[Declude.JunkMail] Bugfix: Imail 8.22 and ICS 2.02 released
Hello, there are two bugs in Imail, one for authenticated users in Imap, one for all in SMTP. Please upgrade your systems! http://www.ipswitch.com/support/ics/updates/ics202.asp http://www.ipswitch.com/support/ics/updates/ics202.asp http://www.ipswitch.com/support/imail/releases/imail_professional/im822.asp http://www.ipswitch.com/support/imail/releases/imail_professional/im822.asp Advisories: - http://www.idefense.com/application/poi/display?id=347type=vulnerabilities http://www.idefense.com/application/poi/display?id=347type=vulnerabilities - http://www.idefense.com/application/poi/display?id=346type=vulnerabilities http://www.idefense.com/application/poi/display?id=346type=vulnerabilities Alex --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Bugfix: Imail 8.22 and ICS 2.02 released
Anyone hear anything about if 8.1x is affected? It talks only about 8.2. Darrell Hirthe, Alexander writes: Hello, there are two bugs in Imail, one for authenticated users in Imap, one for all in SMTP. Please upgrade your systems! http://www.ipswitch.com/support/ics/updates/ics202.asp http://www.ipswitch.com/support/ics/updates/ics202.asp http://www.ipswitch.com/support/imail/releases/imail_professional/im822.asp http://www.ipswitch.com/support/imail/releases/imail_professional/im822.asp Advisories: - http://www.idefense.com/application/poi/display?id=347type=vulnerabilities http://www.idefense.com/application/poi/display?id=347type=vulnerabilities - http://www.idefense.com/application/poi/display?id=346type=vulnerabilities http://www.idefense.com/application/poi/display?id=346type=vulnerabilities Alex --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Bugfix: Imail 8.22 and ICS 2.02 released
Check the patch page at http://www.ipswitch.com/support/imail/releases/imail_professional/index.asp. There is a 8.15 fix. John C -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darrell ([EMAIL PROTECTED]) Sent: Wednesday, December 07, 2005 7:55 AM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] Bugfix: Imail 8.22 and ICS 2.02 released Anyone hear anything about if 8.1x is affected? It talks only about 8.2. Darrell Hirthe, Alexander writes: Hello, there are two bugs in Imail, one for authenticated users in Imap, one for all in SMTP. Please upgrade your systems! http://www.ipswitch.com/support/ics/updates/ics202.asp http://www.ipswitch.com/support/ics/updates/ics202.asp http://www.ipswitch.com/support/imail/releases/imail_professional/im82 2.asp http://www.ipswitch.com/support/imail/releases/imail_professional/im8 22.asp Advisories: - http://www.idefense.com/application/poi/display?id=347type=vulnerabil ities http://www.idefense.com/application/poi/display?id=347type=vulnerabi lities - http://www.idefense.com/application/poi/display?id=346type=vulnerabil ities http://www.idefense.com/application/poi/display?id=346type=vulnerabi lities Alex --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Bugfix: Imail 8.22 and ICS 2.02 released
Thanks John, Darrell John Carter writes: Check the patch page at http://www.ipswitch.com/support/imail/releases/imail_professional/index.asp. There is a 8.15 fix. John C -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darrell ([EMAIL PROTECTED]) Sent: Wednesday, December 07, 2005 7:55 AM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] Bugfix: Imail 8.22 and ICS 2.02 released Anyone hear anything about if 8.1x is affected? It talks only about 8.2. Darrell Hirthe, Alexander writes: Hello, there are two bugs in Imail, one for authenticated users in Imap, one for all in SMTP. Please upgrade your systems! http://www.ipswitch.com/support/ics/updates/ics202.asp http://www.ipswitch.com/support/ics/updates/ics202.asp http://www.ipswitch.com/support/imail/releases/imail_professional/im82 2.asp http://www.ipswitch.com/support/imail/releases/imail_professional/im8 22.asp Advisories: - http://www.idefense.com/application/poi/display?id=347type=vulnerabil ities http://www.idefense.com/application/poi/display?id=347type=vulnerabi lities - http://www.idefense.com/application/poi/display?id=346type=vulnerabil ities http://www.idefense.com/application/poi/display?id=346type=vulnerabi lities Alex --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] D files in spool
Title: D files in spool Hello All, Im running Declude 1.80 w/ Imail 7.15HF2 and have noticed my spool file is filling up with emails, specifically, D files. Im seeing a host of these, without corresponding T files which makes me wonder if perhaps Declude is starting to process it but isnt finishing. Has anyone seen this before? I did have a problem where my Imail user directory was full which caused my POP3 server to shutdown. Ive since resolved that problem but now Im getting all these D files. Can anyone shed some light on this issue? Do I need to reinstall Declude JunkMail? Troy D. Hilton Serveon, Inc. [EMAIL PROTECTED] 302-529-8640
Re: [Declude.JunkMail] Bugfix: Imail 8.22 and ICS 2.02 released
After looking at that - it appears that those patches are from the exploits early this summer (May 2005) and not from this recent round. Darrell Darrell ([EMAIL PROTECTED]) writes: Thanks John, Darrell John Carter writes: Check the patch page at http://www.ipswitch.com/support/imail/releases/imail_professional/index.a sp. There is a 8.15 fix. John C -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darrell ([EMAIL PROTECTED]) Sent: Wednesday, December 07, 2005 7:55 AM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] Bugfix: Imail 8.22 and ICS 2.02 released Anyone hear anything about if 8.1x is affected? It talks only about 8.2. Darrell Hirthe, Alexander writes: Hello, there are two bugs in Imail, one for authenticated users in Imap, one for all in SMTP. Please upgrade your systems! http://www.ipswitch.com/support/ics/updates/ics202.asp http://www.ipswitch.com/support/ics/updates/ics202.asp http://www.ipswitch.com/support/imail/releases/imail_professional/im82 2.asp http://www.ipswitch.com/support/imail/releases/imail_professional/im8 22.asp Advisories: - http://www.idefense.com/application/poi/display?id=347type=vulnerabil ities http://www.idefense.com/application/poi/display?id=347type=vulnerabi lities - http://www.idefense.com/application/poi/display?id=346type=vulnerabil ities http://www.idefense.com/application/poi/display?id=346type=vulnerabi lities Alex --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Bugfix: Imail 8.22 and ICS 2.02 released
