RE: [Declude.JunkMail] [IMail Forum] Cannot receive messages from Comcast.net accounts
Scott-After reading your e-mail recommending that you can hold on bad headers I tripled the weight. Although I really don't care much that this was held right now if virus did really come through my server I would like to get this. Any idea why a Webshield Alert would fail BADHEADERS? (if that is where this is really from...) Received: from ASSENTOR4.corp.isib.net [199.250.13.98] by mail.prudentialrand.com with ESMTP (SMTPD32-7.15) id A5AE450008A; Tue, 26 Aug 2003 17:48:30 -0400 Received: from MSMP2.corp.isib.net (unverified) by ASSENTOR4.corp.isib.net (Content Technologies SMTPRS 4.2.10) with ESMTP id [EMAIL PROTECTED] for [EMAIL PROTECTED]; Tue, 26 Aug 2003 16:48:11 -0500 Received: from SMTPAV2.corp.isib.net (unverified) by MSMP2.corp.isib.net (Content Technologies SMTPRS 4.2.5) with SMTP id [EMAIL PROTECTED] for [EMAIL PROTECTED]; Tue, 26 Aug 2003 16:48:11 -0500 Message-ID: [EMAIL PROTECTED] X-Mailer: Network Associates, Inc. Webshield SMTP, Version 4.5 Date: Tue Aug 26 16:48:12 2003 To: [EMAIL PROTECTED] From: [EMAIL PROTECTED] Subject: [SPAM]Virus Detected by Network Associates, Inc. Webshield SMTP V4.5 X-RBL-Warning: BADHEADERS: This E-mail was sent from a broken mail client [801e]. X-RBL-Warning: HELOBOGUS: Domain ASSENTOR4.corp.isib.net has no MX or A records. X-RBL-Warning: WEIGHT10: Weight of 20 reaches or exceeds the limit of 10. X-Declude-Sender: [EMAIL PROTECTED] [199.250.13.98] X-Declude-Spoolname: Dd5ae0450008aaab3.SMD X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. X-Spam-Tests-Failed: BADHEADERS, HELOBOGUS, IPNOTINMX, NOLEGITCONTENT, WEIGHT10, WEIGHT20, WEIGHT15 [20] X-Note: This E-mail was sent from mplfw2.dainrauscher.com ([199.250.13.98]). SMTPAV1: Network Associates WebShield SMTP V4.5 on SMTPAV2 detected virus W32/[EMAIL PROTECTED] in attachment thank_you.pif from [EMAIL PROTECTED] and it was Cleaned and Quarantined. RBC Dain Rauscher does not accept buy, sell or cancel orders by e-mail, or any instructions by e-mail that would require your signature. Information contained in this communication is not considered an official record of your account and does not supersede normal trade confirmations or statements. Any information provided has been prepared from sources believed to be reliable but is not guaranteed, does not represent all available data necessary for making investment decisions and is for informational purposes only. This e-mail may be privileged and/or confidential, and the sender does not waive any related rights and obligations. Any distribution, use or copying of this e-mail or the information it contains by other than an intended recipient is unauthorized. If you receive this e-mail in error, please advise me (by return e-mail or otherwise) immediately. Information received by or sent from this system is subject to review by supervisory personnel, is retained and may be produced to regulatory authorities or others with a legal right to the information. --- [This E-mail scanned for viruses by Declude Virus] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of R. Scott Perry Sent: Tuesday, August 26, 2003 01:54 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] [IMail Forum] Cannot receive messages from Comcast.net accounts I've found that automated mail including opt-in newsletters, E-commerce receipts, and product notifications, and renewal notices commonly fail the BADHEADERS, SPAMHEADERS and HELOBOGUS tests. Just to clarify here for those that aren't aware -- the BADHEADERS and SPAMHEADERS test both look for headers that are rare in mail sent from legitimate mail clients, and are fairly common in spam. The difference in that the BADHEADERS test includes non-RFC-compliant headers, whereas the SPAMHEADERS test includes headers that are technically valid. So a legitimate E-mail should NEVER fail the BADHEADERS test -- and it is therefore normally safe to block on it (since it is not a valid E-mail, and many mailserver will block the E-mail). However, the SPAMHEADERS test will catch a fair amount of legitimate E-mail from poorly designed mail clients. In this case, the weighting system helps out a lot, by only blocking E-mail that fails multiple tests. Note that we will work with any company that is sending out E-mails that fail either test (at no charge) to help them fix their problems. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at
Re: [Declude.JunkMail] Webshield failing bad headers: WAS Cannot receive messages from Comcast.net accounts from Comcast.netaccounts
Maybe you should e-mail them. This was the version # in the headers: The last time we tried that was when we found a DoS attack that WebShield was susceptible to -- but they didn't fix it for about a year. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] OSRELAY question.
In going thru the held mail I am finding some emails with this warning. X-RBL-Warning: OSRELAY: Please stop using relays.osirusoft.com This only shows up on a few emails but it causes the email to fail the OSRELAY test - meaning more false positives. Other emails either do not have the warning or they show a normal OSRELAY warming - X-RBL-Warning: OSRELAY: This E-mail came from XXX.27.65.23, a potential spam source listed in OSRELAY. I searched the archives but did I miss an announcement that we were suppose to quit using OSRELAY. Thanks. Chuck Schick Warp 8, Inc. 303-421-5140 www.warp8.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] OSRELAY question.
In going thru the held mail I am finding some emails with this warning. X-RBL-Warning: OSRELAY: Please stop using relays.osirusoft.com This only shows up on a few emails but it causes the email to fail the OSRELAY test - meaning more false positives. Other emails either do not have the warning or they show a normal OSRELAY warming - X-RBL-Warning: OSRELAY: This E-mail came from XXX.27.65.23, a potential spam source listed in OSRELAY. I searched the archives but did I miss an announcement that we were suppose to quit using OSRELAY. I hate to say it but: X-RBL-Warning: OSRELAY: Please stop using relays.osirusoft.com implies that *someone* thinks you should stop using relays.osirusoft.com. :) Apparently, they have had some serious problems (their web site hasn't been reachable for quite some time), and want people to stop using them. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] OSRELAY question.
Yes, this has been reported both on Imail list and this list at 08/24. news.prodigy.com John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Chuck Schick Sent: Tuesday, August 26, 2003 5:14 PM To: Declude. JunkMail (E-mail) Subject: [Declude.JunkMail] OSRELAY question. In going thru the held mail I am finding some emails with this warning. X-RBL-Warning: OSRELAY: Please stop using relays.osirusoft.com This only shows up on a few emails but it causes the email to fail the OSRELAY test - meaning more false positives. Other emails either do not have the warning or they show a normal OSRELAY warming - X-RBL-Warning: OSRELAY: This E-mail came from XXX.27.65.23, a potential spam source listed in OSRELAY. I searched the archives but did I miss an announcement that we were suppose to quit using OSRELAY. Thanks. Chuck Schick Warp 8, Inc. 303-421-5140 www.warp8.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] OSRELAY question.
I've seen it to. Additionally http://relays.osirusoft.com isn't responding and emails are being bounced. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chuck Schick Sent: Tuesday, August 26, 2003 8:14 PM To: Declude. JunkMail (E-mail) Subject: [Declude.JunkMail] OSRELAY question. In going thru the held mail I am finding some emails with this warning. X-RBL-Warning: OSRELAY: Please stop using relays.osirusoft.com This only shows up on a few emails but it causes the email to fail the OSRELAY test - meaning more false positives. Other emails either do not have the warning or they show a normal OSRELAY warming - X-RBL-Warning: OSRELAY: This E-mail came from XXX.27.65.23, a potential spam source listed in OSRELAY. I searched the archives but did I miss an announcement that we were suppose to quit using OSRELAY. Thanks. Chuck Schick Warp 8, Inc. 303-421-5140 www.warp8.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Fw: [SAtalk] OSIRUSOFT -- should they be used any more?
