[Declude.JunkMail] Helobogus error..
Hi All, I was wondering if someone can has experienced a error in helobogus. For some weird reason, I consistantly get a error with helobogus like hotmail.com with the msg failed. For some reason cs.com does not resolve either. 11/19/2002 00:05:07 Q0cd19bfb002cf91d HELOBOGUS:8 REVDNS:4 . Total weight = 12 11/19/2002 00:05:07 Q0cd19bfb002cf91d Msg failed HELOBOGUS (Domain [EMAIL PROTECTED] by has no MX/A records.). 11/19/2002 00:05:07 Q0cd19bfb002cf91d Msg failed REVDNS (This E-mail was sent from a MUA/MTA with no reverse DNS entry.). 11/19/2002 00:05:07 Q0cd19bfb002cf91d Msg failed WEIGHT10 (Weight of 12 reaches or exceeds the limit of 10.). 11/19/2002 00:05:07 Q0cd19bfb002cf91d Msg failed WEIGHT12 (Weight of 12 reaches or exceeds the limit of 12.). 11/19/2002 00:05:07 Q0cd19bfb002cf91d Subject: [FWD: Fwd: FW: Fun Stuff] 11/19/2002 00:05:07 Q0cd19bfb002cf91d From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Thanks in advance, eddie :) --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] HELO issues
Hi everybody, My UNIX systems (two different machines using two different MTAs: sendmail and postfix) send a HELO using localhost. From what I can tell, this is common practice because administrators want to hide security details from other mail servers. However, JunkMail marks this as a problem. I am trying to relay auto-generated email from a PostNuke environment to a server that is using JunkMail. It never works, and the main problem seems to be the way that the PostNuke machine's MTA (postfix, in this case) is doing a HELO localhost. Lots of UNIX MTAs do this by default. I have seen some discussions that say that no decisions should be made on the content of a HELO object, and others that take for granted that decisions are indeed being made. What are the prevailing attitudes towards this? Can this check be disabled in JunkMail? Or is it better to change what my server says as a HELO? If so, does anybody know how to change that in sendmail or postfix? Because I can't find it in any documentation Thanks in advance! Alaina Hardie Toronto, ON --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Some messages not being held / warned
Hi I have just setup our system and although it catches some messages others get through even though the headers indicate that Declude has scanned them. The headers from the mail below indicate that the mail has failed a lot of the tests including WEIGHT10 (which should append a warning to the subject line) and WEIGHT20 which should HOLD the mail. Anybody know why some mails get through while others that fail the same tests don't? Thanks Diarmaid Received: from mrhw [200.204.195.163] by rhubarb.fusio.net (SMTPD32-7.07) id A46C3480120; Tue, 19 Nov 2002 11:45:48 + From: Felicitas Acklin [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Money for jmy Date: Tue, 19 Nov 2002 03:44:58 -0800 Mime-Version: 1.0 Content-Type: text/html Content-Transfer-Encoding: base64 Message-Id: [EMAIL PROTECTED] X-Declude-Sender: [EMAIL PROTECTED] [200.204.195.163] X-Note: This E-mail was scanned by Fusio for spam. X-Spam-Tests-Failed: DSBL, OSPROXY, SPAMCOP, BASE64, HELOBOGUS, REVDNS, WEIGHT10, WEIGHT20 X-RCPT-TO: [EMAIL PROTECTED] Status: U X-UIDL: 316231510 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Wordfilter bypassed
The sneaky buggers are at it again. I've been getting more and more emails that don't fail any tests at all, but should be caught as spam due to multiple wordfilter hits. I had a look at the message (HTML) source, and found this: Hum!--nnbvmx--an Gr!--d--owth Hor!--fjkg--mone Th!--sdkf--erapy Scott, is it possible that the wordfilter, when looking at HTML source messages, can be made to disregard HTML comments, as above? ___ Scott MacLean [EMAIL PROTECTED] ICQ: 9184011 http://www.nerosoft.com
RE: [Declude.JunkMail] Wordfilter bypassed
Title: Message We have seen quite a lot. It is happening more and more. If HTML comments could be ignored it would be a great addition. I wonder what would be the downfall of the idea? I also think another filter that can be considered is the routing type filter. I don't know if bad routing can see this.. but we are noticing a lot of emails going in circle.. for example: US Japan Hungry Destination (US in this case). I guess one way to combat this is if the Country filter is additive. For example the weight of each country detected is added to the total weight. Does the filter do this? Regards, Kami -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Scott MacLeanSent: Tuesday, November 19, 2002 7:52 AMTo: [EMAIL PROTECTED]Subject: [Declude.JunkMail] Wordfilter bypassedThe sneaky buggers are at it again. I've been getting more and more emails that don't fail any tests at all, but should be caught as spam due to multiple wordfilter hits. I had a look at the message (HTML) source, and found this:Hum!--nnbvmx--an Gr!--d--owth Hor!--fjkg--mone Th!--sdkf--erapyScott, is it possible that the wordfilter, when looking at HTML source messages, can be made to disregard HTML comments, as above?___Scott MacLean[EMAIL PROTECTED]ICQ: 9184011http://www.nerosoft.com
Re: [Declude.JunkMail] Helobogus error..