Sorry about that. Didn't notice the date. I've got to slow down. John C -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darrell ([EMAIL PROTECTED]) Sent: Wednesday, December 07, 2005 8:28 AM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] Bugfix: Imail 8.22 and ICS 2.02 released After looking at that - it appears that those patches are from the exploits early this summer (May 2005) and not from this recent round. Darrell Darrell ([EMAIL PROTECTED]) writes: Thanks John, Darrell John Carter writes: Check the patch page at http://www.ipswitch.com/support/imail/releases/imail_professional/ind ex.a sp. There is a 8.15 fix. John C -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darrell ([EMAIL PROTECTED]) Sent: Wednesday, December 07, 2005 7:55 AM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] Bugfix: Imail 8.22 and ICS 2.02 released Anyone hear anything about if 8.1x is affected? It talks only about 8.2. Darrell Hirthe, Alexander writes: Hello, there are two bugs in Imail, one for authenticated users in Imap, one for all in SMTP. Please upgrade your systems! http://www.ipswitch.com/support/ics/updates/ics202.asp http://www.ipswitch.com/support/ics/updates/ics202.asp http://www.ipswitch.com/support/imail/releases/imail_professional/im 82 2.asp http://www.ipswitch.com/support/imail/releases/imail_professional/i m8 22.asp Advisories: - http://www.idefense.com/application/poi/display?id=347type=vulnerab il ities http://www.idefense.com/application/poi/display?id=347type=vulnera bi lities - http://www.idefense.com/application/poi/display?id=346type=vulnerab il ities http://www.idefense.com/application/poi/display?id=346type=vulnera bi lities Alex --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. - --- Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. -- -- Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Imail Anti-spam Gateway
Has anyone had any experience with building an Imail Anti-spam Gateway? I have found one article on the net about building a linux box running FreeBSD and putting it in front of the mail server to do the bulk mail filtering. I have also heard that spam assassin can be ran in Linux. Does anyone have details on any of this? Has anyone put this in practice and had some success stories or even failure stories? Has anyone compared this in house with a Barracuda or PineApp product? I have a low powered machine to run my mail and this would defiantly take a load off. Any ideas would be great! Lee Miller Director of Operations NTS Services 309-353-5632 ext 238 [EMAIL PROTECTED]
Re: [Declude.JunkMail] Bugfix: Imail 8.22 and ICS 2.02 released
Bill, I am actually looking for any information pertaining to 8.1x specifically is 8.15 vulnerable. Darrell Bill Landry writes: Yes, 8.2 needs to be patched, as well. See: http://www.ipswitch.com/support/imail/releases/imail_professional/im822.as p Bill - Original Message - From: Darrell ([EMAIL PROTECTED]) [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Wednesday, December 07, 2005 5:54 AM Subject: Re: [Declude.JunkMail] Bugfix: Imail 8.22 and ICS 2.02 released Anyone hear anything about if 8.1x is affected? It talks only about 8.2. Darrell Hirthe, Alexander writes: Hello, there are two bugs in Imail, one for authenticated users in Imap, one for all in SMTP. Please upgrade your systems! http://www.ipswitch.com/support/ics/updates/ics202.asp http://www.ipswitch.com/support/ics/updates/ics202.asp http://www.ipswitch.com/support/imail/releases/imail_professional/im822. asp http://www.ipswitch.com/support/imail/releases/imail_professional/im822 .asp Advisories: - http://www.idefense.com/application/poi/display?id=347type=vulnerabilit ies http://www.idefense.com/application/poi/display?id=347type=vulnerabili ties - http://www.idefense.com/application/poi/display?id=346type=vulnerabilit ies http://www.idefense.com/application/poi/display?id=346type=vulnerabili ties Alex --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] D files in spool
Declude only processes D*.smd and Q*.smd files not T files. IMail does not delete the data file when a message is not deliverable, not returnable, and there is no postmaster alias (or there is a problem with the postmaster or root alias accounts). In certain instances, like if you happen to reboot your system while a message is being received, IMail may leave behind the T and the D files. David B www.declude.com From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Troy D. Hilton Sent: Wednesday, December 07, 2005 9:21 AM To: Declude.JunkMail@declude.com Subject: [Declude.JunkMail] D files in spool Hello All, I'm running Declude 1.80 w/ Imail 7.15HF2 and have noticed my spool file is filling up with emails, specifically, D files. I'm seeing a host of these, without corresponding T files which makes me wonder if perhaps Declude is starting to process it but isn't finishing. Has anyone seen this before? I did have a problem where my Imail user directory was full which caused my POP3 server to shutdown. I've since resolved that problem but now I'm getting all these D files. Can anyone shed some light on this issue? Do I need to reinstall Declude JunkMail? Troy D. Hilton Serveon, Inc. [EMAIL PROTECTED] 302-529-8640 --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] OT: Mail Building up in IMail Spool Directory
