Re: [Declude.JunkMail] Spam attack
on 7/19/05 12:50 PM, Richard Farris wrote: I got hit again with these two [69.60.97.208] 209.97.209.0/24 Is there anyone out there that runs an ISP that is seeing the same thing..and if so other than blacklisting the IP, how do you stop it...this is twice in a few days I have been hammered Deny them access to your network at your main router. ie. deny tcp 209.97.209.0 0.0.0.255 any Greg --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] [Declude.Virus] Brief Update
I too have a serious issue with Declude remaining stable on my system. Ive tried each of the 2.0.6.x betas as they came out, but the problem hasnt gone away. I did have the mentioned SMTPd memory/crash issue when I originally went to 8.2, but with HF2 installed, that as gone away. My server runs an average of 70 mail/min with a peak of about 200. My question is: what version of declude should I rollback to? Ill gladly give up features as long as I have the stability, when declude crashes (and puts up a dialog, which I have to clear) no mail is delivered. Thanks for any help, Robert From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mailing Lists Sent: Friday, July 15, 2005 11:30 AM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] [Declude.Virus] Brief Update Bill, does that mean days, weeks, months? I dont know if you are aware but we reported this many many months ago, before 2.0.6 was released. We have a real problem with customers trying to explain that we cannot guarantee mail delivery because of Declude. So customers will rightfully ask for a timeframe and we wont install new installs until we know this is fixed. But a timeframe is required since it has taken so long to acknowledge and address. Sal - Original Message - From: Bill Billman To: Declude.JunkMail@declude.com Sent: Friday, July 15, 2005 9:29 AM Subject: RE: [Declude.JunkMail] [Declude.Virus] Brief Update Hi Darin, We expect to be testing in a few high volume production environments in the very near future. If all goes well we will offer a general beta shortly after that. We intend to perform a thorough QA cycle and will not release until we are satisfied this version meets or exceeds expectations. Thanks, Bill Billman Declude From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Thursday, July 14, 2005 6:52 AM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] [Declude.Virus] Brief Update Hi Bill, Do you have a target release date? Thanks, Darin. - Original Message - From: Bill Billman To: Declude.JunkMail@declude.com Sent: Thursday, July 14, 2005 6:31 AM Subject: RE: [Declude.JunkMail] [Declude.Virus] Brief Update Thanks Sal. I agree. Orphaned emails are unacceptable and the issue is indeed being addressed. Quality, stability, and performance are the goals for this release and that is what we will deliver. We spent a fair amount of time analyzing the issues and designing our solutions. I believe it was time well spent and I thank all our customers for their patients. So far we are very pleased with the results from our tests. Bill Billman Declude From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mailing Lists Sent: Wednesday, July 13, 2005 9:23 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] [Declude.Virus] Brief Update Also I hope the issue of orphaned emails is being addressed with Declude and SM. This is a real pain, we had to go to back to Declude 2.0.5.76 because 2.0.6 release would break up the hdr and eml files (so you would get orphaned hdr in the /proc and .eml in the spool). 2.0.5.76 doesnt check for emails forgotten by declude so we check the /proc directory with a script. Obviosuly this is not the best way to run a mail server. I believe we worked with Ralph on this issue for several months, but no solution yet. Sal - Original Message - From: Bill Billman To: Declude.JunkMail@declude.com Sent: Wednesday, July 13, 2005 8:52 AM Subject: RE: [Declude.JunkMail] [Declude.Virus] Brief Update Thanks Mike. We are making great progress. Weve managed to address the issues and make Declude far more efficient. Internal testing is beginning. I believe that you will be pleased with the performance and resource utilization of this version. Too early for me to make specific claims but Im very optimistic from a stability and performance perspective. Bill Billman Declude From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael Hardrick Sent: Tuesday, July 12, 2005 2:47 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] [Declude.Virus] Brief Update Any new news on this issue? Basically, version 2.X is useless to me. If there is any way I can assist by sending debug info, lmk. --Mike TNWEB From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bill Billman Sent: Wednesday, June 29, 2005 15:24 To: Declude.Virus@declude.com; Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] [Declude.Virus] Brief Update Youre spot on Mike. In cases like this it comes down to finding the circumstances that trigger the problem and then simulating those