I was wondering if someone can has experienced a error in helobogus. For some weird reason, I consistantly get a error with helobogus like hotmail.com with the msg failed. For some reason cs.com does not resolve either. 11/19/2002 00:05:07 Q0cd19bfb002cf91d Msg failed HELOBOGUS (Domain [EMAIL PROTECTED] by has no MX/A records.). That isn't cs.com -- that is [EMAIL PROTECTED]. [EMAIL PROTECTED] isn't a hostname, so the HELOBOGUS test fails. Do you have the Received: headers for some of these E-mails, to make sure that Declude JunkMail is detecting the correct hostname? -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] HELO issues
My UNIX systems (two different machines using two different MTAs: sendmail and postfix) send a HELO using localhost. From what I can tell, this is common practice because administrators want to hide security details from other mail servers. However, JunkMail marks this as a problem. If it is a common practice, it's probably because the mailserver administrators never changed the default setting. :) If you need to hide the name of your mailserver when sending mail, you should only be sending mail to protected networks. When you send the E-mail, the remote mailserver will know your domain (unless you are sending bounce messages), and from that, they can look up the name of your mailserver. In any case, it is a violation of the RFCs, and Declude JunkMail processed it properly. Whether or not you wish to use the test (or feel it is appropriate for spam control) is a different story. I am trying to relay auto-generated email from a PostNuke environment to a server that is using JunkMail. It never works, and the main problem seems to be the way that the PostNuke machine's MTA (postfix, in this case) is doing a HELO localhost. Lots of UNIX MTAs do this by default. There we go -- by default. Lots of MTAs are open relays by default, too. And there are probably some mail clients that have something like [EMAIL PROTECTED] as the default return address -- but that doesn't mean you can use that address. :) Note that the only way that your mail will not go through is if the server running Declude JunkMail uses the HELOBOGUS test, and blocks mail based on it. We certainly do not recommend that configuration. While the test does a pretty good job at detecting servers that were poorly designed (and therefore likely targets of spammers), it will generate a fair number of false positives (although localhost is one I hadn't seen before). I have seen some discussions that say that no decisions should be made on the content of a HELO object, and others that take for granted that decisions are indeed being made. What are the prevailing attitudes towards this? I believe the RFCs say that you can check the validity of the HELO data, but that you can't block mail based on it. Those are the same RFCs that say that you have to have a valid hostname there, so it's easy to say If they break the rules, I can too, which is where the opposite opinion comes from. In our case, we recommend using the HELO data as one of several pieces of information in determining whether or not an E-mail should be blocked, but not blocking solely on that factor. Can this check be disabled in JunkMail? Yes, very easily. However, note that the default is to add a standard X-RBL-Warning: header, so whoever is blocking your mail has either chosen for some reason (perhaps not knowing the ramifications) to block mail based on the HELO data, or your mail is also failing other tests. Or is it better to change what my server says as a HELO? If so, does anybody know how to change that in sendmail or postfix? Because I can't find it in any documentation That is definitely the best thing to do. And, that also answers why it seems like it is what everyone else does -- because it isn't easy to fix. :) Unfortunately, I don't know how to fix it. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Wordfilter bypassed
The sneaky buggers are at it again. I've been getting more and more emails that don't fail any tests at all, but should be caught as spam due to multiple wordfilter hits. I had a look at the message (HTML) source, and found this: Hum!--nnbvmx--an Gr!--d--owth Hor!--fjkg--mone Th!--sdkf--erapy Scott, is it possible that the wordfilter, when looking at HTML source messages, can be made to disregard HTML comments, as above? That likely isn't something that we will be doing, as it will add a lot of extra CPU time (or require writing our own specially designed string matching functions). However, we are thinking of adding a test that will get triggered if a certain number of comments are found in an E-mail. Although this would catch the occasionally bandwidth-wasting legitimate bulk mailers (that have real comments), it would also be very useful in detecting spam. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Wordfilter bypassed
I guess one way to combat this is if the Country filter is additive. For example the weight of each country detected is added to the total weight. Does the filter do this? Yes, it does. :) -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Some messages not being held / warned
