[Declude.JunkMail] OT: Too Funny
http://www.theregister.co.uk/content/6/34147.html Charles Booher, 44, apparently snapped after his computer was deluged with ads offering a larger p*n*s and, presumably not requiring a larger p*n*s at that time, launched a terror campaign against the Canadian company he blamed for the outrage. Fritz Frederick P. Squib, Jr. Network Operations/Mail Administrator Citizens Telephone Company of Kecksburg http://www.wpa.net () ascii ribbon campaign - against html mail /\- against microsoft attachments --- [This E-mail scanned by Citizens Internet Services with Declude Virus.] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
FW: [Declude.JunkMail] Declude does not see email
Title: Re: [Declude.JunkMail] Declude does not see email Scott, This issue of Declude (1.76i and Imail 8.04)not seeing email has picked up tremendously in the past week or so. We are starting to see this a lot in our own email as well as our customers reporting it. It seems to be happening in both html and plain text formated emails. Is there anything I can do in my settings to aid this as I am fearful of viruses getting thru (more so than spam)? Thanks, Keith -Original Message- From: R. Scott Perry [mailto:[EMAIL PROTECTED] Sent: Fri 11/21/2003 12:10 PM To: [EMAIL PROTECTED] Cc: Subject: Re: [Declude.JunkMail] Declude does not see email I am curious to know if others are experiencing this as well.Daily I receive 3-4 spam that show no sign of Declude ever being ran.Searching the IMail log file shows the email arriving and the SPAM logfile for IMail shows an entry for the email but Declude does not show it.Are you running IMail v8? There seems to be a problem with IMail v8 whereit will occasionally "forget" to call Declude. We haven't been able toreproduce the problem, but from the log files that we have seen, it appearsthat Declude isn't even started. -Scott---Declude JunkMail: The advanced anti-spam solution for IMail mailservers.Declude Virus: Catches known viruses and is the leader in mailservervulnerability detection.Find out what you've been missing: Ask about our free 30-day evaluation.---[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]---This E-mail came from the Declude.JunkMail mailing list. Tounsubscribe, just send an E-mail to [EMAIL PROTECTED], andtype "unsubscribe Declude.JunkMail". The archives can be foundat http://www.mail-archive.com.
RE: [Declude.JunkMail] Declude does not see email
Title: Re: [Declude.JunkMail] Declude does not see email Keith I am glad it is happening to you :) at least I know we are not alone.. Regards, Kami From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Keith JohnsonSent: Monday, November 24, 2003 8:42 AMTo: [EMAIL PROTECTED]Subject: FW: [Declude.JunkMail] Declude does not see email Scott, This issue of Declude (1.76i and Imail 8.04)not seeing email has picked up tremendously in the past week or so. We are starting to see this a lot in our own email as well as our customers reporting it. It seems to be happening in both html and plain text formated emails. Is there anything I can do in my settings to aid this as I am fearful of viruses getting thru (more so than spam)? Thanks, Keith -Original Message- From: R. Scott Perry [mailto:[EMAIL PROTECTED] Sent: Fri 11/21/2003 12:10 PM To: [EMAIL PROTECTED] Cc: Subject: Re: [Declude.JunkMail] Declude does not see email I am curious to know if others are experiencing this as well.Daily I receive 3-4 spam that show no sign of Declude ever being ran.Searching the IMail log file shows the email arriving and the SPAM logfile for IMail shows an entry for the email but Declude does not show it.Are you running IMail v8? There seems to be a problem with IMail v8 whereit will occasionally "forget" to call Declude. We haven't been able toreproduce the problem, but from the log files that we have seen, it appearsthat Declude isn't even started. -Scott---Declude JunkMail: The advanced anti-spam solution for IMail mailservers.Declude Virus: Catches known viruses and is the leader in mailservervulnerability detection.Find out what you've been missing: Ask about our free 30-day evaluation.---[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]---This E-mail came from the Declude.JunkMail mailing list. Tounsubscribe, just send an E-mail to [EMAIL PROTECTED], andtype "unsubscribe Declude.JunkMail". The archives can be foundat http://www.mail-archive.com.
