[Declude.JunkMail] Null Sender
Scott, Is there anyway to assign points to a null sender? Most null sender emails I get are spam and was wondering if I could assign a point value to null sender? Bennie
Re: [Declude.JunkMail] Null Sender
Is there anyway to assign points to a null sender? Most null sender emails I get are spam and was wondering if I could assign a point value to null sender? I believe you could set up a filter, and add this line to the filter file: MAILFROM 2 ISBLANK -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Integrity Checker
So HELO of Micorosoft.com should only be allowed if REVDNS is also Microsoft and email is Microsoft.com. Or can we do this already? That sounds like it would be a good extension to the SPAMDOMAINS test (which checks for return address and reverse DNS matches). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] maybe its just one of AOL's servers???
On Oct 9, 2003, at 10:46 PM, Frederick Samarelli wrote: The message was sent from a process AOL has to notify ip subnet owners when someone complains about an email sent to an AOL user. What you see is what I get all the time from AOL. I can give you my AOL contact if you like. Actually what would help is if I could see an entire message unaltered so I could get the context. It sort of makes sense [EMAIL PROTECTED] would be an employee. Perhaps he sends notices from his home DSL connection. postmaster.aol.com wasn't written to mention mail from @aol.net or @netscape.com. Perhaps that is a goof. When you say what I get all the time from AOL. you mean that we send you spam complaints about your users? I just want to clarify that the only example I've seen with any mention of mail.aol.com was a spam complaint that cam from @aol.net. And that the email had a PTR of X-Note: Sent from Reverse DNS: adsl-65-42-205-4.afafld-ualmec.org which is a DSL line, and that is because aol.net emails are IMAP / SMTP accounts and so [EMAIL PROTECTED] was probably working from home dealing with spam complaints and sent the email from home equipment rather than in the office. And I'm confused about your email because there is no line showing your server ever received the email so I know the headers provided are not complete. -- Joshua Levitsky, CISSP, MCSE System Engineer AOL Time Warner [5957 F27C 9C71 E9A7 274A 0447 C9B9 75A4 9B41 D4D1] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Null Sender
Would this work if it is '' as it most commonly is? Then it is truly not blank... I think Block Null Sender covers this instance. It would be nice to have an alternative that was RFC compliant. It would probably be best to use both: MAILFROM 2 ISBLANK and MAILFROM 2 IS That way, whichever format IMail may choose to use will be caught. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] External whitelist filter
Could someone post an example of an external filter used as a replacement for the GLOBAL.CFG whitelist entries? Most specifically, the REVDNS entries... I can't seem to get the right thing working. I'm still new at this. Thanks --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] ERROR: SOMEONE CRUMBLED MY MAGIC COOKIE
Scott I am on version 1.76i5 I have been getting this error for many months, yes even back on verison 1.6x the error happens to every email that reaches the action weight of DELETE see attached the two files .GPx files form c:\ and my two Config files and part of log file Sincerely, William J. Baumbach II [EMAIL PROTECTED] 9975 Pennsylvania Ave. Manassas, Va. 20110-2028 Ph: 703-367-7900 ext:1708 Fax: 703-691-0946 - - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, October 09, 2003 10:52 AM Subject: Re: [Declude.JunkMail] ERROR: SOMEONE CRUMBLED MY MAGIC COOKIE does anyone else see this error in their log files ERROR: SOMEONE CRUMBLED MY MAGIC COOKIE I have been getting this error for many months, even though everything seems to be working OK If I recall correctly, that could happen with v1.65 under some odd circumstances. If you upgrade to v1.75, it should take care of the problem. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. [ scanned for spam to: [EMAIL PROTECTED] incoming http://www.DcMetroNet.com on 10/09/2003 at 10:56:02-0500et. ] [ scanned for viruses to: [EMAIL PROTECTED] incoming http://www.DcMetroNet.com on 10/09/2003 at 10:56:05-0500et. ] configs.zip Description: Zip compressed data
[Declude.JunkMail] Disclaimer/confidentiality agreement.
Does anyone have a good disclaimer/confidentiality agreement they would like to share. I offering Email and Scan/forward services. Recently I have been asked for a copy of our disclaimer/confidentiality agreement. Not wanting to re-invent the wheel I am asking the list to see if someone would like to share one. I have always found the people on this list to be among the best in the business. Thanks. Fred --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Dictionary attacks --- anyone have any solutions.