I have just setup our system and although it catches some messages others get through even though the headers indicate that Declude has scanned them. The headers from the mail below indicate that the mail has failed a lot of the tests including WEIGHT10 (which should append a warning to the subject line) and WEIGHT20 which should HOLD the mail. Anybody know why some mails get through while others that fail the same tests don't? Do you have any per-user or per-domain settings? That is the most likely problem (IE you have WEIGHT10/WEIGHT20 set to IGNORE in the file that Declude JunkMail is using). -Scott --- Declude: Anti-virus, Anti-spam and Anti-hijacking solutions for IMail. http://www.declude.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Wordfilter bypassed
Title: Nachricht If you can wait for some weeks we can provide an external test-program that make some content-based tests. At the moment we have ready the first tests wich tries to identify things like HTML-only mails, subject with spaces (yes, the same as Decludes spamheaders-test) and code-numbersin subject-lines and email-adresses. The next test's we plan to realize are links to ip-adresses, image-links and links to cgi-scripts. There will also be a word-filter test that tries to remove any !-- -- comments and other obscuring strings. The external test can be configured with an inifile an returns his results as a cumulative weight to declude. On our server it works for the last 9 days without any problem. During stress-tests on our server we do not notice appreciable more cpu-usage (with the current working tests) This external test will be free for all. In the next days I will provide a test-version in the list. Markus
RE: [Declude.JunkMail] Wordfilter bypassed
We attempted implementing a test that counts the number of html comments and found that it was impractical as it consistently captured a large number of legitimate services. (Scott, you indicated that it might catch some - our experience has been that it captures so many we had to drop it.) I suspect that most systems will need to weight such a test very lightly. Hope this helps. _M | -Original Message- | From: [EMAIL PROTECTED] | [mailto:[EMAIL PROTECTED]] On Behalf Of R. | Scott Perry | Sent: Tuesday, November 19, 2002 8:23 AM | To: [EMAIL PROTECTED] | Subject: Re: [Declude.JunkMail] Wordfilter bypassed | | | | The sneaky buggers are at it again. I've been getting more and more | emails | that don't fail any tests at all, but should be caught as | spam due to | multiple wordfilter hits. I had a look at the message (HTML) | source, and | found this: | | Hum!--nnbvmx--an Gr!--d--owth Hor!--fjkg--mone | Th!--sdkf--erapy | | Scott, is it possible that the wordfilter, when looking at | HTML source | messages, can be made to disregard HTML comments, as above? | | That likely isn't something that we will be doing, as it will | add a lot of | extra CPU time (or require writing our own specially designed string | matching functions). However, we are thinking of adding a | test that will | get triggered if a certain number of comments are found in an | E-mail. Although this would catch the occasionally bandwidth-wasting | legitimate bulk mailers (that have real comments), it would | also be very | useful in detecting spam. | -Scott | | --- | [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Some messages not being held / warned
Do you have any per-user or per-domain settings? That is the most likely problem (IE you have WEIGHT10/WEIGHT20 set to IGNORE in the file that Declude JunkMail is using). There is a per domain setting but it is for the domain that the spam was addressed to and other spams to that domain to get tagged / held Received: from mrhw [200.204.195.163] by rhubarb.fusio.net (SMTPD32-7.07) id A46C3480120; Tue, 19 Nov 2002 11:45:48 + From: Felicitas Acklin [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Money for jmy Date: Tue, 19 Nov 2002 03:44:58 -0800 Mime-Version: 1.0 Content-Type: text/html Content-Transfer-Encoding: base64 Message-Id: [EMAIL PROTECTED] X-Declude-Sender: [EMAIL PROTECTED] [200.204.195.163] X-Note: This E-mail was scanned by Fusio for spam. X-Spam-Tests-Failed: DSBL, OSPROXY, SPAMCOP, BASE64, HELOBOGUS, REVDNS, WEIGHT10, WEIGHT20 X-RCPT-TO: [EMAIL PROTECTED] Status: U X-UIDL: 316231510 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Wordfilter bypassed
We attempted implementing a test that counts the number of html comments and found that it was impractical as it consistently captured a large number of legitimate services. (Scott, you indicated that it might catch some - our experience has been that it captures so many we had to drop it.) I suspect that most systems will need to weight such a test very lightly. Hope this helps. However, that's the way spam control is heading. As more and more people get fed up with spam, more and more of the bozos that are doing things the wrong way will need to fix their problems. I can understand an HTML E-mail having one or two comments in it, but 10 or 20 is just a waste of bandwidth. That is information the recipient will never see. -Scott --- Declude: Anti-virus, Anti-spam and Anti-hijacking solutions for IMail. http://www.declude.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Wordfilter bypassed