[Declude.JunkMail] EASYNET discontinued starting Dec 1 2003
See the statement here: http://abuse.easynet.nl/proxies.html Adrian --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Declude does not see email
Title: Re: [Declude.JunkMail] Declude does not see email Keith: Have you checked the virus logs? In our case no record of the email is seen in JM or Virus logs. It seems like when IMail gets done with it simply forgets Declude and delivers the email. So we are not scanning the email for virus ... Regards, Kami From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Keith JohnsonSent: Monday, November 24, 2003 8:42 AMTo: [EMAIL PROTECTED]Subject: FW: [Declude.JunkMail] Declude does not see email Scott, This issue of Declude (1.76i and Imail 8.04)not seeing email has picked up tremendously in the past week or so. We are starting to see this a lot in our own email as well as our customers reporting it. It seems to be happening in both html and plain text formated emails. Is there anything I can do in my settings to aid this as I am fearful of viruses getting thru (more so than spam)? Thanks, Keith -Original Message- From: R. Scott Perry [mailto:[EMAIL PROTECTED] Sent: Fri 11/21/2003 12:10 PM To: [EMAIL PROTECTED] Cc: Subject: Re: [Declude.JunkMail] Declude does not see email I am curious to know if others are experiencing this as well.Daily I receive 3-4 spam that show no sign of Declude ever being ran.Searching the IMail log file shows the email arriving and the SPAM logfile for IMail shows an entry for the email but Declude does not show it.Are you running IMail v8? There seems to be a problem with IMail v8 whereit will occasionally "forget" to call Declude. We haven't been able toreproduce the problem, but from the log files that we have seen, it appearsthat Declude isn't even started. -Scott---Declude JunkMail: The advanced anti-spam solution for IMail mailservers.Declude Virus: Catches known viruses and is the leader in mailservervulnerability detection.Find out what you've been missing: Ask about our free 30-day evaluation.---[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]---This E-mail came from the Declude.JunkMail mailing list. Tounsubscribe, just send an E-mail to [EMAIL PROTECTED], andtype "unsubscribe Declude.JunkMail". The archives can be foundat http://www.mail-archive.com.
RE: [Declude.JunkMail] Declude does not see email
Title: Re: [Declude.JunkMail] Declude does not see email Kami, That is exactly what I am seeing, no record of it. It scares me that email is getting through our system for our customers, yet it is unscanned. We handle total of about 150K emails each day across two servers and we are seeing it on both. It seems like it just happened right after the 8.03 update, but got worse after the 8.04 update. Thanks, Keith From: Kami Razvan [mailto:[EMAIL PROTECTED] Sent: Monday, November 24, 2003 9:03 AMTo: [EMAIL PROTECTED]Subject: RE: [Declude.JunkMail] Declude does not see email Keith: Have you checked the virus logs? In our case no record of the email is seen in JM or Virus logs. It seems like when IMail gets done with it simply forgets Declude and delivers the email. So we are not scanning the email for virus ... Regards, Kami From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Keith JohnsonSent: Monday, November 24, 2003 8:42 AMTo: [EMAIL PROTECTED]Subject: FW: [Declude.JunkMail] Declude does not see email Scott, This issue of Declude (1.76i and Imail 8.04)not seeing email has picked up tremendously in the past week or so. We are starting to see this a lot in our own email as well as our customers reporting it. It seems to be happening in both html and plain text formated emails. Is there anything I can do in my settings to aid this as I am fearful of viruses getting thru (more so than spam)? Thanks, Keith -Original Message- From: R. Scott Perry [mailto:[EMAIL PROTECTED] Sent: Fri 11/21/2003 12:10 PM To: [EMAIL PROTECTED] Cc: Subject: Re: [Declude.JunkMail] Declude does not see email I am curious to know if others are experiencing this as well.Daily I receive 3-4 spam that show no sign of Declude ever being ran.Searching the IMail log file shows the email arriving and the SPAM logfile for IMail shows an entry for the email but Declude does not show it.Are you running IMail v8? There seems to be a problem with IMail v8 whereit will occasionally "forget" to call Declude. We haven't been able toreproduce the problem, but from the log files that we have seen, it appearsthat Declude isn't even started. -Scott---Declude JunkMail: The advanced anti-spam solution for IMail mailservers.Declude Virus: Catches known viruses and is the leader in mailservervulnerability detection.Find out what you've been missing: Ask about our free 30-day evaluation.---[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]---This E-mail came from the Declude.JunkMail mailing list. Tounsubscribe, just send an E-mail to [EMAIL PROTECTED], andtype "unsubscribe Declude.JunkMail". The archives can be foundat http://www.mail-archive.com.