We are constantly getting hammered with dictionary attacks. Does anyone have any solutions? Does the new version of Imail address this issue? Whenever I check a lot of it comes from open proxies. Blocking the IPs is not a solution. Any ideas are appreciated. Chuck Schick Warp 8, Inc. 303-421-5140 www.warp8.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] External whitelist filter
This is what I use and I have been very pleased with the results.. Global.cfg entry REVERSEWEIGHTDNS filter x:\IMail\Declude\ReverseDNSFilter.txt x 0 0 Sample File Contents REVDNS -3 ENDSWITH .kodak.com REVDNS -3 ENDSWITH .mx.aol.com REVDNS -3 ENDSWITH .dell.com Hope this helps. Darrell Check out DLAnalyzer a comprehensive reporting tool for Declude Junkmail Logs - http://www.dlanalyzer.com Keith Anderson writes: Could someone post an example of an external filter used as a replacement for the GLOBAL.CFG whitelist entries? Most specifically, the REVDNS entries... I can't seem to get the right thing working. I'm still new at this. Thanks --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] External whitelist filter
Terrific, thank you. -Original Message- From: DLAnalyzer Support [mailto:[EMAIL PROTECTED] Sent: Friday, October 10, 2003 9:48 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] External whitelist filter This is what I use and I have been very pleased with the results.. Global.cfg entry REVERSEWEIGHTDNS filter x:\IMail\Declude\ReverseDNSFilter.txt x 0 0 Sample File Contents REVDNS -3 ENDSWITH .kodak.com REVDNS-3 ENDSWITH .mx.aol.com REVDNS-3 ENDSWITH .dell.com Hope this helps. Darrell Check out DLAnalyzer a comprehensive reporting tool for Declude Junkmail Logs - http://www.dlanalyzer.com Keith Anderson writes: Could someone post an example of an external filter used as a replacement for the GLOBAL.CFG whitelist entries? Most specifically, the REVDNS entries... I can't seem to get the right thing working. I'm still new at this. Thanks --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Disclaimer/confidentiality agreement.
This email message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution of this email is prohibited. If you are not the intended recipient, please contact the sender and destroy all paper and electronic copies of this message. Sincerely, William J. Baumbach II [EMAIL PROTECTED] 9975 Pennsylvania Ave. Manassas, Va. 20110-2028 Ph: 703-367-7900 ext:1708 Fax: 703-691-0946 - - Original Message - From: Frederick Samarelli [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, October 10, 2003 11:18 AM Subject: [Declude.JunkMail] Disclaimer/confidentiality agreement. Does anyone have a good disclaimer/confidentiality agreement they would like to share. I offering Email and Scan/forward services. Recently I have been asked for a copy of our disclaimer/confidentiality agreement. Not wanting to re-invent the wheel I am asking the list to see if someone would like to share one. I have always found the people on this list to be among the best in the business. Thanks. Fred --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. [ scanned for spam to: [EMAIL PROTECTED] incoming http://www.DcMetroNet.com on 10/10/2003 at 11:21:58-0500et. ] [ scanned for viruses to: [EMAIL PROTECTED] incoming http://www.DcMetroNet.com on 10/10/2003 at 11:22:00-0500et. ] [ scanned for spam to: [EMAIL PROTECTED] outgoing http://www.DcMetroNet.com on 10/10/2003 at 12:08:55-0500et. ] This email message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution of this email is prohibited. If you are not the intended recipient, please contact the sender and destroy all paper and electronic copies of this message. [ scanned for viruses to: [EMAIL PROTECTED] outgoing http://www.DcMetroNet.com on 10/10/2003 at 12:08:58-0500et. ] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Alligate
FYI -Original Message- From: Brian Milburn [mailto:[EMAIL PROTECTED] Sent: Friday, October 10, 2003 12:05 PM To: [EMAIL PROTECTED] Subject: Re: Alligate Information Request Hi, Thanks for your interest in Alligate for IMail. We have decided we are no longer going to offer an IMail specific version. The Declude Add-in is not currently being offered, however should be available again shortly, probably within a couple of weeks. It is in need of a major update to bring it up to the same level that our gateway product is. I would also invite you to look over the documentation for our gateway version. The gateway version of Alligate requires a dedicated computer, however it is significantly more powerful than any IMail version and greatly reduces the load on your mail server. Additionally, the gateway version has integrated email vulnerability detection which eliminates virtually all viruses and other email based dangers before they ever get to your mail server. The link for the gateway documentation is: http://www.getalligate.com Thanks again, Brian Milburn Solid Oak Software Sincerely, William J. Baumbach II [EMAIL PROTECTED] 9975 Pennsylvania Ave. Manassas, Va. 20110-2028 Ph: 703-367-7900 ext:1708 Fax: 703-691-0946 - [ scanned for spam to: [EMAIL PROTECTED] outgoing http://www.DcMetroNet.com on 10/10/2003 at 12:21:21-0500et. ] This email message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution of this email is prohibited. If you are not the intended recipient, please contact the sender and destroy all paper and electronic copies of this message. [ scanned for viruses to: [EMAIL PROTECTED] outgoing http://www.DcMetroNet.com on 10/10/2003 at 12:21:25-0500et. ] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Dictionary attacks --- anyone have any solutions.
