[Declude.JunkMail] Junkmail Test
This is only a test --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Odd error - bogus Message-ID header???
Scott, Is this something new(er)? In the very least I have never noticed this before. My traffic patterns have changed significantly over the last couple of months though and this might be contributing to my confusion. BTW, sorry about the linking code, Netscape pasted that in as HTML instead of as plain text like I usually try to do it. I'm now also seeing errors related to a bad Subject: header??? In this case it is seemingly related to multiple spaces that appear at the end or near the end of the subject. This is essentially causing a double hit for this as I am already using SUBJECTSPACES to progressively add more and more points. Then again, I might have never noticed this before. Please advise if you in fact have made these changes and possibly others to either test. Thanks, Matt (Note that the Subject in the first example is word-wrapping, but in the source all sits on one line) From [EMAIL PROTECTED] Fri May 07 11:17:13 2004 Received: from monteverdi.iii.org [68.236.224.100] by mx1.mailpure.com with ESMTP (SMTPD32-8.05) id A8662D80; Fri, 07 May 2004 11:16:54 -0400 MIME-Version: 1.0 Content-Type: multipart/related; type=multipart/alternative; boundary=_=_NextPart_001_01C43446.52AA320B Subject: [13] NYIA CALLS FOR RENEWAL OF FEDERAL TERRORISM PROGRAM 1 Content-class: urn:content-classes:message X-MimeOLE: Produced By Microsoft Exchange V6.5.6944.0 Date: Fri, 7 May 2004 11:16:51 -0400 Message-ID: [EMAIL PROTECTED] X-MS-Has-Attach: yes X-MS-TNEF-Correlator: Thread-Topic: NYIA CALLS FOR RENEWAL OF FEDERAL TERRORISM PROGRAM 1 Thread-Index: AcQ0RlKSI3Tlo57ASVmbDz1/uv/3Pw== From: I.I.I. INSURANCE NEWS [EMAIL PROTECTED] To: I.I.I. INSURANCE NEWS [EMAIL PROTECTED] X-MailPure: X-MailPure: HELOBOGUS: Failed, bogus connecting server name (weight 3). X-MailPure: BRINKPATTERN: Failed, BRINK pattern found (weight 1). X-MailPure: SUBSPACE-15: Failed, 15 or more spaces in the subject (weight 1). X-MailPure: SUBSPACE-25: Failed, 25 or more spaces in the subject (weight 2). X-MailPure: SUBSPACE-40: Failed, 40 or more spaces in the subject (weight 2). X-MailPure: SPAMHEADERS: Failed, header code consistent with spam [4000400e] (weight 4). X-MailPure: RECIPIENTS: [EMAIL PROTECTED] X-MailPure: X-MailPure: Spam Score: 13 X-MailPure: Scan Time: 11:17:13 on 05/07/2004 X-MailPure: Spool File: Da8662d80ebbe.SMD X-MailPure: Server Name: monteverdi.iii.org X-MailPure: SMTP Sender: [EMAIL PROTECTED] X-MailPure: Received From: vpn.pr2.iii.org [68.236.224.100] X-MailPure: Country Chain: UNITED STATES-destination X-MailPure: X-MailPure: Spam and virus blocking services provided by MailPure.com X-MailPure: From [EMAIL PROTECTED] Fri May 07 00:03:38 2004 Received: from mta.email.reedbusiness.com [198.31.62.21] by mx1.mailpure.com with ESMTP (SMTPD32-8.05) id AA93BE01B0; Fri, 07 May 2004 00:03:31 -0400 X-MID: [EMAIL PROTECTED] Date: Fri, 07 May 2004 00:03:31 -0400 (EDT) Message-Id: [EMAIL PROTECTED] From: MultichannelNews [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [13] Multichannel Newswire: 3Q Good News for News Corp. MIME-Version: 1.0 Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 7bit X-MailPure: X-MailPure: SORBS-SPAM: Failed, listed in dnsbl.sorbs.net (weight 1). X-MailPure: SUBSPACE-15: Failed, 15 or more spaces in the subject (weight 1). X-MailPure: SPAMHEADERS: Failed, header code consistent with spam [4000400e] (weight 4). X-MailPure: SNIFFER-GENERAL: Failed, listed