Re: [Declude.JunkMail] [Declude.Virus] Brief Update
Robert, With IMail 8.15 HF2, there are no Declude stability issues on my system and I am processing about 150,000/day with Declude, two virus scanners, Sniffer and other external apps. McAfee does unfortunately have a habit of throwing errors in dialog boxes almost daily, but it hasn't caused a crash (this gets dangerous when you get 40+ dialog boxes open at one time however because of Windows heap issues). My recommendation would be to drop back to IMail 8.15 or wait patiently for Declude to figure it out and release a patch. IMail 8.20 introduced an entirely new multi-threaded SMTP engine, and I believe it is wise to wait at least a month following any major IMail release in order to monitor for compatibility issues. There are often at least smaller issues created by IMail upgrades, and Declude must be reactive to such changes since they are a completely separate company. Matt Robert Shubert wrote: I too have a serious issue with Declude remaining stable on my system. Ive tried each of the 2.0.6.x betas as they came out, but the problem hasnt gone away. I did have the mentioned SMTPd memory/crash issue when I originally went to 8.2, but with HF2 installed, that as gone away. My server runs an average of 70 mail/min with a peak of about 200. My question is: what version of declude should I rollback to? Ill gladly give up features as long as I have the stability, when declude crashes (and puts up a dialog, which I have to clear) no mail is delivered. Thanks for any help, Robert From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Mailing Lists Sent: Friday, July 15, 2005 11:30 AM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] [Declude.Virus] Brief Update Bill, does that mean days, weeks, months? I dont know if you are aware but we reported this many many months ago, before 2.0.6 was released. We have a real problem with customers trying to explain that we cannot guarantee mail delivery because of Declude. So customers will rightfully ask for a timeframe and we wont install new installs until we know this is fixed. But a timeframe is required since it has taken so long to acknowledge and address. Sal - Original Message - From: Bill Billman To: Declude.JunkMail@declude.com Sent: Friday, July 15, 2005 9:29 AM Subject: RE: [Declude.JunkMail] [Declude.Virus] Brief Update Hi Darin, We expect to be testing in a few high volume production environments in the very near future. If all goes well we will offer a general beta shortly after that. We intend to perform a thorough QA cycle and will not release until we are satisfied this version meets or exceeds expectations. Thanks, Bill Billman Declude From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Darin Cox Sent: Thursday, July 14, 2005 6:52 AM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] [Declude.Virus] Brief Update Hi Bill, Do you have a target release date? Thanks, Darin. - Original Message - From: Bill Billman To: Declude.JunkMail@declude.com Sent: Thursday, July 14, 2005 6:31 AM Subject: RE: [Declude.JunkMail] [Declude.Virus] Brief Update Thanks Sal. I agree. Orphaned emails are unacceptable and the issue is indeed being addressed. Quality, stability, and performance are the goals for this release and that is what we will deliver. We spent a fair amount of time analyzing the issues and designing our solutions. I believe it was time well spent and I thank all our customers for their patients. So far we are very pleased with the results from our tests. Bill Billman Declude From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Mailing Lists Sent: Wednesday, July 13, 2005 9:23 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] [Declude.Virus] Brief Update Also I hope the issue of orphaned emails is being addressed with Declude and SM. This is a real pain, we had to go to back to Declude 2.0.5.76 because 2.0.6 release would break up the hdr and eml files (so you would get orphaned hdr in the /proc and .eml in the spool). 2.0.5.76 doesnt check for emails forgotten by declude so we check the /proc directory with a script. Obviosuly this is not the best way to run a mail server. I believe we worked with Ralph on this issue for several months, but no solution yet. Sal
Re: [Declude.JunkMail] [Declude.Virus] Brief Update