We are constantly getting hammered with dictionary attacks. Does anyone have any solutions? Does the new version of Imail address this issue? Whenever I check a lot of it comes from open proxies. Blocking the IPs is not a solution. Any ideas are appreciated. Blocking the IPs is the only solution. :) Some people have reported that BlackIce Server can be set up to stop dictionary attacks (check the IMail and Declude JunkMail forum archives for BlackIce, and you should be able to find more information). IMail doesn't address this issue, nor can addons to IMail effectively do so, since Ipswtich doesn't document the file format used for their control access file. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] External whitelist filter
Could someone post an example of an external filter used as a replacement for the GLOBAL.CFG whitelist entries? Most specifically, the REVDNS entries... I can't seem to get the right thing working. I'm still new at this. That's the WHITELISTFILE option -- but, it won't work with reverse DNS entries yet. For that, you can use a filter, with negative weights. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Disclaimer/confidentiality agreement.
I was thinking more in the line of a item we sign sand send to the customer. Some info to include Email Scan and Forward Polices. We are committed to honoring the privacy of our users and visitors. We never sell or make available individual names, lists of users, or aggregate data to any third parties for gain. User configurations and email messages are processed automatically by software, so humans do not review this information. User configuration information provided to us is used explicitly to deliver services that match your requirements and not for any other purpose. All user-specific information and email message information including content, addresses, categorizations, and IP addresses is kept strictly confidential. TCB delivers only services that comply with the existing service agreement between you and your email service provider. - Original Message - From: William Baumbach [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, October 10, 2003 12:07 PM Subject: Re: [Declude.JunkMail] Disclaimer/confidentiality agreement. This email message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution of this email is prohibited. If you are not the intended recipient, please contact the sender and destroy all paper and electronic copies of this message. Sincerely, William J. Baumbach II [EMAIL PROTECTED] 9975 Pennsylvania Ave. Manassas, Va. 20110-2028 Ph: 703-367-7900 ext:1708 Fax: 703-691-0946 - - Original Message - From: Frederick Samarelli [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, October 10, 2003 11:18 AM Subject: [Declude.JunkMail] Disclaimer/confidentiality agreement. Does anyone have a good disclaimer/confidentiality agreement they would like to share. I offering Email and Scan/forward services. Recently I have been asked for a copy of our disclaimer/confidentiality agreement. Not wanting to re-invent the wheel I am asking the list to see if someone would like to share one. I have always found the people on this list to be among the best in the business. Thanks. Fred --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. [ scanned for spam to: [EMAIL PROTECTED] incoming http://www.DcMetroNet.com on 10/10/2003 at 11:21:58-0500et. ] [ scanned for viruses to: [EMAIL PROTECTED] incoming http://www.DcMetroNet.com on 10/10/2003 at 11:22:00-0500et. ] [ scanned for spam to: [EMAIL PROTECTED] outgoing http://www.DcMetroNet.com on 10/10/2003 at 12:08:55-0500et. ] This email message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution of this email is prohibited. If you are not the intended recipient, please contact the sender and destroy all paper and electronic copies of this message. [ scanned for viruses to: [EMAIL PROTECTED] outgoing http://www.DcMetroNet.com on 10/10/2003 at 12:08:58-0500et. ] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] ERROR: SOMEONE CRUMBLED MY MAGIC COOKIE
I am on version 1.76i5 I have been getting this error for many months, yes even back on verison 1.6x the error happens to every email that reaches the action weight of DELETE Could you type \IMail\Declude -diag from a command prompt to double-check that you are actually on 1.76i5? There was an issue in one of the betas or interim releases where the DELETE action could cause a problem similar to what you describe, but 1.76i5 shouldn't have that problem. Could you E-mail me the declude.gp1 and declude.gp2 files (off-list)? -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Dictionary attacks --- anyone have any solutions.