FYI, looks like Joe Jared (of Osirusoft) is finally hanging it up. Bill - Original Message - From: James Miller [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, August 26, 2003 4:07 PM Subject: RE: [SAtalk] OSIRUSOFT -- should they be used any more? Update OSIRUSOFT issue: I decided to go ahead and call Joe Jared since now our primary mail server is now listed as well and I can't get mail to him. - The following addresses had permanent fatal errors - [EMAIL PROTECTED] (reason: 553 5.3.0 [EMAIL PROTECTED]... Mail from nitwit spammer 198.83.204.156 refused see http://relays.osirusoft.com/cgi-bin/rbcheck.cgi?addr=198.83.204.156) - Transcript of session follows - ... while talking to relays.osirusoft.com.: MAIL From:[EMAIL PROTECTED] SIZE=1524 553 5.3.0 [EMAIL PROTECTED]... Mail from nitwit spammer 198.83.204.156 refused see http://relays.osirusoft.com/cgi-bin/rbcheck.cgi?addr=198.83.204.156 501 5.6.0 Data format error I find this quite silly, I scanned our mail logs and I can say with certainty that spam is/has not been coming from our site. Anyway, when I called Mr. Jared, he stated that everyone needs to stop using Osirusoft and that he's going to be shutting the service down. And I got the impression that he's soon going to get his point across by blacklisting the world. I'm not alone in this problem, a check on google groups will tell all. http://groups.google.com/groups?dq=hl=enlr=ie=UTF-8oe=UTF-8safe=offfra me=rightth=b43eeebc8f1bd08cseekm=3LN2b.9658%24Ly2.1506055%40cletus.bright. net#link1 If you are using osirusoft to pull the Spamhaus SBL, and announcement was made by Steve Linford to stop using Osirusoft several weeks ago. SpamAssassin is used by thousands of admins and the use of Osirusoft needs to be reconsidered, especially with a new release coming out soon. I would appreciate any comments about this. Regards, Jim -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of James Miller Sent: Tuesday, August 26, 2003 4:33 PM To: [EMAIL PROTECTED] Subject: [SAtalk] OSIRUSOFT -- should they be used any more? With all the trouble OSIRUSOFT is having, is it time to stop using them? As of 12:40 this afternoon our mail server stopped accepting mail from our main web server because it was listed on osirusoft. How I don't know since it doesn't run an SMTP server -- it's protected by a dmz firewall which allows 80-443 in, smtp 25 to our internal mail server and 1024 out to the world, it's completely upto date, runs Norton virus scanner and tcpdump over 3 hrs only shows it sending messages to our internal mail server. It's hard coded to send billing, cancellation, reactivation messages to exactly one mail server on the inside of our firewall. news.admin.net-abuse.email is filled with messages/complains about them from companies complaining that Joe Jared (founder of osirusoft and spews) isn't responding to request to find out why their listed and how to get off the list. Also, it seems they are facing several law suites from several large corporation. And to add to it, they are (have been since Friday) under a DDoS attack, their web site is down, mail is not flowing to them (because of the attack I assume) and I don't know what to do to get us off the list before our class 'C' networks get added short of calling him or sending a fax. But I've been told that he will permanently black list anyone who calls or faxes him directly. I have complete removed all osirusoft check in SA and Sendmail. It may be time to completely remove them from SA all together. Regards, Jim James Miller, MCSE Network Administrator Simutronics Corporation www.play.net 636.946.4263 x113 --- This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0 ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Filter question
I have setup a filter to froward all email that seems to be from the sobig virus to a specian mail box. Global.CFG SOBIGFILTER filter D:\IMail\Declude\SOBIG.txt x 0 0 sobig.txt REMOTEIP 0 IS 206.111.17.194 REMOTEIP 0 IS 66.185.39.38 REMOTEIP 0 IS 66.123.247.98 REMOTEIP 0 IS 69.37.1.22 SUBJECT 0 IS Re: Details SUBJECT 0 IS Re: Approved SUBJECT 0 IS Re: Re: My details SUBJECT 0 IS Re: Thank you! SUBJECT 0 IS Re: That movie SUBJECT 0 IS Re: Wicked screensaver SUBJECT 0 IS Re: Your application SUBJECT 0 IS Thank you! SUBJECT 0 IS Your details $default$.junkmail SOBIGFILTER ROUTETO [EMAIL PROTECTED] I have sent an email with the subject line of Re: Wicked screensaver to test declude does not seem to be running the test We are running Declude v1.75i1 Where did I go wrong in setting this up? Kevin Bilbee --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] OSRELAY question.
I'm feeling dumb this evening, so I'll share my dumb question, sorry in advance. The appropriate action for us to take then is to A) do nothing B) modify our global.cfg to comment out the 6 or so relays.osirusoft.com tests C) Something completely different Inquiring minds would like to know. Thanks in advance. Rob Yes, this has been reported both on Imail list and this list at 08/24. news.prodigy.com John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] OSRELAY question.
hi scott does this mean we need to stop using all of the tests below ? OSDUL ip4rrelays.osirusoft.com 127.0.0.3 5 0 OSFORM ip4rrelays.osirusoft.com 127.0.0.8 6 0 OSLIST ip4rrelays.osirusoft.com 127.0.0.7 5 0 OSPROXY ip4rrelays.osirusoft.com 127.0.0.9 7 0 OSRELAY ip4rrelays.osirusoft.com 127.0.0.2 5 0 OSSMART ip4rrelays.osirusoft.com 127.0.0.5 5 0 OSSOFT ip4rrelays.osirusoft.com 127.0.0.6 5 0 OSSRC ip4rrelays.osirusoft.com 127.0.0.4 10 0 OSDIPS ip4rrelays.osirusoft.com 127.0.0.3 5 0 - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, August 27, 2003 12:26 AM Subject: Re: [Declude.JunkMail] OSRELAY question. In going thru the held mail I am finding some emails with this warning. X-RBL-Warning: OSRELAY: Please stop using relays.osirusoft.com This only shows up on a few emails but it causes the email to fail the OSRELAY test - meaning more false positives. Other emails either do not have the warning or they show a normal OSRELAY warming - X-RBL-Warning: OSRELAY: This E-mail came from XXX.27.65.23, a potential spam source listed in OSRELAY. I searched the archives but did I miss an announcement that we were suppose to quit using OSRELAY. I hate to say it but: X-RBL-Warning: OSRELAY: Please stop using relays.osirusoft.com implies that *someone* thinks you should stop using relays.osirusoft.com. :) Apparently, they have had some serious problems (their web site hasn't been reachable for quite some time), and want people to stop using them. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Fw: [SAtalk] OSIRUSOFT -- should they be used any more?be used any more?
There have been similar posts on NANOG indicating xxx.osirusoft.com are returning all 127.0.0.2. Apparently they are under a massive DDOS attack Rick Rountree Sr Network Admin Dundee.Net At 08:38 PM 8/26/2003, you wrote: FYI, looks like Joe Jared (of Osirusoft) is finally hanging it up. Bill - Original Message - From: James Miller [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, August 26, 2003 4:07 PM Subject: RE: [SAtalk] OSIRUSOFT -- should they be used any more? Update OSIRUSOFT issue: I decided to go ahead and call Joe Jared since now our primary mail server is now listed as well and I can't get mail to him. - The following addresses had permanent fatal errors - [EMAIL PROTECTED] (reason: 553 5.3.0 [EMAIL PROTECTED]... Mail from nitwit spammer 198.83.204.156 refused see http://relays.osirusoft.com/cgi-bin/rbcheck.cgi?addr=198.83.204.156) - Transcript of session follows - ... while talking to relays.osirusoft.com.: MAIL From:[EMAIL PROTECTED] SIZE=1524 553 5.3.0 [EMAIL PROTECTED]... Mail from nitwit spammer 198.83.204.156 refused see http://relays.osirusoft.com/cgi-bin/rbcheck.cgi?addr=198.83.204.156 501 5.6.0 Data format error I find this quite silly, I scanned our mail logs and I can say with certainty that spam is/has not been coming from our site. Anyway, when I called Mr. Jared, he stated that everyone needs to stop using Osirusoft and that he's going to be shutting the service down. And I got the impression that he's soon going to get his point across by blacklisting the world. I'm not alone in this problem, a check on google groups will tell all. http://groups.google.com/groups?dq=hl=enlr=ie=UTF-8oe=UTF-8safe=offfra me=rightth=b43eeebc8f1bd08cseekm=3LN2b.9658%24Ly2.1506055%40cletus.bright. net#link1 If you are using osirusoft to pull the Spamhaus SBL, and announcement was made by Steve Linford to stop using Osirusoft several weeks ago. SpamAssassin is used by thousands of admins and the use of Osirusoft needs to be reconsidered, especially with a new release coming out soon. I would appreciate any comments about this. Regards, Jim -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of James Miller Sent: Tuesday, August 26, 2003 4:33 PM To: [EMAIL PROTECTED] Subject: [SAtalk] OSIRUSOFT -- should they be used any more? With all the trouble OSIRUSOFT is having, is it time to stop using them? As of 12:40 this afternoon our mail server stopped accepting mail from our main web server because it was listed on osirusoft. How I don't know since it doesn't run an SMTP server -- it's protected by a dmz firewall which allows 80-443 in, smtp 25 to our internal mail server and 1024 out to the world, it's completely upto date, runs Norton virus scanner and tcpdump over 3 hrs only shows it sending messages to our internal mail server. It's hard coded to send billing, cancellation, reactivation messages to exactly one mail server on the inside of our firewall. news.admin.net-abuse.email is filled with messages/complains about them from companies complaining that Joe Jared (founder of osirusoft and spews) isn't responding to request to find out why their listed and how to get off the list. Also, it seems they are facing several law suites from several large corporation. And to add to it, they are (have been since Friday) under a DDoS attack, their web site is down, mail is not flowing to them (because of the attack I assume) and I don't know what to do to get us off the list before our class 'C' networks get added short of calling him or sending a fax. But I've been told that he will permanently black list anyone who calls or faxes him directly. I have complete removed all osirusoft check in SA and Sendmail. It may be time to completely remove them from SA all together. Regards, Jim James Miller, MCSE Network Administrator Simutronics Corporation www.play.net 636.946.4263 x113 --- This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0 ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the
RE: [Declude.JunkMail] Filter question
I checked my logs and the REMOTEIP lines are catching the mail but the subject lines with RE: are not catching the mail. the subject lines without the RE: are catching the emails. I have changed the IS in SUBJECT lines to CONTAINS and I get the same results. I want these emails because I have been successful at tracking down the machine sending out the messages and getting the user to clean the virus. Kevin Bilbee -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Kevin Bilbee Sent: Tuesday, August 26, 2003 5:42 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Filter question I have setup a filter to froward all email that seems to be from the sobig virus to a specian mail box. Global.CFG SOBIGFILTER filter D:\IMail\Declude\SOBIG.txt x 0 0 sobig.txt REMOTEIP 0 IS 206.111.17.194 REMOTEIP 0 IS 66.185.39.38 REMOTEIP 0 IS 66.123.247.98 REMOTEIP 0 IS 69.37.1.22 SUBJECT 0 IS Re: Details SUBJECT 0 IS Re: Approved SUBJECT 0 IS Re: Re: My details SUBJECT 0 IS Re: Thank you! SUBJECT 0 IS Re: That movie SUBJECT 0 IS Re: Wicked screensaver SUBJECT 0 IS Re: Your application SUBJECT 0 IS Thank you! SUBJECT 0 IS Your details $default$.junkmail SOBIGFILTER ROUTETO [EMAIL PROTECTED] I have sent an email with the subject line of Re: Wicked screensaver to test declude does not seem to be running the test We are running Declude v1.75i1 Where did I go wrong in setting this up? Kevin Bilbee --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] OSRELAY question.
