Re: [Declude.JunkMail] Declude Processes Server Load
Hi Scott, I see the same (with a very small domain and very light usage). The mail server is nowhere near the strongest, but is sometmies stressed with 1.70 (and was the same with 1.69b) but not 1.65. My recommendation for those that are experiencing this is to try adding a line DECODE OFF to the \IMail\Declude\global.cfg file, and see if this takes care of the problem. There were some base64 and HTML decoding functions added since 1.65, which use more CPU time than most Declude JunkMail functionality. They can be disabled with the DECODE OFF line. Well as you can read in another mail I went back to 1.65 first. This server has been running normally for several hours however I also went back from daisychaining to normal IpSwitch smtp32. If it all runs stable today then tonight I'll enable daisychaining again to make sure attachments via the webinterface get scanned. If all still runs normal on tuesday (monday is a holiday overhere) then I'll go bacl to 1.70 and see if the problem returs. If it does I'll enable the DECODE OFF option te see if that solves the problem. I'm also going to investigate the changes to the ip4r tests, to see if that may be the root of the problem. It *shouldn't* be, but then again there isn't anything in Declude JunkMail that *should* cause 100% CPU usage. :) Right, this setup has been rocksolid for two years so if it realy has been Declude which was responsible, then that's a first. ;-) Met vriendelijke groet, Bonno Bloksma --- [This E-mail scanned for viruses by Declude Virus using f-prot] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] spamdomains list
Here two big international ones: t-online.de t-online.com wanadoo.fr Best Regards Andy Schmidt HM Systems Software, Inc. 600 East Crescent Avenue, Suite 203 Upper Saddle River, NJ 07458-1846 Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 http://www.HM-Software.com/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bill Landry Sent: Friday, May 30, 2003 01:16 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] spamdomains list Here is my list thus far: amazon.com aol.com apple.com att. attbi.com bellsouth.net charter.net comcast. compuserve.com cox. earthlink. excite.com gte. hotmail.com juno.com .untd.com lycos.com microsoft.com mindspring. msn.com .hotmail.com netscape. psi. qwest. .rr.com verio. verizon. .bellatlantic. yahoo.com Bill - Original Message - From: Scott MacLean [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, May 30, 2003 9:49 AM Subject: Re: [Declude.JunkMail] spamdomains list If someone has a comprehensive spamdomains listing they are happy with,could they post it for others to analyze/use? At 10:36 AM 5/30/2003, Bill Landry wrote: One comment. Instead of having: yahoo.com yahoo.ca yahoo.com yahoo.de yahoo.com yahoo.dk yahoo.com yahoo.es yahoo.com yahoo.fr yahoo.com yahoo.it yahoo.com yahoo.no yahoo.com yahoo.se yahoo.com yahoo.co.jp yahoo.com yahoo.co.uk yahoo.com yahoo.com.ar yahoo.com yahoo.com.au yahoo.com yahoo.com.br yahoo.com yahoo.com.cn yahoo.com yahoo.com.hk yahoo.com yahoo.co.kr yahoo.com yahoo.com.mx yahoo.com yahoo.com.tw yahoo.com Why not just consolidate this down to: yahoo.yahoo.com Bill - Original Message - From: Bill B. [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, May 30, 2003 7:20 AM Subject: [Declude.JunkMail] spamdomains list Attached is a list of spamdomains and their coresponding aliases that I've compiled thus far. Anybody want to comment or expand upon this? Bill --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. ___ Scott MacLean [EMAIL PROTECTED] ICQ: 9184011 http://www.nerosoft.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] just what is scanned for country????
I must be missing something here Scott, I thought Declude used the info from the X-DECLUDE SENDER line for it's info, address, IP. Correct. Unless you specify a HOP correct? No matter what settings you use (HOP, HOPHIGH, IPBYPASS), Declude JunkMail will use the information from the X-Declude-Sender: header for filtering based on the IP and HELO/EHLO. So the reason for this question is ours is set as HOP 0. Now, a mail to the imail list last night was triggering the COUNTRY test. The IP I'm assuming it went with was the one that connected to Ipswitch's server here's the headers for the mail: How is your COUNTRY test set up? Is it set up as a filter? If so, what do the line(s) in the filter look like? -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] More Spam Tests?
Hi Scott: This tool did some filtering that may be of interest to you? * 3.5 -- Forged mail pretending to be from MS Outlook * 0.5 -- Message has X-MSMail-Priority, but no X-MimeOLE I'm enclosing the header and their entire assessment of this message (it had a fake sender, so the bounce got back to me). Best Regards Andy Schmidt HM Systems Software, Inc. 600 East Crescent Avenue, Suite 203 Upper Saddle River, NJ 07458-1846 Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 http://www.HM-Software.com/ --- Message which triggered moderation From [EMAIL PROTECTED] Tue Jun 3 13:58:37 2003 Return-Path: [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] Received: from localhost (localhost [127.0.0.1]) by polaris.dazza.org (Postfix) with ESMTP id 33A0425410A for [EMAIL PROTECTED]; Tue, 3 Jun 2003 13:58:37 -0700 (PDT) Received: by polaris.dazza.org (Postfix, from userid 79) id 2EC3725410B; Tue, 3 Jun 2003 13:58:36 -0700 (PDT) Received: from localhost [127.0.0.1] by polaris.dazza.org with SpamAssassin (2.55 1.174.2.19-2003-05-19-exp); Tue, 03 Jun 2003 13:58:36 -0700 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: *SPAM* Approved Date: Tue, 3 Jun 2003 13:56:05 --0700 Message-Id: [EMAIL PROTECTED] X-Spam-Flag: YES X-Spam-Status: Yes, hits=8.5 required=5.0 tests=DATE_IN_PAST_06_12,FORGED_MUA_OUTLOOK,INVALID_DATE, MIME_MISSING_BOUNDARY,MISSING_MIMEOLE,NO_REAL_NAME, RAZOR2_CHECK version=2.55 X-Spam-Level: X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary=--=_3EDD0BFC.2FD31CBE X-Virus-Scanned: by AMaViS snapshot-20020300 This is a multi-part message in MIME format. =_3EDD0BFC.2FD31CBE Content-Type: text/plain Content-Disposition: inline Content-Transfer-Encoding: 8bit Start SpamAssassin results 8.50 points, 5 required; * 0.8 -- From: does not include a real name * 0.6 -- Invalid Date: header (not RFC 2822) * 0.2 -- RAW: MIME section missing boundary * 2.1 -- Listed in Razor2, see http://razor.sf.net/ * 0.8 -- Date: is 6 to 12 hours before Received: date * 3.5 -- Forged mail pretending to be from MS Outlook * 0.5 -- Message has X-MSMail-Priority, but no X-MimeOLE --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Declude Processes Server Load
I have been experiencing high CPU loads lately as well, I reverted back to the release 1.65 but it is still doing it. I do not believe it is a declude issue. I dont know if this is related, maybe someone can explain here is what I am seeing when i do a netstat at the command prompt 62.145.51.3:59511 TIME_WAIT 62.175.27.221:1327 TIME_WAIT 62.175.27.221:1363 TIME_WAIT 62.175.27.221:1386 TIME_WAIT 62.175.27.221:1387 TIME_WAIT 210.22.204.55:25452TIME_WAIT 210.22.204.55:37665TIME_WAIT 210.83.133.50:3969 TIME_WAIT 210.103.68.2:1219 TIME_WAIT 210.103.68.2:4735 TIME_WAIT 210.117.98.25:2135 TIME_WAIT This is always going on during the CPU spikes They always step sequentially through the class A range These IP addresses are all sending spam Is this some new kind of spam method? I am seeing SPAM from ALOT of different IP address but each address is sending reletively small amounts of spam. As an experiment I blocked several class A's from apnic at the router level and my CPU troubles diminished as I blocked networks exibiting the above behavior. Rick Davidson Buckeye Internet Inc www.buckeyeweb.com 440-953-1900 ext: 222 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] spamdomains list
Thanks Andy. Here I've some spamdomains for those who has italian domains on the server: tiscali.it tiscalinet.it tiscalinet.it tiscali.it tin.it fep0 libero.it tin.it virgilio.it tin.it iol.it libero.it supereva.it freemail.it supereva.it cicciociccio.it supereva.it mybox.itsupereva.it email.itwebmessenger.it Here I've also a question: It seems that legit mails with senderadresses containing @tin.it can be delivered from smtp-servers with the following revdns records: Tin.it Tuttopmi.it Flexmail.it Because both tuttopmi.it and flexmail.it has hostnames beginning with fep0x. I've added this as valid alias for tin.it Will this work? Markus -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy Schmidt Sent: Thursday, June 05, 2003 6:25 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] spamdomains list Here two big international ones: t-online.de t-online.com wanadoo.fr Best Regards Andy Schmidt HM Systems Software, Inc. 600 East Crescent Avenue, Suite 203 Upper Saddle River, NJ 07458-1846 Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 http://www.HM-Software.com/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bill Landry Sent: Friday, May 30, 2003 01:16 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] spamdomains list Here is my list thus far: amazon.com aol.com apple.com att. attbi.com bellsouth.net charter.net comcast. compuserve.com cox. earthlink. excite.com gte. hotmail.com juno.com .untd.com lycos.com microsoft.com mindspring. msn.com .hotmail.com netscape. psi. qwest. .rr.com verio. verizon. .bellatlantic. yahoo.com Bill - Original Message - From: Scott MacLean [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, May 30, 2003 9:49 AM Subject: Re: [Declude.JunkMail] spamdomains list If someone has a comprehensive spamdomains listing they are happy with,could they post it for others to analyze/use? At 10:36 AM 5/30/2003, Bill Landry wrote: One comment. Instead of having: yahoo.com yahoo.ca yahoo.com yahoo.de yahoo.com yahoo.dk yahoo.com yahoo.es yahoo.com yahoo.fr yahoo.com yahoo.it yahoo.com yahoo.no yahoo.com yahoo.se yahoo.com yahoo.co.jp yahoo.com yahoo.co.uk yahoo.com yahoo.com.ar yahoo.com yahoo.com.au yahoo.com yahoo.com.br yahoo.com yahoo.com.cn yahoo.com yahoo.com.hk yahoo.com yahoo.co.kr yahoo.com yahoo.com.mx yahoo.com yahoo.com.tw yahoo.com Why not just consolidate this down to: yahoo.yahoo.com Bill - Original Message - From: Bill B. [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, May 30, 2003 7:20 AM Subject: [Declude.JunkMail] spamdomains list Attached is a list of spamdomains and their coresponding aliases that I've compiled thus far. Anybody want to comment or expand upon this? Bill --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. ___ Scott MacLean [EMAIL PROTECTED] ICQ: 9184011 http://www.nerosoft.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Declude Processes Server Load
