RE: [Declude.JunkMail] Ok, what did I do wrong?
Thanks guys, yes you were right, just checking to see if you were taking note ;) you passed the test. David Barker www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Carter Sent: Friday, October 07, 2005 5:41 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] Ok, what did I do wrong? Yes you are right, I missed it. decludeproc -v. Maybe between David, you, and me, we'll get that part right. :-) John -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kevin Bilbee Sent: Friday, October 07, 2005 4:26 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] Ok, what did I do wrong? You di dnot remove the declude exe from the imail folder as per the instructions. You do not have the proper stub program running. Also to get the declude version you run decludeproc -diag. Althoug mine is not currently working. Kevin Bilbee -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of John Carter Sent: Friday, October 07, 2005 1:57 PM To: Declude.JunkMail@declude.com Subject: [Declude.JunkMail] Ok, what did I do wrong? Imail 8.21 Was/is Declude 2.0.6.16 I just attempted the upgrade to 3.0.5.5 by doing the following: Downloaded current 3.0.5.5 Stopped SMTP Stopped Queuemgr Created \proc under \spool Ran the 3.0.5.5 upgrade Created declude.cfg under c:\imail\declude\ and entered THREADS 5 Made sure decludeproc service was running - wasn't, but started it. Started SMTP Started Queuemgr Mail is flowing. Declude -diag shows I am still running 2.0.6.16 Seeing nothing happening in \proc folder (I guess because 2.0.6.16 is still there.) Is there a 3.0.5.5 version of declude.exe ?? Where do you get it? Thanks for any help John C --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] chronic junkmail -- new account
Hi, For the last few weeks, we've seen an explotion of spam mail with the from line as New Account. The subject and text vary. Some messages get caught by our threshold and dumped, but many do not. Sniffer seems to spot these pretty effectively, but not always and we don't take action on just one test, even one as good as Sniffer. Any suggestions? Ben BC Web Here is the source of one such message: Received: from 52.opnletters.com [65.175.2.52] by bcw4.bcwebhost.net with ESMTP (SMTPD32-7.15) id A25813CE00F4; Sun, 09 Oct 2005 14:57:44 -0700 Received: (from [EMAIL PROTECTED]) by 52.opnletters.com (8.8.8/8.8.8) id OAA44895; Sun, 9 Oct 2005 14:45:45 -0700 (PDT) Date: Sun, 9 Oct 2005 14:59:51 -0700 (PDT) Message-Id: [EMAIL PROTECTED] From: New Account [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Get A Free Ringtone [EMAIL PROTECTED] MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 X-RBL-Warning: SNIFFER: Message failed SNIFFER: 60. X-Declude-Sender: [EMAIL PROTECTED] [65.175.2.52] X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. X-Spam-Tests-Failed: SNIFFER [4] X-Note: This E-mail was sent from 52.opnletters.com ([65.175.2.52]). X-RCPT-TO: [EMAIL PROTECTED] Status: U X-UIDL: 428897057 Get the Newest Ring Tones! Download Top Hits to your Cell Phone! http://52.opnletters.com/m/l?3xp-e38u-1-aox4-f417 a href=http://52.opnletters.com/m/l?3xp-e38u-2-aox4-f417;Get the latest Ringtones, wallpapers, Screensavers, and more! Top ring tones include, Wait by Ying Yang Twins. First download is FREE!/a You need to visit this link. Take your Pick! http://52.opnletters.com/m/l?3xp-e38u-3-aox4-f417 To unsubscribe, from this Advertisement go to: http://52.opnletters.com/remove?r.NewAccounts.0-6037852-730b.bcwebhost.net.-ben?r or, send a blank message to: mailto:[EMAIL PROTECTED] New Account List 1333 W 120th Ave. Suite 101 Westminster, Colorado 80234 --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] chronic junkmail -- new account