In all of my cases of this sort of thing happening to us (which has only occurred a few times in 3 years), This has been the case with us. A simple restart of DNS services usually takes care of the problem. Anton - Original Message - From: Dave Doherty [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Tuesday, December 06, 2005 2:40 PM Subject: Re: [Declude.JunkMail] OT: Mail Building up in IMail Spool Directory Dan- In addition to the other great suggestions made heer, check to be sure DNS is running. Imail will generally not switch to the second DNS service in the SMTP settings, so if the first server listed fails, you can get exactly the effect you describe. If you have already installed caching DNS on your mail server and set SMTP's DNS to 127.0.0.1, check that the DNS service is running. If so, recycle it. If not, start it. -Dave Doherty Skywaves, Inc. - Original Message - From: Dan Geiser [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Tuesday, December 06, 2005 11:13 AM Subject: [Declude.JunkMail] OT: Mail Building up in IMail Spool Directory Hello, All, Starting at about 7:51am this morning there's been an inordinate amount of e-mail building up in my imail/spool directory. I've checked the logs and it appears that we are accepting all e-mail in to the server but not all of it is being sent out. I haven't been able to 100% confirm it but it appears that all of the e-mail which is being held so far is incoming e-mail for our Store and Forward spam filtering customers. The weird thing about it is I'm finding lots of e-mail in the spool directory that are clearly spam and will probably be identified as spam if it ever reached Declude. It's almost as if the SMTP server hasn't even attempted delivering any of this e-mail even once. Does anyone know what could possibly be going on here? I'm aware of the IMail forum but I thought I'd try here first. Thanks In Advance, Dan Geiser [EMAIL PROTECTED] --- E-mail scanned for viruses by Nexus (http://www.ntgrp.com/mailscan) --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Bugfix: Imail 8.22 and ICS 2.02 released
8.15HF2 fixed this problem back in May, I believe. http://www.ipswitch.com/support/imail/releases/imail_professional/index.asp -Dave Doherty Skywaves, Inc. - Original Message - From: Darrell ([EMAIL PROTECTED]) [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Wednesday, December 07, 2005 11:14 AM Subject: Re: [Declude.JunkMail] Bugfix: Imail 8.22 and ICS 2.02 released Bill, I am actually looking for any information pertaining to 8.1x specifically is 8.15 vulnerable. Darrell Bill Landry writes: Yes, 8.2 needs to be patched, as well. See: http://www.ipswitch.com/support/imail/releases/imail_professional/im822.as p Bill - Original Message - From: Darrell ([EMAIL PROTECTED]) [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Wednesday, December 07, 2005 5:54 AM Subject: Re: [Declude.JunkMail] Bugfix: Imail 8.22 and ICS 2.02 released Anyone hear anything about if 8.1x is affected? It talks only about 8.2. Darrell Hirthe, Alexander writes: Hello, there are two bugs in Imail, one for authenticated users in Imap, one for all in SMTP. Please upgrade your systems! http://www.ipswitch.com/support/ics/updates/ics202.asp http://www.ipswitch.com/support/ics/updates/ics202.asp http://www.ipswitch.com/support/imail/releases/imail_professional/im822. asp http://www.ipswitch.com/support/imail/releases/imail_professional/im822 .asp Advisories: - http://www.idefense.com/application/poi/display?id=347type=vulnerabilit ies http://www.idefense.com/application/poi/display?id=347type=vulnerabili ties - http://www.idefense.com/application/poi/display?id=346type=vulnerabilit ies http://www.idefense.com/application/poi/display?id=346type=vulnerabili ties Alex --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] CBL:Fw: news
Can I put this in my keyword filter? Richard FarrisEthixs Online1.270.247. Office1.800.548.3877 Tech Support"Crossroads to a Cleaner Internet" - Original Message - From: Kevin Bilbee To: Declude.JunkMail@declude.com Sent: Tuesday, December 06, 2005 1:54 PM Subject: RE: [Declude.JunkMail] CBL:Fw: news We use a body filter BODY 15 BEGINSWITH img src=""> This puts the message at our hold weight. I have not seen one false positive from this test. Kevin Bilbee -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of Richard FarrisSent: Tuesday, December 06, 2005 11:25 AMTo: Declude.JunkMail@declude.comSubject: [Declude.JunkMail] CBL:Fw: news Does anyone have an answer to filter these type emails? Richard FarrisEthixs Online1.270.247. Office1.800.548.3877 Tech Support"Crossroads to a Cleaner Internet" - Original Message - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, December 06, 2005 3:20 AM Subject: news
RE: [Declude.JunkMail] Bugfix: Imail 8.22 and ICS 2.02 released
The fixes in may for what idefense.com discovered were different issues than the ones reported for Collaboration Suite and Imail 8.2x After reading the latest advisory, I've done some testing with telnet and I am sure that Imail 8.1x does not have the same vulnerability; Ipswitch introduced the flaw when they created Collaboration Suite and 8.2x so don't worry that there is no patch for 8.1x. Andrew 8) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave Doherty Sent: Wednesday, December 07, 2005 8:52 AM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] Bugfix: Imail 8.22 and ICS 2.02 released 8.15HF2 fixed this problem back in May, I believe. http://www.ipswitch.com/support/imail/releases/imail_professio nal/index.asp -Dave Doherty Skywaves, Inc. - Original Message - From: Darrell ([EMAIL PROTECTED]) [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Wednesday, December 07, 2005 11:14 AM Subject: Re: [Declude.JunkMail] Bugfix: Imail 8.22 and ICS 2.02 released Bill, I am actually looking for any information pertaining to 8.1x specifically is 8.15 vulnerable. Darrell Bill Landry writes: Yes, 8.2 needs to be patched, as well. See: http://www.ipswitch.com/support/imail/releases/imail_professio nal/im822.as p Bill - Original Message - From: Darrell ([EMAIL PROTECTED]) [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Wednesday, December 07, 2005 5:54 AM Subject: Re: [Declude.JunkMail] Bugfix: Imail 8.22 and ICS 2.02 released Anyone hear anything about if 8.1x is affected? It talks only about 8.2. Darrell Hirthe, Alexander writes: Hello, there are two bugs in Imail, one for authenticated users in Imap, one for all in SMTP. Please upgrade your systems! http://www.ipswitch.com/support/ics/updates/ics202.asp http://www.ipswitch.com/support/ics/updates/ics202.asp http://www.ipswitch.com/support/imail/releases/imail_professio nal/im822. asp http://www.ipswitch.com/support/imail/releases/imail_professi onal/im822 .asp Advisories: - http://www.idefense.com/application/poi/display?id=347type=vu lnerabilit ies http://www.idefense.com/application/poi/display?id=347type=v ulnerabili ties - http://www.idefense.com/application/poi/display?id=346type=vu lnerabilit ies http://www.idefense.com/application/poi/display?id=346type=v ulnerabili ties Alex --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. -- -- Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. -- -- Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] CBL:Fw: news
