Re: [Declude.JunkMail] Possible Missing JM Log lines in 1.75
I am still see lots of these in my logs (v1.78i4): = 02/29/2004 02:35:34 Qc0656280009442df Unknown Var: %TESTNAMEX-RBL-Warni X-RBL-Warning: %TESTNAMEX-RBL- Could you E-mail me one of your log files (off-list), so that I can check it out in more detail? The latest interim has some extra code to help determine where the problem is. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Gateway Mailservers and IPBypass
I've setup a gateway mailserver using postfix and amavisd. I want to make sure that the IP for this gateway server is skipped, but I'm kinda confused since the postfix box hands off the message a few times. Below are the received headers from one of the messages, and also what I put in my global.cfg. Does this all look okay? It seems to be working, but I want to check. Thanks, Russ Received: from mx2.parallax.ws [12.161.104.8] by mail.parallax.ws with ESMTP (SMTPD32-8.05) id A0D5F731012C; Mon, 01 Mar 2004 08:55:33 -0500 Received: from localhost (localhost.parallax.ws [127.0.0.1]) by mx2.parallax.ws (Postfix) with ESMTP id C12635A21 for [EMAIL PROTECTED]; Mon, 1 Mar 2004 08:55:33 -0500 (EST) Received: from mx2.parallax.ws ([127.0.0.1]) by localhost (mx2.parallax.ws [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 10949-06 for [EMAIL PROTECTED]; Mon, 1 Mar 2004 08:55:33 -0500 (EST) Received: from hotmail.com (bay14-f5.bay14.hotmail.com [64.4.49.5]) by mx2.parallax.ws (Postfix) with ESMTP id 3C73F5A1F for [EMAIL PROTECTED]; Mon, 1 Mar 2004 08:55:33 -0500 (EST) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Mon, 1 Mar 2004 05:55:32 -0800 Received: from 12.161.104.23 by by14fd.bay14.hotmail.msn.com with HTTP; Mon, 01 Mar 2004 13:55:32 GMT IPBYPASS12.161.104.8 IPBYPASS127.0.0.1 --- Russ Uhte, CCNA, MCP, A+ Network Administrator Richmond Power Light Parallax Systems Division 2000 US 27 South Richmond, IN 47374 USA Richmond: 765.973.7348 Toll-free: 888.962.3770 Cell: 765.993.3944 --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Gateway Mailservers and IPBypass
I've setup a gateway mailserver using postfix and amavisd. I want to make sure that the IP for this gateway server is skipped, but I'm kinda confused since the postfix box hands off the message a few times. Below are the received headers from one of the messages, and also what I put in my global.cfg. Does this all look okay? It seems to be working, but I want to check. In this case: Received: from mx2.parallax.ws [12.161.104.8] by mail.parallax.ws with ESMTP (SMTPD32-8.05) id A0D5F731012C; Mon, 01 Mar 2004 08:55:33 -0500 Received: from localhost (localhost.parallax.ws [127.0.0.1]) by mx2.parallax.ws (Postfix) with ESMTP id C12635A21 for [EMAIL PROTECTED]; Mon, 1 Mar 2004 08:55:33 -0500 (EST) Received: from mx2.parallax.ws ([127.0.0.1]) by localhost (mx2.parallax.ws [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 10949-06 for [EMAIL PROTECTED]; Mon, 1 Mar 2004 08:55:33 -0500 (EST) Received: from hotmail.com (bay14-f5.bay14.hotmail.com [64.4.49.5]) by mx2.parallax.ws (Postfix) with ESMTP id 3C73F5A1F for [EMAIL PROTECTED]; Mon, 1 Mar 2004 08:55:33 -0500 (EST) The actual IP is 64.4.49.5. The IPs in Received: headers before that are 12.161.104.8 and 127.0.0.1. In this case, I would recommend using HOP 0, IPBYPASS 12.161.104.8, and IPBYPASS 127.0.0.1. So: IPBYPASS12.161.104.8 IPBYPASS127.0.0.1 This is exactly what I would use (assuming you are using the default HOP 0). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Gateway Mailservers and IPBypass