R., Tuesday, November 19, 2002 you wrote: RSP I can understand an HTML E-mail having one or two comments in it, RSP but 10 or 20 is just a waste of bandwidth. That is information RSP the recipient will never see. Lots of the content management systems are heavily commented so I see a lot of comments in html messages to subscribers. However, they are not commented between words but that's a difficult parse I think. Terry Fritts --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Some messages not being held / warned
Do you have any per-user or per-domain settings? That is the most likely problem (IE you have WEIGHT10/WEIGHT20 set to IGNORE in the file that Declude JunkMail is using). There is a per domain setting but it is for the domain that the spam was addressed to and other spams to that domain to get tagged / held In that case, I would recommend using the debug mode (LOGLEVEL DEBUG) until it happens again, and then I can look at the debug log file to see why it is happening. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Wordfilter bypassed
Lots of the content management systems are heavily commented so I see a lot of comments in html messages to subscribers. However, they are not commented between words but that's a difficult parse I think. Aha... that could be the key! A spammer will use something like or!-- blah --der. If they use or !-- blah -- der, it will appear on the screen as or der, which will confuse people (Call to or der now! isn't very readable). Whereas the content management systems likely have the comment on the beginning of a new line, or at least have a space before/after it. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Blacklist not working as expected
I have one user who is getting absolutely hammered by spam. Last night I went through her mailbox and added many of the domains that she was getting spam from to my blacklist.txt file. The action have configured for that test is delete. It currently works as I can scan through the log and find e-mails that have failed the blacklist test and do get deleted.Now I checked her mailbox this morning and some of the domains that were listed were still able to send her mail. What am I doing wrong or missing? I am using Declude 1.62 beta and I have no per Domain\users settings. Thanks - Marc --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] BASE64 test
The BASE64 test will be triggered when E-mail contains a text or HTML MIME segment that is base64 encoded -- there is no reason for such segments to be base64 encoded, but spammers commonly use the base64 encoding to try to bypass filters. Follow-up question: Is there any good or allowed reason to have BASE64 encoding in a message? John Tolmachoff MCSE, CSSA IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
DSN:Re: [Declude.JunkMail] BASE64 test
Not when they are the text portions of the message. If you look at a complex raw email message, there may be several message parts. These can be BASE64 encoded files of any type. All the message parts are essentially contained in the message body. It is up to the client application to separate these parts and reconstruct them into their original formats. I am seeing several hundred spams a day where the sender sends an adult message from an innocuous email address with a subject like Got your message. The message bodies may be extremely explicit, so they are BASE64 encoded so that they get by spam filters or rules like those available in iMail. There would be no good reason at all to encode message text except to get by these filters. On 11/19/02 8:03am you wrote... The BASE64 test will be triggered when E-mail contains a text or HTML MIME segment that is base64 encoded -- there is no reason for such segments to be base64 encoded, but spammers commonly use the base64 encoding to try to bypass filters. Follow-up question: Is there any good or allowed reason to have BASE64 encoding in a message? John Tolmachoff MCSE, CSSA IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Unknown virus
Customer is getting virus notifications but the virus is listed as unknown. Is this a known issue and how do I turn of notification for unknown virus. He is clean. H. Please, DO NOT respond to this e-mail. This is an automated e-mail messagesent to alert you that you attempted to send a virus infected e-mailmessage.Fortunately, no harm is done. i360 Inc.'s advanced virus detection softwaredetected the virus, and the e-mail has been quarantined to prevent furtherdamage. This means that your recipient received a message similar to thisinstead of the virus-infected e-mail. We recommend that you check yoursystemfor viruses before communicating further by using your computer.Our software reported the following about the infected e-mail:The e-mail was sent to: [EMAIL PROTECTED]The e-mail subject: Are the instructions andE-mail contained this virus: Unknown VirusThe virus was located in this file: Unknown FileIf the recipient's address does not appear above,it is because of the nature of certain viruses,which corrupt such information.To find out more about the virus you e-mailed, click to www.sarc.com.To view virus related statistics, click towww.securitystats.com/virusstats.asp.