Well...made it to their web site and this is what it says Due to the severe drain of resources, relays.osirusoft.com will be down for an undetermined period of time. Please ask all sites using data from relays.osirusoft.com to stop until further notice. So, I have commented out the tests until further notice. MB -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Chuck Schick Sent: Tuesday, August 26, 2003 5:14 PM To: Declude. JunkMail (E-mail) Subject: [Declude.JunkMail] OSRELAY question. In going thru the held mail I am finding some emails with this warning. X-RBL-Warning: OSRELAY: Please stop using relays.osirusoft.com This only shows up on a few emails but it causes the email to fail the OSRELAY test - meaning more false positives. Other emails either do not have the warning or they show a normal OSRELAY warming - X-RBL-Warning: OSRELAY: This E-mail came from XXX.27.65.23, a potential spam source listed in OSRELAY. I searched the archives but did I miss an announcement that we were suppose to quit using OSRELAY. Thanks. Chuck Schick Warp 8, Inc. 303-421-5140 www.warp8.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] OSRELAY question.
Yes, because if you do not disable the Osirusoft tests, it will only cause unnecessary mail processing delays, as your queries wait for a response and eventually time-out (approx 10 seconds), since the rbl is no longer responding to queries, or is returning bogus responses. In either case, not a good thing... Bill - Original Message - From: Serge [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, August 26, 2003 6:16 PM Subject: Re: [Declude.JunkMail] OSRELAY question. hi scott does this mean we need to stop using all of the tests below ? OSDUL ip4rrelays.osirusoft.com 127.0.0.3 5 0 OSFORM ip4rrelays.osirusoft.com 127.0.0.8 6 0 OSLIST ip4rrelays.osirusoft.com 127.0.0.7 5 0 OSPROXY ip4rrelays.osirusoft.com 127.0.0.9 7 0 OSRELAY ip4rrelays.osirusoft.com 127.0.0.2 5 0 OSSMART ip4rrelays.osirusoft.com 127.0.0.5 5 0 OSSOFT ip4rrelays.osirusoft.com 127.0.0.6 5 0 OSSRC ip4rrelays.osirusoft.com 127.0.0.4 10 0 OSDIPS ip4rrelays.osirusoft.com 127.0.0.3 5 0 - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, August 27, 2003 12:26 AM Subject: Re: [Declude.JunkMail] OSRELAY question. In going thru the held mail I am finding some emails with this warning. X-RBL-Warning: OSRELAY: Please stop using relays.osirusoft.com This only shows up on a few emails but it causes the email to fail the OSRELAY test - meaning more false positives. Other emails either do not have the warning or they show a normal OSRELAY warming - X-RBL-Warning: OSRELAY: This E-mail came from XXX.27.65.23, a potential spam source listed in OSRELAY. I searched the archives but did I miss an announcement that we were suppose to quit using OSRELAY. I hate to say it but: X-RBL-Warning: OSRELAY: Please stop using relays.osirusoft.com implies that *someone* thinks you should stop using relays.osirusoft.com. :) Apparently, they have had some serious problems (their web site hasn't been reachable for quite some time), and want people to stop using them. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] OSRELAY question.
I would go with option B and comment them out. Bill - Original Message - From: Robert Grosshandler [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, August 26, 2003 5:55 PM Subject: RE: [Declude.JunkMail] OSRELAY question. I'm feeling dumb this evening, so I'll share my dumb question, sorry in advance. The appropriate action for us to take then is to A) do nothing B) modify our global.cfg to comment out the 6 or so relays.osirusoft.com tests C) Something completely different Inquiring minds would like to know. Thanks in advance. Rob Yes, this has been reported both on Imail list and this list at 08/24. news.prodigy.com John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] OSRELAY question.
Okay. another one bites the dust. scheeesch, pretty soon there won't be many spam databases to choose from will there looks like they are winning the battle but will they win the war - Original Message - From: John Tolmachoff (Lists) [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, August 26, 2003 5:32 PM Subject: RE: [Declude.JunkMail] OSRELAY question. Yes, this has been reported both on Imail list and this list at 08/24. news.prodigy.com John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Chuck Schick Sent: Tuesday, August 26, 2003 5:14 PM To: Declude. JunkMail (E-mail) Subject: [Declude.JunkMail] OSRELAY question. In going thru the held mail I am finding some emails with this warning. X-RBL-Warning: OSRELAY: Please stop using relays.osirusoft.com This only shows up on a few emails but it causes the email to fail the OSRELAY test - meaning more false positives. Other emails either do not have the warning or they show a normal OSRELAY warming - X-RBL-Warning: OSRELAY: This E-mail came from XXX.27.65.23, a potential spam source listed in OSRELAY. I searched the archives but did I miss an announcement that we were suppose to quit using OSRELAY. Thanks. Chuck Schick Warp 8, Inc. 303-421-5140 www.warp8.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] The Osirusoft saga...
The latest news in the Osirusoft saga: http://slashdot.org/article.pl?sid=03/08/27/0214238mode=nestedtid=111tid=126 Bill --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] OSRELAY question.
Okay. another one bites the dust. scheeesch, pretty soon there won't be many spam databases to choose from will there looks like they are winning the battle but will they win the war Actually, http://www.declude.com/junkmail/support/ip4r.htm shows that there are plenty of spam databases left. :) -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Filter question
I checked my logs and the REMOTEIP lines are catching the mail but the subject lines with RE: are not catching the mail. the subject lines without the RE: are catching the emails. That is odd. Could there be spaces/tabs at the end of the lines that aren't working? If that doesn't explain it, you can use LOGLEVEL DEBUG temporarily and send an E-mail through that should be caught by the filter -- you can then E-mail me the results, and I can take a look to see what went wrong. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] OSRELAY question.
Actually, http://www.declude.com/junkmail/support/ip4r.htm shows that there are plenty of spam databases left. :) -Scott You are correct - BUT - besides the default ones listed in the *old* manual how can we know which to use that give the most accurate results and are not duplicates of each other? Would it be possible for you to make a new recommended list? -Nick Hayer --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] OSRELAY question.
Hi Nick: This is what we have in our filter file. We use IMail to do the testing and then use a filter file to give them weight. Just in case it helps you this is what we have: We had all of what is listed in Declude site and wrote a program to evaluate all the server logs for 5 months and pick up the frequency that each test is triggered. We took the top so many and deleted the ones that hardly return a positive. The following are the ones we use now... HEADERS 8 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-BRAZIL HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-BROADWING HEADERS 10 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-CN-KR HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-CW HEADERS 20 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-HONGKONG HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-INFLOW HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-JAPAN HEADERS 10 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-KOREA HEADERS 3 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-LEVEL3 HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-RR HEADERS 8 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-RUSSIA HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-VERIO HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-YIPES HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (BLARS HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (COMPU HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (DEADBEEF HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (DELINK HEADERS 6 CONTAINS X-IMAIL-SPAM-DNSBL: (DSBL HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (DSBLALL HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (FABELSOURCES HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (fiveten HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (INTERSIL HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (KUNDENSERVER HEADERS 10 CONTAINS X-IMAIL-SPAM-DNSBL: (NJABL HEADERS 9 CONTAINS X-IMAIL-SPAM-DNSBL: (ORDB HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (SORBS-HTTP HEADERS 15 CONTAINS X-IMAIL-SPAM-DNSBL: (SpamCop HEADERS 8 CONTAINS X-IMAIL-SPAM-DNSBL: (SPAMHAUS HEADERS 10 CONTAINS X-IMAIL-SPAM-DNSBL: (WIREHUB-DNSBL HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (WIREHUB-DYNA HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (ybl Regards, Kami -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nick Hayer Sent: Wednesday, August 27, 2003 8:57 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] OSRELAY question. Actually, http://www.declude.com/junkmail/support/ip4r.htm shows that there are plenty of spam databases left. :) -Scott You are correct - BUT - besides the default ones listed in the *old* manual how can we know which to use that give the most accurate results and are not duplicates of each other? Would it be possible for you to make a new recommended list? -Nick Hayer --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] OSRELAY question.
Anyone have any recommendations on what to replace: #OSDUL ip4rrelays.osirusoft.com127.0.0.3 5 0 #OSFORM ip4rrelays.osirusoft.com127.0.0.8 5 0 #OSLIST ip4rrelays.osirusoft.com127.0.0.7 5 0 #OSRELAYip4rrelays.osirusoft.com 127.0.0.2 5 0 #OSSMARTip4rrelays.osirusoft.com 127.0.0.5 5 0 #OSSOFT ip4rrelays.osirusoft.com127.0.0.6 5 0 #OSSRC ip4rrelays.osirusoft.com127.0.0.4 5 0 With? --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: RE: [Declude.JunkMail] OSRELAY question.
Hi, Thanks for your interest in Alligate. We recommend that you first look over the product documentation so that you will have a good understanding of Alligate's capabilities and installation requirements. The documentation can be downloaded at the following address: http://www.alligate.com/downloads.asp Of particular interest to you would probably be the initial sections on setup and operation. There is a considerable amount of detail on customizing, however it will be extremely efficient with no customization whatsoever. Please take a few minutes and peruse the documentation, and if this sounds like it will do the job for you, please lets us know and we will mail temporary license codes to you for evaluation. We will be happy to supply you with a free 30 day license so that you can evaluate the product. In order to generate the license and key codes for you we will need to know the IP address for the computer you will be using to test Alligate. We will also need to know the number of domains you will be processing. These are both used in license key generation. Pricing is determined by the number of domains your are receiving mail for. Licensing costs are available at http://www.alligate.com/pricing.htm Thanks again, Brian Milburn Solid Oak Software --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] declude mail failing spamheaders?
The Confirmation Required message from this list did not pass the SPAMHEADERS test of Declude..:-))) Why is that Scott?? That's because Ipswitch still hasn't fixed the bug in IMail1.exe where it won't add the Message-ID: header. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] declude mail failing spamheaders?