Hi - Well this is what I do on these - Right off I put the ip space in my ipfile_suspicious_networks 65.175.2.0/24 Viper Hosting If I keep getting spam from then then they go to the ipfile_networks which I score higher. Same for an entry into ipfile_suspicious_hosts I then I would accumulate these to develop a pattern that I can us to punish them without false positives. For me its hard to determine how best to act until I have at least a small sample to work with. The New Account is a tipoff but that alone will not help - something else is generally in every email that as a combo you should able to wack the emails with. Not much help but best I can do Sunday eve :) -Nick IMail Admin wrote: Hi, For the last few weeks, we've seen an explotion of spam mail with the from line as New Account. The subject and text vary. Some messages get caught by our threshold and dumped, but many do not. Sniffer seems to spot these pretty effectively, but not always and we don't take action on just one test, even one as good as Sniffer. Any suggestions? Ben BC Web Here is the source of one such message: Received: from 52.opnletters.com [65.175.2.52] by bcw4.bcwebhost.net with ESMTP (SMTPD32-7.15) id A25813CE00F4; Sun, 09 Oct 2005 14:57:44 -0700 Received: (from [EMAIL PROTECTED]) by 52.opnletters.com (8.8.8/8.8.8) id OAA44895; Sun, 9 Oct 2005 14:45:45 -0700 (PDT) Date: Sun, 9 Oct 2005 14:59:51 -0700 (PDT) Message-Id: [EMAIL PROTECTED] From: New Account [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Get A Free Ringtone [EMAIL PROTECTED] MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 X-RBL-Warning: SNIFFER: Message failed SNIFFER: 60. X-Declude-Sender: [EMAIL PROTECTED] [65.175.2.52] X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. X-Spam-Tests-Failed: SNIFFER [4] X-Note: This E-mail was sent from 52.opnletters.com ([65.175.2.52]). X-RCPT-TO: [EMAIL PROTECTED] Status: U X-UIDL: 428897057 Get the Newest Ring Tones! Download Top Hits to your Cell Phone! http://52.opnletters.com/m/l?3xp-e38u-1-aox4-f417 a href=http://52.opnletters.com/m/l?3xp-e38u-2-aox4-f417;Get the latest Ringtones, wallpapers, Screensavers, and more! Top ring tones include, Wait by Ying Yang Twins. First download is FREE!/a You need to visit this link. Take your Pick! http://52.opnletters.com/m/l?3xp-e38u-3-aox4-f417 To unsubscribe, from this Advertisement go to: http://52.opnletters.com/remove?r.NewAccounts.0-6037852-730b.bcwebhost.net.-ben?r or, send a blank message to: mailto:[EMAIL PROTECTED] New Account List 1333 W 120th Ave. Suite 101 Westminster, Colorado 80234 --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] chronic junkmail -- new account
This is spam from Scott Ricter, Spamhaus's #1 listed spammer. This particular block is 65.175.2.0/24. Surprisingly it isn't widely listed, but I did find it in MAILPOLICE, and if you have URIBL support, it is also in SURBL presently. Matt IMail Admin wrote: Hi, For the last few weeks, we've seen an explotion of spam mail with the from line as New Account. The subject and text vary. Some messages get caught by our threshold and dumped, but many do not. Sniffer seems to spot these pretty effectively, but not always and we don't take action on just one test, even one as good as Sniffer. Any suggestions? Ben BC Web Here is the source of one such message: Received: from 52.opnletters.com [65.175.2.52] by bcw4.bcwebhost.net with ESMTP (SMTPD32-7.15) id A25813CE00F4; Sun, 09 Oct 2005 14:57:44 -0700 Received: (from [EMAIL PROTECTED]) by 52.opnletters.com (8.8.8/8.8.8) id OAA44895; Sun, 9 Oct 2005 14:45:45 -0700 (PDT) Date: Sun, 9 Oct 2005 14:59:51 -0700 (PDT) Message-Id: [EMAIL PROTECTED] From: New Account [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Get A Free Ringtone [EMAIL PROTECTED] MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 X-RBL-Warning: SNIFFER: Message failed SNIFFER: 60. X-Declude-Sender: [EMAIL PROTECTED] [65.175.2.52] X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. X-Spam-Tests-Failed: SNIFFER [4] X-Note: This E-mail was sent from 52.opnletters.com ([65.175.2.52]). X-RCPT-TO: [EMAIL PROTECTED] Status: U X-UIDL: 428897057 Get the Newest Ring Tones! Download Top Hits to your Cell Phone! http://52.opnletters.com/m/l?3xp-e38u-1-aox4-f417 a href=http://52.opnletters.com/m/l?3xp-e38u-2-aox4-f417;Get the latest Ringtones, wallpapers, Screensavers, and more! Top ring tones include, Wait by Ying Yang Twins. First download is FREE!/a You need to visit this link. Take your Pick! http://52.opnletters.com/m/l?3xp-e38u-3-aox4-f417 To unsubscribe, from this Advertisement go to: http://52.opnletters.com/remove?r.NewAccounts.0-6037852-730b.bcwebhost.net.-ben?r or, send a blank message to: mailto:[EMAIL PROTECTED] New Account List 1333 W 120th Ave. Suite 101 Westminster, Colorado 80234 --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] chronic junkmail -- new account