At 09:09 AM 3/1/2004, R. Scott Perry wrote: I've setup a gateway mailserver using postfix and amavisd. I want to make sure that the IP for this gateway server is skipped, but I'm kinda confused since the postfix box hands off the message a few times. Below are the received headers from one of the messages, and also what I put in my global.cfg. Does this all look okay? It seems to be working, but I want to check. In this case: Received: from mx2.parallax.ws [12.161.104.8] by mail.parallax.ws with ESMTP (SMTPD32-8.05) id A0D5F731012C; Mon, 01 Mar 2004 08:55:33 -0500 Received: from localhost (localhost.parallax.ws [127.0.0.1]) by mx2.parallax.ws (Postfix) with ESMTP id C12635A21 for [EMAIL PROTECTED]; Mon, 1 Mar 2004 08:55:33 -0500 (EST) Received: from mx2.parallax.ws ([127.0.0.1]) by localhost (mx2.parallax.ws [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 10949-06 for [EMAIL PROTECTED]; Mon, 1 Mar 2004 08:55:33 -0500 (EST) Received: from hotmail.com (bay14-f5.bay14.hotmail.com [64.4.49.5]) by mx2.parallax.ws (Postfix) with ESMTP id 3C73F5A1F for [EMAIL PROTECTED]; Mon, 1 Mar 2004 08:55:33 -0500 (EST) The actual IP is 64.4.49.5. The IPs in Received: headers before that are 12.161.104.8 and 127.0.0.1. In this case, I would recommend using HOP 0, IPBYPASS 12.161.104.8, and IPBYPASS 127.0.0.1. So: IPBYPASS12.161.104.8 IPBYPASS127.0.0.1 This is exactly what I would use (assuming you are using the default HOP 0). That I am!! Thanks a million. -Russ --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] WAY OT - Windows gone crazy
Have you tried an on-line virus scan? John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Jerod Bennett Sent: Monday, March 01, 2004 11:16 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] WAY OT - Windows gone crazy Hello everyone, I've been trying to solve this problem for the better part of a week and searching the internet has just not helped. I'm running a windows xp pro machine and the context menus for windows have become very terse. For example if I right-click on the Recycle Bin, I get this menu: Create Shortcut -- Properties As you can see the normal Empty the recycle bin option is missing. This is a fairly consistent problem for all OS interaction, .inf files don't give you the option to install, My Computer doesn't list manage... If anyone has seen this or knows of a place that might have a solution, I'd really appreciate it. Thanks, -Jerod --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Message failed SORBS-DUHL test but lookup reveals no block
Hi. This message failed the SORBS-DUHL test even though a lookup at SORBS of the IP address revealed all clean. Any insight would be appreciated. Thanks. Received: from mail.ittint.net [130.94.242.170] by mail.electdist.com with ESMTP (SMTPD32-8.05) id A52D91B0108; Mon, 01 Mar 2004 11:55:25 -0800 Received: from SNIP.targetelectronics.com [4.4.24.79] by mail.ittint.net with ESMTP (SMTPD32-6.06) id A524F20292; Mon, 01 Mar 2004 14:55:16 -0500 The issue here is that while 130.94.242.170 isn't listed in SORBS-DUHL, 4.4.24.79 is. So if you are using a HOP setting other than 0, 4.4.24.79 gets scanned. If you rename the test to SORBS-DUL, it will be skipped (or you can upgrade to the latest beta, which will skip if automatically). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Message failed SORBS-DUHL test but lookup reveals no block
Resolved 130.94.242.170 to mail.ittint.net. mail.ittint.net. has no MX records - [ittint.net has 1 MX record mail.ittint.net.(10)] ~Rick -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mike Gable Sent: Monday, March 01, 2004 5:58 PM To: Declude (E-mail 2) Subject: [Declude.JunkMail] Message failed SORBS-DUHL test but lookup reveals no block Hi. This message failed the SORBS-DUHL test even though a lookup at SORBS of the IP address revealed all clean. Any insight would be appreciated. Thanks. -Mike ___ Virus Scanned and Filtered by http://www.FamHost.com E-Mail System. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Message failed SORBS-DUHL test but lookup reveals no block