I use BlackIce server. Give me an idea as to what to look for and I will tell you if it is working. Fred - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, October 10, 2003 12:23 PM Subject: Re: [Declude.JunkMail] Dictionary attacks --- anyone have any solutions. We are constantly getting hammered with dictionary attacks. Does anyone have any solutions? Does the new version of Imail address this issue? Whenever I check a lot of it comes from open proxies. Blocking the IPs is not a solution. Any ideas are appreciated. Blocking the IPs is the only solution. :) Some people have reported that BlackIce Server can be set up to stop dictionary attacks (check the IMail and Declude JunkMail forum archives for BlackIce, and you should be able to find more information). IMail doesn't address this issue, nor can addons to IMail effectively do so, since Ipswtich doesn't document the file format used for their control access file. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] External whitelist filter
That's the WHITELISTFILE option -- but, it won't work with reverse DNS entries yet. For that, you can use a filter, with negative weights. I've got it working now as a filter with these types of entries: revdns -900 endswith .domain.com revdns -900 endswith @domain.com mailfrom -900 is [EMAIL PROTECTED] It seems to be working really well. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Dictionary attacks --- anyone have any solutions.
Thanks Scott: The reason blocking IPs is not the answer is because I would have to spend 24 hours a day doing it. Also Imail's control access list is just a list of IPs. It would be nice if the list was part of a database where you could put dates and reasons for blacklisting IPs - Chuck Schick Warp 8, Inc. 303-421-5140 www.warp8.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of R. Scott Perry Sent: Friday, October 10, 2003 10:24 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Dictionary attacks --- anyone have any solutions. We are constantly getting hammered with dictionary attacks. Does anyone have any solutions? Does the new version of Imail address this issue? Whenever I check a lot of it comes from open proxies. Blocking the IPs is not a solution. Any ideas are appreciated. Blocking the IPs is the only solution. :) Some people have reported that BlackIce Server can be set up to stop dictionary attacks (check the IMail and Declude JunkMail forum archives for BlackIce, and you should be able to find more information). IMail doesn't address this issue, nor can addons to IMail effectively do so, since Ipswtich doesn't document the file format used for their control access file. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Dictionary attacks --- anyone have any solutions.