I dont know if this is related, maybe someone can explain here is what I am seeing when i do a netstat at the command prompt 62.145.51.3:59511 TIME_WAIT That just means that the IP 62.145.51.3 connected to your (from port 59511 on their side). The TIME_WAIT is there because the TCP/IP stack is required to keep the information on the connection for a few minutes. This does not indicate any problems. If you see a lot of these, it would just mean that there were a lot of recent connections to your mailserver. I am seeing SPAM from ALOT of different IP address but each address is sending reletively small amounts of spam. That isn't unusual -- spammers will often send from lots of different IPs (using compromised servers, or sometimes just lots of open proxies or open relays). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Adding Weight for a particular mailbox
I think the answer is no, but with Junkmail standard 1.7, can I add weight when the mail comes to a particular user / mailbox? I have some infrequently used, but legitmate, e-mail addresses. If something comes to one of them, it is higher likelihood to be unsolicited, but not for certain. And, I believe the answer is yes if using Junkmail Pro, correct? You are correct. The filtering in the Pro version would be able to add a weight in this case, but it is not available in Declude JunkMail Standard. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Adding Weight for a particular mailbox
Hi.. I think the answer is YES.. You need the pro because Pro supports filters. We do exactly what you want to do. We have a filter file we call X_Employees. This list are employees long gone but their email is apparently still being sold. Their mailboxes are deleted but what we know is if their address is listed in the CC or as part of the recipient then it has to be spam. What you can do is: ALLRECIPS 0 CONTAINS[EMAIL PROTECTED] You can add weight to this inclusion in the recipient address. Hope this helps.. Regards, Kami -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robert Grosshandler Sent: Thursday, June 05, 2003 2:56 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Adding Weight for a particular mailbox Hi I think the answer is no, but with Junkmail standard 1.7, can I add weight when the mail comes to a particular user / mailbox? I have some infrequently used, but legitmate, e-mail addresses. If something comes to one of them, it is higher likelihood to be unsolicited, but not for certain. And, I believe the answer is yes if using Junkmail Pro, correct? Thanks, Rob --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Queue size quota\alert
I built a simple VBScript for alerting if mail gets held in the Hijack hold folders, it wouldn't take much to make it alert if number of Q files in Overflow exceeds a threshhold or if any files exist at all. It is available at http://spamreview.argolink.net/software, called the Hijack Held Notifier. It shouldn't require any aditional software to run, just a little editing of variables, I could even help if you need it. Thanks, Chuck Frolick ArgoNet, Inc. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave Marchette Sent: Thursday, June 05, 2003 1:32 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Queue size quota\alert One of the nice features of Declude is the overflow queue which helps Imail 7.x to not trip on itself as frequently. From my testing, the only time the overflow queue gets activity is when either a dictionary attack, mail loop, dns issue or spam flood is occurring(because the number of processes hits a threshold, I'm guessing). So, this has become a great way to gauge when an Imail server is having overload issues. I'm looking for a very easy, efficient way to monitor the size of the overflow directory(on NT4) and then take an action, like sending an alert, if the file grows an x amount over an x time period. I have found a few shareware proggies that can do this but before I commence testing, I figured I'd ask the experts. Has anyone fiddled with this concept yet? If so would you care to share your experience\suggestion? Dave --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] spamdomains list
Markus, I've been giving the subject of @'s in spamdomain tests some thought. With the original one column test, there was no way an @ was going to be in the RDNS so using it meant automatic failure. With the new two column format, this should now work: @tin.itTin.it @tin.itTuttopmi.it @tin.itFlexmail.it The only drawback is that this is not as flexible (forgiving) as say Tin.it Tuttopmi.it Scott, would you confirm? Dan On Thursday, June 5, 2003 9:41, Markus Gufler [EMAIL PROTECTED] wrote: Thanks Andy. Here I've some spamdomains for those who has italian domains on the server: tiscali.it tiscalinet.it tiscalinet.it tiscali.it tin.it fep0 libero.it tin.it virgilio.ittin.it iol.it libero.it supereva.it freemail.itsupereva.it cicciociccio.itsupereva.it mybox.it supereva.it email.it webmessenger.it Here I've also a question: It seems that legit mails with senderadresses containing @tin.it can be delivered from smtp-servers with the following revdns records: Tin.it Tuttopmi.it Flexmail.it Because both tuttopmi.it and flexmail.it has hostnames beginning with fep0x. I've added this as valid alias for tin.it Will this work? Markus -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy Schmidt Sent: Thursday, June 05, 2003 6:25 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] spamdomains list Here two big international ones: t-online.de t-online.com wanadoo.fr Best Regards Andy Schmidt HM Systems Software, Inc. 600 East Crescent Avenue, Suite 203 Upper Saddle River, NJ 07458-1846 Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 http://www.HM-Software.com/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bill Landry Sent: Friday, May 30, 2003 01:16 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] spamdomains list Here is my list thus far: amazon.com aol.com apple.com att. attbi.com bellsouth.net charter.net comcast. compuserve.com cox. earthlink. excite.com gte. hotmail.com juno.com .untd.com lycos.com microsoft.com mindspring. msn.com .hotmail.com netscape. psi. qwest. .rr.com verio. verizon. .bellatlantic. yahoo.com Bill - Original Message - From: Scott MacLean [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, May 30, 2003 9:49 AM Subject: Re: [Declude.JunkMail] spamdomains list If someone has a comprehensive spamdomains listing they are happy with,could they post it for others to analyze/use? At 10:36 AM 5/30/2003, Bill Landry wrote: One comment. Instead of having: yahoo.com yahoo.ca yahoo.com yahoo.de yahoo.com yahoo.dk yahoo.com yahoo.es yahoo.com yahoo.fr yahoo.com yahoo.it yahoo.com yahoo.no yahoo.com yahoo.se yahoo.com yahoo.co.jp yahoo.com yahoo.co.uk yahoo.com yahoo.com.ar yahoo.com yahoo.com.au yahoo.com yahoo.com.br yahoo.com yahoo.com.cn yahoo.com yahoo.com.hk yahoo.com yahoo.co.kr yahoo.com yahoo.com.mx yahoo.com yahoo.com.tw yahoo.com Why not just consolidate this down to: yahoo.yahoo.com Bill - Original Message - From: Bill B. [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, May 30, 2003 7:20 AM Subject: [Declude.JunkMail] spamdomains list Attached is a list of spamdomains and their coresponding aliases that I've compiled thus far. Anybody want to comment or expand upon this? Bill --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. ___ Scott MacLean [EMAIL PROTECTED] ICQ: 9184011 http://www.nerosoft.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This
[Declude.JunkMail] Whitelist Add-on
I had a situation today that has made me consider the whitelist add-on that I have seen discussed here. With the archive down, I am not sure what the name of it is or where to go for more information. Could someone send that information to me please ([EMAIL PROTECTED]). Is it just me or does it seem that major ISPs are being listed in more and more spam databases? I had a customer have his rather important incoming email get autodeleted because it reached a score of 31 on a system of 10+ hold and 30+ delete. btinternet.com (British Telecom) is listed in about 10 spam databases. It seems more and more I have to give major ISPs huge negetive weights, and I seem to have to constantly make them more and more negetive to keep up. Then more and more spam gets through. From my perspective this trend is becoming counter productive; the spam databases are unrealistic to use individually; even with Declude's superb weighting system things are getting more difficult. Scott, do you have an opinion about the whitelist add-on? The idea of keeping track of who are customers are sending email to and then having them whitelisted sounds interesting, but I want to know if there are any reasons why this might cause problems. Thanks, Paul Navarre --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Whitelist Add-on
I had a situation today that has made me consider the whitelist add-on that I have seen discussed here. With the archive down, I am not sure what the name of it is or where to go for more information. Could someone send that information to me please ([EMAIL PROTECTED]). AutoWhite for Declude. www.eservicesforyou.com/products/autowhite.html John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] .biz
I take back what I said, I do have a low weighted test for .biz based links: BODY0 CONTAINS.biz/ Dan --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Whitelist Add-on
We use it, we love it. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Apparent Problem with REVDNS Filter in Version 1.70i2
Hi Scott: Here are three relevant lines of the WEIGHTFILTER.TXT: #16: #17:REVDNS 4 ENDSWITH.in-addr.arpa #18: DNSStuff reports a valid REVDNS: 12.29.228.5 PTR record: oldtfw04.pearsontc.com. [TTL 86400s] [A=12.29.228.5] Yet, the mail failed WEIGHTFILTER at line 17. See the log filter - the ONLY place where I see the string in-addr.arpa is in your ID: field - behind some apparent garbled caharacters. Is there a problem with the REVDNS ENDSWITH filter, e.g., some buffer overrun? 06/05/2003 17:51:09 Qbb4535320128b6b9 HELOBOGUS:3 HEUR10:4 WEIGHTFILTER:4 . Total weight = 11 06/05/2003 17:51:09 Qbb4535320128b6b9 Msg failed HELOBOGUS (Domain oldtms705.pearsontc.com has no MX or A records.). Action=WARN. 06/05/2003 17:51:09 Qbb4535320128b6b9 Msg failed HEUR10 (Heuristic spam detection level 10 [1.00]). Action=IGNORE. 06/05/2003 17:51:09 Qbb4535320128b6b9 Msg failed WEIGHTFILTER (Message failed WEIGHTFILTER test (17)). Action=IGNORE. 06/05/2003 17:51:09 Qbb4535320128b6b9 Msg failed WEIGHTREPORT (Total weight between 11 and 15.). Action=ALERT. 06/05/2003 17:51:09 Qbb4535320128b6b9 Msg failed WEIGHT10 (Total weight between 10 and 19.). Action=SUBJECT. 06/05/2003 17:51:09 Qbb4535320128b6b9 Subject: Screen shots: Merrill Lynch store 06/05/2003 17:51:09 Qbb4535320128b6b9 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] IP: 12.29.228.5 ID: [EMAIL PROTECTED] 5.228.29.12.in-addr.arpa Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] OT: The Titian Key Product to Remove Spam.. patent pending?