[Declude.JunkMail] EasyNet Replacements
Hi, With the demise of EasyNet (which was my most successful list), I'm investigating replacements? I have seen the following recommendations: A) SORBS - SORBS will be including dynablock.easynet.nl by importing their zone data B) NJABL - has a nice DUL C) http://psbl.surriel.com/ Any comments? Best Regards Andy Schmidt HM Systems Software, Inc. 600 East Crescent Avenue, Suite 203 Upper Saddle River, NJ 07458-1846 Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 http://www.HM-Software.com/ --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] FIVETENDUL, no hits?
Hi, Looking at my Global.cfg: FIVETENDUL ip4rblackholes.five-ten-sg.com 127.0.0.3 5 0 I noticed that it never seems to have any hits? Scott: General question - if I include a test in Global.cfg (used for weighting only), but do NOT include it in a *.junkmail file, will it still be included in the weight (e.g., is the default action log). Best Regards Andy Schmidt HM Systems Software, Inc. 600 East Crescent Avenue, Suite 203 Upper Saddle River, NJ 07458-1846 Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 http://www.HM-Software.com/ --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] FIVETENDUL, no hits?
Looking at my Global.cfg: FIVETENDUL ip4rblackholes.five-ten-sg.com 127.0.0.3 5 0 I noticed that it never seems to have any hits? It looks like FIVETENDUL is dead (the other FIVETEN* tests are alive and well, though). General question - if I include a test in Global.cfg (used for weighting only), but do NOT include it in a *.junkmail file, will it still be included in the weight (e.g., is the default action log). Yes, it will. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] AHBL Anyone?
Hi, These are probably the useful ones: AHBLRELAYS ip4rdnsbl.ahbl.org 127.0.0.2 5 0 AHBLPROXIES ip4rdnsbl.ahbl.org 127.0.0.3 8 0 AHBLSOURCES ip4rdnsbl.ahbl.org 127.0.0.4 7 0 AHBLPSSLip4rdnsbl.ahbl.org 127.0.0.5 5 0 AHBLFORMMAIL ip4r dnsbl.ahbl.org 127.0.0.6 8 0 AHBLENDUSER ip4rdnsbl.ahbl.org 127.0.0.9 5 0 AHBLDOMAINS rhsbl rhsbl.ahbl.org * 4 0 # WHITELIST: AHBLEXEMPT ip4rdnsbl.ahbl.org * -8 0 Best Regards Andy Schmidt HM Systems Software, Inc. 600 East Crescent Avenue, Suite 203 Upper Saddle River, NJ 07458-1846 Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 http://www.HM-Software.com/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan Geiser Sent: Friday, November 21, 2003 10:03 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] AHBL Anyone? Hello, All, I am interested in knowing if anyone on here uses the The Abusive Hosts Blocking List, http://www.ahbl.org/. I had some questions about implementing it. Thanks, Much! Dan Geiser [EMAIL PROTECTED] --- Sign up for virus-free and spam-free e-mail with Nexus Technology Group http://www.nexustechgroup.com/mailscan --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Deccon
What would keep Deccon at 10-35% CPU for several minutes? John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Deccon
What would keep Deccon at 10-35% CPU for several minutes? Nothing that I can think of. Is this happening often? -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Deccon
For about an hour until I disabled Hijack (renamed the cfg file) and closed Deccon.exe. This is on a high volume (180K) server, but I had not noticed it before. I am not sure if it was there before. No recent Declude.GPx files. This is from the c:\declude.log file. 11/24/2003 06:46:14 Qef59026700682750 Couldn't rename SMD to SM$ [32]. Priority back to 32. 11/24/2003 06:46:55 Qef7c0ba100d6b085 Couldn't open headers datafile 11/24/2003 07:45:00 Q526a5a211b0 Couldn't create map1: 5 11/24/2003 08:25:01 Q54b45ab0dec Couldn't create map1: 5 11/24/2003 08:55:01 Q566bcfb0a60 Couldn't create map1: 5 11/24/2003 08:55:01 Q566bb9405fc Couldn't create map1: 5 11/24/2003 09:05:00 Q56fe32510b0 Couldn't create map1: 5 11/24/2003 09:45:00 Q59481b71078 Couldn't create map1: 5 11/24/2003 09:55:01 Q59daabf0f78 Couldn't create map1: 5 11/24/2003 10:15:00 Q5aff9940e2c Couldn't create map1: 5 11/24/2003 10:25:00 Q5b91f60013c Couldn't create map1: 5 11/24/2003 10:52:54 Q27a41ae5012c0b6e Couldn't find console; starting... (2). 11/24/2003 10:52:54 Q27a8195300ac1c65 Couldn't find console; starting... (2). 11/24/2003 10:52:54 Q295200010096e346 Couldn't find console; starting... (2). 11/24/2003 10:52:54 Q27ab021f0050285c Couldn't find console; starting... (2). 11/24/2003 10:52:56 Q2953000100b4e6d1 Couldn't find console; starting... (2). 11/24/2003 11:12:05 Q2dc9000c00ce524a Couldn't find console; starting... (2). 11/24/2003 11:35:01 Q0287feb0cdc Couldn't create map1: 5 John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Monday, November 24, 2003 9:45 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Deccon What would keep Deccon at 10-35% CPU for several minutes? Nothing that I can think of. Is this happening often? -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] AHBL Anyone?