Hi guys, The Confirmation Required message from this list did not pass the SPAMHEADERS test of Declude..:-))) Why is that Scott?? Received: from declude.com [66.189.124.29] by mail.cwc.nl with ESMTP (SMTPD32-7.13) id A85F9A01BA; Wed, 27 Aug 2003 15:55:43 +0200 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: SPAM: Confirmation Required (confirmation #0b938b52001be656c534d44) X-Confirmation: Provided by Declude http://www.declude.com Date: Wed, 27 Aug 2003 10:00:54 -0400 Message-Id: [EMAIL PROTECTED] X-Declude-Sender: [EMAIL PROTECTED] [66.189.124.29] X-Note: This E-mail was scanned by CWC Mailserver for spam. X-Spam-Tests-Failed: OSRELAY, SPAMHEADERS [5] X-RCPT-TO: [EMAIL PROTECTED] Status: U X-UIDL: 323879117 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Filter question
Well Scott you are correct again. I had a cut and paste error in the filter file all of the lines ended with an extra space except the last two lines. Kevin Bibee -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of R. Scott Perry Sent: Wednesday, August 27, 2003 5:45 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Filter question I checked my logs and the REMOTEIP lines are catching the mail but the subject lines with RE: are not catching the mail. the subject lines without the RE: are catching the emails. That is odd. Could there be spaces/tabs at the end of the lines that aren't working? If that doesn't explain it, you can use LOGLEVEL DEBUG temporarily and send an E-mail through that should be caught by the filter -- you can then E-mail me the results, and I can take a look to see what went wrong. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] OSRELAY question.
wow! yes there are a lot... but that begs another important question... which ones to use.. :( what is everyone else using ??? thanks sheldon - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, August 27, 2003 5:41 AM Subject: Re: [Declude.JunkMail] OSRELAY question. Okay. another one bites the dust. scheeesch, pretty soon there won't be many spam databases to choose from will there looks like they are winning the battle but will they win the war Actually, http://www.declude.com/junkmail/support/ip4r.htm shows that there are plenty of spam databases left. :) -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] OSRELAY Replacement question.
FYI Andy, Netscape 7's mail program can't see your information (winmail.dat problem). Regarding the discussion, I included several of the FIVETEN tests a few months back when I saw that Ipswitch was including them in their default configuration file (figured this would help that source's popularity and effectiveness). I've found them to be over-zealous though so I don't score them high (they have tagged this discussion group with their FIVETENSPAM test, and FIVETENSPAMSUPPORT was blocking Yahoo/SBC customers). FIVETEN has a few tests that work well with others because they apparently don't replicate blocks, but they don't hardly catch anything. The ones that score the most hits are FIVETENSPAM, FIVETENSPAMSUPPORT, and FIVETENBULK, the others are hardly a blip.. I think you can search Scott's DNS-based test page for replacements for each of the individual Osirusoft tests by searching for commonalties in the descriptions. I'm thinking that BLITZED, DSBL, SBL, MAILPOLICE, EASYNET and MONKEYPROXIES, which I am currently using, replicate most of the Osirusoft tests, so increasing the scores a little or maybe leaving them alone might be a good choice for me. My stats from the 20th show that the OSPROXY and OSSRC Osirusoft tests were the most common flunked, but none really made big numbers, and the others hardly made an impact (less than 1%). So increasing the scores of other proxy tests by a few points might handle OSPROXY and OSSRC was noted to be very similar to SPEWS, or maybe use the FIVETEN tests that I noted above, but score low. Matt Andy Schmidt wrote: Here is the replacements that I'm using (marked up red) with the results for the last few hours: Best Regards Andy Schmidt -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mark Smith Sent: Wednesday, August 27, 2003 09:44 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] OSRELAY question. Anyone have any recommendations on what to replace: #OSDUL ip4rrelays.osirusoft.com127.0.0.3 5 0 #OSFORM ip4rrelays.osirusoft.com127.0.0.8 5 0 #OSLIST ip4rrelays.osirusoft.com127.0.0.7 5 0 #OSRELAYip4rrelays.osirusoft.com 127.0.0.2 5 0 #OSSMARTip4rrelays.osirusoft.com 127.0.0.5 5 0 #OSSOFT ip4rrelays.osirusoft.com127.0.0.6 5 0 #OSSRC ip4rrelays.osirusoft.com127.0.0.4 5 0 With?
[Declude.JunkMail] Osirusoft Blacklists The World
Scott: The message below came over the Imail discussion board. Should I be removing the lines: OSDIPS ip4r relays.osirusoft.com 127.0.0.3 5 0 OSFORM ip4rrelays.osirusoft.com 127.0.0.8 5 0 OSLIST ip4rrelays.osirusoft.com 127.0.0.7 5 0 OSPROXY ip4r relays.osirusoft.com 127.0.0.9 7 0 OSRELAY ip4rrelays.osirusoft.com 127.0.0.2 5 0 OSSMART ip4rrelays.osirusoft.com 127.0.0.5 5 0 OSSOFT ip4rrelays.osirusoft.com 127.0.0.6 5 0 OSSRC ip4rrelays.osirusoft.com 127.0.0.4 6 0 from my Global.cfg?? Looks like I should but I would like the opinion of the guru. Thanks. Hank = FYI. May affect some of you. Osirusoft Blacklists The World As of today, Osirusoft, distributer of the SPEWS and open relay blocklists, among others, is no longer operational. Servers using these lists (including the FTC) are currently rejecting ALL email We contacted Mr. Jared by phone who informed us that 'everyone needs to stop using Osirusoft and that he's going to be shutting the service down.' Then he says he's going to blacklist 'the world' (aka, ban *.*.*.*) to get his point across. Later on this evening, he apparently went ahead and did just that http://slashdot.org/articles/03/08/27/0214238.shtml?tid=111 http://slashdot.org/articles/03/08/27/0214238.shtml?tid=111tid=126 tid=126
Re: [Declude.JunkMail] OSRELAY Replacement question.
I can't see your replacement suggestion Best regards Xavier - Original Message - From: Andy Schmidt [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, August 27, 2003 5:51 PM Subject: RE: [Declude.JunkMail] OSRELAY Replacement question. Here is the replacements that I'm using (marked up red) with the results for the last few hours: Best Regards Andy Schmidt -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mark Smith Sent: Wednesday, August 27, 2003 09:44 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] OSRELAY question. Anyone have any recommendations on what to replace: #OSDUL ip4rrelays.osirusoft.com127.0.0.3 5 0 #OSFORM ip4rrelays.osirusoft.com127.0.0.8 5 0 #OSLIST ip4rrelays.osirusoft.com127.0.0.7 5 0 #OSRELAYip4rrelays.osirusoft.com 127.0.0.2 5 0 #OSSMARTip4rrelays.osirusoft.com 127.0.0.5 5 0 #OSSOFT ip4rrelays.osirusoft.com127.0.0.6 5 0 #OSSRC ip4rrelays.osirusoft.com127.0.0.4 5 0 With? --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] OSRELAY Replacement question.
And here's my newly edited file: DSBLip4rlist.dsbl.org*50 MONKEYPROXIESip4rproxies.relays.monkeys.com * 50 ORDBip4rrelays.ordb.org*40 SPAMCOPip4rbl.spamcop.net127.0.0.2100 EASYNET-DNSBLip4rblackholes.easynet.nl127.0.0.2 70 EASYNET-PROXIESip4rproxies.blackholes.easynet.nl 127.0.0.2 70 FIVETEN-SPAMip4rblackholes.five-ten-sg.com127.0.0.2 50 FIVETEN-BULKip4rblackholes.five-ten-sg.com127.0.0.4 100 FIVETEN-MULTISTAGEip4rblackholes.five-ten-sg.com127.0.0.5 50 FIVETEN-SPAMSUPPORTip4rblackholes.five-ten-sg.com 127.0.0.750 FIVETEN-MISCip4rblackholes.five-ten-sg.com127.0.0.9 70 BLITZEDALLip4ropm.blitzed.org*70 SBLip4rsbl.spamhaus.org127.0.0.2100 MONKEYFORMMAILip4rformmail.relays.monkeys.com*40 FIVETEN-SINGLESTAGEip4rblackholes.five-ten-sg.com 127.0.0.650 FIVETEN-FREEip4rblackholes.five-ten-sg.com127.0.0.12 50 MAILPOLICE-BULKrhsblbulk.rhs.mailpolice.com 127.0.0.2100 MAILPOLICE-PORNrhsblporn.rhs.mailpolice.com 127.0.0.2100 DSNrhsbldsn.rfc-ignorant.org127.0.0.210 NOABUSErhsblabuse.rfc-ignorant.org127.0.0.4 10 NOPOSTMASTERrhsblpostmaster.rfc-ignorant.org127.0.0.3 10 BONDEDSENDERip4rquery.bondedsender.org127.0.0.10 -200 BADHEADERSbadheadersxx30 BASE64base64xx30 HELOBOGUShelovalidxx50 MAILFROMenvfromxx70 IPNOTINMXipnotinmxxx0-2 PERCENTpercentxx20 #REVDNSrevdnsexistsxx00 ROUTINGspamroutingxx70 SPAMHEADERSspamheadersxx50 ALLIGATEexternalnonzeroC:\IMail\Alligate\NoXMail.exe30 #SNIFFERexternalnonzeroC:\IMail\Declude\Sniffer\sniffer.exe authentication70 #CATCHALLMAILScatchallmailsxx00 WEIGHT10weightxx100 Andy Schmidt wrote: Here is the replacements that I'm using (marked up red) with the results for the last few hours: Best Regards Andy Schmidt -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mark Smith Sent: Wednesday, August 27, 2003 09:44 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] OSRELAY question. Anyone have any recommendations on what to replace: #OSDUL ip4rrelays.osirusoft.com127.0.0.3 5 0 #OSFORM ip4rrelays.osirusoft.com127.0.0.8 5 0 #OSLIST ip4rrelays.osirusoft.com127.0.0.7 5 0 #OSRELAYip4rrelays.osirusoft.com 127.0.0.2 5 0 #OSSMARTip4rrelays.osirusoft.com 127.0.0.5 5 0 #OSSOFT ip4rrelays.osirusoft.com127.0.0.6 5 0 #OSSRC ip4rrelays.osirusoft.com127.0.0.4 5 0 With?