FWIW.. Looks like a variation of a mail gateway at a cost of $1000.00 per month! http://www.titankey.com/features.asp eddie :)
Re: [Declude.JunkMail] HOP setting
I just want to double check on this. I have setup an IMGATE box to be in front of imail/declude, and it sends/receives on their behalf. What I did in global.cfg file, is change HOP 0 to HOP 1 , correct? Anything else I need to worry about? You *can* do that. But *only* if every single E-mail will come from the IMGate server (or some other server of yours). If there's a chance that E-mail may come directly from the Internet, it would be safer to use IPBYPASS, which will let Declude know which mailservers are yours (and therefore should be bypassed for the scanning). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Request for new/enhanced feature
I keep getting mail that slipps through that IMO shouldn't be that hard to catch really... G They use a variant of the html comments but the way they do it it don't get detected as a mail with to many html comments. Correct. Because if Declude JunkMail were count all the HTML tags, then all that Microsoft Word E-mail Garbage (those one line E-mails that turn into 10K E-mails) would get caught, and a lot of other legitimate HTML E-mail would get caught, too. Below is a snippet of example text inside the html formated e-mail : Pk73ch7b1tddyenkqjezab3w79ejis Enkpv36t91gfs2largktwn2sd3kn7tqemek63uv4i3njxxcnt Pikxl9qjl2r3ervkll On The Mak9jgo17u5v244rkekth2amv3m1st!/font/font/font/bfont face=Arial,Helvetica/font pfont face=Arial,Helvetica* Gksfvuh135aju042aikndkb4w1ppwy192n 3kbq72kb2dv2xsd2+ Full Inkn46ft9yw8pchkwhb2wy27wls3es In Lengka4vte11x26Lengka4vte11x26wth/font brfont face=Arial,Helvetica* Exkcay5sz12le0pand Your Pekt70s753udaio49nis Up To 20kh3tfh82ejp1% Basically remove the x junk and you get the text. That's exactly what the latest beta version does, so you can filter on it. Since these are invalid html comments most e-mail clients just simply ignore the comment text all together since it has the around the text. Technically, these aren't invalid HTML comments, they are made-up HTML tags (which could be valid in the future). That's the problem. The only way to tell whether a tag is valid or not is to have a database of valid tags, which would be very expensive (CPU time, storage space, man-hours to gather the data and update it, false positives, etc.). If I recall correctly, HTML isn't even covered by the RFCs, which makes it more difficult to assess the tags. IMO this should also have failed HTMLCOMMENTS which it did not. So my question.. Would it be possible to add the above junk as detected html comment ? In this case, we could say OK, 'k73ch7b1tddy' is a bogus HTML tag. And 'ksfvuh135aju042' is a bogus HTML tag. And..., but a spammer could get around that simply by making another fake tag. So the only alternatives seem to be either [1] Count all HTML tags and catch legitimate E-mail, or [2] Keep a database of HTML tags. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Request for new/enhanced feature
Thursday, June 5, 2003 you wrote: EG should also have failed HTMLCOMMENTS But those aren't html comments as far as I know. Terry Fritts --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Virus and Spam checking order
This morning, while going through the email holds, I noticed an email with an attachment that was 99K... the typical size of infected Bugbear virus emails. So luckily we didn't send it through... According to the docs (and my boss), the virus scanner should be picking up any messages before it gets detected as spam. However, this time it looks like it didn't happen. Is there any known reason for this? Or are the docs wrong? Does a message get detected as spam first and then is checked for virii? Declude Virus will run before Declude JunkMail -- except if you use an AVAFTERJM option in your virus.cfg file. If you check the time/date of the E-mail that was held, you'll probably see that it was held before the virus definitions were updated to be able to catch that variant of Bugbear. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Virus and Spam checking order
Declude Virus will run before Declude JunkMail -- except if you use an AVAFTERJM option in your virus.cfg file. I've checked our config file and we're not using the option. If you check the time/date of the E-mail that was held, you'll probably see that it was held before the virus definitions were updated to be able to catch that variant of Bugbear. The odd thing is that the extension was Resume.doc.pif. We have pif as one of our BANEXT options, so really Declude Virus should have picked up the .pif and automatically quarantined it. Whether or not it was updated to detect any new variant of Bugbear (is there a new variant out there now?), it should have moved the email to our virus folder. James Alan Young Assistant Network Administrator D.Armstrong Moving Storage Ltd. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Virus and Spam checking order
The odd thing is that the extension was Resume.doc.pif. We have pif as one of our BANEXT options, so really Declude Virus should have picked up the .pif and automatically quarantined it. Whether or not it was updated to detect any new variant of Bugbear (is there a new variant out there now?), it should have moved the email to our virus folder. Could you E-mail me your \IMail\Declude\virus.cfg file, and the Declude Virus log file for the day the file was caught by Declude JunkMail (along with the spool file name)? -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: Spam Alert: [Declude.JunkMail] For real?
I'm sure there are a couple friends that you could contact on IRC and just see how HACKER-PROOF their system truly are. hahaha -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sean Fahey Sent: Friday, June 06, 2003 9:25 AM To: [EMAIL PROTECTED] Subject: Spam Alert: [Declude.JunkMail] For real? Declude blocked this (thankfully) but because it's so blatant, I went ahead and read it... had to check my blood pressure afterwards. It got me thinking though - would a real spammer send this out or was it the work of a vigilante. The rest of the e-mail posts phone numbers, cell phones, business addresses, web sites a lot of contact info. BEGIN SPAM PITCH Welcome to the 2nd Edition of the Efficient Systems Money Making Newsletter - (And please pass this e-mail along to any interested friends associates who are looking to make THOUSANDS per day doing BULK E-MAIL!) My name is Richard Schuler, I'm a 23 year old Multi-Millionare and I'm inviting you to Learn How to Spam Millions of People Per Day like I do. My Online Pharmacy Business is the single largest E-mail marketing company in the world today. Efficient Systems of Dania, Florida proudly sends OVER 600 MILLION SPAM E-MAILS per day, every single day, through a rapidly growing network of saavy and aggressive worldwide marketing partners and our rapidly growing in-house e-mail marketing team to play an agressive, currently $60 Million dollars per year numbers game. We are directly responsible for up to 70% of the online Viagra and Pharmacy E-Mail SPAM generated sales on the net today and by far the largest E-Mail Marketing operation of this kind in the world, bar none! When it comes to numbers, ours are DEFINATELY the HIGHEST! Why are we so successful?? 1. Because, simply put, NO ONE can bring us down! And 2. Because we KICK ASS with Our HACKER-PROOF and ANTI-SPAMMER-PROOF sales websites and because when you get right down to it, PEOPLE ARE LIKE SHEEP, and if the sheep get enough e-mail shoved at them, the sheep WILL become customers! It's that simple and it's the key to our success and the prosperity of our partners! We've just kicked off a drive to recruit THOUSANDS of new sales partners and affiliates. Some of our largest Spammers are being paid $55,000 per week! Contact us and JOIN US NOW! ...remainder of spam truncated. END SPAM PITCH Ready to Get Started and Start Sending Lots of E-Mail For Us?? Call or E-Mail me NOW! http://wwwmyrxbiz.com/ Sincerely, Richard Schuler E-Mail me by Clicking HERE My Personal Phone numbers are: 1-800-879-6704 954-536-9448 954-650-3364 Get Your Private Website NOW and start getting the E-MAIL out! Contact: Angelo Web Operations Manager Land: 1-800-879-6704 Cell: 954-993-5731 [EMAIL PROTECTED] AIM: ngel http://wwwmyrxbiz.com/ EFFICIENT SYSTEMS 2148 SW 38TH STREET DANIA, FL 33312 1-800-879-6704 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Virus and Spam checking order
We've recently been having a lot of Bugbear virus emails hitting our virus scanner. We've done a lot of scanning for the virus on our workstations and servers and so far we're clean (except for the ones that Declude pick up). This morning, while going through the email holds, I noticed an email with an attachment that was 99K... the typical size of infected Bugbear virus emails. So luckily we didn't send it through... This turns out to have been a very unusual malformed E-mail. Specifically, it had a malformed uuencoded segment, which never ended -- but a new MIME boundary appeared within uuencoded segment, where the virus was hiding. I'm not sure how a mail client would handle this. I'm guessing this format is very rare, as it appears that the virus inserted several lines from a legitimate E-mail into itself, so this would only be possible if the person with the virus already had an E-mail with a uuencoded segment in it (they aren't common anymore). In any case, there is a new interim release of Declude Virus (1.70i4) at http://www.declude.com/release/170i/declude.exe that will now detect this situation. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Blacklist False Positive Tests
Any ideas why would the following email headed be caught by my blacklist file? GLOBAL file: BLACKLIST fromfile d:\imail\Declude\blacklist.txt x 8 0 This is a sender blacklist, which checks the return address of the E-mail. However, the headers that you supplied do not include the return address of the E-mail -- you can find it either in an X-Declude-Sender: header, or the IMail SMTP log file (in the MAIL FROM line). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Blacklist False Positive Tests
Scott, Any ideas why would the following email headed be caught by my blacklist file? GLOBAL file: BLACKLIST fromfile d:\imail\Declude\blacklist.txt x 8 0 BLACKLIST ROUTETO [EMAIL PROTECTED] Our BLACKLIST file does not include any part of boyddev.com or networkorlando.com Received: from mail.networkorlando.com [209.26.230.188] by teksolvers.com (SMTPD32-7.13) id AF972E0138; Fri, 06 Jun 2003 11:13:27 -0400 Received: from WKS04 (unknown [10.0.0.65]) by mail.networkorlando.com (Postfix on SuSE Linux eMail Server 3.1) with ESMTP id A019F37DE6 for [EMAIL PROTECTED]; Fri,6 Jun 2003 10:18:29 -0400 (EDT) From: Paige Teague [EMAIL PROTECTED] To: Randy Hodge (E-mail) [EMAIL PROTECTED] Subject: Curry Ford / Alafaya Date: Fri, 6 Jun 2003 11:11:04 -0400 Message-ID: [EMAIL PROTECTED] MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2910.0) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Importance: Normal X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. X-Spam-Tests-Failed: BLACKLIST X-RCPT-TO: [EMAIL PROTECTED] Status: R X-UIDL: 354877806 Thanks, Todd Smith Teksolvers, LLC 1077 Glenharbor Circle Winter Garden, FL 34787 Phone407-877-8450 Fax 407-877-8451 image001.jpg