You are always on top of this stuff Matt! -Nick Matt wrote: This is spam from Scott Ricter, Spamhaus's #1 listed spammer. This particular block is 65.175.2.0/24. Surprisingly it isn't widely listed, but I did find it in MAILPOLICE, and if you have URIBL support, it is also in SURBL presently. Matt IMail Admin wrote: Hi, For the last few weeks, we've seen an explotion of spam mail with the from line as New Account. The subject and text vary. Some messages get caught by our threshold and dumped, but many do not. Sniffer seems to spot these pretty effectively, but not always and we don't take action on just one test, even one as good as Sniffer. Any suggestions? Ben BC Web Here is the source of one such message: Received: from 52.opnletters.com [65.175.2.52] by bcw4.bcwebhost.net with ESMTP (SMTPD32-7.15) id A25813CE00F4; Sun, 09 Oct 2005 14:57:44 -0700 Received: (from [EMAIL PROTECTED]) by 52.opnletters.com (8.8.8/8.8.8) id OAA44895; Sun, 9 Oct 2005 14:45:45 -0700 (PDT) Date: Sun, 9 Oct 2005 14:59:51 -0700 (PDT) Message-Id: [EMAIL PROTECTED] From: New Account [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Get A Free Ringtone [EMAIL PROTECTED] MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 X-RBL-Warning: SNIFFER: Message failed SNIFFER: 60. X-Declude-Sender: [EMAIL PROTECTED] [65.175.2.52] X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. X-Spam-Tests-Failed: SNIFFER [4] X-Note: This E-mail was sent from 52.opnletters.com ([65.175.2.52]). X-RCPT-TO: [EMAIL PROTECTED] Status: U X-UIDL: 428897057 Get the Newest Ring Tones! Download Top Hits to your Cell Phone! http://52.opnletters.com/m/l?3xp-e38u-1-aox4-f417 a href=http://52.opnletters.com/m/l?3xp-e38u-2-aox4-f417;Get the latest Ringtones, wallpapers, Screensavers, and more! Top ring tones include, Wait by Ying Yang Twins. First download is FREE!/a You need to visit this link. Take your Pick! http://52.opnletters.com/m/l?3xp-e38u-3-aox4-f417 To unsubscribe, from this Advertisement go to: http://52.opnletters.com/remove?r.NewAccounts.0-6037852-730b.bcwebhost.net.-ben?r or, send a blank message to: mailto:[EMAIL PROTECTED] New Account List 1333 W 120th Ave. Suite 101 Westminster, Colorado 80234 --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] chronic junkmail -- new account
I would suggest you look at incorporating a URI type checker like invURIBL as opnletters.com has been in SURBL for a while and I am showing hits back as far as September 1st for that particular domain. uribl-logfile0901.txt:2005-09-01 00:15:22.656 2005-09-01 00:15:22.953 E:\IMAIL\SPOOL\D8058132B024647FB.SMD opnletters.com 127.0.0.82 URI from message body found in multi.surbl.org [82] [Total Weight=15] On average I am seeing about 100-150 of these domains a day out of 100K-150K messages per day processed. Since September 1st this domain has hit on our system 4,700+ times so it has been semi active. Darrell --- Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail Queue Monitoring, Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. - Original Message - From: IMail Admin [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Sunday, October 09, 2005 6:34 PM Subject: [Declude.JunkMail] chronic junkmail -- new account Hi, For the last few weeks, we've seen an explotion of spam mail with the from line as New Account. The subject and text vary. Some messages get caught by our threshold and dumped, but many do not. Sniffer seems to spot these pretty effectively, but not always and we don't