in the General category (weight 6). X-MailPure: SPAMINDICATIVE: Message failed SPAMINDICATIVE test (line 12, weight 1). X-MailPure: RECIPIENTS: [EMAIL PROTECTED] X-MailPure: X-MailPure: Spam Score: 13 X-MailPure: Scan Time: 00:03:38 on 05/07/2004 X-MailPure: Spool File: D0a9300be01b06c80.SMD X-MailPure: Server Name: mta.email.reedbusiness.com X-MailPure: SMTP Sender: [EMAIL PROTECTED] X-MailPure: Received From: mta.email.reedbusiness.com [198.31.62.21] X-MailPure: Country Chain: UNITED STATES-destination X-MailPure: X-MailPure: Spam and virus blocking services provided by MailPure.com X-MailPure: R. Scott Perry wrote: Something odd is happening here. I've now seen two
Re: [Declude.JunkMail] Odd error - bogus Message-ID header???
Is this something new(er)? I don't believe so. I'm now also seeing errors related to a bad Subject: header??? In this case it is seemingly related to multiple spaces that appear at the end or near the end of the subject. This is essentially causing a double hit for this as I am already using SUBJECTSPACES to progressively add more and more points. Then again, I might have never noticed this before. If there are at least 5 spaces in the Subject: header, followed by a string of less than 8 characters, it triggers the SPAMHEADERS test. That has been around since at least v1.60. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Odd error - bogus Message-ID header???
Interesting...and thanks for the explanation. I think I'm going to cut some points off of my SUBJECTSPACES tests then. It does help when you can make informed decisions. Matt Matt wrote: Scott, Is this something new(er)? In the very least I have never noticed this before. My traffic patterns have changed significantly over the last couple of months though and this might be contributing to my confusion. BTW, sorry about the linking code, Netscape pasted that in as HTML instead of as plain text like I usually try to do it. I'm now also seeing errors related to a bad Subject: header??? In this case it is seemingly related to multiple spaces that appear at the end or near the end of the subject. This is essentially causing a double hit for this as I am already using SUBJECTSPACES to progressively add more and more points. Then again, I might have never noticed this before. Please advise if you in fact have made these changes and possibly others to either test. Thanks, Matt (Note that the Subject in the first example is word-wrapping, but in the source all sits on one line) From [EMAIL PROTECTED] Fri May 07 11:17:13 2004 Received: from monteverdi.iii.org [68.236.224.100] by mx1.mailpure.com with ESMTP (SMTPD32-8.05) id A8662D80; Fri, 07 May 2004 11:16:54 -0400 MIME-Version: 1.0 Content-Type: multipart/related; type=multipart/alternative; boundary=_=_NextPart_001_01C43446.52AA320B Subject: [13] NYIA CALLS FOR RENEWAL OF FEDERAL TERRORISM PROGRAM 1 Content-class: urn:content-classes:message X-MimeOLE: Produced By Microsoft Exchange V6.5.6944.0 Date: Fri, 7 May 2004 11:16:51 -0400 Message-ID: [EMAIL PROTECTED] X-MS-Has-Attach: yes X-MS-TNEF-Correlator: Thread-Topic: NYIA CALLS FOR RENEWAL OF FEDERAL TERRORISM PROGRAM 1 Thread-Index: AcQ0RlKSI3Tlo57ASVmbDz1/uv/3Pw== From: I.I.I. INSURANCE NEWS [EMAIL PROTECTED] To: I.I.I. INSURANCE NEWS [EMAIL PROTECTED] X-MailPure: X-MailPure: HELOBOGUS: Failed, bogus connecting server name (weight 3). X-MailPure: BRINKPATTERN: Failed, BRINK pattern found (weight 1). X-MailPure: SUBSPACE-15: Failed, 15 or more spaces in the subject (weight 1). X-MailPure: SUBSPACE-25: Failed, 25 or more spaces in