RE: [Declude.JunkMail] Blacklist False Positive Tests
SMTP Imail log: 06:06 11:13 SMTPD(007A0120) [209.26.230.188] MAIL FROM:[EMAIL PROTECTED] 06:06 11:13 SMTPD(008B009A) [209.26.230.188] MAIL FROM:[EMAIL PROTECTED] 06:06 11:13 SMTPD(0051014C) [209.26.230.188] MAIL FROM:[EMAIL PROTECTED] 06:06 11:13 SMTPD(00290138) [209.26.230.188] MAIL FROM:[EMAIL PROTECTED] Unfortunately, I can't tell you which of these four E-mails is the one you posted. I would recommend using the XSENDER ON and XSPOOLNAME ON options in the global.cfg file, which makes it much easier to get the information you need. Any ideas? You could send me your blacklist.txt file? Also, What is the difference within the blacklist.txt file contain entries that begin with a period (.junkmail.com), @ (@junkmail.com), or just blank (junkmail.com) They all work the same -- Declude JunkMail checks to see if the sender has whatever you list in their return address. So @example.com which catch any E-mail from @example.com, .example.com would catch any E-mail from @*.example.com, and example.com would catch both @example.com and @*.example.com as well as @not_an_example.com. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Blacklist False Positive Tests
Thanks for the fast response! Here is the declude log for the email in question: 06/06/2003 11:13:28 Qaf97002e0138490a Msg failed MX; testing A (mail.networkorlando.com) [1 1 0 ] 06/06/2003 11:13:28 Qaf97002e0138490a BLACKLIST:8 . Total weight = 8 06/06/2003 11:13:28 Qaf97002e0138490a Using [incoming] CFG file d:\IMail\Declude\$default$.junkmail. 06/06/2003 11:13:28 Qaf97002e0138490a Msg failed BLACKLIST (). 06/06/2003 11:13:28 Qaf97002e0138490a Subject: Curry Ford / Alafaya 06/06/2003 11:13:28 Qaf97002e0138490a From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] SMTP Imail log: 06:06 11:13 SMTPD(007A0120) [209.26.230.188] HELO mail.networkorlando.com 06:06 11:13 SMTPD(008B009A) [209.26.230.188] HELO mail.networkorlando.com 06:06 11:13 SMTPD(00290138) [209.26.230.188] HELO mail.networkorlando.com 06:06 11:13 SMTPD(0051014C) [209.26.230.188] HELO mail.networkorlando.com 06:06 11:13 SMTPD(007A0120) [209.26.230.188] MAIL FROM:[EMAIL PROTECTED] 06:06 11:13 SMTPD(008B009A) [209.26.230.188] MAIL FROM:[EMAIL PROTECTED] 06:06 11:13 SMTPD(007A0120) [209.26.230.188] RCPT TO:[EMAIL PROTECTED] 06:06 11:13 SMTPD(0051014C) [209.26.230.188] MAIL FROM:[EMAIL PROTECTED] 06:06 11:13 SMTPD(008B009A) [209.26.230.188] RCPT TO:[EMAIL PROTECTED] 06:06 11:13 SMTPD(0051014C) [209.26.230.188] RCPT TO:[EMAIL PROTECTED] 06:06 11:13 SMTPD(007A0120) [209.26.230.188] d:\IMail\spool\Daf7e007a0120e7fe.SMD 1775 06:06 11:13 SMTPD(008B009A) [209.26.230.188] d:\IMail\spool\Daf7f008b009ae80e.SMD 1396 06:06 11:13 SMTPD(0051014C) [209.26.230.188] d:\IMail\spool\Daf7f0051014ce83c.SMD 1186 06:06 11:13 SMTP-(0464) processing d:\IMail\spool\Qaf7f0051014ce83c.SMD 06:06 11:13 SMTP-(0F20) processing d:\IMail\spool\Qaf7f008b009ae80e.SMD 06:06 11:13 SMTP-(0464) ldeliver teksolvers.com blacklist-main (1) [EMAIL PROTECTED] 1299 06:06 11:13 SMTP-(0464) finished d:\IMail\spool\Qaf7f0051014ce83c.SMD status=1 06:06 11:13 SMTP-(0F20) ldeliver teksolvers.com blacklist-main (1) [EMAIL PROTECTED] 1509 06:06 11:13 SMTP-(0F20) finished d:\IMail\spool\Qaf7f008b009ae80e.SMD status=1 06:06 11:13 SMTP-(0FA8) processing d:\IMail\spool\Qaf7e007a0120e7fe.SMD 06:06 11:13 SMTP-(0FA8) ldeliver teksolvers.com blacklist-main (1) [EMAIL PROTECTED] 1888 06:06 11:13 SMTP-(0FA8) finished d:\IMail\spool\Qaf7e007a0120e7fe.SMD status=1 06:06 11:13 SMTPD(00290138) [209.26.230.188] MAIL FROM:[EMAIL PROTECTED] 06:06 11:13 SMTPD(00290138) [209.26.230.188] RCPT TO:[EMAIL PROTECTED] 06:06 11:13 SMTPD(00290138) [209.26.230.188] d:\IMail\spool\Daf8400290138fb96.SMD 9563 06:06 11:13 SMTP-(0ED0) processing d:\IMail\spool\Qaf8400290138fb96.SMD 06:06 11:13 SMTP-(0ED0) ldeliver teksolvers.com blacklist-main (1) [EMAIL PROTECTED] 9676 06:06 11:13 SMTP-(0ED0) finished d:\IMail\spool\Qaf8400290138fb96.SMD status=1 Any ideas? The entire email header was sent over and there was no X-Declude-Sender. Also, What is the difference within the blacklist.txt file contain entries that begin with a period (.junkmail.com), @ (@junkmail.com), or just blank (junkmail.com) Maybe there is something wrong with my file. Thanks -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Friday, June 06, 2003 11:35 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Blacklist False Positive Tests Any ideas why would the following email headed be caught by my blacklist file? GLOBAL file: BLACKLIST fromfile d:\imail\Declude\blacklist.txt x 8 0 This is a sender blacklist, which checks the return address of the E-mail. However, the headers that you supplied do not include the return address of the E-mail -- you can find it either in an X-Declude-Sender: header, or the IMail SMTP log file (in the MAIL FROM line). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Help!
Just upgraded and all my emails are getting stuck in the Spool directory and not getting delivered. Any thoughts??? Please respond to [EMAIL PROTECTED] What do the logs shows? -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
FW: [Declude.JunkMail] Help!
What do the logs say? John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Robert Forsyth Sent: Friday, June 06, 2003 9:36 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Help! In any case, there is a new interim release of Declude Virus (1.70i4) at http://www.declude.com/release/170i/declude.exe that will now detect this situation. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Just upgraded and all my emails are getting stuck in the Spool directory and not getting delivered. Any thoughts??? Please respond to [EMAIL PROTECTED] Thanks Robert --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Easy way to add power and flexibility.
Wouldn't it make sense to follow this logic... Do the positive weight tests (black tests) first in highest to lowest weight order. If the action threshold is reached then skip to the negative weight tests (white tests) in the same order but keep your place so you can resume if needed. If a negative weight test drops the weight below the action threshold then bounce back to the positive list and continue where you left off until you finish or break the threshold again. Allow the system to bounce between black and white tests until the value stabilizes. Also include the optimization rule that the white tests never get run or resume if either the current weight is below the action threshold or the sum of the remaining tests would be insufficient to force it back across the threshold. Include a similar rule for the black tests. The result will be a system that adapts to the tests that are available in real time, only running the tests required to produce a determinate result. This is based on self organizing automata principles. It allows the population of tests to interact with eachother and reach a stable equilibrium in their environment (a determinate result) even when the population of active tests is unknown before each instance of run time. It sounds more complicated than it is. _M PS: In declude there is a wrinkle with this methodology. Since all DNS based tests are fired at once up front there is no obvious way to resolve the ordering of these tests... but this _might_ be solved by recognizing that most DNS interactions are UDP based... so it would be possible (and relatively inexpensive) to launch the queries for all of the potential DNS based tests up front, but to reserve the evaluation of each result in the appropriate order... if the system reached a state where the some of these tests were not going to be evaluated then those threads would simply die with no harm. Only Scott knows how his code is structured so this may or many not be an easy thing to do. I'm presuming it would be easy if each test were fired in it's own thread since that thread would spend most of it's time waiting (sleeping) for a response and the evaluation of that response could be encapsulated in a result check method for the test. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Wednesday, June 04, 2003 2:02 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Easy way to add power and flexibility. Forgive the intrusion (I just troll here, don't actually have JM yet), but this idea seems flawed. If you quit testing once a certain weight has been reached, wouldn't you cut off further testing that might reduce that weight? In a system where a score can go up and down depending on the test, unless there is a way to order the tests so negative weighted tests are run first, I'd think that all tests must be accounted for. Welcome Kurt. Yes, I agree with you. That is way I have stated my hesitation at having this available, either as an option or feature. The weighting system is the weighting system and should be allowed to work in its entirety. John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] OT: The Titian Key Product to Remove Spam.. patent pending?
If you read the article they link to, it is a combination of challenge response and virtual addresses, complete with the problems of not one, but both anti-spam systems. They did do some interesting things, but still seems like more work to deal with than most users will tolerate over the long haul. Thanks, Chuck Frolick ArgoNet, Inc. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Todd Holt Sent: Friday, June 06, 2003 10:57 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] OT: The Titian Key Product to Remove Spam.. patent pending? But wait, there's more!!! If you order today, we will include absolutely free.the amazing Ginzu SPAM knife. It never needs sharpening and can slice the fat off your SPAM messages just as easy as that! It slices.it dices.it even makes julienne fries!! Blah, blah, blah Ginger. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eddie Pang Sent: Friday, June 06, 2003 3:09 AM To: Declude. [EMAIL PROTECTED] com Subject: [Declude.JunkMail] OT: The Titian Key Product to Remove Spam.. patent pending? FWIW.. Looks like a variation of a mail gateway at a cost of $1000.00 per month! http://www.titankey.com/features.asp eddie :)
[Declude.JunkMail] Country filter?
I know this was covered some time ago but I can't get into the archives. How do I set up the country filter? Like any other filter test, referring to a text file with country codes? Thanks, Doug Bevins, Record-Journal, Meriden, CT --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Country filter?
I know this was covered some time ago but I can't get into the archives. How do I set up the country filter? Like any other filter test, referring to a text file with country codes? You'll need to wait for the archives to be available again for this one. It is very complex, as it involves the geolocation (converting IPs into countries), which requires a separate file. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Recent Message From Declude.JunkMail-owner@declude.com?