Hi Chuck: We have done that and it works great for us. We have designed a database that all spam data goes in there. All filter parameters are entered in a relational table. We have a script that downloads various queries into text files and then they are copied on a schedule in the IMail directory. - Stop SMTP service - Copy all files - Start SMTP service All people do is when they see a spam in the spam account they enter it in the replicated database which then does everything automatically. I am sure there is an easier way but with our system we can simply state a 7 month window for queries so all entries are not always entered. Regards, Kami -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chuck Schick Sent: Friday, October 10, 2003 1:03 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Dictionary attacks --- anyone have any solutions. Thanks Scott: The reason blocking IPs is not the answer is because I would have to spend 24 hours a day doing it. Also Imail's control access list is just a list of IPs. It would be nice if the list was part of a database where you could put dates and reasons for blacklisting IPs - Chuck Schick Warp 8, Inc. 303-421-5140 www.warp8.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of R. Scott Perry Sent: Friday, October 10, 2003 10:24 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Dictionary attacks --- anyone have any solutions. We are constantly getting hammered with dictionary attacks. Does anyone have any solutions? Does the new version of Imail address this issue? Whenever I check a lot of it comes from open proxies. Blocking the IPs is not a solution. Any ideas are appreciated. Blocking the IPs is the only solution. :) Some people have reported that BlackIce Server can be set up to stop dictionary attacks (check the IMail and Declude JunkMail forum archives for BlackIce, and you should be able to find more information). IMail doesn't address this issue, nor can addons to IMail effectively do so, since Ipswtich doesn't document the file format used for their control access file. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Alligate
This is correct. We stopped offering the IMail specific (non Declude) version of Alligate a couple of months ago. We have also suspended free trials of the Declude add-in until we can bring it up to date so that the same detection methods are used by both the Declude version and our gateway version. We are currently spending too much time maintaining conditional pattern files mainly for about 8 or 10 registered Declude version users. There is not really that much interest in this as a Declude test it seems... lots of free trials, but very few sales. We have far more invested in free trial tech support than the revenue this has generated. The Declude version of Alligate is now lacking about 50% if the refinements and enhancements that we have incorporated into the gateway version. Until we can bring the code up to date, it just doesn't make sense to continue to offer free trials and provide free tech support until we are working with the same code base for both versions of the product. Brian Milburn Solid Oak Software On 10/10/2003 12:20pm you wrote... FYI -Original Message- From: Brian Milburn [mailto:[EMAIL PROTECTED] Sent: Friday, October 10, 2003 12:05 PM To: [EMAIL PROTECTED] Subject: Re: Alligate Information Request Hi, Thanks for your interest in Alligate for IMail. We have decided we are no longer going to offer an IMail specific version. The Declude Add-in is not currently being offered, however should be available again shortly, probably within a couple of weeks. It is in need of a major update to bring it up to the same level that our gateway product is. I would also invite you to look over the documentation for our gateway version. The gateway version of Alligate requires a dedicated computer, however it is significantly more powerful than any IMail version and greatly reduces the load on your mail server. Additionally, the gateway version has integrated email vulnerability detection which eliminates virtually all viruses and other email based dangers before they ever get to your mail server. The link for the gateway documentation is: http://www.getalligate.com Thanks again, Brian Milburn Solid Oak Software Sincerely, William J. Baumbach II [EMAIL PROTECTED] 9975 Pennsylvania Ave. Manassas, Va. 20110-2028 Ph: 703-367-7900 ext:1708 Fax: 703-691-0946 - [ scanned for spam to: [EMAIL PROTECTED] outgoing http://www.DcMetroNet.com on 10/10/2003 at 12:21:21-0500et. ] This email message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution of this email is prohibited. If you are not the intended recipient, please contact the sender and destroy all paper and electronic copies of this message. [ scanned for viruses to: [EMAIL PROTECTED] outgoing http://www.DcMetroNet.com on 10/10/2003 at 12:21:25-0500et. ] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] External whitelist filter
- Original Message - From: Keith Anderson [EMAIL PROTECTED] I've got it working now as a filter with these types of entries: revdns -900 endswith .domain.com revdns -900 endswith @domain.com You should never find an @ in a REVDNS response, so the above entry would be useless. Bill --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] External whitelist filter
You should never find an @ in a REVDNS response, so the above entry would be useless. Good point. Thanks --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] IMail 8x VERIFY THE MAIL FROM
Is anyone using the VERIFY THE MAIL FROM and VERIFY THE EHLO/HELO DOMAIN features in Imail 8.x before running Declude with sucess? --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] IMail 8x VERIFY THE MAIL FROM
Hi; Yes we have been using it for a while.. With success. This is our filter. HEADERS 12 CONTAINS X-IMAIL-SPAM-VALFROM HEADERS 5 CONTAINS X-IMAIL-SPAM-VALHELO HEADERS 12 CONTAINS X-IMAIL-SPAM-VALREVDNS We have set it to show in the header and have these entries in our Header filter. Regards, Kami -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Danny Klopfer Sent: Friday, October 10, 2003 2:22 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] IMail 8x VERIFY THE MAIL FROM Is anyone using the VERIFY THE MAIL FROM and VERIFY THE EHLO/HELO DOMAIN features in Imail 8.x before running Declude with sucess? --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