Your whitelist entry should be using exemptions.ahbl.org instead of the blacklist address of dnsbl.ahbl.org. Bill - Original Message - From: Andy Schmidt [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, November 24, 2003 8:10 AM Subject: RE: [Declude.JunkMail] AHBL Anyone? Hi, These are probably the useful ones: AHBLRELAYS ip4r dnsbl.ahbl.org 127.0.0.2 5 0 AHBLPROXIES ip4r dnsbl.ahbl.org 127.0.0.3 8 0 AHBLSOURCES ip4r dnsbl.ahbl.org 127.0.0.4 7 0 AHBLPSSL ip4r dnsbl.ahbl.org 127.0.0.5 5 0 AHBLFORMMAIL ip4r dnsbl.ahbl.org 127.0.0.6 8 0 AHBLENDUSER ip4r dnsbl.ahbl.org 127.0.0.9 5 0 AHBLDOMAINS rhsbl rhsbl.ahbl.org * 4 0 # WHITELIST: AHBLEXEMPT ip4r dnsbl.ahbl.org * -8 0 Best Regards Andy Schmidt HM Systems Software, Inc. 600 East Crescent Avenue, Suite 203 Upper Saddle River, NJ 07458-1846 Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 http://www.HM-Software.com/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan Geiser Sent: Friday, November 21, 2003 10:03 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] AHBL Anyone? Hello, All, I am interested in knowing if anyone on here uses the The Abusive Hosts Blocking List, http://www.ahbl.org/. I had some questions about implementing it. Thanks, Much! Dan Geiser [EMAIL PROTECTED] --- Sign up for virus-free and spam-free e-mail with Nexus Technology Group http://www.nexustechgroup.com/mailscan --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Deccon
For about an hour until I disabled Hijack (renamed the cfg file) and closed Deccon.exe. This is on a high volume (180K) server, but I had not noticed it before. I am not sure if it was there before. If you re-start Declude Hijack, does the problem occur again? Is Declude Hijack stopping a lot of E-mail? -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Forwarded messages
What are the normal forwarded message indicators in the subject line? Fwd: Fd: John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Log Analysis using unxutils
Greetings, I feel like I've been making progress teaching myself a lot about the log files, and the unix tools. I've created a batch file that will hopefully count the total number of viruses, the total number of vulnerabilities, a few spam tests, and finally the total number of messages. I'm passing this to the list in hopes that it may help someone else, and also in hopes that someone will say, Hey, you can't do it like that! or Hey, here's a better way to do that! So if I'm missing something, please let me know. Thanks, Russ REM Virus Section grep INFECTED s:\vir10*.log | grep -cv Vulnerability grep Vulnerability s:\vir10*.log | cut -d -f 3 | usort | uniq | grep -c Q REM Spam Section egrep -i Msg failed WEIGHT20 | Msg failed WEIGHT30 | Msg failed SNIFFER s:\dec10*.log grep -ic Msg failed WEIGHT20 c:\batch\temp grep -ic Msg failed WEIGHT30 c:\batch\temp grep -ic Msg failed SNIFFER c:\batch\temp REM Total Message Section grep -i SMTPD s:\sys10*.log | grep -ci rcpt to: --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Deccon
I am going to restart Hijack and have the log in Debug mode and see what happens. It has been noted that at that time, the CPU was averaging 80% but after stopping Hijack, the CPU settled back down to about 35%. Once I have the log for a bit, I will send it off list. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Monday, November 24, 2003 10:49 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Deccon For about an hour until I disabled Hijack (renamed the cfg file) and closed Deccon.exe. This is on a high volume (180K) server, but I had not noticed it before. I am not sure if it was there before. If you re-start Declude Hijack, does the problem occur again? Is Declude Hijack stopping a lot of E-mail? -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Forwarded messages
I haven't seen Fd:, but Fw: is very common. Bill - Original Message - From: John Tolmachoff (Lists) [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, November 24, 2003 11:09 AM Subject: [Declude.JunkMail] Forwarded messages What are the normal forwarded message indicators in the subject line? Fwd: Fd: John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. e.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Deccon