Hello, All, A little less than 1/2 hour I received a message in my inbox which purported to be from Declude.com. Here is the full message (the 's are mine)... Received: from declude.com [66.189.124.29] by NexusTechGroup.com with ESMTP (SMTPD32-6.06) id A33F67FC0114; Fri, 06 Jun 2003 13:45:35 -0400 X-Declude-Sender: [EMAIL PROTECTED] [66.189.124.29] X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. X-Spam-Tests-Failed: BADHEADERS [5] This E-mail is scanned and free from viruses. www.nexustechgroup.com X-RCPT-TO: [EMAIL PROTECTED] Date: Fri, 6 Jun 2003 13:45:42 -0400 X-UIDL: 354754410 Status: U From: [EMAIL PROTECTED] As you can see there's not much to it. Did anyone else receive this message? Was this message actually sent from Declude? Or was it a misfire in an impending attempt to use the good name of Declude.com to slip through people's spam filtering? Just curious. It seemed like a very odd message to me. Thanks, Much! Dan Geiser [EMAIL PROTECTED] This E-mail is scanned and free from viruses. www.nexustechgroup.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Easy way to add power and flexibility.
Do the positive weight tests (black tests) first in highest to lowest weight order. I'll just comment here before this goes too far. It is very unlikely that we will rearrange the order that the tests are run it, as many of them must be run at a certain point, and there are several cases where multiple tests are run in parallel. Given that performance is rarely an issue with Declude JunkMail (except for the one potential issue with the latest beta), it doesn't seem likely that the benefits of having variable test orders would outweigh what it takes to do it. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Recent Message From Declude.JunkMail-owner@declude.com?
I got it, as well. It was sent from cpe-66-189-124-29.ma.charter.com, which is the IP address that the Declude lists are hosted on, so it looks like it was just a misfire, although it is strange that it did not come in with any of the Declude subject lines and shows undisclosed-recipients: in the To field. Maybe a listserv hiccup...? Bill - Original Message - From: Dan Geiser [EMAIL PROTECTED] To: Declude JunkMail [EMAIL PROTECTED] Sent: Friday, June 06, 2003 11:15 AM Subject: [Declude.JunkMail] Recent Message From [EMAIL PROTECTED] Hello, All, A little less than 1/2 hour I received a message in my inbox which purported to be from Declude.com. Here is the full message (the 's are mine)... Received: from declude.com [66.189.124.29] by NexusTechGroup.com with ESMTP (SMTPD32-6.06) id A33F67FC0114; Fri, 06 Jun 2003 13:45:35 -0400 X-Declude-Sender: [EMAIL PROTECTED] [66.189.124.29] X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. X-Spam-Tests-Failed: BADHEADERS [5] This E-mail is scanned and free from viruses. www.nexustechgroup.com X-RCPT-TO: [EMAIL PROTECTED] Date: Fri, 6 Jun 2003 13:45:42 -0400 X-UIDL: 354754410 Status: U From: [EMAIL PROTECTED] As you can see there's not much to it. Did anyone else receive this message? Was this message actually sent from Declude? Or was it a misfire in an impending attempt to use the good name of Declude.com to slip through people's spam filtering? Just curious. It seemed like a very odd message to me. Thanks, Much! Dan Geiser [EMAIL PROTECTED] This E-mail is scanned and free from viruses. www.nexustechgroup.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Recent Message From Declude.JunkMail-owner@declude.com?
I got the same thing a few mins ago. Blank message, no body text. From: Sender Unspecified Date: Friday, June 6, 2003 12:49 PM To: none Subject: [No subject] - Original Message - From: Dan Geiser To: Declude JunkMail Sent: Friday, June 06, 2003 1:15 PM Subject: [Declude.JunkMail] Recent Message From [EMAIL PROTECTED] Hello, All, A little less than 1/2 hour I received a message in my inbox which purported to be from Declude.com. Here is the full message (the 's are mine)... Received: from declude.com [66.189.124.29] by NexusTechGroup.com with ESMTP (SMTPD32-6.06) id A33F67FC0114; Fri, 06 Jun 2003 13:45:35 -0400 X-Declude-Sender: [EMAIL PROTECTED] [66.189.124.29] X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. X-Spam-Tests-Failed: BADHEADERS [5] This E-mail is scanned and free from viruses. www.nexustechgroup.com X-RCPT-TO: [EMAIL PROTECTED] Date: Fri, 6 Jun 2003 13:45:42 -0400 X-UIDL: 354754410 Status: U From: [EMAIL PROTECTED] As you can see there's not much to it. Did anyone else receive this message? Was this message actually sent from Declude? Or was it a misfire in an impending attempt to use the good name of Declude.com to slip through people's spam filtering? Just curious. It seemed like a very odd message to me. Thanks, Much! Dan Geiser [EMAIL PROTECTED] This E-mail is scanned and free from viruses. www.nexustechgroup.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Recent Message From Declude.JunkMail-owner@declude.com?
I got one too...wierd. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Dan Geiser Sent: Friday, June 06, 2003 2:16 PM To: Declude JunkMail Subject: [Declude.JunkMail] Recent Message From [EMAIL PROTECTED] Hello, All, A little less than 1/2 hour I received a message in my inbox which purported to be from Declude.com. Here is the full message (the 's are mine)... Received: from declude.com [66.189.124.29] by NexusTechGroup.com with ESMTP (SMTPD32-6.06) id A33F67FC0114; Fri, 06 Jun 2003 13:45:35 -0400 X-Declude-Sender: [EMAIL PROTECTED] [66.189.124.29] X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. X-Spam-Tests-Failed: BADHEADERS [5] This E-mail is scanned and free from viruses. www.nexustechgroup.com X-RCPT-TO: [EMAIL PROTECTED] Date: Fri, 6 Jun 2003 13:45:42 -0400 X-UIDL: 354754410 Status: U From: [EMAIL PROTECTED] As you can see there's not much to it. Did anyone else receive this message? Was this message actually sent from Declude? Or was it a misfire in an impending attempt to use the good name of Declude.com to slip through people's spam filtering? Just curious. It seemed like a very odd message to me. Thanks, Much! Dan Geiser [EMAIL PROTECTED] This E-mail is scanned and free from viruses. www.nexustechgroup.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Recent Message From Declude.JunkMail-owner@declude.com?
I got the exact same message. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Dan Geiser Sent: Friday, June 06, 2003 1:16 PM To: Declude JunkMail Subject: [Declude.JunkMail] Recent Message From [EMAIL PROTECTED] Hello, All, A little less than 1/2 hour I received a message in my inbox which purported to be from Declude.com. Here is the full message (the 's are mine)... Received: from declude.com [66.189.124.29] by NexusTechGroup.com with ESMTP (SMTPD32-6.06) id A33F67FC0114; Fri, 06 Jun 2003 13:45:35 -0400 X-Declude-Sender: [EMAIL PROTECTED] [66.189.124.29] X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. X-Spam-Tests-Failed: BADHEADERS [5] This E-mail is scanned and free from viruses. www.nexustechgroup.com X-RCPT-TO: [EMAIL PROTECTED] Date: Fri, 6 Jun 2003 13:45:42 -0400 X-UIDL: 354754410 Status: U From: [EMAIL PROTECTED] As you can see there's not much to it. Did anyone else receive this message? Was this message actually sent from Declude? Or was it a misfire in an impending attempt to use the good name of Declude.com to slip through people's spam filtering? Just curious. It seemed like a very odd message to me. Thanks, Much! Dan Geiser [EMAIL PROTECTED] This E-mail is scanned and free from viruses. www.nexustechgroup.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Recent Message From Declude.JunkMail-owner@declude.com?
I received something weird. It was like the headers only. John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Dan Geiser Sent: Friday, June 06, 2003 11:16 AM To: Declude JunkMail Subject: [Declude.JunkMail] Recent Message From Declude.JunkMail- [EMAIL PROTECTED] Hello, All, A little less than 1/2 hour I received a message in my inbox which purported to be from Declude.com. Here is the full message (the 's are mine)... Received: from declude.com [66.189.124.29] by NexusTechGroup.com with ESMTP (SMTPD32-6.06) id A33F67FC0114; Fri, 06 Jun 2003 13:45:35 -0400 X-Declude-Sender: [EMAIL PROTECTED] [66.189.124.29] X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. X-Spam-Tests-Failed: BADHEADERS [5] === = This E-mail is scanned and free from viruses. www.nexustechgroup.com X-RCPT-TO: [EMAIL PROTECTED] Date: Fri, 6 Jun 2003 13:45:42 -0400 X-UIDL: 354754410 Status: U From: [EMAIL PROTECTED] As you can see there's not much to it. Did anyone else receive this message? Was this message actually sent from Declude? Or was it a misfire in an impending attempt to use the good name of Declude.com to slip through people's spam filtering? Just curious. It seemed like a very odd message to me. Thanks, Much! Dan Geiser [EMAIL PROTECTED] === = This E-mail is scanned and free from viruses. www.nexustechgroup.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Recent Message From Declude.JunkMail-owner@declude.com?Declude.JunkMail-owner@declude.com?
As you can see there's not much to it. Did anyone else receive this message? Was this message actually sent from Declude? Or was it a misfire in an impending attempt to use the good name of Declude.com to slip through people's spam filtering? Just curious. It seemed like a very odd message to me. Someone else just reported this, and I figured out what the problem was. There was an E-mail that was posted to the list that was excessively large (during a time where our bandwidth was already saturated), and wasn't meant to be posted to the list. The E-mail was deleted, but apparently IMail will still deliver E-mails that it has started processing, even if it cannot open the D file in the spool. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] AOL Connection dropped
Hi, I was wondering if anyone else out there is seeing an issue with aol? It seems that we have not been able to connect toAOLall day. However, AOL has been connecting to us and sending us mail. Here are some snippets of our log files: 06:06 14:35 SMTP-(0558) Trying aol.com (0) 06:06 14:35 SMTP-(0558) Connect aol.com [64.12.136.217:25] (1) 06:06 14:36 SMTP-(0558) 06:06 14:36 SMTP-(0558) SMTP_DELIV_FAILED 06:06 14:36 SMTP-(0558) QUIT It seems like that we are making a connection then with no reason they drop it. Is anyone else having problems? Keith ZwickCribellum, L.L.C.
RE: [Declude.JunkMail] Recent Message From Declude.JunkMail-owner@declude.com?