Re: [Declude.JunkMail] OSRELAY Replacement question.
Let me also correct one thing. I mentioned SPEWS as an alternative to Osirusoft, but that one also comes from their servers :) In otherwords, don't use that either (as noted in Hank's recent message). Matt Andy Schmidt wrote: Here is the replacements that I'm using (marked up red) with the results for the last few hours: Best Regards Andy Schmidt -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mark Smith Sent: Wednesday, August 27, 2003 09:44 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] OSRELAY question. Anyone have any recommendations on what to replace: #OSDUL ip4rrelays.osirusoft.com127.0.0.3 5 0 #OSFORM ip4rrelays.osirusoft.com127.0.0.8 5 0 #OSLIST ip4rrelays.osirusoft.com127.0.0.7 5 0 #OSRELAYip4rrelays.osirusoft.com 127.0.0.2 5 0 #OSSMARTip4rrelays.osirusoft.com 127.0.0.5 5 0 #OSSOFT ip4rrelays.osirusoft.com127.0.0.6 5 0 #OSSRC ip4rrelays.osirusoft.com127.0.0.4 5 0 With? --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] OSRELAY Replacement question.
Here is the replacements that I'm using (marked up red) with the results for the last few hours: Best Regards Andy Schmidt -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mark Smith Sent: Wednesday, August 27, 2003 09:44 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] OSRELAY question. Anyone have any recommendations on what to replace: #OSDUL ip4rrelays.osirusoft.com127.0.0.3 5 0 #OSFORM ip4rrelays.osirusoft.com127.0.0.8 5 0 #OSLIST ip4rrelays.osirusoft.com127.0.0.7 5 0 #OSRELAYip4rrelays.osirusoft.com 127.0.0.2 5 0 #OSSMARTip4rrelays.osirusoft.com 127.0.0.5 5 0 #OSSOFT ip4rrelays.osirusoft.com127.0.0.6 5 0 #OSSRC ip4rrelays.osirusoft.com127.0.0.4 5 0 With? --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. [280K attachment removed]
Re: [Declude.JunkMail] Osirusoft Blacklists The World
The message below came over the Imail discussion board. Should I be removing the lines: OSDIPS ip4r relays.osirusoft.com 127.0.0.3 5 0 OSFORM ip4rrelays.osirusoft.com 127.0.0.8 5 0 OSLIST ip4rrelays.osirusoft.com 127.0.0.7 5 0 OSPROXY ip4r relays.osirusoft.com 127.0.0.9 7 0 OSRELAY ip4rrelays.osirusoft.com 127.0.0.2 5 0 OSSMART ip4rrelays.osirusoft.com 127.0.0.5 5 0 OSSOFT ip4rrelays.osirusoft.com 127.0.0.6 5 0 OSSRC ip4rrelays.osirusoft.com 127.0.0.4 6 0 from my Global.cfg?? Looks like I should but I would like the opinion of the guru. That is correct. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] OSRELAY question.
Im really surprised that there isn't a site out there that reviews and rates those RBLs. All I have seen is listings. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Webmaster Oilfield Directory Sent: Wednesday, August 27, 2003 7:48 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] OSRELAY question. wow! yes there are a lot... but that begs another important question... which ones to use.. :( what is everyone else using ??? thanks sheldon - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, August 27, 2003 5:41 AM Subject: Re: [Declude.JunkMail] OSRELAY question. Okay. another one bites the dust. scheeesch, pretty soon there won't be many spam databases to choose from will there looks like they are winning the battle but will they win the war Actually, http://www.declude.com/junkmail/support/ip4r.htm shows that there are plenty of spam databases left. :) -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Another automated e-mail fails BADHEADERS
It's a shame because I was catching a great deal more spam, but I may have to back off on the weight of this test. This looks like a log file that one guy has e-mailed from a D-link router. Why don't companies have this stuff compliant. sigh Received: from DI-604 [65.41.30.4] by mail.prudentialrand.com (SMTPD32-7.15) id A52966300A0; Wed, 27 Aug 2003 11:58:33 -0400 From: [EMAIL PROTECTED] Subject: [SPAM]DI-604 Log Sender: DI-604 To: [EMAIL PROTECTED] Message-Id: [EMAIL PROTECTED] X-RBL-Warning: BADHEADERS: This E-mail was sent from a broken mail client [c020020c]. X-RBL-Warning: SPAMHEADERS: This E-mail has headers consistent with spam [c020020c]. X-RBL-Warning: WEIGHT10: Weight of 22 reaches or exceeds the limit of 10. X-Declude-Sender: [EMAIL PROTECTED] [65.41.30.4] X-Declude-Spoolname: Dd529066300a0a1b4.SMD X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. X-Spam-Tests-Failed: BADHEADERS, IPNOTINMX, SPAMHEADERS, NOLEGITCONTENT --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] OSRELAY Replacement question.
The fact that SPEWS is gone is not a bad thing! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matthew Bramble Sent: Wednesday, August 27, 2003 1:11 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] OSRELAY Replacement question. Let me also correct one thing. I mentioned SPEWS as an alternative to Osirusoft, but that one also comes from their servers :) In otherwords, don't use that either (as noted in Hank's recent message). Matt Andy Schmidt wrote: Here is the replacements that I'm using (marked up red) with the results for the last few hours: Best Regards Andy Schmidt -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mark Smith Sent: Wednesday, August 27, 2003 09:44 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] OSRELAY question. Anyone have any recommendations on what to replace: #OSDUL ip4rrelays.osirusoft.com127.0.0.3 5 0 #OSFORM ip4rrelays.osirusoft.com127.0.0.8 5 0 #OSLIST ip4rrelays.osirusoft.com127.0.0.7 5 0 #OSRELAYip4rrelays.osirusoft.com 127.0.0.2 5 0 #OSSMARTip4rrelays.osirusoft.com 127.0.0.5 5 0 #OSSOFT ip4rrelays.osirusoft.com127.0.0.6 5 0 #OSSRC ip4rrelays.osirusoft.com127.0.0.4 5 0 With? --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] OSRELAY question.
Im really surprised that there isn't a site out there that reviews and rates those RBLs. All I have seen is listings. The problem is that it is very, very difficult to determine the key piece of information: false positive ratios. Most of the information that people have about the DNS-based spam tests are things like It works really well for me as a small business or As an ISP I find that I can't use it, it has more false positives than I want -- neither of which provides enough information to decide whether or not you should use it. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] RBL list
Please excuse me if this have been discussed before but I wanted to find out what it would take for the Declude users to develop there own RBL of some sort? Thanks, Todd Hunter Progressive Systems --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] OSRELAY Replacement question.
Anyone have the command line to use SPEWS? Thanks, Todd At 01:07 PM 8/27/2003 -0400, you wrote: And here's my newly edited file: DSBLip4rlist.dsbl.org*50 MONKEYPROXIESip4rproxies.relays.monkeys.com * 50 ORDBip4rrelays.ordb.org*40 SPAMCOPip4rbl.spamcop.net127.0.0.2100 EASYNET-DNSBLip4rblackholes.easynet.nl127.0.0.2 70 EASYNET-PROXIESip4rproxies.blackholes.easynet.nl 127.0.0.2 70 FIVETEN-SPAMip4rblackholes.five-ten-sg.com127.0.0.2 50 FIVETEN-BULKip4rblackholes.five-ten-sg.com127.0.0.4 100 FIVETEN-MULTISTAGEip4rblackholes.five-ten-sg.com127.0.0.5 50 FIVETEN-SPAMSUPPORTip4rblackholes.five-ten-sg.com 127.0.0.750 FIVETEN-MISCip4rblackholes.five-ten-sg.com127.0.0.9 70 BLITZEDALLip4ropm.blitzed.org*70 SBLip4rsbl.spamhaus.org127.0.0.2100 MONKEYFORMMAILip4rformmail.relays.monkeys.com*40 FIVETEN-SINGLESTAGEip4rblackholes.five-ten-sg.com 127.0.0.650 FIVETEN-FREEip4rblackholes.five-ten-sg.com127.0.0.12 50 MAILPOLICE-BULKrhsblbulk.rhs.mailpolice.com 127.0.0.2100 MAILPOLICE-PORNrhsblporn.rhs.mailpolice.com 127.0.0.2100 DSNrhsbldsn.rfc-ignorant.org127.0.0.210 NOABUSErhsblabuse.rfc-ignorant.org127.0.0.4 10 NOPOSTMASTERrhsblpostmaster.rfc-ignorant.org127.0.0.3 10 BONDEDSENDERip4rquery.bondedsender.org127.0.0.10 -200 BADHEADERSbadheadersxx30 BASE64base64xx30 HELOBOGUShelovalidxx50 MAILFROMenvfromxx70 IPNOTINMXipnotinmxxx0-2 PERCENTpercentxx20 #REVDNSrevdnsexistsxx00 ROUTINGspamroutingxx70 SPAMHEADERSspamheadersxx50 ALLIGATEexternalnonzeroC:\IMail\Alligate\NoXMail.exe30 #SNIFFERexternalnonzeroC:\IMail\Declude\Sniffer\sniffer.exe authentication70 #CATCHALLMAILScatchallmailsxx00 WEIGHT10weightxx100 Andy Schmidt wrote: Here is the replacements that I'm using (marked up red) with the results for the last few hours: Best Regards Andy Schmidt -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mark Smith Sent: Wednesday, August 27, 2003 09:44 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] OSRELAY question. Anyone have any recommendations on what to replace: #OSDUL ip4rrelays.osirusoft.com127.0.0.3 5 0 #OSFORM ip4rrelays.osirusoft.com127.0.0.8 5 0 #OSLIST ip4rrelays.osirusoft.com127.0.0.7 5 0 #OSRELAYip4rrelays.osirusoft.com 127.0.0.2 5 0 #OSSMARTip4rrelays.osirusoft.com 127.0.0.5 5 0 #OSSOFT ip4rrelays.osirusoft.com127.0.0.6 5 0 #OSSRC ip4rrelays.osirusoft.com127.0.0.4 5 0 With? --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] RBL list
Please excuse me if this have been discussed before but I wanted to find out what it would take for the Declude users to develop there own RBL of some sort? See http://www.declude.com/junkmail/support/ip4rinfo.htm for information on how a DNS-based spam database is set up (FYI, RBL is a trademark of MAPS and only applies to one spam test, RBL). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] OSRELAY question.