Robert, 1.8.2 has been rock stable for us. Darrell - DLAnalyzer - Comprehensive reporting for Declude Junkmail and Virus. Download it today from http://www.invariantsystems.com Robert Shubert writes: I too have a serious issue with Declude remaining stable on my system. I've tried each of the 2.0.6.x betas as they came out, but the problem hasn't gone away. I did have the mentioned SMTPd memory/crash issue when I originally went to 8.2, but with HF2 installed, that as gone away. My server runs an average of 70 mail/min with a peak of about 200. My question is: what version of declude should I rollback to? I'll gladly give up features as long as I have the stability, when declude crashes (and puts up a dialog, which I have to clear) no mail is delivered. Thanks for any help, Robert _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mailing Lists Sent: Friday, July 15, 2005 11:30 AM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] [Declude.Virus] Brief Update Bill, does that mean days, weeks, months? I dont know if you are aware but we reported this many many months ago, before 2.0.6 was released. We have a real problem with customers trying to explain that we cannot guarantee mail delivery because of Declude. So customers will rightfully ask for a timeframe and we wont install new installs until we know this is fixed. But a timeframe is required since it has taken so long to acknowledge and address. Sal - Original Message - From: Bill Billman mailto:[EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Friday, July 15, 2005 9:29 AM Subject: RE: [Declude.JunkMail] [Declude.Virus] Brief Update Hi Darin, We expect to be testing in a few high volume production environments in the very near future. If all goes well we will offer a general beta shortly after that. We intend to perform a thorough QA cycle and will not release until we are satisfied this version meets or exceeds expectations. Thanks, Bill Billman Declude _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Thursday, July 14, 2005 6:52 AM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] [Declude.Virus] Brief Update Hi Bill, Do you have a target release date? Thanks, Darin. - Original Message - From: Bill Billman mailto:[EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Thursday, July 14, 2005 6:31 AM Subject: RE: [Declude.JunkMail] [Declude.Virus] Brief Update Thanks Sal. I agree. Orphaned emails are unacceptable and the issue is indeed being addressed. Quality, stability, and performance are the goals for this release and that is what we will deliver. We spent a fair amount of time analyzing the issues and designing our solutions. I believe it was time well spent and I thank all our customers for their patients. So far we are very pleased with the results from our tests. Bill Billman Declude _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mailing Lists Sent: Wednesday, July 13, 2005 9:23 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] [Declude.Virus] Brief Update Also I hope the issue of orphaned emails is being addressed with Declude and SM. This is a real pain, we had to go to back to Declude 2.0.5.76 because 2.0.6 release would break up the hdr and eml files (so you would get orphaned hdr in the /proc and .eml in the spool). 2.0.5.76 doesnt check for emails forgotten by declude so we check the /proc directory with a script. Obviosuly this is not the best way to run a mail server. I believe we worked with Ralph on this issue for several months, but no solution yet. Sal - Original Message - From: Bill Billman mailto:[EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Wednesday, July 13, 2005 8:52 AM Subject: RE: [Declude.JunkMail] [Declude.Virus] Brief Update Thanks Mike. We are making great progress. We've managed to address the issues and make Declude far more efficient. Internal testing is beginning. I believe that you will be pleased with the performance and resource utilization of this version. Too early for me to make specific claims but I'm very optimistic from a stability and performance perspective. Bill Billman Declude _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael Hardrick Sent: Tuesday, July 12, 2005 2:47 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] [Declude.Virus] Brief Update Any new news on this issue? Basically, version 2.X is useless to me. If there is any way I can assist by sending debug info, lmk. --Mike TNWEB _ From: [EMAIL PROTECTED]
[Declude.JunkMail] OT: Imail / Declude as a front end for Exchange
I have an Exchange 2003 server setup using my domain name trhs.org. I added an SMTPrecipient policy for email.trhs.org and created an alias on the Imail server to forward mail to email.trhs.org. I also added email.trhs.org to the hosts file. The Imail server sends the message to the Exchange server but Exchange rejects it unless the primary SMTP address is email.trhs.org. If anyone can help me figure out what I'm missing I'd appreciate it greatly. Dan Shadix