Me too. On 06/06/03 11:39am you wrote... I received something weird. It was like the headers only. John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Dan Geiser Sent: Friday, June 06, 2003 11:16 AM To: Declude JunkMail Subject: [Declude.JunkMail] Recent Message From Declude.JunkMail- [EMAIL PROTECTED] Hello, All, A little less than 1/2 hour I received a message in my inbox which purported to be from Declude.com. Here is the full message (the 's are mine)... Received: from declude.com [66.189.124.29] by NexusTechGroup.com with ESMTP (SMTPD32-6.06) id A33F67FC0114; Fri, 06 Jun 2003 13:45:35 -0400 X-Declude-Sender: [EMAIL PROTECTED] [66.189.124.29] X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. X-Spam-Tests-Failed: BADHEADERS [5] == This E-mail is scanned and free from viruses. www.nexustechgroup.com X-RCPT-TO: [EMAIL PROTECTED] Date: Fri, 6 Jun 2003 13:45:42 -0400 X-UIDL: 354754410 Status: U From: [EMAIL PROTECTED] As you can see there's not much to it. Did anyone else receive this message? Was this message actually sent from Declude? Or was it a misfire in an impending attempt to use the good name of Declude.com to slip through people's spam filtering? Just curious. It seemed like a very odd message to me. Thanks, Much! Dan Geiser [EMAIL PROTECTED] == This E-mail is scanned and free from viruses. www.nexustechgroup.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] AOL Connection dropped
Please see the lengthy thread on the Imail forum on this subject. John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of keith - cribellum Sent: Friday, June 06, 2003 12:04 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] AOL Connection dropped Hi, I was wondering if anyone else out there is seeing an issue with aol? It seems that we have not been able to connect to AOL all day. However, AOL has been connecting to us and sending us mail. Here are some snippets of our log files: 06:06 14:35 SMTP-(0558) Trying aol.com (0) 06:06 14:35 SMTP-(0558) Connect aol.com [64.12.136.217:25] (1) 06:06 14:36 SMTP-(0558) 06:06 14:36 SMTP-(0558) SMTP_DELIV_FAILED 06:06 14:36 SMTP-(0558) QUIT It seems like that we are making a connection then with no reason they drop it. Is anyone else having problems? Keith Zwick Cribellum, L.L.C.
RE: [Declude.JunkMail] Blacklist False Positive Tests
Scott, I've set XSENDER ON and XSPOOLNAME ON What is the difference within the blacklist.txt file contain entries that begin with a period (.junkmail.com), @ (@junkmail.com), or just blank (junkmail.com) ? Teksolvers, LLC Todd Smith 1077 Glenharbor Circle Winter Garden, FL 34787 Phone 407-877-8450 Fax 407-877-8451 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Friday, June 06, 2003 12:27 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Blacklist False Positive Tests SMTP Imail log: 06:06 11:13 SMTPD(007A0120) [209.26.230.188] MAIL FROM:[EMAIL PROTECTED] 06:06 11:13 SMTPD(008B009A) [209.26.230.188] MAIL FROM:[EMAIL PROTECTED] 06:06 11:13 SMTPD(0051014C) [209.26.230.188] MAIL FROM:[EMAIL PROTECTED] 06:06 11:13 SMTPD(00290138) [209.26.230.188] MAIL FROM:[EMAIL PROTECTED] Unfortunately, I can't tell you which of these four E-mails is the one you posted. I would recommend using the XSENDER ON and XSPOOLNAME ON options in the global.cfg file, which makes it much easier to get the information you need. Any ideas? You could send me your blacklist.txt file? Also, What is the difference within the blacklist.txt file contain entries that begin with a period (.junkmail.com), @ (@junkmail.com), or just blank (junkmail.com) They all work the same -- Declude JunkMail checks to see if the sender has whatever you list in their return address. So @example.com which catch any E-mail from @example.com, .example.com would catch any E-mail from @*.example.com, and example.com would catch both @example.com and @*.example.com as well as @not_an_example.com. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] %HELOHOST% in Virus Recipient Notifications - Suggestion
Hi, Thanks to the 1.70i4 mishap we finally had the rare opportunity, to actually receive some of these viruses that normally get blocked by Declude. I noticed, that our recipient notifications use the following variables: %REMOTEHOST%, %SENDERHOST%, %LOCALHOST%, %RECIPHOST% But none of them list the HELO name used by the infected workstation (which, in case of BugBear.B may show me the name of the Windows Workstation who's spreading the virus.) Scott, I noticed that the above four variables are 50% redundant - yet, none of them truly inserts the sender host (e.g., the configured name used in the HELO). Best Regards Andy Schmidt HM Systems Software, Inc. 600 East Crescent Avenue, Suite 203 Upper Saddle River, NJ 07458-1846 Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 http://www.HM-Software.com/ -Original Message- From: Postmaster [mailto:[EMAIL PROTECTED] Sent: Friday, June 06, 2003 02:22 PM To: [EMAIL PROTECTED] Subject: Virus Firewall has Blocked an Email to You Argos Networks' Virus Firewall has rejected an incoming message sent to 1 recipient(s). It was using a from address of [Forged]. (Please note, some vira have the ability to forge the email address of the sender.) The message with the subject of virus bei mir angekommen carried a virus: File: Old Excel Documents.lnk.zlo Result: Found the W32/[EMAIL PROTECTED] virus !!! For more information see http://vil.mcafee.com/. TRACKING INFORMATION Their Domain: t-online.de for t-online.de (may be forged!) IP Address:194.25.134.80 Message ID:[EMAIL PROTECTED] Our Domain:hm-software.com for hm-software.com Queue ID: Ddbd212f50202d9a9.SMD of 06/06/2003 14:22:14 Version: 1.70 TRACKING FORGED SENDERS If the infected email came from a forged sender, then it is often impractical to track down the actual infected party. The following two links can help identify either the ISP or the organisation, who owns the IP address that the infected party was using: http://www.dnsstuff.com/tools/whois.ch?ip=194.25.134.80 http://www.dnsstuff.com/tools/ptr.ch?ip=194.25.134.80 IMPORTANT LEGAL NOTICE As a courtesy to customers, we attempt to block incoming vira before they reach your mailbox. However, Argos Networks cannot warrant that this will always be successful. We do not accept any liability in case a virus passes through. You are solely responsible for taking your own protective measures to avoid any infections of your computers. Sincerely, Argos Networks http://www.ArgosWeb.net/ --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] %HELOHOST% in Virus RecipientNotifications - Suggestion
Thanks to the 1.70i4 mishap we finally had the rare opportunity, to actually receive some of these viruses that normally get blocked by Declude. I noticed, that our recipient notifications use the following variables: %REMOTEHOST%, %SENDERHOST%, %LOCALHOST%, %RECIPHOST% But none of them list the HELO name used by the infected workstation (which, in case of BugBear.B may show me the name of the Windows Workstation who's spreading the virus.) That's correct. Those host names are based on the sender and the recipient(s). Scott, I noticed that the above four variables are 50% redundant Correct (by design). - yet, none of them truly inserts the sender host (e.g., the configured name used in the HELO). Correct. You can use the %HEADERS% variable to include the headers in the bounce message, but it is not possible to include just the HELO/EHLO data. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Blacklist False Positive Tests
They all work the same -- Declude JunkMail checks to see if the sender has whatever you list in their return address. So @example.com which catch any E-mail from @example.com, .example.com would catch any E-mail from @*.example.com, and example.com would catch both @example.com and @*.example.com as well as @not_an_example.com. What is the difference within the blacklist.txt file contain entries that begin with a period (.junkmail.com), @ (@junkmail.com), or just blank (junkmail.com) ? They all work the same -- Declude JunkMail checks to see if the sender has whatever you list in their return address. So @example.com which catch any E-mail from @example.com, .example.com would catch any E-mail from @*.example.com, and example.com would catch both @example.com and @*.example.com as well as @not_an_example.com. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] AOL Connection dropped
Keith, We have seen these errors from time to time with AOL. It usually has to do with the MX server timeout for AOL. They have a longer timeout configured than Imail timeout for SMTP. IMail - SMTP Timeout does not conform to RFC 2821 Product: Version: Platform: IMail 7+ NT,Win2000,XP _ Question/Problem: Is there any way to change the SMTP timeout? Answer/Solution: IMail's default timeout is 2 minutes (120 seconds). To change this, run regedit. Go to: HKLM\System\CurrentControlSet\Services\SMTPD32\Parameters Create a new DWORD value named RECVTimeout and set the timeout in seconds. The RFCs suggest a timeout of 300 seconds. Stop and restart the SMTP service. If you are running version 8, you should also stop and restart the Queue Manager service. Document #: Revision Date: IM-20020919-DM01 05/13/03 Todd Smith Teksolvers, LLC 1077 Glenharbor Circle Winter Garden, FL 34787 Phone 407-877-8450 Fax 407-877-8451 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of keith - cribellum Sent: Friday, June 06, 2003 3:04 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] AOL Connection dropped Hi, I was wondering if anyone else out there is seeing an issue with aol? It seems that we have not been able to connect to AOL all day. However, AOL has been connecting to us and sending us mail. Here are some snippets of our log files: 06:06 14:35 SMTP-(0558) Trying aol.com (0) 06:06 14:35 SMTP-(0558) Connect aol.com [64.12.136.217:25] (1) 06:06 14:36 SMTP-(0558) 06:06 14:36 SMTP-(0558) SMTP_DELIV_FAILED 06:06 14:36 SMTP-(0558) QUIT It seems like that we are making a connection then with no reason they drop it. Is anyone else having problems? Keith Zwick Cribellum, L.L.C.