I created a filter with the string BODY0BEGINSWITHimg src=""> The declude.cfg goes like this GIFINBODYFILTER filter d:\imail\declude\filters\gifinbodyfilter.txt x 150 0 After searchingthe declude log I dont see where the filter has been triggered a single time in the last day. There are no errors in the declude log calling the test either. Tocheck it I took one of the gifs and sent it to myself. I received it. Here is the header from the email. You will see in red where the gif seems to have a " but the original emails did not. Todd Received: from backup.progressive.loc [192.168.1.19] by net.smart-mail.net (SMTPD32-8.15) id A7821E0198; Wed, 07 Dec 2005 13:26:58 -0600Received: (from office [68.203.154.122])by backup.progressive.loc (SMSSMTP 4.0.0.59) with SMTP id M2005120713264209805for hunter; Wed, 07 Dec 2005 13:26:42 -0600Message-ID: [EMAIL PROTECTED]From: "Hunter" hunterTo: "Todd -Progressive.biz" hunterSubject: breaking newsDate: Wed, 7 Dec 2005 13:26:41 -0600MIME-Version: 1.0Content-Type: multipart/related;type="multipart/alternative";boundary="=_NextPart_000_0095_01C5FB31.DC30EB90"X-Priority: 3X-MSMail-Priority: NormalX-Mailer: Microsoft Outlook Express 6.00.2800.1409X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409X-mxGuard-Info: Processed by net.smart-mail.net using mxGuard v1.5.0X-mxGuard-Spool-ID: 377c001e01984a62X-mxGuard-Sender: hunter@X-mxGuard-Spam-Score: 0X-Note: This message has been scanned for spam and viruses using mxGuard for IMailX-RBL-Warning: IPNOTINMX: X-RBL-Warning: SPFUNKNOWN: SPF returned UNKNOWN for this E-mail.X-RBL-Warning: SPAMCHK: Message failed SPAMCHK: -10.X-Declude-Sender: hunter [68.203.154.122]X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam.X-Spam-Tests-Failed: IPNOTINMX, SPFUNKNOWN, SPAMCHK, CATCHALLMAILS [-25]X-Note: Total spam weight of this E-mail is -25 .X-Country-Chain: UNITED STATES-destinationX-Note: This E-mail was sent from cpe-68-203-154-122.houston.res.rr.com ([68.203.154.122]).X-RCPT-TO: hunter@Status: RX-UIDL: 370538202 This is a multi-part message in MIME format. --=_NextPart_000_0095_01C5FB31.DC30EB90Content-Type: multipart/alternative;boundary="=_NextPart_001_0096_01C5FB31.DC30EB90" --=_NextPart_001_0096_01C5FB31.DC30EB90Content-Type: text/plain;charset="iso-8859-1"Content-Transfer-Encoding: quoted-printable --=_NextPart_001_0096_01C5FB31.DC30EB90Content-Type: text/html;charset="iso-8859-1"Content-Transfer-Encoding: quoted-printable !DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"HTMLHEADMETA http-equiv=3DContent-Type content=3D"text/html; =charset=3Diso-8859-1"META content=3D"MSHTML 6.00.2800.1400" name=3DGENERATORSTYLE/STYLE/HEADBODY bgColor=3D#ffDIVIMG src="" =/DIV/BODY/HTML --=_NextPart_001_0096_01C5FB31.DC30EB90-- --=_NextPart_000_0095_01C5FB31.DC30EB90Content-Type: image/gif;name="lzj.gif"Content-Transfer-Encoding: base64Content-ID: [EMAIL PROTECTED] - Original Message - From: Scott Fisher To: Declude.JunkMail@declude.com Sent: Tuesday, December 06, 2005 3:51 PM Subject: Re: [Declude.JunkMail] CBL:Fw: news basically it will end the filter if any of the statements are not true. These stock emails have always met these 4 criteria, so if it doesn't meet them end the filter. 1. contains a gif attachment hence:Content-Type: image/gif 23. contains a header like: Received: from unknown (HELO randomword [192.168. 4. Always fails cmdspace You could use mine and Kevin's combined: BODYENDNOTCONTAINSContent-Type: image/gifHEADERSENDNOTCONTAINSReceived: from unknown (HELOHEADERSENDNOTCONTAINS[192.168.TESTSFAILEDENDNOTCONTAINSCMDSPACE BODY 15 CONTAINS img src=""> - Original Message - From: Todd To: Declude.JunkMail@declude.com Sent: Tuesday, December 06, 2005 3:28 PM Subject: Re: [Declude.JunkMail] CBL:Fw: news Scott, I am looking through the Declude manualto determine what you are doing. I don't think I understand NOTCONTAINS. I would think CONTAINS mean ithas thisstring in the body and NOTCCONTAINS means it does not. So why NOTCONTAINS Content-Type: image/gif ? I feel like I am probably missing something painfully obvious here. Todd - Original Message - From: Scott Fisher To: Declude.JunkMail@declude.com Sent: Tuesday, December 06, 2005 1:50 PM Subject: Re: [Declude.JunkMail] CBL:Fw: news I use this filter: STOPATFIRSTHIT BODYENDNOTCONTAINSContent-Type: image/gifHEADERSENDNOTCONTAINSReceived: from unknown (HELOHEADERSENDNOTCONTAINS[192.168.TESTSFAILEDENDNOTCONTAINSCMDSPACE
RE: [Declude.JunkMail] CBL:Fw: news
Then it is now being embeded in html. This catches the ones with no html. Kevin Bilbee -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of ToddSent: Wednesday, December 07, 2005 11:40 AMTo: Declude.JunkMail@declude.comSubject: Re: [Declude.JunkMail] CBL:Fw: news I created a filter with the string BODY0BEGINSWITHimg src=""> The declude.cfg goes like this GIFINBODYFILTER filter d:\imail\declude\filters\gifinbodyfilter.txt x 150 0 After searchingthe declude log I dont see where the filter has been triggered a single time in the last day. There are no errors in the declude log calling the test either. Tocheck it I took one of the gifs and sent it to myself. I received it. Here is the header from the email. You will see in red where the gif seems to have a " but the original emails did not. Todd Received: from backup.progressive.loc [192.168.1.19] by net.smart-mail.net (SMTPD32-8.15) id A7821E0198; Wed, 07 Dec 2005 13:26:58 -0600Received: (from office [68.203.154.122])by backup.progressive.loc (SMSSMTP 4.0.0.59) with SMTP id M2005120713264209805for hunter; Wed, 07 Dec 2005 13:26:42 -0600Message-ID: [EMAIL PROTECTED]From: "Hunter" hunterTo: "Todd -Progressive.biz" hunterSubject: breaking newsDate: Wed, 7 Dec 2005 13:26:41 -0600MIME-Version: 1.0Content-Type: multipart/related;type="multipart/alternative";boundary="=_NextPart_000_0095_01C5FB31.DC30EB90"X-Priority: 3X-MSMail-Priority: NormalX-Mailer: Microsoft Outlook Express 