Hi; What I have found working the best was: 1: Add as many of the tests as you want with 0 weight. 2: Add a header for every test 3: Monitor your headers and adjust the weights accordingly. 4: After several months start taking out the tests that their weight has stayed 0. This is a lengthy process but as Scott said this is not a one size fits all... We still adjust our weights after all this time and just fine tune them. It has been discussed here over and over again and of course it is one of Declude's strengths that allows you to not base your final decision based on a single test. What we find the tests most useful is with brand new spams we get since on the average our weighing makes sure if something fails 4-5 tests they get into a holding weight. Of course if we see a new spam its content will be marked and it no longer needs any external weight to trap it. Just some thoughts... Kami -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Wednesday, August 27, 2003 1:52 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] OSRELAY question. Im really surprised that there isn't a site out there that reviews and rates those RBLs. All I have seen is listings. The problem is that it is very, very difficult to determine the key piece of information: false positive ratios. Most of the information that people have about the DNS-based spam tests are things like It works really well for me as a small business or As an ISP I find that I can't use it, it has more false positives than I want -- neither of which provides enough information to decide whether or not you should use it. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Another automated e-mail fails BADHEADERS
There's not even a date header in that message. What would an E-mail client even do with that? 1969? I probably switched from Scott's methodologies very early on, requiring a message to fail BADHEADERS, SPAMHEADERS (combined score of 8) plus at least one other test before it gets rejected with a score of 10. This actually still works pretty reliably and allows a lot of the poorly configured automated stuff get through. If I failed on just those two tests, I would false reject more than double the rate that I am now (like Scott said, this is based on the types of customers I have and where they get their E-mail from). The reason why I changed the methodology was because I noticed early on that almost all E-mail that failed BADHEADERS also fails SPAMHEADERS, so I'm essentially treating those two tests as one with the lower scoring on each. Matt Marc Catuogno wrote: It's a shame because I was catching a great deal more spam, but I may have to back off on the weight of this test. This looks like a log file that one guy has e-mailed from a D-link router. Why don't companies have this stuff compliant. sigh Received: from DI-604 [65.41.30.4] by mail.prudentialrand.com (SMTPD32-7.15) id A52966300A0; Wed, 27 Aug 2003 11:58:33 -0400 From: [EMAIL PROTECTED] Subject: [SPAM]DI-604 Log Sender: DI-604 To: [EMAIL PROTECTED] Message-Id: [EMAIL PROTECTED] X-RBL-Warning: BADHEADERS: This E-mail was sent from a broken mail client [c020020c]. X-RBL-Warning: SPAMHEADERS: This E-mail has headers consistent with spam [c020020c]. X-RBL-Warning: WEIGHT10: Weight of 22 reaches or exceeds the limit of 10. X-Declude-Sender: [EMAIL PROTECTED] [65.41.30.4] X-Declude-Spoolname: Dd529066300a0a1b4.SMD X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. X-Spam-Tests-Failed: BADHEADERS, IPNOTINMX, SPAMHEADERS, NOLEGITCONTENT --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] OSRELAY question.
I've found that my scoring in Declude shouldn't be indicative of what is most commonly associated with spam only, but also what is most commonly associated with other tests and false positives. This speaks to the trouble with rating the individual blacklists, scoring them in isolation from one another isn't quite as informative as you would think it would be, although it is quite valuable to know the false positive rates of each individual test so you can avoid them or score them lower. Maybe instead of a rating, people could come up with a standardized rule base that blacklists use for blocking and removal, that way you could determine from the rule base whether or not they are likely to so something defeatist like block Yahoo/SBC's mail servers or rely on a slow update process for open relays. Matt Omar K. wrote: Im really surprised that there isn't a site out there that reviews and rates those RBLs. All I have seen is listings. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Webmaster Oilfield Directory Sent: Wednesday, August 27, 2003 7:48 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] OSRELAY question. wow! yes there are a lot... but that begs another important question... which ones to use.. :( what is everyone else using ??? thanks sheldon - Original Message - From: "R. Scott Perry" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, August 27, 2003 5:41 AM Subject: Re: [Declude.JunkMail] OSRELAY question. Okay. another one bites the dust. scheeesch, pretty soon there won't be many spam databases to choose from will there looks like they are winning the battle but will they win the war Actually, http://www.declude.com/junkmail/support/ip4r.htm shows that there are plenty of spam databases left. :) -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation.
RE: [Declude.JunkMail] OSRELAY Replacement question.
Hm - may be this list doesn't support HTML mail (or doesn't support attachments), here is that screen shot again, this time as a BMP file. The problem is that you are trying to send a 250K attachment, which is clogging up our Internet connection. Perhaps you could convert it to a small .jpg file? -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] OSRELAY Replacement question.
Hm - may be this list doesn't support HTML mail (or doesn't support attachments), here is that screen shot again, this time as a BMP file. The replacements that I'm using are marked up red with the results for the last few hours Best Regards Andy Schmidt HM Systems Software, Inc. 600 East Crescent Avenue, Suite 203 Upper Saddle River, NJ 07458-1846 Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 http://www.HM-Software.com/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy Schmidt Sent: Wednesday, August 27, 2003 11:51 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] OSRELAY Replacement question. Here is the replacements that I'm using (marked up red) with the results for the last few hours: Best Regards Andy Schmidt -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mark Smith Sent: Wednesday, August 27, 2003 09:44 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] OSRELAY question. Anyone have any recommendations on what to replace: #OSDUL ip4rrelays.osirusoft.com127.0.0.3 5 0 #OSFORM ip4rrelays.osirusoft.com127.0.0.8 5 0 #OSLIST ip4rrelays.osirusoft.com127.0.0.7 5 0 #OSRELAYip4rrelays.osirusoft.com 127.0.0.2 5 0 #OSSMARTip4rrelays.osirusoft.com 127.0.0.5 5 0 #OSSOFT ip4rrelays.osirusoft.com127.0.0.6 5 0 #OSSRC ip4rrelays.osirusoft.com127.0.0.4 5 0 With? --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. [280K attachment removed]
RE: [Declude.JunkMail] OSRELAY question.
Kami, Could please elaborate on some of the tests here and how I might use them in Declude config. You are rating them very high so I assume they are giving you good results. BHOLE-BRAZIL, BHOLE-BRAZIL etc... Thanks, Todd At 09:25 AM 8/27/2003 -0400, you wrote: Hi Nick: This is what we have in our filter file. We use IMail to do the testing and then use a filter file to give them weight. Just in case it helps you this is what we have: We had all of what is listed in Declude site and wrote a program to evaluate all the server logs for 5 months and pick up the frequency that each test is triggered. We took the top so many and deleted the ones that hardly return a positive. The following are the ones we use now... HEADERS 8 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-BRAZIL HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-BROADWING HEADERS 10 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-CN-KR HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-CW HEADERS 20 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-BRAZIL HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-INFLOW HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-JAPAN HEADERS 10 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-KOREA HEADERS 3 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-LEVEL3 HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-RR HEADERS 8 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-RUSSIA HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-VERIO HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-YIPES HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (BLARS HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (COMPU HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (DEADBEEF HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (DELINK HEADERS 6 CONTAINS X-IMAIL-SPAM-DNSBL: (DSBL HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (DSBLALL HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (FABELSOURCES HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (fiveten HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (INTERSIL HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (KUNDENSERVER HEADERS 10 CONTAINS X-IMAIL-SPAM-DNSBL: (NJABL HEADERS 9 CONTAINS X-IMAIL-SPAM-DNSBL: (ORDB HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (SORBS-HTTP HEADERS 15 CONTAINS X-IMAIL-SPAM-DNSBL: (SpamCop HEADERS 8 CONTAINS X-IMAIL-SPAM-DNSBL: (SPAMHAUS HEADERS 10 CONTAINS X-IMAIL-SPAM-DNSBL: (WIREHUB-DNSBL HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (WIREHUB-DYNA HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (ybl Regards, Kami -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nick Hayer Sent: Wednesday, August 27, 2003 8:57 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] OSRELAY question. Actually, http://www.declude.com/junkmail/support/ip4r.htm shows that there are plenty of spam databases left. :) -Scott You are correct - BUT - besides the default ones listed in the *old* manual how can we know which to use that give the most accurate results and are not duplicates of each other? Would it be possible for you to make a new recommended list? -Nick Hayer --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] OSRELAY Replacement question.