take action on just one test, even one as good as Sniffer. Any suggestions? Ben BC Web Here is the source of one such message: Received: from 52.opnletters.com [65.175.2.52] by bcw4.bcwebhost.net with ESMTP (SMTPD32-7.15) id A25813CE00F4; Sun, 09 Oct 2005 14:57:44 -0700 Received: (from [EMAIL PROTECTED]) by 52.opnletters.com (8.8.8/8.8.8) id OAA44895; Sun, 9 Oct 2005 14:45:45 -0700 (PDT) Date: Sun, 9 Oct 2005 14:59:51 -0700 (PDT) Message-Id: [EMAIL PROTECTED] From: New Account [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Get A Free Ringtone [EMAIL PROTECTED] MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 X-RBL-Warning: SNIFFER: Message failed SNIFFER: 60. X-Declude-Sender: [EMAIL PROTECTED] [65.175.2.52] X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. X-Spam-Tests-Failed: SNIFFER [4] X-Note: This E-mail was sent from 52.opnletters.com ([65.175.2.52]). X-RCPT-TO: [EMAIL PROTECTED] Status: U X-UIDL: 428897057 Get the Newest Ring Tones! Download Top Hits to your Cell Phone! http://52.opnletters.com/m/l?3xp-e38u-1-aox4-f417 a href=http://52.opnletters.com/m/l?3xp-e38u-2-aox4-f417;Get the latest Ringtones, wallpapers, Screensavers, and more! Top ring tones include, Wait by Ying Yang Twins. First download is FREE!/a You need to visit this link. Take your Pick! http://52.opnletters.com/m/l?3xp-e38u-3-aox4-f417 To unsubscribe, from this Advertisement go to: http://52.opnletters.com/remove?r.NewAccounts.0-6037852-730b.bcwebhost.net.-ben?r or, send a blank message to: mailto:[EMAIL PROTECTED] New Account List 1333 W 120th Ave. Suite 101 Westminster, Colorado 80234 --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] chronic junkmail -- new account
I don't know whether or not I should be proud of that accomplishment :-/ Matt Nick Hayer wrote: You are always on top of this stuff Matt! -Nick Matt wrote: This is spam from Scott Ricter, Spamhaus's #1 listed spammer. This particular block is 65.175.2.0/24. Surprisingly it isn't widely listed, but I did find it in MAILPOLICE, and if you have URIBL support, it is also in SURBL presently. Matt IMail Admin wrote: Hi, For the last few weeks, we've seen an explotion of spam mail with the from line as New Account. The subject and text vary. Some messages get caught by our threshold and dumped, but many do not. Sniffer seems to spot these pretty effectively, but not always and we don't take action on just one test, even one as good as Sniffer. Any suggestions? Ben BC Web Here is the source of one such message: Received: from 52.opnletters.com [65.175.2.52] by bcw4.bcwebhost.net with ESMTP (SMTPD32-7.15) id A25813CE00F4; Sun, 09 Oct 2005 14:57:44 -0700 Received: (from [EMAIL PROTECTED]) by 52.opnletters.com (8.8.8/8.8.8) id OAA44895; Sun, 9 Oct 2005 14:45:45 -0700 (PDT) Date: Sun, 9 Oct 2005 14:59:51 -0700 (PDT) Message-Id: [EMAIL PROTECTED] From: New Account [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Get A Free Ringtone [EMAIL PROTECTED] MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 X-RBL-Warning: SNIFFER: Message failed SNIFFER: 60. X-Declude-Sender: [EMAIL PROTECTED] [65.175.2.52] X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. X-Spam-Tests-Failed: SNIFFER [4] X-Note: This E-mail was sent from 52.opnletters.com ([65.175.2.52]). X-RCPT-TO: [EMAIL PROTECTED] Status: U X-UIDL: 428897057 Get the Newest Ring Tones! Download Top Hits to your Cell Phone! http://52.opnletters.com/m/l?3xp-e38u-1-aox4-f417 a href=http://52.opnletters.com/m/l?3xp-e38u-2-aox4-f417;Get the latest Ringtones, wallpapers, Screensavers, and more! Top ring tones include, Wait by Ying Yang Twins. First download is FREE!/a You need to visit this link. Take your Pick! http://52.opnletters.com/m/l?3xp-e38u-3-aox4-f417 To unsubscribe, from this Advertisement go to: http://52.opnletters.com/remove?r.NewAccounts.0-6037852-730b.bcwebhost.net.-ben?r or, send a blank message to: mailto:[EMAIL PROTECTED] New Account List 1333 W 120th Ave. Suite 101 Westminster, Colorado 80234 --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