Re: [Declude.JunkMail] Request for new/enhanced feature
I don't know if anyone is currently running the latest version of AlliGate (formerly known as SpamManager) for Declude/IMail, but I have been running if for the last week or so, and it has a bunch of new features and spam tests that have greatly increased it's ability to flag spam. The discussion about excess HTML tags (fake or legit) in e-mail messages may benefit from a couple of the new tests incorporated into AlliGate. One of these tests helps to detect e-mail messages that have a large html to text ratio. Here is the pertinent part of the AlliGate manual that explains how this test works: == Many messages have HTML formatting to make them more interesting and readable by the end user. Of course, this includes spam as well. Some spam messages have a higher degree of HTML specific tags and content than other non-spam messages. SpamManager calculates the ratio of HTML related content to actual, readable, text and a percentage is calculated. Our research indicates that as the percentage of HTML/text reached values in excess of 55%, the likelihood of the message being spam increases. This is a sliding-scale test and the penalty increases as the ratio increases above the base percentage. The base percentage can be adjusted to suit your needs. == As well as a compression test that works pretty slick: == Many spam messages contain text that is repeated numerous times, such as repeating HTML tags and URL's. This means that when applying a compression algorithm to the message, much like is done with ZIP files, that the more a message can be compressed, the more likely it is to be spam. SpamManager applies a fast, low overhead, proprietary compression technique that is optimized for text messages and calculates the amount of compression achieved. Our research has shown that as a message's compression increases above 40%, so does its probability of being spam. This is a sliding-scale test and the penalty increases as the amount of compression increases above the base percentage. The base percentage can be adjusted to suit your needs. == These are in addition to about a half dozen other spam tests that have been added to the release version of AlliGate. You may want to take a look at www.alligate.com. Overall, it has been a very nice additional plug-in to our Declude/Sniffer/SpamCheck spam filtering system. Bill - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, June 06, 2003 5:07 AM Subject: Re: [Declude.JunkMail] Request for new/enhanced feature I keep getting mail that slipps through that IMO shouldn't be that hard to catch really... G They use a variant of the html comments but the way they do it it don't get detected as a mail with to many html comments. Correct. Because if Declude JunkMail were count all the HTML tags, then all that Microsoft Word E-mail Garbage (those one line E-mails that turn into 10K E-mails) would get caught, and a lot of other legitimate HTML E-mail would get caught, too. Below is a snippet of example text inside the html formated e-mail : Pk73ch7b1tddyenkqjezab3w79ejis Enkpv36t91gfs2largktwn2sd3kn7tqemek63uv4i3njxxcnt Pikxl9qjl2r3ervkll On The Mak9jgo17u5v244rkekth2amv3m1st!/font/font/font/bfont face=Arial,Helvetica/font pfont face=Arial,Helvetica* Gksfvuh135aju042aikndkb4w1ppwy192n 3kbq72kb2dv2xsd2+ Full Inkn46ft9yw8pchkwhb2wy27wls3es In Lengka4vte11x26Lengka4vte11x26wth/font brfont face=Arial,Helvetica* Exkcay5sz12le0pand Your Pekt70s753udaio49nis Up To 20kh3tfh82ejp1% Basically remove the x junk and you get the text. That's exactly what the latest beta version does, so you can filter on it. Since these are invalid html comments most e-mail clients just simply ignore the comment text all together since it has the around the text. Technically, these aren't invalid HTML comments, they are made-up HTML tags (which could be valid in the future). That's the problem. The only way to tell whether a tag is valid or not is to have a database of valid tags, which would be very expensive (CPU time, storage space, man-hours to gather the data and update it, false positives, etc.). If I recall correctly, HTML isn't even covered by the RFCs, which makes it more difficult to assess the tags. IMO this should also have failed HTMLCOMMENTS which it did not. So my question.. Would it be possible to add the above junk as detected html comment ? In this case, we could say OK, 'k73ch7b1tddy' is a bogus HTML tag. And 'ksfvuh135aju042' is a bogus HTML tag. And..., but a spammer could get around that simply by making another fake tag. So the only alternatives seem to be either [1] Count all HTML tags and catch legitimate E-mail, or [2] Keep a database of HTML tags. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses
[Declude.JunkMail] Best use of Header and total Weight
I'm trying to come up with the best way to insert a header into the body of our incoming corporate email, which will tell the recipient that the sender's message has almost acquired enough weight to be deleted. The header should only appear if the email is within a few points of deletion. I understand how to use the HEADER action as described in the manual. It's making it contingent on the WEIGHT variable that I'm not sure about. Just upgraded to the Pro version. Archive still down. Keith Purtell, Web/Network Administrator VantageMed Operations (Kansas City) Email: [EMAIL PROTECTED] CONFIDENTIALITY NOTICE: This email message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Best use of Header and total Weight
In the Global.cfg have: WEIGHTHDR weightrange x x 6 7 In your $Default$.Junkmail have: WEIGHTHDR WARNX-RBL-Warning: Failed %TESTSFAILED% [%WEIGHT%] Best Regards Andy Schmidt HM Systems Software, Inc. 600 East Crescent Avenue, Suite 203 Upper Saddle River, NJ 07458-1846 Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 http://www.HM-Software.com/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Keith Purtell Sent: Friday, June 06, 2003 04:52 PM To: Declude JunkMail (E-mail) Subject: [Declude.JunkMail] Best use of Header and total Weight I'm trying to come up with the best way to insert a header into the body of our incoming corporate email, which will tell the recipient that the sender's message has almost acquired enough weight to be deleted. The header should only appear if the email is within a few points of deletion. I understand how to use the HEADER action as described in the manual. It's making it contingent on the WEIGHT variable that I'm not sure about. Just upgraded to the Pro version. Archive still down. Keith Purtell, Web/Network Administrator VantageMed Operations (Kansas City) Email: [EMAIL PROTECTED] CONFIDENTIALITY NOTICE: This email message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] bizarre Message
I'm getting the same message. On Fri, 2003-06-06 at 15:35, James R. Skivers wrote: I did receive a message that had to sender, no subject, and no message. The header reads as follows. Received: from declude.com [66.189.124.29] by mail.planetkc.com with ESMTP (SMTPD32-7.15) id A121ADA0084; Fri, 06 Jun 2003 12:36:33 -0500 X-Note: This E-mail was scanned by Web One JunkMail for spam. X-Spam-Tests-Failed: None [0] X-UIDL: 300638699 Freaky James R. Skivers Network Administrator Web One Inc. [EMAIL PROTECTED] http://astra1.com -- Lee Griffin [EMAIL PROTECTED] Varsitycontractors Inc. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Best use of Header and total Weight
H, I haven't used weightrange before, that'll help. But to actually make the message visible to recipients, looks like I'll have to do something like In your $Default$.Junkmail have: WEIGHTHDR HEADER This message weighs %WEIGHT% and may be deleted. Keith Purtell, Web/Network Administrator VantageMed Operations (Kansas City) Email: [EMAIL PROTECTED] CONFIDENTIALITY NOTICE: This email message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Andy Schmidt Sent: Friday, June 06, 2003 4:07 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Best use of Header and total Weight In the Global.cfg have: WEIGHTHDR weightrange x x 6 7 In your $Default$.Junkmail have: WEIGHTHDR WARNX-RBL-Warning: Failed %TESTSFAILED% [%WEIGHT%] Best Regards Andy Schmidt HM Systems Software, Inc. 600 East Crescent Avenue, Suite 203 Upper Saddle River, NJ 07458-1846 Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 http://www.HM-Software.com/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Keith Purtell Sent: Friday, June 06, 2003 04:52 PM To: Declude JunkMail (E-mail) Subject: [Declude.JunkMail] Best use of Header and total Weight I'm trying to come up with the best way to insert a header into the body of our incoming corporate email, which will tell the recipient that the sender's message has almost acquired enough weight to be deleted. The header should only appear if the email is within a few points of deletion. I understand how to use the HEADER action as described in the manual. It's making it contingent on the WEIGHT variable that I'm not sure about. Just upgraded to the Pro version. Archive still down. Keith Purtell, Web/Network Administrator VantageMed Operations (Kansas City) Email: [EMAIL PROTECTED] CONFIDENTIALITY NOTICE: This email message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] DSN:beta features
What is the syntax for the alias spamdomains in the latest beta update? --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] bizarre Message
It is the Friday Afternoon Gremlin. John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Lester Brown Sent: Friday, June 06, 2003 3:51 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] bizarre Message Ive now received 10 copies of this blank message. Any idea on where theyre coming from? Heres the header: Received: from declude.com [66.189.124.29] by mail.washougal.k12.wa.us (SMTPD32-7.07) id A8EB5600C8; Fri, 06 Jun 2003 15:42:51 -0700 X-RBL-Warning: BADHEADERS: This E-mail was sent from a broken mail client [8c20]. X-RBL-Warning: WEIGHT5: Total weight between 0 and 9. X-Declude-Sender: [EMAIL PROTECTED] [66.189.124.29] X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. X-Spam-Tests-Failed: BADHEADERS, WEIGHT5 X-UIDL: 352751939 Lester Brown Network Support Specialist Washougal School District 112-6 Phone: 360-954-3310 Fax: 360-835-1182 [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of James R. Skivers Sent: Friday, June 06, 2003 12:36 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] bizarre Message I did receive a message that had to sender, no subject, and no message. The header reads as follows. Received: from declude.com [66.189.124.29] by mail.planetkc.com with ESMTP (SMTPD32-7.15) id A121ADA0084; Fri, 06 Jun 2003 12:36:33 -0500 X-Note: This E-mail was scanned by Web One JunkMail for spam. X-Spam-Tests-Failed: None [0] X-UIDL: 300638699 Freaky James R. Skivers Network Administrator Web One Inc. [EMAIL PROTECTED] http://astra1.com
Re: [Declude.JunkMail] spamdomains list