RE: [Declude.JunkMail] OT: Imail / Declude as a front end for Exchange
Sounds like you need to dig thru the Internet Mail Connector on the Exch2003 box and set up routing for your domain. Look in routing groups. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan Shadix Sent: Wednesday, July 20, 2005 11:02 AM To: Declude.JunkMail@declude.com Subject: [Declude.JunkMail] OT: Imail / Declude as a front end for Exchange I have an Exchange 2003 server setup using my domain name trhs.org. I added an SMTP recipient policy for email.trhs.org and created an alias on the Imail server to forward mail to email.trhs.org. I also added email.trhs.org to the hosts file. The Imail server sends the message to the Exchange server but Exchange rejects it unless the primary SMTP address is email.trhs.org. If anyone can help me figure out what I'm missing I'd appreciate it greatly. Dan Shadix --- [This E-mail scanned for viruses by Declude Virus] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] OT: Imail / Declude as a front end for Exchange
Dan, Did you make sure the This exchange organization is responsible for all mail delivery to this address on the recipient policy email address. Darrell Dan Shadix writes: I have an Exchange 2003 server setup using my domain name trhs.org. I added an SMTP recipient policy for email.trhs.org and created an alias on the Imail server to forward mail to email.trhs.org. I also added email.trhs.org to the hosts file. The Imail server sends the message to the Exchange server but Exchange rejects it unless the primary SMTP address is email.trhs.org. If anyone can help me figure out what I'm missing I'd appreciate it greatly. Dan Shadix Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] OT: Imail / Declude as a front end for Exchange
Yes, I did select that. I originally set it up as a separate policy and when I couldn't get that working I added it to the default policy. Both ways it seems to work the same. Thanks, Dan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darrell ([EMAIL PROTECTED]) Sent: Wednesday, July 20, 2005 10:22 AM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] OT: Imail / Declude as a front end for Exchange Dan, Did you make sure the This exchange organization is responsible for all mail delivery to this address on the recipient policy email address. Darrell Dan Shadix writes: I have an Exchange 2003 server setup using my domain name trhs.org. I added an SMTP recipient policy for email.trhs.org and created an alias on the Imail server to forward mail to email.trhs.org. I also added email.trhs.org to the hosts file. The Imail server sends the message to the Exchange server but Exchange rejects it unless the primary SMTP address is email.trhs.org. If anyone can help me figure out what I'm missing I'd appreciate it greatly. Dan Shadix Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] outside tests
http://www.imagefxonline.net/apps/delog/fromfile.txt The fromfile from Imagefx has not been updated in a while. I think the last updates were from 2004. Darrell -- DLAnalyzer - Comprehensive reporting on Declude Junkmail and Virus. http://www.invariantsystems.com --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] outside tests
I use the spamdomains and IP lists that I've posted on my http://it.farmprogress.com/declude/declude.htmon my production email system. I usually update the spamdomainsfiles monthly and the IP List weekly. My results are posted in the statistics by month, so you can see how often these tests fired. I'd say my spam philosophy would be that it is better to let a little spam through than to block legit messages. I don't use the imagefxonline from file, but it doesn't look too current. I'd also say there might be some questionable domains on it. - Original Message - From: Schmeits, Roger To: Declude.JunkMail@declude.com Sent: Wednesday, July 20, 2005 11:34 AM Subject: [Declude.JunkMail] outside tests Greetings: We are in need of tweaking declude to use outside tests for blocking domain names. I was planning on using the following: http://it.farmprogress.com/declude/declude.htm (there are numerous lists on here) http://www.imagefxonline.net/apps/delog/fromfile.txt and the daily.txt file. Could people vouch for these lists? There are many lists out there but looking for recommendations for viable sources. Thanks. ##Roger SchmeitsSr. Network EngineerClarkson Collegehttp://www.clarksoncollege.edu(402) 552-2542##Disclaimer:The information contained in this e-mail is privileged and confidential and is intended only for the use of the addressee(s) indicated above. Use or disclosure of information e-mailed in error is respectfully prohibited. If you have received this e-mail in error, please contact the sender and immediately delete the original message. Thank you.