Re: [Declude.JunkMail] BASE64 test
The BASE64 test will be triggered when E-mail contains a text or HTML MIME segment that is base64 encoded -- there is no reason for such segments to be base64 encoded... Follow-up question: Is there any good or allowed reason to have BASE64 encoding in a message? It is *very* common to use base64 encoding in E-mail. That's the standard way that file attachments are sent. The key here is that there is no reason to send text/HTML segments using base64, which is what the BASE64 test looks for. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Unknown virus
Customer is getting virus notifications but the virus is listed as unknown. Hmm... that doesn't sound like a Declude JunkMail issue. :) Is this a known issue and how do I turn of notification for unknown virus. Unknown Virus appears when the virus scanner can't report to Declude Virus what the name of the virus is. If this happens to all E-mail, either your virus scanner doesn't support reporting the virus names properly, or you don't have your AV program set correctly. If it happens only on some E-mail, the virus scanner doesn't know the name of the virus -- in which case, most like it has detected a suspicious file. If you use F-Prot, you can remove the VIRUSCODE 8 line to prevent it from detecting such files. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Unknown virus
Customer is getting virus notifications but the virus is listed as unknown. Is this a known issue and how do I turn of notification for unknown virus. He is clean. H. This question really belongs on the declude.virus list. :-) From the Declude Virus Manual: Declude Virus (v1.53 and higher) can be set up not to send out E-mail notifications for specific viruses. This is useful for viruses that forge the return address (in which case a You have a virus notification would get sent to someone without a virus). To prevent a notification from getting sent out, you can add a line SKIPIFVIRUSNAMEHAS Virusname to the beginning (before the first blank line) of any of the \IMail\Declude\*.eml files (typically just the sender.eml and otherpostmaster.eml files). Virusname should be replaced with a string that always appears in the name of the virus and any variants; for example SKIPIFVIRUSNAMEHAS Klez. Note that there can only be one space (or tab) between SKIPIFVIRUSNAMEHAS and the virus name. To prevent the notifications from being sent for multiple viruses, you need to have a SKIPIFVIRUSNAMEHAS line for each virus. If you are referring to vunerabilities see the link below and follow the thread. http://www.mail-archive.com/declude.virus@declude.com/msg04005.html -Patrick --- [This E-mail scanned for viruses by Declude/McAfee] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Unknown virus
Can you post a virus log snippet? It is possible an error was returned by the virus scanner. The logs will show this. John Tolmachoff MCSE, CSSA IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Heimir Eidskrem Sent: Tuesday, November 19, 2002 9:21 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Unknown virus Customer is getting virus notifications but the virus is listed as unknown. Is this a known issue and how do I turn of notification for unknown virus. He is clean. H. Please, DO NOT respond to this e-mail. This is an automated e-mail message sent to alert you that you attempted to send a virus infected e-mail message. Fortunately, no harm is done. i360 Inc.'s advanced virus detection software detected the virus, and the e-mail has been quarantined to prevent further damage. This means that your recipient received a message similar to this instead of the virus-infected e-mail. We recommend that you check your system for viruses before communicating further by using your computer. Our software reported the following about the infected e-mail: The e-mail was sent to: [EMAIL PROTECTED] The e-mail subject: Are the instructions and E-mail contained this virus: Unknown Virus The virus was located in this file: Unknown File If the recipient's address does not appear above, it is because of the nature of certain viruses, which corrupt such information. To find out more about the virus you e-mailed, click to www.sarc.com. To view virus related statistics, click to www.securitystats.com/virusstats.asp. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] BASE64 test
Scott: We have seen that the Base64 test is also triggered for International languages. We used to have a high weight assigned to it but we noticed when people write each other using Unicode or foreign (non-English) characters the test is triggered. Is this known? Regards, Kami -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of R. Scott Perry Sent: Tuesday, November 19, 2002 12:38 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] BASE64 test The BASE64 test will be triggered when E-mail contains a text or HTML MIME segment that is base64 encoded -- there is no reason for such segments to be base64 encoded... Follow-up question: Is there any good or allowed reason to have BASE64 encoding in a message? It is *very* common to use base64 encoding in E-mail. That's the standard way that file attachments are sent. The key here is that there is no reason to send text/HTML segments using base64, which is what the BASE64 test looks for. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Blacklist not working as expected