the subject (weight 2). X-MailPure: SUBSPACE-40: Failed, 40 or more spaces in the subject (weight 2). X-MailPure: SPAMHEADERS: Failed, header code consistent with spam [4000400e] (weight 4). X-MailPure: RECIPIENTS: [EMAIL PROTECTED] X-MailPure: X-MailPure: Spam Score: 13 X-MailPure: Scan Time: 11:17:13 on 05/07/2004 X-MailPure: Spool File: Da8662d80ebbe.SMD X-MailPure: Server Name: monteverdi.iii.org X-MailPure: SMTP Sender: [EMAIL PROTECTED] X-MailPure: Received From: vpn.pr2.iii.org [68.236.224.100] X-MailPure: Country Chain: UNITED STATES-destination X-MailPure: X-MailPure: Spam and virus blocking services provided by MailPure.com X-MailPure: From [EMAIL PROTECTED] Fri May 07 00:03:38 2004 Received: from mta.email.reedbusiness.com [198.31.62.21] by mx1.mailpure.com with ESMTP (SMTPD32-8.05) id AA93BE01B0; Fri, 07 May 2004 00:03:31 -0400 X-MID: [EMAIL PROTECTED] Date: Fri, 07 May 2004 00:03:31 -0400 (EDT) Message-Id: [EMAIL PROTECTED] From: MultichannelNews [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [13] Multichannel Newswire: 3Q Good News for News Corp.MIME-Version: 1.0 Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 7bit X-MailPure: X-MailPure: SORBS-SPAM: Failed, listed in dnsbl.sorbs.net (weight 1). X-MailPure: SUBSPACE-15: Failed, 15 or more spaces in the subject (weight 1). X-MailPure: SPAMHEADERS: Failed, header code consistent with spam [4000400e] (weight 4). X-MailPure: SNIFFER-GENERAL: Failed, listed in the General category (weight 6). X-MailPure: SPAMINDICATIVE: Message failed SPAMINDICATIVE test (line 12, weight 1). X-MailPure: RECIPIENTS: [EMAIL PROTECTED] X-MailPure: X-MailPure: Spam Score: 13 X-MailPure: Scan Time: 00:03:38 on 05/07/2004 X-MailPure: Spool File: D0a9300be01b06c80.SMD X-MailPure: Server Name: mta.email.reedbusiness.com X-MailPure: SMTP Sender: [EMAIL PROTECTED] X-MailPure: Received From: mta.email.reedbusiness.com [198.31.62.21] X-MailPure: Country Chain: UNITED STATES-destination X-MailPure: X-MailPure: Spam and virus
RE: [Declude.JunkMail] Junkmail Test
Pong John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Jeff Maze Sent: Monday, May 10, 2004 6:21 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Junkmail Test This is only a test --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] OT: Authors of Sasser and Phatbot arrested
I just read that they suspect this is also the same guy that wrote the Netsky virus: http://www.cnn.com/2004/TECH/internet/05/10/sasser.arrest.reut/index.html Microsoft general counsel Brad Smith said the suspect was believed responsible for the creation of all 28 variants of the Netsky virus. I had also read earlier something that said the author of Netsky was boasting about similar code in Sasser to prove the connection. This goes to show you how weak the Internet really is with a 17 year old in the basement of a house in a small German town can wreak havoc across the world and cause billions of dollars in damage. Seems to me that we ain't seen nothing yet since almost everything to date has been from similarly deranged individuals and not some sort of organized effort, and every last host out there is vulnerable in one way or another. Matt Colbeck, Andrew wrote: http://www.securitynewsportal.com/cgi-bin/cgi-script/csNews/csNews.cgi?datab ase=JanEE%2edbcommand=viewoneid=15 Both in Germany, and in seemingly unrelated incidents. Whoever informed on the Sasser author to Microsoft may see a payout of a quarter of a million dollars. Andrew 8) --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Country Code for Palestine?