6.00.2800.1409X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409X-mxGuard-Info: Processed by net.smart-mail.net using mxGuard v1.5.0X-mxGuard-Spool-ID: 377c001e01984a62X-mxGuard-Sender: hunter@X-mxGuard-Spam-Score: 0X-Note: This message has been scanned for spam and viruses using mxGuard for IMailX-RBL-Warning: IPNOTINMX: X-RBL-Warning: SPFUNKNOWN: SPF returned UNKNOWN for this E-mail.X-RBL-Warning: SPAMCHK: Message failed SPAMCHK: -10.X-Declude-Sender: hunter [68.203.154.122]X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam.X-Spam-Tests-Failed: IPNOTINMX, SPFUNKNOWN, SPAMCHK, CATCHALLMAILS [-25]X-Note: Total spam weight of this E-mail is -25 .X-Country-Chain: UNITED STATES-destinationX-Note: This E-mail was sent from cpe-68-203-154-122.houston.res.rr.com ([68.203.154.122]).X-RCPT-TO: hunter@Status: RX-UIDL: 370538202 This is a multi-part message in MIME format. --=_NextPart_000_0095_01C5FB31.DC30EB90Content-Type: multipart/alternative;boundary="=_NextPart_001_0096_01C5FB31.DC30EB90" --=_NextPart_001_0096_01C5FB31.DC30EB90Content-Type: text/plain;charset="iso-8859-1"Content-Transfer-Encoding: quoted-printable --=_NextPart_001_0096_01C5FB31.DC30EB90Content-Type: text/html;charset="iso-8859-1"Content-Transfer-Encoding: quoted-printable !DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"HTMLHEADMETA http-equiv=3DContent-Type content=3D"text/html; =charset=3Diso-8859-1"META content=3D"MSHTML 6.00.2800.1400" name=3DGENERATORSTYLE/STYLE/HEADBODY bgColor=3D#ffDIVIMG src="" =/DIV/BODY/HTML --=_NextPart_001_0096_01C5FB31.DC30EB90-- --=_NextPart_000_0095_01C5FB31.DC30EB90Content-Type: image/gif;name="lzj.gif"Content-Transfer-Encoding: base64Content-ID: [EMAIL PROTECTED] - Original Message - From: Scott Fisher To: Declude.JunkMail@declude.com Sent: Tuesday, December 06, 2005 3:51 PM Subject: Re: [Declude.JunkMail] CBL:Fw: news basically it will end the filter if any of the statements are not true. These stock emails have always met these 4 criteria, so if it doesn't meet them end the filter. 1. contains a gif attachment hence:Content-Type: image/gif 23. contains a header like: Received: from unknown (HELO randomword [192.168. 4. Always fails cmdspace You could use mine and Kevin's combined: BODYENDNOTCONTAINSContent-Type: image/gifHEADERSENDNOTCONTAINSReceived: from unknown (HELOHEADERSENDNOTCONTAINS[192.168.TESTSFAILEDENDNOTCONTAINSCMDSPACE BODY 15 CONTAINS img src=""> - Original Message - From: Todd To: Declude.JunkMail@declude.com Sent: Tuesday, December 06, 2005 3:28 PM Subject: Re: [Declude.JunkMail] CBL:Fw: news Scott, I am looking through the Declude manualto determine what you are doing. I don't think I understand NOTCONTAINS. I would think CONTAINS mean ithas thisstring in the body and NOTCCONTAINS means it does not. So why NOTCONTAINS Content-Type: image/gif ? I feel like I am probably missing something painfully obvious
Re: [Declude.JunkMail] CBL:Fw: news
Try CONTAINS instead of BEGINSWITH Make sure you have at least one crlf [a bunch would not hurt] at the end of the filter file. -Nick Todd wrote: I created a filter with the string BODY0BEGINSWITHimg src=""> The declude.cfg goes like this GIFINBODYFILTER filter d:\imail\declude\filters\gifinbodyfilter.txt x 150 0 After searchingthe declude log I dont see where the filter has been triggered a single time in the last day. There are no errors in the declude log calling the test either. Tocheck it I took one of the gifs and sent it to myself. I received it. Here is the header from the email. You will see in red where the gif seems to have a " but the original emails did not. Todd Received: from backup.progressive.loc [192.168.1.19] by net.smart-mail.net (SMTPD32-8.15) id A7821E0198; Wed, 07 Dec 2005 13:26:58 -0600 Received: (from office [68.203.154.122]) by backup.progressive.loc (SMSSMTP 4.0.0.59) with SMTP id M2005120713264209805 for hunter; Wed, 07 Dec 2005 13:26:42 -0600 Message-ID: [EMAIL PROTECTED] From: "Hunter" hunter To: "Todd -Progressive.biz" hunter Subject: breaking news Date: Wed, 7 Dec 2005 13:26:41 -0600 MIME-Version: 1.0 Content-Type: multipart/related; type="multipart/alternative"; boundary="=_NextPart_000_0095_01C5FB31.DC30EB90" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1409 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409 X-mxGuard-Info: Processed by net.smart-mail.net using mxGuard v1.5.0 X-mxGuard-Spool-ID: 377c001e01984a62 X-mxGuard-Sender: hunter@ X-mxGuard-Spam-Score: 0 X-Note: This message has been scanned for spam and viruses using mxGuard for IMail X-RBL-Warning: IPNOTINMX: X-RBL-Warning: SPFUNKNOWN: SPF returned UNKNOWN for this E-mail. X-RBL-Warning: SPAMCHK: Message failed SPAMCHK: -10. X-Declude-Sender: hunter [68.203.154.122] X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. X-Spam-Tests-Failed: IPNOTINMX, SPFUNKNOWN, SPAMCHK, CATCHALLMAILS [-25] X-Note: Total spam weight of this E-mail is -25 . X-Country-Chain: UNITED STATES-destination X-Note: This E-mail was sent from cpe-68-203-154-122.houston.res.rr.com ([68.203.154.122]). X-RCPT-TO: hunter@ Status: R X-UIDL: 370538202 This is a multi-part message in MIME format. --=_NextPart_000_0095_01C5FB31.DC30EB90 Content-Type: multipart/alternative; boundary="=_NextPart_001_0096_01C5FB31.DC30EB90" --=_NextPart_001_0096_01C5FB31.DC30EB90 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable --=_NextPart_001_0096_01C5FB31.DC30EB90 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable !DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" HTMLHEAD META http-equiv=3DContent-Type content=3D"text/html; = charset=3Diso-8859-1" META content=3D"MSHTML 6.00.2800.1400" name=3DGENERATOR STYLE/STYLE /HEAD BODY bgColor=3D#ff DIVIMG src="" class="moz-txt-link-rfc2396E" href="">"cid:009401c5fb64$26cb5b90$1401a8c0@office" = /DIV/BODY/HTML --=_NextPart_001_0096_01C5FB31.DC30EB90-- --=_NextPart_000_0095_01C5FB31.DC30EB90 Content-Type: image/gif; name="lzj.gif" Content-Transfer-Encoding: base64 Content-ID: [EMAIL PROTECTED] - Original Message - From: Scott Fisher To: Declude.JunkMail@declude.com Sent: Tuesday, December 06, 2005 3:51 PM Subject: Re: [Declude.JunkMail] CBL:Fw: news basically it will end the filter if any of the statements are not true. These stock emails have always met these 4 criteria, so if it doesn't meet them end the filter. 