Scott, After reprinting the Junkmail manual I see why am only having partial success. I have been using the from domains in the format @emailoffers.com (occasionally using the format deals-central.com - to catch 10.dealscentral as well as 20.dealscentral). So I suppose since the from and or reply to addresses are often going to be different than the X-declude sender (which I don't see in the e-mail headers? I'd have to dig through the I-mail logs to find this?) I'm really only blacklisting those that happen to be the same. I have since added most of the e-mail address that were in the blacklist file to the SMTP KILL list in IMAIL, which says that it checks the from address. Lets see if that helps. Marc -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of R. Scott Perry Sent: Tuesday, November 19, 2002 12:39 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Blacklist not working as expected I have one user who is getting absolutely hammered by spam. Last night I went through her mailbox and added many of the domains that she was getting spam from to my blacklist.txt file. What domains did you add? Domains from the From: address (which Declude JunkMail doesn't check), the Reply-To: address (which Declude JunkMail doesn't check), the HELO/EHLO text (which Declude JunkMail checks in filters), or the return address (from the X-Declude-Sender: header or the IMail log file) which a Declude JunkMail sender blacklist will catch? -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] IP4R Tests Not Happening After Re-Install
Hi folks, I recently re-installed IMail Declude after upgrading our mail server and immediately noticed a drop in JunkMail's accuracy. I now realize that in nine days, NONE of the IP4R tests or RHSBL tests have logged a single hit. What might cause this? The re-installation should have produced a mirror copy of the original IMail server installation, except for two post-installation tweaks: I opted to upgrade Declude to the beta 1.62; and I tweaked a few rules, namely regarding Habeas. I have since commented out my tweaks, but with no luck. Any ideas? Thank you so much. Dave --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] IP4R Tests Not Happening After Re-Install
What DNS servers do you have Imail and Declude configured to use? John Tolmachoff MCSE, CSSA IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of David Delbridge Sent: Tuesday, November 19, 2002 11:30 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] IP4R Tests Not Happening After Re-Install Hi folks, I recently re-installed IMail Declude after upgrading our mail server and immediately noticed a drop in JunkMail's accuracy. I now realize that in nine days, NONE of the IP4R tests or RHSBL tests have logged a single hit. What might cause this? The re-installation should have produced a mirror copy of the original IMail server installation, except for two post-installation tweaks: I opted to upgrade Declude to the beta 1.62; and I tweaked a few rules, namely regarding Habeas. I have since commented out my tweaks, but with no luck. Any ideas? Thank you so much. Dave --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Blacklist not working as expected
After reprinting the Junkmail manual I see why am only having partial success. I have been using the from domains in the format @emailoffers.com (occasionally using the format deals-central.com - to catch 10.dealscentral as well as 20.dealscentral). So I suppose since the from and or reply to addresses are often going to be different than the X-declude sender (which I don't see in the e-mail headers? I'd have to dig through the I-mail logs to find this?) I'm really only blacklisting those that happen to be the same. Correct. You can use the XSENDER ON option (in the \IMail\Declude\global.cfg file) to get Declude JunkMail to record the return address in the headers. I have since added most of the e-mail address that were in the blacklist file to the SMTP KILL list in IMAIL, which says that it checks the from address. Lets see if that helps. Sorry -- it, too, checks the return address (also called MAIL FROM or From address in the SMTP envelope). -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] IP4R Tests Not Happening AfterRe-Install
I recently re-installed IMail Declude after upgrading our mail server and immediately noticed a drop in JunkMail's accuracy. I now realize that in nine days, NONE of the IP4R tests or RHSBL tests have logged a single hit. What might cause this? That will happen if your DNS server isn't responding. You should check the DNS servers listed in the IMail SMTP settings, and make sure that the first one listed is working properly. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Blacklist not working as expected