Hi. This message failed the SORBS-DUHL test even though a lookup at SORBS of the IP address revealed all clean. Any insight would be appreciated. Thanks. -Mike http://www.dnsbl.us.sorbs.net Received: from mail.ittint.net [130.94.242.170] by mail.electdist.com with ESMTP (SMTPD32-8.05) id A52D91B0108; Mon, 01 Mar 2004 11:55:25 -0800Received: fromSNIP.targetelectronics.com [4.4.24.79] by mail.ittint.net with ESMTP (SMTPD32-6.06) id A524F20292; Mon, 01 Mar 2004 14:55:16 -0500Message-Id: [EMAIL PROTECTED]X-Sender:snip@[EMAIL PROTECTED] (Unverified)X-Mailer: QUALCOMM Windows Eudora Version 5.2.0.9Date: Mon, 01 Mar 2004 11:55:15 -0800To: snip@electdist.comFrom:SNIP snip@targetelectronics.comSubject: RE: In-Reply-To: [EMAIL PROTECTED]References: [EMAIL PROTECTED]Mime-Version: 1.0Content-Type: text/plain; charset="us-ascii"; format=flowedX-Alligate-In: Passed - Adult: 0 (Req: 18) Spam: 0 (Req: 18) Tot: 0 (Req: 25)X-Alligate-Tracking: 69B19F86F3C008B3X-Alligate-Signature: 2019072130X-Alligate-SpoolFile: D952d091b0108cc3c.SMDX-Alligate-Sender:snip@targetelectronics.com [130.94.242.170]X-RBL-Warning: GIBBERISH: Message failed GIBBERISH test (153)X-RBL-Warning: CONTENT: Message failed CONTENT test (831)X-Declude-Sender:snip@targetelectronics.com [130.94.242.170]X-Declude-Spoolname: D952d091b0108cc3c.SMDX-Spam-Tests-Failed: GIBBERISH, ANTI-GIBBERISH, CONTENT, nCONTENT, SORBS-DUHL, IPNOTINMX [-3]X-Country-Chain: UNITED STATES-destination
Re: [Declude.JunkMail] Message failed SORBS-DUHL test but lookup reveals no block
The issue here is that while 130.94.242.170 isn't listed in SORBS-DUHL, 4.4.24.79 is. So if you are using a HOP setting other than 0, 4.4.24.79 gets scanned. If you rename the test to SORBS-DUL, it will be skipped (or you can upgrade to the latest beta, which will skip if automatically). In terms of the newest is skipping it automatically something new? i.e. in the previous versions only the first hop was scanned if the test name contain DUL or DUHL? Has this changed? That hasn't changed. Tests with DUL have automatically been skipped (for IPs after the first one) for several years, but DUHL was just recently added (since other spam databases weren't allowed to use DUL in their name to protect the MAPS trademark). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Spam from mailforward.bulkregister.com
I've been seeing a ton of spam getting relayed by a zombie, open proxy or source through mailforward.bulkregister.com [65.109.255.4] for at least a week now. Does anyone know what purpose this server has besides forwarding spam? Any BulkRegister customers want to help by notifying the proper people at the company about the problem? Search your logs, I guarantee you that this IP is all over the place. Matt -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Spam from mailforward.bulkregister.com
Oh wait, I figured it out. This server is a great IPBYPASS candidate. It's some sort of domain mail forwarding that Bulk Register offers. The sudden occurrence corresponded with me picking up a new client that was using this forwarding service. IPBYPASS 65.109.255.4 Matt Matt wrote: I've been seeing a ton of spam getting relayed by a zombie, open proxy or source through mailforward.bulkregister.com [65.109.255.4] for at least a week now. Does anyone know what purpose this server has besides forwarding spam? Any BulkRegister customers want to help by notifying the proper people at the company about the problem? Search your logs, I guarantee you that this IP is all over the place. Matt -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.