Upon restarting Hijack, CPU usage went back up. Log file being sent off list. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Monday, November 24, 2003 11:52 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Deccon I am going to restart Hijack and have the log in Debug mode and see what happens. It has been noted that at that time, the CPU was averaging 80% but after stopping Hijack, the CPU settled back down to about 35%. Once I have the log for a bit, I will send it off list. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Monday, November 24, 2003 10:49 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Deccon For about an hour until I disabled Hijack (renamed the cfg file) and closed Deccon.exe. This is on a high volume (180K) server, but I had not noticed it before. I am not sure if it was there before. If you re-start Declude Hijack, does the problem occur again? Is Declude Hijack stopping a lot of E-mail? -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Deccon
Upon restarting Hijack, CPU usage went back up. Log file being sent off list. That is strange. Declude Hijack should have little affect on the deccon.exe process. Do you have a lot of E-mail that was held by Declude Hijack? -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Deccon
I have the held.vbs running every 10 minutes, and it has only be sending notices occasionally about HOLD1. Hijack is configured as such: RELAYTHRESHOLD1 10 20 RELAYTHRESHOLD2 30 150 There are 3 C blocks of addresses allowed and 3 others per the client request. Should I try again running held.vbs every minute to test? John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Monday, November 24, 2003 2:12 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Deccon Upon restarting Hijack, CPU usage went back up. Log file being sent off list. That is strange. Declude Hijack should have little affect on the deccon.exe process. Do you have a lot of E-mail that was held by Declude Hijack? -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] BODY STARTSWITH
I have in one of my filter files the following line: BODY 5 STARTSWITH Yet, it is not catching the following: Received: from kirjastot.fi [213.37.211.14] by mail.localdomain.moc (SMTPD32-8.04) id A6AA5D600B4; Sun, 23 Nov 2003 14:12:42 -0500 Message-ID: [EMAIL PROTECTED] From: Darlene A. Campos [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Date: Mon, 24 Nov 2003 10:29:48 + MIME-Version: 1.0 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Content-Type: text/html Content-Transfer-Encoding: 8bit X-RBL-Warning: REVDNS: This E-mail was sent from a MUA/MTA 213.37.211.14 with no reverse DNS entry. X-RBL-Warning: BASICFILTER: Message failed BASICFILTER test (1) X-RBL-Warning: SPAMCHECK: Message failed SPAMCHECK: 14. X-Declude-Sender: [EMAIL PROTECTED] [213.37.211.14] X-Declude-Spoolname: D06aa05d600b43c07.SMD X-RBL-Warning: Total weight: 34 X-Tests-Failed: IPNOTINMX, REVDNS, NOLEGITCONTENT, BASICFILTER, SPAMCHECK, WEIGHTRANGE30-34 X-Note: This E-mail was sent from [No Reverse DNS] ([213.37.211.14]). gptnkipczdasfont color=whitecganfdbgnicqisguhqziynlxqc sclzinxihegaca gvzejqcdrqthrlbumxgkectivibpb gkqlgwndrsujkeixluehcwwwzkj qlbbfvcjfeyolb xrahsgbxeslgrethyvbzyty/fontgxcqvtjbdnovgbrgnthmxmdbhtejdc font color=whiterrywumqurzerbq gwotsslslxftusorpeisik gqkdiqictmfdfubjosibzcmwiggjfrcncdibxgud xvhsnxdrtdedncgewkbiqtgwqctc jxektecxqn gcvdbrofavhodlqlpmzibyzklna/fontgsqljltbohycakbrgcwxswuouqtrpd bgwrtuwvdkziLOgwqrpfjbroyiSEguvlfocchwbvlb gaxqphicikvaaWEgeiujqibyypgycqIGgyzibjubmgvdpzdHT gwxicixdjoxmlqiTHgffvsooczjoE gqgkwindoynfjbbEgrtlkbbdbwtvASIgyhhwzpolgeiER WgvgaixrdfkdpAYgldppsebsqythfc/bgwddpzybspnyjbr gksdwmlccxsyziIgyverjtbwzjT'Sgnqsgvswoyeuibt NgpnbsvxdmyxOTgdlzzutcrzzw Agqlrtgychyms gdwkphqwxmnmbjDIgkttlixddjglETgymzrjzcklne .gmoqtcrbkgdjxt..gfscknibkksogf. gqzriiidczwtbITggtubfzcsrb'Sgcxhfjsbhobqx Aghncgopcgled PAgxuhsodcrpcpcoTCgqgsvnykhlxxeclHbr/i br TRUNCATED John Tolmachoff Engineer/Consultant/Owner eServices For You John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] BODY STARTSWITH
