 Message-ID: <[EMAIL PROTECTED]> MIME-Version: 1.0 Content-Type: text/plain;  charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Office Outlook, Build 11.0.6353 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Thread-Index: Aca6QIH9S2BNQ98OSCRZRQUO3YHU09== X-RBL-Warning: FIVETEN-SRC: 68.87.205.86.blackholes.five-ten-sg.com. X-RBL-Warning: DYNHELO: Dynamic HELO found. X-Declude-Sender: [EMAIL PROTECTED] [86.205.87.68] X-Declude-Spoolname: D8965064d00d0eb56.smd X-Declude-Note: Scanned by Declude 3.1.1 for spam. "http://www.declude.com/x-note.htm" X-Declude-Scan: Incoming Score [9] at 12:03:15 on 09 Nov 2006 X-Declude-Fail: FIVETEN-SRC [4], DYNHELO [5] X-Country-Chain: CANADA->FRANCE->destination X-IMAIL-SPAM-PHRASE: (8965064d00d0eb56, our hottest pick) X-RCPT-TO: <xxx@ourdomain.com> Status: U X-IMail-Rule: H~x-imail-spam:xxx@ourdomain.com Data- X-IMAIL-SPAM-PHRASE  IT'S BUD X-UIDL: 463095290     From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nick Hayer Sent: Thursday, November 09, 2006 11:31 AM To: declude.junkmail@declude.com Subject: X-IMail-SPAM-Phrase Re: [Declude.JunkMail] Spam not being caught Hi Karl, Post a sample with full headers so we can see what the scofflaw is sending you -Nick Karl Hentschel wrote: Thanks for the tip, but unfortunately I am not using the Pro version of Declude so I cannot create my own filters. Are others being slammed with stock spam recently? Declude is blocking several hundred of them a day, but many are still slipping through without failing any or very few tests. Is it possible to block with the country chain? I noticed that they are coming from out of the country. How is everyone dealing with these? -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Scott Fisher Sent: Monday, November 06, 2006 11:27 AM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] Spam not being caught This filter will work for targeting CMDSPACE with a gif attachment. You might want to SKIPIFWEIGHT 315 STOPATFIRSTHIT BODY END NOTCONTAINS Content-Type: image/gif TESTSFAILED END NOTCONTAINS CMDSPACE BODY 100 CONTAINS img src="" BODY 100 CONTAINS src="" class=moz-txt-link-rfc2396E href="">"cid: BODY 100 CONTAINS src=""cid:BODY100CONTAINSsrc=3D">"cid: BODY 100 CONTAINS src="">= cid: ----- Original Message ----- From: "Karl Hentschel" <[EMAIL PROTECTED]> To: <Declude.JunkMail@declude.com> Sent: Monday, November 06, 2006 12:58 PM Subject: [Declude.JunkMail] Spam not being caught We have been getting quite a bit of SPAM, usually about stocks that is not being caught by Declude. I have the newest version of Declude, updated filter files from Imail, invURIBL, trial version of Sniffer. These emails are typically only failing cmdspace and helobogus, not enough to get blocked. Has anyone had any success blocking these recent floods of emails? --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.