1. contains a gif attachment hence:Content-Type: image/gif 23. contains a header like: Received: from unknown (HELO randomword [192.168. 4. Always fails cmdspace You could use mine and Kevin's combined: BODYENDNOTCONTAINSContent-Type: image/gif HEADERSENDNOTCONTAINSReceived: from unknown (HELO HEADERSENDNOTCONTAINS[192.168. TESTSFAILEDENDNOTCONTAINSCMDSPACE BODY 15 CONTAINS img src=""> - Original Message - From: Todd To: Declude.JunkMail@declude.com Sent: Tuesday, December 06, 2005 3:28 PM Subject: Re: [Declude.JunkMail] CBL:Fw: news Scott, I am looking through the Declude manualto determine what you are doing. I don't think I understand NOTCONTAINS. I would think CONTAINS mean ithas thisstring in the body and NOTCCONTAINS means it does not. So why NOTCONTAINS Content-Type: image/gif ? I feel like I am probably missing something painfully obvious here. Todd - Original Message - From: Scott Fisher To: Declude.JunkMail@declude.com Sent: Tuesday, December 06, 2005 1:50 PM
[Declude.JunkMail] Nigerian Spam
Anyone have a list of keywords that effectively stops the Nigerianspam emails that you would be willing to share? Thanks, Brian
RE: [Declude.JunkMail] CBL:Fw: news
Would adding an extra filter linebe in order? Such as: BODY 0 BEGINSWITH lt;IMG src=""> John C From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kevin BilbeeSent: Wednesday, December 07, 2005 2:09 PMTo: Declude.JunkMail@declude.comSubject: RE: [Declude.JunkMail] CBL:Fw: news Then it is now being embeded in html. This catches the ones with no html. Kevin Bilbee -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of ToddSent: Wednesday, December 07, 2005 11:40 AMTo: Declude.JunkMail@declude.comSubject: Re: [Declude.JunkMail] CBL:Fw: news I created a filter with the string BODY0BEGINSWITHimg src=""> The declude.cfg goes like this GIFINBODYFILTER filter d:\imail\declude\filters\gifinbodyfilter.txt x 150 0 After searchingthe declude log I dont see where the filter has been triggered a single time in the last day. There are no errors in the declude log calling the test either. Tocheck it I took one of the gifs and sent it to myself. I received it. Here is the header from the email. You will see in red where the gif seems to have a " but the original emails did not. Todd Received: from backup.progressive.loc [192.168.1.19] by net.smart-mail.net (SMTPD32-8.15) id A7821E0198; Wed, 07 Dec 2005 13:26:58 -0600Received: (from office [68.203.154.122])by backup.progressive.loc (SMSSMTP 4.0.0.59) with SMTP id M2005120713264209805for hunter; Wed, 07 Dec 2005 13:26:42 -0600Message-ID: [EMAIL PROTECTED]From: "Hunter" hunterTo: "Todd -Progressive.biz" hunterSubject: breaking newsDate: Wed, 7 Dec 2005 13:26:41 -0600MIME-Version: 1.0Content-Type: multipart/related;type="multipart/alternative";boundary="=_NextPart_000_0095_01C5FB31.DC30EB90"X-Priority: 3X-MSMail-Priority: NormalX-Mailer: Microsoft Outlook Express 6.00.2800.1409X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409X-mxGuard-Info: Processed by net.smart-mail.net using mxGuard v1.5.0X-mxGuard-Spool-ID: 377c001e01984a62X-mxGuard-Sender: hunter@X-mxGuard-Spam-Score: 0X-Note: This message has been scanned for spam and viruses using mxGuard for IMailX-RBL-Warning: IPNOTINMX: X-RBL-Warning: SPFUNKNOWN: SPF returned UNKNOWN for this E-mail.X-RBL-Warning: SPAMCHK: Message failed SPAMCHK: -10.X-Declude-Sender: hunter [68.203.154.122]X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam.X-Spam-Tests-Failed: IPNOTINMX, SPFUNKNOWN, SPAMCHK, CATCHALLMAILS [-25]X-Note: Total spam weight of this E-mail is -25 .X-Country-Chain: UNITED STATES-destinationX-Note: This E-mail was sent from cpe-68-203-154-122.houston.res.rr.com ([68.203.154.122]).X-RCPT-TO: hunter@Status: RX-UIDL: 370538202 This is a multi-part message in MIME format. --=_NextPart_000_0095_01C5FB31.DC30EB90Content-Type: multipart/alternative;boundary="=_NextPart_001_0096_01C5FB31.DC30EB90" --=_NextPart_001_0096_01C5FB31.DC30EB90Content-Type: text/plain;charset="iso-8859-1"Content-Transfer-Encoding: quoted-printable --=_NextPart_001_0096_01C5FB31.DC30EB90Content-Type: text/html;charset="iso-8859-1"Content-Transfer-Encoding: quoted-printable !DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"HTMLHEADMETA http-equiv=3DContent-Type content=3D"text/html; =charset=3Diso-8859-1"META content=3D"MSHTML 6.00.2800.1400" name=3DGENERATORSTYLE/STYLE/HEADBODY bgColor=3D#ffDIVIMG src="" =/DIV/BODY/HTML --=_NextPart_001_0096_01C5FB31.DC30EB90-- --=_NextPart_000_0095_01C5FB31.DC30EB90Content-Type: image/gif;name="lzj.gif"Content-Transfer-Encoding: base64Content-ID: [EMAIL PROTECTED] - Original Message - From: Scott Fisher To: Declude.JunkMail@declude.com Sent: Tuesday, December 06, 2005 3:51 PM Subject: Re: [Declude.JunkMail] CBL:Fw: news basically it will end the filter if any of the statements are not true. These stock emails have always met these 4 criteria, so if it doesn't meet them end the filter. 1. contains a gif attachment hence:Content-Type: image/gif 23. contains a header like: Received: from unknown (HELO randomword [192.168. 4. Always fails cmdspace You could use mine and Kevin's combined: BODYENDNOTCONTAINSContent-Type: image/gifHEADERSENDNOTCONTAINSReceived: from unknown (HELOHEADERSENDNOTCONTAINS[192.168.TESTSFAILEDENDNOTCONTAINSCMDSPACE BODY 15 CONTAINS img src=""> - Original Message - From: Todd To: Declude.JunkMail@declude.com Sent: Tuesday, December 06, 2005 3:28 PM Subject: Re: [Declude.JunkMail] CBL:Fw: news Scott, I am looking through the Declude manualto
Re: [Declude.JunkMail] HoldAnalyzer