John, Every one of the thousands that I've seen come through our servers start with g and since I honestly don't remember ever seeing an html tag that starts with g I started filtering on that. BODY 5 STARTSWITH g It's working for me. Anyone else ? Fritz Frederick P. Squib, Jr. Network Operations/Mail Administrator Citizens Telephone Company of Kecksburg http://www.wpa.net () ascii ribbon campaign - against html mail /\- against microsoft attachments --- [This E-mail scanned by Citizens Internet Services with Declude Virus.] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] @LINKED v1.0.5 updated
Someone reported a problem with some FP's on the Lite version of @LINKED which was the result of an error on my part. It's a very good idea to download a new copy of @LINKED if you are using the Lite version because this will cause some problems with 10 ccTLD's or the occasional domain name that begins with one of the two letter codes. Those using the standard version of the filter (not the lite one) should not have had any such problems, and although all the filter files have been updated to reflect a new version number and date, it is not necessary to download and install this update. I also wanted to express thanks for the heads up on the issue with this filter, especially since I am using the regular version currently and am not able to detect such issues, and your fellow mail admins including myself, benefit greatly from knowing about any unintended or unforeseen issues. MailPure :: Filter Software :: Declude Filters http://www.mailpure.com/software/decludefilters/ Matt --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] EasyNet Replacements
I have had many FP with NJABL -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy Schmidt Sent: Monday, November 24, 2003 5:38 PM To: '[EMAIL PROTECTED]' Subject: [Declude.JunkMail] EasyNet Replacements Hi, With the demise of EasyNet (which was my most successful list), I'm investigating replacements? I have seen the following recommendations: A) SORBS - SORBS will be including dynablock.easynet.nl by importing their zone data B) NJABL - has a nice DUL C) http://psbl.surriel.com/ Any comments? Best Regards Andy Schmidt HM Systems Software, Inc. 600 East Crescent Avenue, Suite 203 Upper Saddle River, NJ 07458-1846 Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 http://www.HM-Software.com/ --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Forwarded messages
The indicators in the subject line are as follows: SUBJECT0CONTAINSfwd: SUBJECT0CONTAINSfw: There's a very strong indicator of a forwarded message in the body, though some things like Web mail clients might not include it: BODY0CONTAINSoriginal message Also, when a message is attached as a result of forwarding, the following will also appear: BODY0CONTAINSmessage/rfc822 Like Bill, I don't recall seeing Fd in legit E-mail. Matt John Tolmachoff (Lists) wrote: What are the normal forwarded message indicators in the subject line? Fwd: Fd: John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] OT: RTF
I am having the winmail.dat problem and after searching the knowledge base, found that it is due to RTF formated emails. I have 2 questions: 1- Is this problem completely independent of Imail, and does it happens with all mail servers ? 2- Outlook Express 6 cannot read RTF email ? --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] OT: RTF
I am having the winmail.dat problem and after searching the knowledge base, found that it is due to RTF formated emails. I have 2 questions: 1- Is this problem completely independent of Imail, and does it happens with all mail servers ? 2- Outlook Express 6 cannot read RTF email ? --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Forwarded messages
Like Bill, I don't recall seeing Fd in legit E-mail. That's what I thought. I have seen a few spam with a subject line that starts with Fd:. I think I can safely filter on that with a small weight like 5. John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