So I suppose since the from and or reply to addresses are often going to be different than the X-declude sender (which I don't see in the e-mail headers? I'd have to dig through the I-mail logs to find this?) From the Declude Junkmail Manual: If you want to record the name of the sender (according to the SMTP Envelope) in the E-mail headers, you can use the XSENDER configuration option. To do this, add a line to the \IMail\Declude\global.cfg file that says XSENDER ON. -Patrick --- [This E-mail scanned for viruses by Declude/McAfee] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Blacklist not working as expected
Patrick, Thanks. I found where that was #XSENDER OFF, took out the pound sign and changed it to ON. Now if I can get the people who get spam to copy and forward me the header info... Marc -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Patrick Childers Sent: Tuesday, November 19, 2002 02:44 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Blacklist not working as expected So I suppose since the from and or reply to addresses are often going to be different than the X-declude sender (which I don't see in the e-mail headers? I'd have to dig through the I-mail logs to find this?) From the Declude Junkmail Manual: If you want to record the name of the sender (according to the SMTP Envelope) in the E-mail headers, you can use the XSENDER configuration option. To do this, add a line to the \IMail\Declude\global.cfg file that says XSENDER ON. -Patrick --- [This E-mail scanned for viruses by Declude/McAfee] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Blacklist not working as expected
flailing a deceased equine... Crap. Running through the Imail log analyzer I found some of the host names I was looking for preceded by mail1 or some other name. I added these to the kill list in the hopes that this is actually the MAIL FROM in the SMTP envelope that is being reported. I also found a few of the spammers, like Top-brands.com, mailservers were named something.bluerockdove.com so I put bluerockdove.com in the blacklist. I also found that they were coming from an several IPs 205.205.236.245(228,243) so I created a bannedip.txt file added 205.205.236.0/24, created a bannedip test in the declude files and then set the action to delete to hopefully block anything from them in the future. Another prolific spammer was mb00.net also using several other names in the mailfrom. They seemed to be originating from 216.39.115.66 (81,68,55) so I also added 216.39.115.0/24 to bannedip.txt. Would this work just as well, better or faster if I put these IPs in the SMTP control access list? Though I didn't see an easy way to block an entire class C. Thanks for all the help and quick Reponses. Marc -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of R. Scott Perry Sent: Tuesday, November 19, 2002 02:41 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Blacklist not working as expected After reprinting the Junkmail manual I see why am only having partial success. I have been using the from domains in the format @emailoffers.com (occasionally using the format deals-central.com - to catch 10.dealscentral as well as 20.dealscentral). So I suppose since the from and or reply to addresses are often going to be different than the X-declude sender (which I don't see in the e-mail headers? I'd have to dig through the I-mail logs to find this?) I'm really only blacklisting those that happen to be the same. Correct. You can use the XSENDER ON option (in the \IMail\Declude\global.cfg file) to get Declude JunkMail to record the return address in the headers. I have since added most of the e-mail address that were in the blacklist file to the SMTP KILL list in IMAIL, which says that it checks the from address. Lets see if that helps. Sorry -- it, too, checks the return address (also called MAIL FROM or From address in the SMTP envelope). -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Blacklist not working as expected
They seemed to be originating from 216.39.115.66 (81,68,55) so I also added 216.39.115.0/24 to bannedip.txt. Would this work just as well, better or faster if I put these IPs in the SMTP control access list? Though I didn't see an easy way to block an entire class C. The 216.39.115.0/24 is the best way to handle the IP ranges (which in the case of a /24 is a class C range). It's slightly faster than multiple entries, and a lot easier to read. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] IP4R Tests Not Happening AfterRe-Install
Thank you for the replies, The DNS servers appear to be working fine. NSLOOKUP from a DOS prompt on the mail server to either of the DNS servers specified in IMail's SMTP service settings answers all of my queries, authoritative and recursive. Is there another test I might perform? Speaking of DNS, during re-install, the server was on a different network, obtaining temporary IPs DNS servers from DHCP. Once put into production, the server IP was changed and IMail's DNS servers were updated manually, as you mention. Digging for stale DNS info, I did find an IMail registry entry for virtual server 192.168.0.5 -- the temporary DHCP-supplied IP. No reference to this value could be found in IMail admin, so I deleted it. No change. [One of our mail servers fails BLARS, so I do have a convenient way to check if IP4R tests are working again.] Any thoughts? Dave R. Scott Perry wrote: I recently re-installed IMail Declude after upgrading our mail server and immediately noticed a drop in JunkMail's accuracy. I now realize that in nine days, NONE of the IP4R tests or RHSBL tests have logged a single hit. What might cause this? That will happen if your DNS server isn't responding. You should check the DNS servers listed in the IMail SMTP settings, and make sure that the first one listed is working properly. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Blacklist not working as expected