Darin, I am extremely interested in your app ... Will you be announcing the release via this forum? TIA Doris Dean - Original Message - From: Darin Cox [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Tuesday, December 06, 2005 5:12 PM Subject: Re: [Declude.JunkMail] HoldAnalyzer Now I remember your app. Sounds great. Unfortunately, our users don't want spam summary messages like this, so we review for them. Fortunately they're happy to pay a little extra for the service of not seeing spam at all, and are satisfied with our review intervals. Our app is very similar to SLSoft's old SpamReview app, but adds customizable actions on messages, like adding to a kill file, negative weight list, false positive report, etc. Darin. - Original Message - From: Kevin Bilbee [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Tuesday, December 06, 2005 6:56 PM Subject: RE: [Declude.JunkMail] HoldAnalyzer You create a configuration file with the DHR.exe and then schedule it to run with task Scheduler, (dhrcon.exe DHRconfig.xml). It then sends and email to all users with held email, one email per timeperiod you have configured, the minimum is one day. In the email it gives them basic information about the messages headers like Envelope Sender, From Sender, Tests Failed, Date and Time the message arrived, and the subject of the message. Then there is a link after each message summary in the email the user clicks to recover the message. If the link is clicked the message will be requeued and the message source sent to the admin email as configured. At this time they can not log in but if you saw last month I posted a .net utility to encrypt and decrypt imail passwords. This is in preperation to allow for that functionality next year along with the daily email. This way users can go and check the messages held for them anytime they want or just wait til the next day for the email. If you can please let me know exactly what was unclear about the documentation so I can fix it. Rewrite it if you want. Kevin Bilbee -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Serge Sent: Tuesday, December 06, 2005 3:21 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] HoldAnalyzer Hi Kevin, you mean an asp app where users can log in and check the hold mail ? how does it exactly work ? do you have a single hold dir for all users ? that will not work in an ISP environment . or is there a way to filter user access to only his own messages ? TIA - Original Message - From: Kevin Bilbee [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Tuesday, December 06, 2005 9:25 PM Subject: RE: [Declude.JunkMail] HoldAnalyzer With a Hold Analyzer you know longer have to do that for the user. Users recover their own messages. Having users recover their own messages lets the admin know what the recipient thinks is spam and what is not spam. I find it difficult to read their minds. when I did this in the past I made incorrect assumptions on what was spam. Kevin Bilbee -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Serge Sent: Tuesday, December 06, 2005 1:04 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] HoldAnalyzer we use imail spool viewer v1.2.4 has all the options we need (check envelope, header, delete, move to spool, ...) great tool --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
RE: [Declude.JunkMail] CBL:Fw: news
The declude.cfg goes like this Try putting it in the global.cfg. The declude.cfg is for Declude system settings, not test definitions. (Unless that was a typo, in which case, you already know this). --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] CBL:Fw: news
Using CONTAINS will trap a lot of real email if that is the only line in your filter. Could try this and set up the $default$.junkmail to HOLD so you can monitor the filter for false positives: SKIPIFWEIGHT 125 --your delete weight MAXWEIGHT 70 --your hold weight BODY END NOTCONTAINS Content-Type: image/gif HEADERS END NOTCONTAINS Received: from unknown (HELO HEADERS END NOTCONTAINS [192.168. BODY 20 CONTAINS img src=cid: SUBJECT 50 STARTSWITH breaking news SUBJECT 50 STARTSWITH OTC News SUBJECT 50 STARTSWITH press release SUBJECT 50 STARTSWITH news SUBJECT 50 STARTSWITH top news SUBJECT 50 STARTSWITH headline news -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nick Hayer Sent: Wednesday, December 07, 2005 1:16 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] CBL:Fw: news Try CONTAINS instead of BEGINSWITH Make sure you have at least one crlf [a bunch would not hurt] at the end of the filter file. -Nick Todd wrote: I created a filter with the string BODY 0 BEGINSWITH img src=3Dcid: The declude.cfg goes like this GIFINBODYFILTER filter d:\imail\declude\filters\gifinbodyfilter.txtx1500 After searching the declude log I dont see where the filter has been triggered a single time in the last day. There are no errors in the declude log calling the test either. To check it I took one of the gifs and sent it to myself. I received it. Here is the header from the email. You will see in red where the gif seems to have a but the original emails did not. Todd Received: from backup.progressive.loc [192.168.1.19] by net.smart-mail.net (SMTPD32-8.15) id A7821E0198; Wed, 07 Dec 2005 13:26:58 -0600 Received: (from office [68.203.154.122]) by backup.progressive.loc (SMSSMTP 4.0.0.59) with SMTP id M2005120713264209805 for hunter; Wed, 07 Dec 2005 13:26:42 -0600 Message-ID: [EMAIL PROTECTED] From: Hunter hunter To: Todd -Progressive.biz hunter Subject: breaking news Date: Wed, 7 Dec 2005 13:26:41 -0600 MIME-Version: 1.0 Content-Type: multipart/related; type=multipart/alternative; boundary==_NextPart_000_0095_01C5FB31.DC30EB90 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1409 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409 X-mxGuard-Info: Processed by net.smart-mail.net using mxGuard v1.5.0 X-mxGuard-Spool-ID: 377c001e01984a62 X-mxGuard-Sender: hunter@ X-mxGuard-Spam-Score: 0 X-Note: This message has been scanned for spam and viruses using mxGuard for IMail X-RBL-Warning: IPNOTINMX: X-RBL-Warning: SPFUNKNOWN: SPF returned UNKNOWN for this E-mail. X-RBL-Warning: SPAMCHK: Message failed SPAMCHK: -10. X-Declude-Sender: hunter [68.203.154.122] X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. X-Spam-Tests-Failed: IPNOTINMX, SPFUNKNOWN, SPAMCHK, CATCHALLMAILS [-25] X-Note: Total spam weight of this E-mail is -25 . X-Country-Chain: UNITED STATES-destination X-Note: This E-mail was sent from cpe-68-203-154-122.houston.res.rr.com ([68.203.154.122]). X-RCPT-TO: hunter@ Status: R X-UIDL: 370538202 This is a multi-part message in MIME format. --=_NextPart_000_0095_01C5FB31.DC30EB90 Content-Type: multipart/alternative; boundary==_NextPart_001_0096_01C5FB31.DC30EB90 --=_NextPart_001_0096_01C5FB31.DC30EB90 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable --=_NextPart_001_0096_01C5FB31.DC30EB90 Content-Type: text/html; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable !DOCTYPE HTML PUBLIC -//W3C//DTD HTML 4.0 Transitional//EN HTMLHEAD META http-equiv=3DContent-Type content=3Dtext/html; = charset=3Diso-8859-1 META content=3DMSHTML 6.00.2800.1400 name=3DGENERATOR STYLE/STYLE /HEAD BODY bgColor=3D#ff DIVIMG src=3Dcid:009401c5fb64$26cb5b90$1401a8c0@office = /DIV/BODY/HTML --=_NextPart_001_0096_01C5FB31.DC30EB90-- --=_NextPart_000_0095_01C5FB31.DC30EB90 Content-Type: image/gif; name=lzj.gif Content-Transfer-Encoding: base64 Content-ID: [EMAIL PROTECTED] - Original Message - From: Scott Fisher To: Declude.JunkMail@declude.com Sent: Tuesday, December 06, 2005 3:51 PM Subject: Re: [Declude.JunkMail] CBL:Fw: news basically it will end the filter if any of the statements are not true. These stock emails have always met these 4 criteria, so if it doesn't meet them end the filter. 