The replacements that I'm using are marked up red with the results for the last few hours. Best Regards Andy Schmidt HM Systems Software, Inc. 600 East Crescent Avenue, Suite 203 Upper Saddle River, NJ 07458-1846 Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 http://www.HM-Software.com/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mark Smith Sent: Wednesday, August 27, 2003 09:44 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] OSRELAY question. Anyone have any recommendations on what to replace: #OSDUL ip4rrelays.osirusoft.com127.0.0.3 5 0 #OSFORM ip4rrelays.osirusoft.com127.0.0.8 5 0 #OSLIST ip4rrelays.osirusoft.com127.0.0.7 5 0 #OSRELAYip4rrelays.osirusoft.com 127.0.0.2 5 0 #OSSMARTip4rrelays.osirusoft.com 127.0.0.5 5 0 #OSSOFT ip4rrelays.osirusoft.com127.0.0.6 5 0 #OSSRC ip4rrelays.osirusoft.com127.0.0.4 5 0 With? attachment: Declude.PNG
RE: [Declude.JunkMail] OSRELAY question.
Kami, Just to clarify, I wanted to know about your tests labeled BHOLE- Todd At 02:09 PM 8/27/2003 -0500, you wrote: Kami, Could please elaborate on some of the tests here and how I might use them in Declude config. You are rating them very high so I assume they are giving you good results. BHOLE-BRAZIL, BHOLE-BRAZIL etc... Thanks, Todd At 09:25 AM 8/27/2003 -0400, you wrote: Hi Nick: This is what we have in our filter file. We use IMail to do the testing and then use a filter file to give them weight. Just in case it helps you this is what we have: We had all of what is listed in Declude site and wrote a program to evaluate all the server logs for 5 months and pick up the frequency that each test is triggered. We took the top so many and deleted the ones that hardly return a positive. The following are the ones we use now... HEADERS 8 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-BRAZIL HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-BROADWING HEADERS 10 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-CN-KR HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-CW HEADERS 20 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-BRAZIL HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-INFLOW HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-JAPAN HEADERS 10 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-KOREA HEADERS 3 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-LEVEL3 HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-RR HEADERS 8 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-RUSSIA HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-VERIO HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-YIPES HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (BLARS HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (COMPU HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (DEADBEEF HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (DELINK HEADERS 6 CONTAINS X-IMAIL-SPAM-DNSBL: (DSBL HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (DSBLALL HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (FABELSOURCES HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (fiveten HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (INTERSIL HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (KUNDENSERVER HEADERS 10 CONTAINS X-IMAIL-SPAM-DNSBL: (NJABL HEADERS 9 CONTAINS X-IMAIL-SPAM-DNSBL: (ORDB HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (SORBS-HTTP HEADERS 15 CONTAINS X-IMAIL-SPAM-DNSBL: (SpamCop HEADERS 8 CONTAINS X-IMAIL-SPAM-DNSBL: (SPAMHAUS HEADERS 10 CONTAINS X-IMAIL-SPAM-DNSBL: (WIREHUB-DNSBL HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (WIREHUB-DYNA HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (ybl Regards, Kami -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nick Hayer Sent: Wednesday, August 27, 2003 8:57 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] OSRELAY question. Actually, http://www.declude.com/junkmail/support/ip4r.htm shows that there are plenty of spam databases left. :) -Scott You are correct - BUT - besides the default ones listed in the *old* manual how can we know which to use that give the most accurate results and are not duplicates of each other? Would it be possible for you to make a new recommended list? -Nick Hayer --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list.
RE: [Declude.JunkMail] OSRELAY question.
Hi Todd: Attached is the IMail blacklist file. It has the detail of all the tests that we run. As stated earlier we do our tests in IMail and then add the header to be later evaluated by Declude as filter files. If you want simply replace this file in the IMail directory (version 8 only) and all tests should show up in the spam lists. We used to have these in the Declude format with the IP's but since IMail does not need it we no longer have that but I am sure if you want to use them in Declude they are listed in the blackholes.us site.. BHOLE-BRAZIL* brazil.blackholes.us BHOLE-CHINA * china.blackholes.us BHOLE-CN-KR * cn-kr.blackholes.us BHOLE-HONGKONG * hongkong.blackholes.us BHOLE-JAPAN * japan.blackholes.us BHOLE-KOREA * korea.blackholes.us BHOLE-RUSSIA* russia.blackholes.us BHOLE-CW* cw.blackholes.us BHOLE-LEVEL3* level3.blackholes.us BHOLE-RR* rr.blackholes.us BHOLE-VERIO * verio.blackholes.us BHOLE-XO* xo.blackholes.us We have found good results with these... Hope it helps. Let me know if I can be of further assistance. Regards, Kami -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Wednesday, August 27, 2003 3:24 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] OSRELAY question. Kami, Just to clarify, I wanted to know about your tests labeled BHOLE- Todd At 02:09 PM 8/27/2003 -0500, you wrote: Kami, Could please elaborate on some of the tests here and how I might use them in Declude config. You are rating them very high so I assume they are giving you good results. BHOLE-BRAZIL, BHOLE-BRAZIL etc... Thanks, Todd At 09:25 AM 8/27/2003 -0400, you wrote: Hi Nick: This is what we have in our filter file. We use IMail to do the testing and then use a filter file to give them weight. Just in case it helps you this is what we have: We had all of what is listed in Declude site and wrote a program to evaluate all the server logs for 5 months and pick up the frequency that each test is triggered. We took the top so many and deleted the ones that hardly return a positive. The following are the ones we use now... HEADERS 8 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-BRAZIL HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-BROADWING HEADERS 10 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-CN-KR HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-CW HEADERS 20 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-BRAZIL HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-INFLOW HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-JAPAN HEADERS 10 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-KOREA HEADERS 3 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-LEVEL3 HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-RR HEADERS 8 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-RUSSIA HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-VERIO HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-YIPES HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (BLARS HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (COMPU HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (DEADBEEF HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (DELINK HEADERS 6 CONTAINS X-IMAIL-SPAM-DNSBL: (DSBL HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (DSBLALL HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (FABELSOURCES HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (fiveten HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (INTERSIL HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (KUNDENSERVER HEADERS 10 CONTAINS X-IMAIL-SPAM-DNSBL: (NJABL HEADERS 9 CONTAINS X-IMAIL-SPAM-DNSBL: (ORDB HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (SORBS-HTTP HEADERS 15 CONTAINS X-IMAIL-SPAM-DNSBL: (SpamCop HEADERS 8 CONTAINS X-IMAIL-SPAM-DNSBL: (SPAMHAUS HEADERS 10 CONTAINS X-IMAIL-SPAM-DNSBL: (WIREHUB-DNSBL HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (WIREHUB-DYNA HEADERS 1
RE: [Declude.JunkMail] OSRELAY question.
Thanks Kami, We are still on IMail 7.15. IMail 8 is sitting on the shelf until I have some time to deal with the upgrade. I assume to include one of these test in Declude it would be in the form of CHINABLACKHOLE ip4r china.blackholes.us 127.0.0.25 0 Todd At 03:51 PM 8/27/2003 -0400, you wrote: Hi Todd: Attached is the IMail blacklist file. It has the detail of all the tests that we run. As stated earlier we do our tests in IMail and then add the header to be later evaluated by Declude as filter files. If you want simply replace this file in the IMail directory (version 8 only) and all tests should show up in the spam lists. We used to have these in the Declude format with the IP's but since IMail does not need it we no longer have that but I am sure if you want to use them in Declude they are listed in the blackholes.us site.. BHOLE-BRAZIL*brazil.blackholes.us BHOLE-CHINA*china.blackholes.us BHOLE-CN-KR*cn-kr.blackholes.us BHOLE-HONGKONG*hongkong.blackholes.us BHOLE-JAPAN*japan.blackholes.us BHOLE-KOREA*korea.blackholes.us BHOLE-RUSSIA*russia.blackholes.us BHOLE-CW*cw.blackholes.us BHOLE-LEVEL3*level3.blackholes.us BHOLE-RR*rr.blackholes.us BHOLE-VERIO*verio.blackholes.us BHOLE-XO*xo.blackholes.us We have found good results with these... Hope it helps. Let me know if I can be of further assistance. Regards, Kami -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of [EMAIL PROTECTED] Sent: Wednesday, August 27, 2003 3:24 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] OSRELAY question. Kami, Just to clarify, I wanted to know about your tests labeled BHOLE- Todd At 02:09 PM 8/27/2003 -0500, you wrote: Kami, Could please elaborate on some of the tests here and how I might use them in Declude config. You are rating them very high so I assume they are giving you good results. BHOLE-BRAZIL, BHOLE-BRAZIL etc... Thanks, Todd At 09:25 AM 8/27/2003 -0400, you wrote: Hi Nick: This is what we have in our filter file. We use IMail to do the testing and then use a filter file to give them weight. Just in case it helps you this is what we have: We had all of what is listed in Declude site and wrote a program to evaluate all the server logs for 5 months and pick up the frequency that each test is triggered. We took the top so many and deleted the ones that hardly return a positive. The following are the ones we use now... HEADERS 8 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-BRAZIL HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-BROADWING HEADERS 10 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-CN-KR HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-CW HEADERS 20 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-BRAZIL HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-INFLOW HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-JAPAN HEADERS 10 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-KOREA HEADERS 3 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-LEVEL3 HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-RR HEADERS 8 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-RUSSIA HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-VERIO HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-YIPES HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (BLARS HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (COMPU HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (DEADBEEF HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (DELINK HEADERS 6 CONTAINS X-IMAIL-SPAM-DNSBL: (DSBL HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (DSBLALL HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (FABELSOURCES HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (fiveten HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (INTERSIL HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (KUNDENSERVER HEADERS 10 CONTAINS X-IMAIL-SPAM-DNSBL: (NJABL HEADERS 9 CONTAINS X-IMAIL-SPAM-DNSBL: (ORDB HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (SORBS-HTTP HEADERS 15 CONTAINS X-IMAIL-SPAM-DNSBL: (SpamCop HEADERS 8 CONTAINS X-IMAIL-SPAM-DNSBL: (SPAMHAUS HEADERS 10 CONTAINS X-IMAIL-SPAM-DNSBL: (WIREHUB-DNSBL HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (WIREHUB-DYNA HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (ybl Regards, Kami -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Nick Hayer Sent: Wednesday, August 27, 2003 8:57 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] OSRELAY question. Actually, http://www.declude.com/junkmail/support/ip4r.htm shows that there are plenty of spam databases left. :) -Scott You are correct - BUT - besides the default ones listed in the *old* manual how can we know which to use that give the most accurate results and are not duplicates of each other? Would it be possible for you to make a new recommended list? -Nick Hayer --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus
RE: [Declude.JunkMail] OSRELAY question.