All, Does anyone know what the Country Code for Palestine is? I just received an e-mail which Declude's X-COUNTRY-CHAIN identified as Palestine yet the "official" country code list, http://www.iana.org/cctld/cctld-whois.htm, makes no mention of Palestine. Thanks In Advance, Dan Geiser [EMAIL PROTECTED]
Re: [Declude.JunkMail] Country Code for Palestine?
Does anyone know what the Country Code for Palestine is? I just received an e-mail which Declude's X-COUNTRY-CHAIN identified as Palestine yet the official country code list, http://www.iana.org/cctld/cctld-whois.htmhttp://www.iana.org/cctld/cctld-whois.htm, makes no mention of Palestine. It's ps. Note that there may be some countries that do not have their own ccTLD, but that may have Internet access available to them (so they would not appear at the IANA URL). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Country Code for Palestine?
Thanks, Markus. But your file didn't contain the country code for Palestine. - Original Message - From: Markus Gufler To: [EMAIL PROTECTED] Sent: Monday, May 10, 2004 12:16 PM Subject: RE: [Declude.JunkMail] Country Code for Palestine? Hi Dan, Attached you can find a NON WORKING country filter file. At the end of every line you can find the full name of the country. Markus From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan GeiserSent: Monday, May 10, 2004 4:25 PMTo: [EMAIL PROTECTED]Subject: [Declude.JunkMail] Country Code for Palestine? All, Does anyone know what the Country Code for Palestine is? I just received an e-mail which Declude's X-COUNTRY-CHAIN identified as Palestine yet the "official" country code list, http://www.iana.org/cctld/cctld-whois.htm, makes no mention of Palestine. Thanks In Advance, Dan Geiser [EMAIL PROTECTED]
RE: [Declude.JunkMail] Country Code for Palestine?
COUNTRIES20CONTAINSps # Occupied Palestinian Territories (i.e., West Bank and Gaza Strip) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan GeiserSent: Monday, May 10, 2004 6:35 PMTo: [EMAIL PROTECTED]Subject: Re: [Declude.JunkMail] Country Code for Palestine? Thanks, Markus. But your file didn't contain the country code for Palestine.
OT- Re: [Declude.JunkMail] Country Code for Palestine?
Interesting, IANA recognizes them as a country, sure would be nice if Israel and the rest of the non cyber world did to. Rick Davidson National Systems Manager North American Title Group - - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, May 10, 2004 10:33 AM Subject: Re: [Declude.JunkMail] Country Code for Palestine? Does anyone know what the Country Code for Palestine is? I just received an e-mail which Declude's X-COUNTRY-CHAIN identified as Palestine yet the official country code list, http://www.iana.org/cctld/cctld-whois.htmhttp://www.iana.org/cctld/cctld- whois.htm, makes no mention of Palestine. It's ps. Note that there may be some countries that do not have their own ccTLD, but that may have Internet access available to them (so they would not appear at the IANA URL). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: OT- Re: [Declude.JunkMail] Country Code for Palestine?
Interesting, IANA recognizes them as a country, sure would be nice if Israel and the rest of the non cyber world did to. As I know Isreal in the meantime does recognize Palestine. The question is only how large PS is. ...and if things continue like last months if there will remain someone who can write emails from those countries. :-| Markus --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Country Code for Palestine?
Thats interesting I thought their country code would be more representative of Palenstine. Perhaps .ter for terrorists! ;) Todd Holt Xidix Technologies, Inc Las Vegas, NV USA 702.319.4349 www.xidix.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Markus Gufler Sent: Monday, May 10, 2004 8:45 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Country Code for Palestine? COUNTRIES20CONTAINSps # Occupied Palestinian Territories (i.e., West Bank and Gaza Strip) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan Geiser Sent: Monday, May 10, 2004 6:35 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Country Code for Palestine? Thanks, Markus. But your file didn't contain the country code for Palestine.