What am I doing wrong here? This is the E-mail header: Message-Id: [EMAIL PROTECTED] X-RBL-Warning: OSSOFT: http://spamhaus.org/SBL/sbl.lasso?query=SBL5031 X-RBL-Warning: SPAMCOP: Blocked - see http://spamcop.net/bl.shtml?64.49.243.105 X-RBL-Warning: SPAMHEADERS: This E-mail has headers consistent with spam [420e]. X-Declude-Sender: [EMAIL PROTECTED] [64.49.243.105] X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. This is one entry in a file bannedips.txt located on the root of the D: drive 64.49.243.0/24 This is from my Global.cfg IPBLACKLIST fromfile D:\bannedips.txt x 5 0 This is from my $default$.junkmail IPBLACKLIST DELETE Shouldn't 64.49.243.0/24 get anything in this range, such as 64.49.243.105? Should I make the text file less than 8 characters long? If there is no HOLD reason after the IP does it fail? I only have 4 domains whitelisted so that shouldn't be an issue. Thanks - Marc -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of R. Scott Perry Sent: Tuesday, November 19, 2002 04:25 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Blacklist not working as expected They seemed to be originating from 216.39.115.66 (81,68,55) so I also added 216.39.115.0/24 to bannedip.txt. Would this work just as well, better or faster if I put these IPs in the SMTP control access list? Though I didn't see an easy way to block an entire class C. The 216.39.115.0/24 is the best way to handle the IP ranges (which in the case of a /24 is a class C range). It's slightly faster than multiple entries, and a lot easier to read. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Wordfilter bypassed
| | However, that's the way spam control is heading. As more and | more people | get fed up with spam, more and more of the bozos that are | doing things the | wrong way will need to fix their problems. | | I can understand an HTML E-mail having one or two comments in | it, but 10 or | 20 is just a waste of bandwidth. That is information the | recipient will | never see. | | -Scott Where we got into trouble was with big corporate iron... (IBM, Sun, Microsoft, etc...) The comments in those messages were part of the code base generating the messages and I can imagine (as a web developer also) that they are pretty vital to the developers in their ongoing maintenance efforts. It's not uncommon to see quite a few of them. As we increased the threshold to accommodate the legitimate messages we were capturing we soon reached a level where legitimate and non-legitimate were practically indistinguishable. All I'm saying here is that since HTML email is here to stay, and HTML comments are legitimate and sometimes required for coding standards, a simple count of HTML comments will not be a valid spam test in most cases. This has been our experience - your mileage may/will vary. _M --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Wordfilter bypassed
That's a good point. Perhaps we'll do some testing in the new version for comments bounded by nonwhitespace. _M | -Original Message- | From: [EMAIL PROTECTED] | [mailto:[EMAIL PROTECTED]] On Behalf Of R. | Scott Perry | Sent: Tuesday, November 19, 2002 10:21 AM | To: [EMAIL PROTECTED] | Subject: Re: [Declude.JunkMail] Wordfilter bypassed | | | | Lots of the content management systems are heavily | commented so I | see a lot of comments in html messages to subscribers. | | However, they are not commented between words but that's a | difficult parse I think. | | Aha... that could be the key! | | A spammer will use something like or!-- blah --der. If | they use or | !-- blah -- der, it will appear on the screen as or der, | which will | confuse people (Call to or der now! isn't very readable). | Whereas the | content management systems likely have the comment on the | beginning of a | new line, or at least have a space before/after it. | -Scott | | --- | [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Blacklist not working as expected
IPBLACKLISTfromfile D:\bannedips.txt x 5 0 I think it needs to be ipfile instead of fromfile. IPBLACKLIST ipfile D:\bannedips.txtx 5 0 John Tolmachoff MCSE, CSSA IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Blacklist not working as expected
Changed it to ipfile - lets see if that does it. I knew I was missing something Thanks - Marc -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of John Tolmachoff Sent: Tuesday, November 19, 2002 9:11 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Blacklist not working as expected IPBLACKLISTfromfile D:\bannedips.txt x 5 0 I think it needs to be ipfile instead of fromfile. IPBLACKLIST ipfile D:\bannedips.txtx 5 0 John Tolmachoff MCSE, CSSA IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.