Kami, I assume based on your weights that you are Holding at 20? Todd At 03:51 PM 8/27/2003 -0400, you wrote: Hi Todd: Attached is the IMail blacklist file. It has the detail of all the tests that we run. As stated earlier we do our tests in IMail and then add the header to be later evaluated by Declude as filter files. If you want simply replace this file in the IMail directory (version 8 only) and all tests should show up in the spam lists. We used to have these in the Declude format with the IP's but since IMail does not need it we no longer have that but I am sure if you want to use them in Declude they are listed in the blackholes.us site.. BHOLE-BRAZIL* brazil.blackholes.us BHOLE-CHINA * china.blackholes.us BHOLE-CN-KR * cn-kr.blackholes.us BHOLE-HONGKONG * hongkong.blackholes.us BHOLE-JAPAN * japan.blackholes.us BHOLE-KOREA * korea.blackholes.us BHOLE-RUSSIA* russia.blackholes.us BHOLE-CW* cw.blackholes.us BHOLE-LEVEL3* level3.blackholes.us BHOLE-RR* rr.blackholes.us BHOLE-VERIO * verio.blackholes.us BHOLE-XO* xo.blackholes.us We have found good results with these... Hope it helps. Let me know if I can be of further assistance. Regards, Kami -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Wednesday, August 27, 2003 3:24 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] OSRELAY question. Kami, Just to clarify, I wanted to know about your tests labeled BHOLE- Todd At 02:09 PM 8/27/2003 -0500, you wrote: Kami, Could please elaborate on some of the tests here and how I might use them in Declude config. You are rating them very high so I assume they are giving you good results. BHOLE-BRAZIL, BHOLE-BRAZIL etc... Thanks, Todd At 09:25 AM 8/27/2003 -0400, you wrote: Hi Nick: This is what we have in our filter file. We use IMail to do the testing and then use a filter file to give them weight. Just in case it helps you this is what we have: We had all of what is listed in Declude site and wrote a program to evaluate all the server logs for 5 months and pick up the frequency that each test is triggered. We took the top so many and deleted the ones that hardly return a positive. The following are the ones we use now... HEADERS 8 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-BRAZIL HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-BROADWING HEADERS 10 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-CN-KR HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-CW HEADERS 20 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-BRAZIL HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-INFLOW HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-JAPAN HEADERS 10 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-KOREA HEADERS 3 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-LEVEL3 HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-RR HEADERS 8 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-RUSSIA HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-VERIO HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-YIPES HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (BLARS HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (COMPU HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (DEADBEEF HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (DELINK HEADERS 6 CONTAINS X-IMAIL-SPAM-DNSBL: (DSBL HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (DSBLALL HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (FABELSOURCES HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (fiveten HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (INTERSIL HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (KUNDENSERVER HEADERS 10 CONTAINS X-IMAIL-SPAM-DNSBL: (NJABL HEADERS 9 CONTAINS X-IMAIL-SPAM-DNSBL: (ORDB HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (SORBS-HTTP HEADERS 15 CONTAINS X-IMAIL-SPAM-DNSBL: (SpamCop HEADERS 8 CONTAINS X-IMAIL-SPAM-DNSBL: (SPAMHAUS HEADERS 10 CONTAINS X-IMAIL-SPAM-DNSBL: (WIREHUB-DNSBL HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (WIREHUB-DYNA HEADERS 1 CONTAINS
RE: [Declude.JunkMail] OSRELAY question.
Hi Todd: Yes we hold on 20. Regards, Kami -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Wednesday, August 27, 2003 5:17 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] OSRELAY question. Kami, I assume based on your weights that you are Holding at 20? Todd At 03:51 PM 8/27/2003 -0400, you wrote: Hi Todd: Attached is the IMail blacklist file. It has the detail of all the tests that we run. As stated earlier we do our tests in IMail and then add the header to be later evaluated by Declude as filter files. If you want simply replace this file in the IMail directory (version 8 only) and all tests should show up in the spam lists. We used to have these in the Declude format with the IP's but since IMail does not need it we no longer have that but I am sure if you want to use them in Declude they are listed in the blackholes.us site.. BHOLE-BRAZIL* brazil.blackholes.us BHOLE-CHINA * china.blackholes.us BHOLE-CN-KR * cn-kr.blackholes.us BHOLE-HONGKONG * hongkong.blackholes.us BHOLE-JAPAN * japan.blackholes.us BHOLE-KOREA * korea.blackholes.us BHOLE-RUSSIA* russia.blackholes.us BHOLE-CW* cw.blackholes.us BHOLE-LEVEL3* level3.blackholes.us BHOLE-RR* rr.blackholes.us BHOLE-VERIO * verio.blackholes.us BHOLE-XO* xo.blackholes.us We have found good results with these... Hope it helps. Let me know if I can be of further assistance. Regards, Kami -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Wednesday, August 27, 2003 3:24 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] OSRELAY question. Kami, Just to clarify, I wanted to know about your tests labeled BHOLE- Todd At 02:09 PM 8/27/2003 -0500, you wrote: Kami, Could please elaborate on some of the tests here and how I might use them in Declude config. You are rating them very high so I assume they are giving you good results. BHOLE-BRAZIL, BHOLE-BRAZIL etc... Thanks, Todd At 09:25 AM 8/27/2003 -0400, you wrote: Hi Nick: This is what we have in our filter file. We use IMail to do the testing and then use a filter file to give them weight. Just in case it helps you this is what we have: We had all of what is listed in Declude site and wrote a program to evaluate all the server logs for 5 months and pick up the frequency that each test is triggered. We took the top so many and deleted the ones that hardly return a positive. The following are the ones we use now... HEADERS 8 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-BRAZIL HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-BROADWING HEADERS 10 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-CN-KR HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-CW HEADERS 20 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-BRAZIL HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-INFLOW HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-JAPAN HEADERS 10 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-KOREA HEADERS 3 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-LEVEL3 HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-RR HEADERS 8 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-RUSSIA HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-VERIO HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (BHOLE-YIPES HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (BLARS HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (COMPU HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (DEADBEEF HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (DELINK HEADERS 6 CONTAINS X-IMAIL-SPAM-DNSBL: (DSBL HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (DSBLALL HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (FABELSOURCES HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (fiveten HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (INTERSIL HEADERS 1 CONTAINS X-IMAIL-SPAM-DNSBL: (KUNDENSERVER HEADERS 10 CONTAINS X-IMAIL-SPAM-DNSBL: (NJABL HEADERS 9 CONTAINS X-IMAIL-SPAM-DNSBL: (ORDB HEADERS 5 CONTAINS X-IMAIL-SPAM-DNSBL: (SORBS-HTTP
RE: [Declude.JunkMail] OSRELAY question.
Until a few days ago, I was using SORBSALL, but on checking out their home page, I found that it had grown quite a lot since I started using it. Since JunkMail will only incur the lookup once, I suggest that if you're using SORBS that you break it up into all the little tests to query the same rbl, and set your weights accordingly. I found that a) this is much more flexible and b) much more effective, very spammy sources are listed under multiple categories. Check out the bottom of the page for the description and usage of the individual tests and return codes, then set your weights and actions as you see fit: http://www.dnsbl.sorbs.net/using.html Andrew 8) # This is an automatically maintained list generated by spamtraps whose messages # are then tested by a community maintained script at http://sourceforge.net/projects/sorbs/ # For the all-in info, see the home page at http://www.dnsbl.sorbs.net/ #SORBSALL ip4rdnsbl.sorbs.net * 7 0 #open web proxy servers SORBS-HTTP ip4rdnsbl.sorbs.net 127.0.0.2 7 0 #open socks proxy servers SORBS-SOCKS ip4rdnsbl.sorbs.net 127.0.0.3 7 0 #open proxies that are neither web nor socks SORBS-MISC ip4rdnsbl.sorbs.net 127.0.0.4 7 0 #open smtp relay servers SORBS-SMTP ip4rdnsbl.sorbs.net 127.0.0.5 7 0 #hosts that send spam and netblocks of providers that support spammers SORBS-SPAM ip4rdnsbl.sorbs.net 127.0.0.6 7 0 #hosts that have spammer abused vulnerabilites, e.g. formmail script SORBS-WEB ip4rdnsbl.sorbs.net 127.0.0.7 7 0 #hosts that demand that they are never to be scanned by SORBS SORBS-BLOCK ip4rdnsbl.sorbs.net 127.0.0.8 3 0 #hosts that are in a netblock hijacked from someone else SORBS-ZOMBIEip4rdnsbl.sorbs.net 127.0.0.9 7 0 #hosts that are in a dynamic IP range at their ISP #this one gets us in trouble because our HOP settings usually catch the workstation #as it sends to its own ISPs mail server, and we can't differentiate between a server #that sends the mail and the workstation... #SORBS-DUL ip4rdnsbl.sorbs.net 127.0.0.10 3 0 #hosts that have badly configured DNS, e.g. private IP addresses or broadcasts SORBS-BADCONF rhsbldnsbl.sorbs.net127.0.0.11 3 0 #domains where the correct admin has stated that mailfrom should never be from this domain #eg corp.supernews.com and news.supernews.net SORBS-NOMAILrhsbldnsbl.sorbs.net127.0.0.12 1 0