Re: [Declude.JunkMail] messages from declude list marked as spam
My messages from Declude are being caught as spam. Failing NJABL-DYNA, and DUL Robert: MAPS says that our new IP is not listed in DUL. Are you paying for their service? If not, you should remove the test (otherwise, they might list all IPs or randomly list IPs or whatever). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] How to credit e-mails with attachments
Hi, I am seeing e-mails with base64 attachments such as PowerPoint, Word, Excel etc and because it is encoded the gibberish that is produced ends up hitting a Prescription Drug filter. Specifically HGH. Now other than removing that line from the filter how can I credit an e-mail with an attachment? There is Content-Type: application/msword; Which I could key on? I would also have to add one for Excel etc. So is the following correct? HEADERS -10 CONTAINS Content-Type: application/msword; Is there a better way to do this? Thanx Goran Jovanovic The LAN Shoppe --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] How to credit e-mails with attachments
One thing you could do is to put a space after the HGH to make it match HGH(Space). Scott Fisher Director of IT Farm Progress Companies [EMAIL PROTECTED] 05/10/04 02:53PM Hi, I am seeing e-mails with base64 attachments such as PowerPoint, Word, Excel etc and because it is encoded the gibberish that is produced ends up hitting a Prescription Drug filter. Specifically HGH. Now other than removing that line from the filter how can I credit an e-mail with an attachment? There is Content-Type: application/msword; Which I could key on? I would also have to add one for Excel etc. So is the following correct? HEADERS -10 CONTAINS Content-Type: application/msword; Is there a better way to do this? Thanx Goran Jovanovic The LAN Shoppe --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] messages from declude list marked as spam
Scott, This is the old EASYNET-DYNA zone that they picked up after EASYNET was no more. This is by far the most complete and accurate freely available DUL list out there. I can't recall ever seeing a commercial IP on the list, but of course there are changes to IP space all the time. I've tried out something like 8 different DUL lists, but I dropped half of them because they would do things like list DSL space. I'm pretty sure that listing non-residential space isn't their goal, and a note sent to them ought to clear things up rather quickly. It would probably be better coming from you, but I don't mind giving it a shot if you're not interested. SORBS-DUHL is another story. They don't have the hit rate of NJABL-DYNA, but I have never noted a non-residential IP as a hit on that test. The problem with SORBS is that they are over zealous with their other listings, and they will produce multiple hits for open proxies on 2 or maybe 3 tests sometimes, and they don't respond to removal requests for those things. They do however have a more open policy for desisting DUHL listings where the user can request it: http://www.dnsbl.us.sorbs.net/DUL-FAQ.html Could it be that Charter re-purposed a block to commercial class IP's, or maybe they're mixing them now??? Senderbase shows two currently active spam zombies on the same class C as your IP: http://www.senderbase.org/search?searchString=68.186.245.0 There are 3 others that are also still listed in XBL, however no traffic is shown in the last day. That's very typical of a residential-class broadband class C to have 5 or maybe 6 zombies. Maybe they shouldn't have put your server in that block, or like I said, maybe they're mixing??? Matt R. Scott Perry wrote: My messages from Declude are being caught as spam. Failing NJABL-DYNA, and DUL Robert: MAPS says that our new IP is not listed in DUL. Are you paying for their service? If not, you should remove the test (otherwise, they might list all IPs or randomly list IPs or whatever). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ = --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] messages from declude list marked as spam