Dan, Those will work, but only because the revdns for legit email from those domains will always match outblaze.com and will never match accountant.com and the others. I'd leave those @ symbols if I were you, because these outblaze domains use generic dictionary words. So without the @ you will run the risk of matching unintended domains such as myaccountant.com, business-in-asia.com Bill -Original Message- From: Dan Patnode Sent: 06 Jun 2003 15:33:26 -0700 Subject: Re: [Declude.JunkMail] spamdomains list So then these also won't work: @2die4.com outblaze.com @accountant.com outblaze.com @adexec.com outblaze.com @africamail.com outblaze.com @allergist.com outblaze.com @alumnidirector.com outblaze.com @archaeologist.com outblaze.com @arcticmail.com outblaze.com @artlover.com outblaze.com @asia.com outblaze.com I'll take the @'s out Dan On Thursday, June 5, 2003 13:33, R. Scott Perry [EMAIL PROTECTED] wrote: @tin.itTin.it @tin.itTuttopmi.it @tin.itFlexmail.it Scott, would you confirm? I'm not sure this will work. The problem is that when Declude JunkMail sees the line @tin.it Tin.it, if the reverse DNS is mail.Tuttopmi.it, Declude JunkMail will fail the test (even though it matches the next line, Declude JunkMail won't know that that should cancel out a previous line that failed). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] DSN:beta features
Global.cfg: SPAMDOMAINS spamdomains F:\IMail\Declude\SpamDomains.txt x 5 0 SpamDomain.txt examples: amazon.com ameritech.net aol.com apple.com @att. .att. attbi.com bellsouth.net charter.net comcast. compuserve.com concentric. .cnchost.com @cox. .cox. earthlink. excite.com geocities.com .yahoo.com @gte. .gte. @hotmail.com .hotmail.com juno.com .untd.com lycos.com microsoft.com mindspring. msn.com .hotmail.com netscape. .aol.com netzero. .untd.com prodigy. @psi. .psi. qwest. .uswest. .rr.com sbc.com swbell.net .prodigy.net verio. verizon. .bellatlantic. yahoo. Bill - Original Message - From: Kevin [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, June 06, 2003 3:58 PM Subject: [Declude.JunkMail] DSN:beta features What is the syntax for the alias spamdomains in the latest beta update? --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] bizarre Message
Hmmm, I have only gotten the one from earlier today. It does appear that they are coming from the Declude list server, however: Received: from declude.com [66.189.124.29] Bill - Original Message - From: Lester Brown To: [EMAIL PROTECTED] Sent: Friday, June 06, 2003 3:51 PM Subject: RE: [Declude.JunkMail] bizarre Message Ive now received 10 copies of this blank message. Any idea on where theyre coming from? Heres the header: Received: from declude.com [66.189.124.29] by mail.washougal.k12.wa.us (SMTPD32-7.07) id A8EB5600C8; Fri, 06 Jun 2003 15:42:51 -0700 X-RBL-Warning: BADHEADERS: This E-mail was sent from a broken mail client [8c20]. X-RBL-Warning: WEIGHT5: Total weight between 0 and 9. X-Declude-Sender: [EMAIL PROTECTED] [66.189.124.29] X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. X-Spam-Tests-Failed: BADHEADERS, WEIGHT5 X-UIDL: 352751939 Lester Brown Network Support Specialist Washougal School District 112-6 Phone: 360-954-3310 Fax: 360-835-1182 [EMAIL PROTECTED] -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of James R. SkiversSent: Friday, June 06, 2003 12:36 PMTo: [EMAIL PROTECTED]Subject: [Declude.JunkMail] bizarre Message I did receive a message that had to sender, no subject, and no message. The header reads as follows. Received: from declude.com [66.189.124.29] by mail.planetkc.com with ESMTP (SMTPD32-7.15) id A121ADA0084; Fri, 06 Jun 2003 12:36:33 -0500 X-Note: This E-mail was scanned by Web One JunkMail for spam. X-Spam-Tests-Failed: None [0] X-UIDL: 300638699 Freaky James R. Skivers Network Administrator Web One Inc. [EMAIL PROTECTED] http://astra1.com
Re: [Declude.JunkMail] spamdomains list
Those should work fine. What will not work is when the left part is listed more than once with different right parts, the first match win and the others will never be checked. For example, abc.com will always only match the first line item here: @abc.comxyz.com ---(Match and looks no further down the list) @abc.comxyz.net @abc.comxyz.org Your list below should work just fine. Bill - Original Message - From: Dan Patnode [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, June 06, 2003 3:33 PM Subject: Re: [Declude.JunkMail] spamdomains list So then these also won't work: @2die4.com outblaze.com @accountant.com outblaze.com @adexec.com outblaze.com @africamail.com outblaze.com @allergist.com outblaze.com @alumnidirector.com outblaze.com @archaeologist.com outblaze.com @arcticmail.com outblaze.com @artlover.com outblaze.com @asia.com outblaze.com I'll take the @'s out Dan On Thursday, June 5, 2003 13:33, R. Scott Perry [EMAIL PROTECTED] wrote: @tin.itTin.it @tin.itTuttopmi.it @tin.itFlexmail.it Scott, would you confirm? I'm not sure this will work. The problem is that when Declude JunkMail sees the line @tin.it Tin.it, if the reverse DNS is mail.Tuttopmi.it, Declude JunkMail will fail the test (even though it matches the next line, Declude JunkMail won't know that that should cancel out a previous line that failed). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] spamdomains list
Thanks for the clarification. In that example then, the way to go is: @abc.comxyz. :) On Friday, June 6, 2003 16:12, Bill Landry [EMAIL PROTECTED] wrote: Those should work fine. What will not work is when the left part is listed more than once with different right parts, the first match win and the others will never be checked. For example, abc.com will always only match the first line item here: @abc.comxyz.com ---(Match and looks no further down the list) @abc.comxyz.net @abc.comxyz.org Your list below should work just fine. Bill - Original Message - From: Dan Patnode [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, June 06, 2003 3:33 PM Subject: Re: [Declude.JunkMail] spamdomains list So then these also won't work: @2die4.com outblaze.com @accountant.com outblaze.com @adexec.com outblaze.com @africamail.com outblaze.com @allergist.com outblaze.com @alumnidirector.com outblaze.com @archaeologist.com outblaze.com @arcticmail.com outblaze.com @artlover.com outblaze.com @asia.com outblaze.com I'll take the @'s out Dan On Thursday, June 5, 2003 13:33, R. Scott Perry [EMAIL PROTECTED] wrote: @tin.itTin.it @tin.itTuttopmi.it @tin.itFlexmail.it Scott, would you confirm? I'm not sure this will work. The problem is that when Declude JunkMail sees the line @tin.it Tin.it, if the reverse DNS is mail.Tuttopmi.it, Declude JunkMail will fail the test (even though it matches the next line, Declude JunkMail won't know that that should cancel out a previous line that failed). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] spamdomains list
yep, that would work. However, I would probably do: @abc.com.xyz. with the leading dot, as well. That way it would not also match wxyz.. Bill - Original Message - From: Dan Patnode [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, June 06, 2003 5:36 PM Subject: Re: [Declude.JunkMail] spamdomains list Thanks for the clarification. In that example then, the way to go is: @abc.comxyz. :) On Friday, June 6, 2003 16:12, Bill Landry [EMAIL PROTECTED] wrote: Those should work fine. What will not work is when the left part is listed more than once with different right parts, the first match win and the others will never be checked. For example, abc.com will always only match the first line item here: @abc.comxyz.com ---(Match and looks no further down the list) @abc.comxyz.net @abc.comxyz.org Your list below should work just fine. Bill - Original Message - From: Dan Patnode [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, June 06, 2003 3:33 PM Subject: Re: [Declude.JunkMail] spamdomains list So then these also won't work: @2die4.com outblaze.com @accountant.com outblaze.com @adexec.com outblaze.com @africamail.com outblaze.com @allergist.com outblaze.com @alumnidirector.com outblaze.com @archaeologist.com outblaze.com @arcticmail.com outblaze.com @artlover.com outblaze.com @asia.com outblaze.com I'll take the @'s out Dan On Thursday, June 5, 2003 13:33, R. Scott Perry [EMAIL PROTECTED] wrote: @tin.itTin.it @tin.itTuttopmi.it @tin.itFlexmail.it Scott, would you confirm? I'm not sure this will work. The problem is that when Declude JunkMail sees the line @tin.it Tin.it, if the reverse DNS is mail.Tuttopmi.it, Declude JunkMail will fail the test (even though it matches the next line, Declude JunkMail won't know that that should cancel out a previous line that failed). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] bizarre Message
I received one also. Here are my headers. and it does look like it came from the declude list server X-Declude-Sender: [EMAIL PROTECTED] [66.189.124.29] Here is the reverse of the IP. It is the ip of mail.declude.com 66.189.124.29 PTR record: cpe-66-189-124-29.ma.charter.com. [TTL 86400s] [A=66.189.124.29] Received: from ns1.ssc-isp.net [12.9.25.242] by standardabrasives.com (SMTPD32-7.15) id A0C72F10086; Fri, 06 Jun 2003 10:35:03 -0700Received: from declude.com ([66.189.124.29])by ns1.ssc-isp.net (NAVGW 2.5.2.9) with SMTP id M2003060610333827499for [EMAIL PROTECTED]; Fri, 06 Jun 2003 10:33:40 -0700X-RBL-Warning: BADHEADERS: This E-mail was sent from a broken mail client [8c20].X-Declude-Sender: [EMAIL PROTECTED] [66.189.124.29]X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam.X-Spam-Tests-Failed: BADHEADERS, WEIGHT5 [5]X-Spam-Prob: 0.383084X-UIDL: 354249338 Kevin Bilbee -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of Bill LandrySent: Friday, June 06, 2003 4:08 PMTo: [EMAIL PROTECTED]Subject: Re: [Declude.JunkMail] bizarre Message Hmmm, I have only gotten the one from earlier today. It does appear that they are coming from the Declude list server, however: Received: from declude.com [66.189.124.29] Bill - Original Message - From: Lester Brown To: [EMAIL PROTECTED] Sent: Friday, June 06, 2003 3:51 PM Subject: RE: [Declude.JunkMail] bizarre Message Ive now received 10 copies of this blank message. Any idea on where theyre coming from? Heres the header: Received: from declude.com [66.189.124.29] by mail.washougal.k12.wa.us (SMTPD32-7.07) id A8EB5600C8; Fri, 06 Jun 2003 15:42:51 -0700 X-RBL-Warning: BADHEADERS: This E-mail was sent from a broken mail client [8c20]. X-RBL-Warning: WEIGHT5: Total weight between 0 and 9. X-Declude-Sender: [EMAIL PROTECTED] [66.189.124.29] X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. X-Spam-Tests-Failed: BADHEADERS, WEIGHT5 X-UIDL: 352751939 Lester Brown Network Support Specialist Washougal School District 112-6 Phone: 360-954-3310 Fax: 360-835-1182 [EMAIL PROTECTED] -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of James R. SkiversSent: Friday, June 06, 2003 12:36 PMTo: [EMAIL PROTECTED]Subject: [Declude.JunkMail] bizarre Message I did receive a message that had to sender, no subject, and no message. The header reads as follows. Received: from declude.com [66.189.124.29] by mail.planetkc.com with ESMTP (SMTPD32-7.15) id A121ADA0084; Fri, 06 Jun 2003 12:36:33 -0500 X-Note: This E-mail was scanned by Web One JunkMail for spam. X-Spam-Tests-Failed: None [0] X-UIDL: 300638699 Freaky James R. Skivers Network Administrator Web One Inc. [EMAIL PROTECTED] http://astra1.com
RE: [Declude.JunkMail] OT: The Titian Key Product to Remove Spam.. patent pending?
But wait, theres more!!! If you order today, we will include absolutely freethe amazing Ginzu SPAM knife. It never needs sharpening and can slice the fat off your SPAM messages just as easy as that! It slicesit dicesit even makes julienne fries!! Blah, blah, blah Ginger -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eddie Pang Sent: Friday, June 06, 2003 3:09 AM To: Declude. [EMAIL PROTECTED] com Subject: [Declude.JunkMail] OT: The Titian Key Product to Remove Spam.. patent pending? FWIW.. Looks like a variation of a mail gateway at a cost of $1000.00 per month! http://www.titankey.com/features.asp eddie :)
[Declude.JunkMail] US Internet
Will the e-mail admin of US Internet please contact me off list? John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