[Declude.JunkMail] Who is the real connecting server? (Headers vs Spamcop)
Can someone help me explain this. Why does Imail/Declude report YAHOO as the receiving server when SPAMCOP ignores Yahoo as the receiving server? We add a negative weight from Yahoo REVDNS. Should SPAMCOP also abuse to Yahoo? Or do I not fully understand? Imail log DOES show 66.163.175.81 as the connecting server (Yahoo). Shouldn't the abuse really be sent to Yahoo since it come from their server (from our logs)? Erik EMAIL HEADERS: Received: from smtp004.bizmail.sc5.yahoo.com [66.163.175.81] by mail.montananetwork.net (SMTPD-8.20) id A5E40300; Wed, 20 Jul 2005 21:26:28 -0600 Received: (qmail 37210 invoked from network); 21 Jul 2005 03:26:27 - Received: from unknown (HELO User) ([EMAIL PROTECTED]@70.245.85.9 with login) by smtp004.bizmail.sc5.yahoo.com with SMTP; 21 Jul 2005 03:26:26 - Reply-To: [EMAIL PROTECTED] From: PayPal[EMAIL PROTECTED] Subject: Unauthorized access to your PayPal account ! Date: Wed, 20 Jul 2005 22:26:16 -0500 MIME-Version: 1.0 Content-Type: text/html; charset=Windows-1251 Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Message-Id: [EMAIL PROTECTED] X-RBL-Warning: MN-WHITELIST: Message failed MN-WHITELIST test (line 21, weight -50) X-RBL-Warning: NOLEGITCONTENT: No content unique to legitimate E-mail detected. X-RBL-Warning: NOABUSE: Not supporting [EMAIL PROTECTED] X-RBL-Warning: BADHEADERS: This E-mail was sent from a broken mail client [c400120a]. X-RBL-Warning: SPAMHEADERS: This E-mail has headers consistent with spam [c400120a]. X-RBL-Warning: SPAMDOMAINS: Spamdomain '@paypal.com' found: Address of [EMAIL PROTECTED] sent from invalid smtp004.bizmail.sc5.yahoo.com. X-RBL-Warning: SPAMCHK: Message failed SPAMCHK: 10. X-MN: X-MN: Scanned for viruses and weighted for SPAM X-MN: Scan Time: 21:26:33 on 20 Jul 2005 X-MN: Spool File: D15E401AD093A.SMD X-MN: X-MN: Failed Tests: X-MN: MN-WHITELIST, NOLEGITCONTENT, NOABUSE, BADHEADERS, SPAMHEADERS, SPAMDOMAINS, SPAMCHK X-MN: X-MN: Receiving Server: mail.montananetwork.net X-MN: Spam Score: 57 X-MN: SMTP Sender: [EMAIL PROTECTED] X-MN: Recipients: X X-MN: Country Chain: UNITED STATES-destination X-MN: Sent from: smtp004.bizmail.sc5.yahoo.com ([66.163.175.81]) X-MN: Status: R X-UIDL: 419936643 X-IMail-ThreadID: 15e401ad093a SPAMCOP REPORTS: --- Received: from smtp004.bizmail.sc5.yahoo.com [66.163.175.81] by mail.montananetwork.net (SMTPD-8.20) id A5E40300; Wed, 20 Jul 2005 21:26:28 -0600 66.163.175.81 found host 66.163.175.81 = smtp004.bizmail.sc5.yahoo.com (cached) smtp004.bizmail.sc5.yahoo.com is 66.163.175.81 Possible spammer: 66.163.175.81 Received line accepted Relay trusted (66.163.175.81 bizmail.sc5.yahoo.com) Received: (qmail 37210 invoked from network); 21 Jul 2005 03:26:27 - Ignored Received: from unknown (HELO User) ([EMAIL PROTECTED]@70.245.85.9 with login) by smtp004.bizmail.sc5.yahoo.com with SMTP; 21 Jul 2005 03:26:26 - 70.245.85.9 found host 70.245.85.9 = adsl-70-245-85-9.dsl.hstntx.swbell.net (cached) adsl-70-245-85-9.dsl.hstntx.swbell.net is 70.245.85.9 Possible spammer: 70.245.85.9 Possible relay: 66.163.175.81 66.163.175.81 not listed in relays.ordb.org. 66.163.175.81 has already been sent to relay testers Received line accepted Tracking message source: 70.245.85.9: Routing details for 70.245.85.9 [refresh/show] Cached whois for 70.245.85.9 : [EMAIL PROTECTED] Using abuse net on [EMAIL PROTECTED] abuse net sbcglobal.net = [EMAIL PROTECTED] Using best contacts [EMAIL PROTECTED] Yum, this spam is fresh! Message is 0 hours old 70.245.85.9 not listed in dnsbl.njabl.org 70.245.85.9 not listed in dnsbl.njabl.org 70.245.85.9 not listed in cbl.abuseat.org 70.245.85.9 not listed in dnsbl.sorbs.net 70.245.85.9 not listed in relays.ordb.org. 70.245.85.9 not listed in accredit.habeas.com 70.245.85.9 not listed in plus.bondedsender.org 70.245.85.9 not listed in iadb.isipp.com Finding links in message body Parsing HTML part Resolving link obfuscation http://larry.clsnp.edu.hk/~larry/uit/.ssls/user_data_login_account_secure_en cryption_ssl_user_signin_online_login/index.htm host larry.clsnp.edu.hk (checking ip) = 210.0.178.155 host 210.0.178.155 (getting name) no name Tracking link: http://larry.clsnp.edu.hk/~larry/uit/.ssls/user_data_login_account_secure_en cryption_ssl_user_signin_online_login/index.htm [report history] Resolves to 210.0.178.155 Routing details for 210.0.178.155 [refresh/show] Cached whois for 210.0.178.155 : [EMAIL PROTECTED] [EMAIL PROTECTED] Using abuse net on [EMAIL PROTECTED] abuse net hgc.com.hk = [EMAIL PROTECTED]