MAPS says that our new IP is not listed in DUL. Are you paying for their service? If not, you should remove the test (otherwise, they might list all IPs or randomly list IPs or whatever). This is the old EASYNET-DYNA zone that they picked up after EASYNET was no more. Actually, DUL is the test run by MAPS. Any other test using the name DUL runs the risk of being sued by MAPS (that's why DUHL or DYNA is normally now used instead of DUL). Interestingly, DUL (MAPS) is the only one of the three that has responded so far. It was a complete waste of their time, though, since they had not listed us (our customer made a mistake) -- but it could have been avoided if they had been willing to allow www.DNSstuff.com to get the proper access to their databases. This is by far the most complete and accurate freely available DUL list out there. I can't recall ever seeing a commercial IP on the list, but of course there are changes to IP space all the time. I've tried out something like 8 different DUL lists, but I dropped half of them because they would do things like list DSL space. I'm pretty sure that listing non-residential space isn't their goal, and a note sent to them ought to clear things up rather quickly. This sounds like NJABL-DYNA. According to their information, they will not remove us, and I'm guessing they will not. Interestingly, though, Easynet was willing to remove our IP, back when they ran it. We'll see what they say, though. SORBS-DUHL is another story. According to their information, they probably won't remove us either. But, again, we'll see. Could it be that Charter re-purposed a block to commercial class IP's, or maybe they're mixing them now??? Senderbase shows two currently active spam zombies on the same class C as your IP: http://www.senderbase.org/search?searchString=68.186.245.0 There are 3 others that are also still listed in XBL, however no traffic is shown in the last day. That's very typical of a residential-class broadband class C to have 5 or maybe 6 zombies. Maybe they shouldn't have put your server in that block, or like I said, maybe they're mixing??? We really don't care, to be honest. :) If there was another high speed option in this area, that would be one thing. But with no alternatives, we [1] don't need to care (since we can't just switch to another provider), and [2] can't push charter on this issue, as we can't risk them cutting our access. Note that we *could* pull some strings in either case, and almost certainly get de-listed. But when it comes to spam databases, we refuse to do that -- if a customer of ours is in the exact same situation as us and can't get removed, we shouldn't be removed either. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] How to credit e-mails with attachments
Thank you. I looked through some older messages and found the same answer. Goran Jovanovic The LAN Shoppe -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Scott Fisher Sent: Monday, May 10, 2004 4:19 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] How to credit e-mails with attachments One thing you could do is to put a space after the HGH to make it match HGH(Space). Scott Fisher Director of IT Farm Progress Companies [EMAIL PROTECTED] 05/10/04 02:53PM Hi, I am seeing e-mails with base64 attachments such as PowerPoint, Word, Excel etc and because it is encoded the gibberish that is produced ends up hitting a Prescription Drug filter. Specifically HGH. Now other than removing that line from the filter how can I credit an e-mail with an attachment? There is Content-Type: application/msword; Which I could key on? I would also have to add one for Excel etc. So is the following correct? HEADERS -10 CONTAINS Content-Type: application/msword; Is there a better way to do this? Thanx Goran Jovanovic The LAN Shoppe --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] messages from declude list marked as spam
This sounds like NJABL-DYNA. According to their information, they will not remove us, and I'm guessing they will not. Interestingly, though, Easynet was willing to remove our IP, back when they ran it. We'll see what they say, though. No need for a response from NJABL -- they are refusing to accept our mail to their removal address (a temporary failure for 10 hours from their primary mailserver; their backup would have outright refused the E-mail if our mailserver hit it). So it is safe to say that NJABL is willing to accept false positives. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] messages from declude list marked as spam
OK, the messages from this list are scoring between 10 and 15 Wants to add a -10 to my negative filter file what is the easiest/fastest/safest line to add to the filter ? IP , REVDNS, Helo ... ? - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, May 10, 2004 10:53 PM Subject: [SpamIndex=12]Re: [Declude.JunkMail] messages from declude list marked as spam This sounds like NJABL-DYNA. According to their information, they will not remove us, and I'm guessing they will not. Interestingly, though, Easynet was willing to remove our IP, back when they ran it. We'll see what they say, though. No need for a response from NJABL -- they are refusing to accept our mail to their removal address (a temporary failure for 10 hours from their primary mailserver; their backup would have outright refused the E-mail if our mailserver hit it). So it is safe to say that NJABL is willing to accept false positives. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] messages from declude list marked as spam
- Original Message - From: serge [EMAIL PROTECTED] OK, the messages from this list are scoring between 10 and 15 Wants to add a -10 to my negative filter file what is the easiest/fastest/safest line to add to the filter ? IP , REVDNS, Helo ... ? The best/safest options is: REMOTEIP -10 IS 68.186.245.124 Second best option is: REVDNS -10 IS cpe-68-186-245-124.ma.charter.com And third best options would be either: HELO -10 IS declude.com or: SUBJECT -10 CONTAINS [Declude.JunkMail] SUBJECT -10 CONTAINS [Declude.Virus] However, these last three options are easy to forge. Bill --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [SpamIndex=16]Re: [Declude.JunkMail] messages from declude list marked as spam
thank you just wanted to be sure that IP is the safest Now Scott needs to notify us for future IP change of his mail server - Original Message - From: Bill Landry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, May 11, 2004 2:23 AM Subject: [SpamIndex=16]Re: [Declude.JunkMail] messages from declude list marked as spam - Original Message - From: serge [EMAIL PROTECTED] OK, the messages from this list are scoring between 10 and 15 Wants to add a -10 to my negative filter file what is the easiest/fastest/safest line to add to the filter ? IP , REVDNS, Helo ... ? The best/safest options is: REMOTEIP -10 IS 68.186.245.124 Second best option is: REVDNS -10 IS cpe-68-186-245-124.ma.charter.com And third best options would be either: HELO -10 IS declude.com or: SUBJECT -10 CONTAINS [Declude.JunkMail] SUBJECT -10 CONTAINS [Declude.Virus] However, these last three options are easy to forge. Bill --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] IP change? Declude
Scott: Have you changed the IP address for your server? I had the REVDNS for your server whitelisted and now everything with the forum is being caught as spam. Your IP is listed.. X-RBL-Warning: FIVETEN-SPAM: 124.245.186.68.blackholes.five-ten-sg.com.X-RBL-Warning: NJABL-DYNA: "Dynamic/Residential IP range listed by NJABL dynablock - http://njabl.org/dynablock.html"X-RBL-Warning: SORBS-DUL: "Dynamic IP Address See: http://www.dnsbl.sorbs.net/cgi-bin/lookup?IP=68.186.245.124" Your IP: X-Note: Server Name: declude.comX-Note: SMTP Sender: [EMAIL PROTECTED]X-Note: Reverse DNS IP: cpe-68-186-245-124.ma.charter.com [68.186.245.124] Is this temporary or should we add this to our whitelist now? Regards, Kami
Re: [Declude.JunkMail] messages from declude list marked as spam
My messages from Declude are being caught as spam. Failing NJABL-DYNA, and DUL Anybody else having this problem? Started a couple of days ago. That's because we were assigned a new IP. Note that NJABL-DYNA lists static IPs (such as ours), and does not allow legitimate mailservers to be removed, so it should be assigned a low weight. I wasn't aware that DUL was still around, but it looks like they may remove IPs that aren't appropriately listed, so we will contact them about removal. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Odd error - bogus Message-ID header???
Something odd is happening here. I've now seen two recent false positives where the BADHEADER error code, 8004000e, relates to a Bogus Message-ID header when looked up with your tool. From what I can see, the Message-ID headers were both fine (one example is included below). Also note that I am using LOOSENSPAMHEADERS ON although that should have no bearing on this. I am running 1.79i6 Pro. Please advise. Message-ID: newmsg.cgi?mbx=Credit[EMAIL PROTECTED][EMAIL PROTECTED] The issue here is that benntilesrvr1.bhot.servr1 isn't a valid hostname, and almost certainly never will be. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Stop the test messages...and replies!
Can someone clue me in as to why people send test messages to the list, and then why others reply to the _entire_ list, instead of just to the individual? If you have to reply, how about replying only to the individual? Darin.