1. contains a gif attachment hence:Content-Type: image/gif 23. contains a header like: Received: from unknown (HELO randomword [192.168. 4. Always fails cmdspace You could use mine and Kevin's combined: BODY END NOTCONTAINS Content-Type: image/gif HEADERS END NOTCONTAINS Received: from unknown (HELO HEADERS END NOTCONTAINS [192.168. TESTSFAILED END NOTCONTAINS CMDSPACE BODY 15 CONTAINS img src=3Dcid - Original Message - From: Todd To: Declude.JunkMail@declude.com Sent: Tuesday, December 06, 2005 3:28 PM Subject: Re: [Declude.JunkMail] CBL:Fw:
Re: [Declude.JunkMail] HoldAnalyzer
Hi Doris, Yes we will. We'll announce it once it's ready at the end of the month. Darin. - Original Message - From: Declude [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Wednesday, December 07, 2005 3:33 PM Subject: Re: [Declude.JunkMail] HoldAnalyzer Darin, I am extremely interested in your app ... Will you be announcing the release via this forum? TIA Doris Dean - Original Message - From: Darin Cox [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Tuesday, December 06, 2005 5:12 PM Subject: Re: [Declude.JunkMail] HoldAnalyzer Now I remember your app. Sounds great. Unfortunately, our users don't want spam summary messages like this, so we review for them. Fortunately they're happy to pay a little extra for the service of not seeing spam at all, and are satisfied with our review intervals. Our app is very similar to SLSoft's old SpamReview app, but adds customizable actions on messages, like adding to a kill file, negative weight list, false positive report, etc. Darin. - Original Message - From: Kevin Bilbee [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Tuesday, December 06, 2005 6:56 PM Subject: RE: [Declude.JunkMail] HoldAnalyzer You create a configuration file with the DHR.exe and then schedule it to run with task Scheduler, (dhrcon.exe DHRconfig.xml). It then sends and email to all users with held email, one email per timeperiod you have configured, the minimum is one day. In the email it gives them basic information about the messages headers like Envelope Sender, From Sender, Tests Failed, Date and Time the message arrived, and the subject of the message. Then there is a link after each message summary in the email the user clicks to recover the message. If the link is clicked the message will be requeued and the message source sent to the admin email as configured. At this time they can not log in but if you saw last month I posted a .net utility to encrypt and decrypt imail passwords. This is in preperation to allow for that functionality next year along with the daily email. This way users can go and check the messages held for them anytime they want or just wait til the next day for the email. If you can please let me know exactly what was unclear about the documentation so I can fix it. Rewrite it if you want. Kevin Bilbee -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Serge Sent: Tuesday, December 06, 2005 3:21 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] HoldAnalyzer Hi Kevin, you mean an asp app where users can log in and check the hold mail ? how does it exactly work ? do you have a single hold dir for all users ? that will not work in an ISP environment . or is there a way to filter user access to only his own messages ? TIA - Original Message - From: Kevin Bilbee [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Tuesday, December 06, 2005 9:25 PM Subject: RE: [Declude.JunkMail] HoldAnalyzer With a Hold Analyzer you know longer have to do that for the user. Users recover their own messages. Having users recover their own messages lets the admin know what the recipient thinks is spam and what is not spam. I find it difficult to read their minds. when I did this in the past I made incorrect assumptions on what was spam. Kevin Bilbee -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Serge Sent: Tuesday, December 06, 2005 1:04 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] HoldAnalyzer we use imail spool viewer v1.2.4 has all the options we need (check envelope, header, delete, move to spool, ...) great tool --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by
Re: [Declude.JunkMail] CBL:Fw: news
Erik wrote: Using CONTAINS will trap a lot of real email if that is the only line in your filter. There best way is with combo filters but that was not his question :) -Nick Could try this and set up the $default$.junkmail to HOLD so you can monitor the filter for false positives: SKIPIFWEIGHT 125 --your delete weight MAXWEIGHT 70 --your hold weight BODY END NOTCONTAINS Content-Type: image/gif HEADERS END NOTCONTAINS Received: from unknown (HELO HEADERS END NOTCONTAINS [192.168. BODY 20 CONTAINS img src=cid: SUBJECT 50 STARTSWITH breaking news SUBJECT 50 STARTSWITH OTC News SUBJECT 50 STARTSWITH press release SUBJECT 50 STARTSWITH news SUBJECT 50 STARTSWITH top news SUBJECT 50 STARTSWITH headline news -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nick Hayer Sent: Wednesday, December 07, 2005 1:16 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] CBL:Fw: news Try CONTAINS instead of BEGINSWITH Make sure you have at least one crlf [a bunch would not hurt] at the end of the filter file. -Nick Todd wrote: I created a filter with the string BODY 0 BEGINSWITH img src=3Dcid: The declude.cfg goes like this GIFINBODYFILTER filter d:\imail\declude\filters\gifinbodyfilter.txtx1500 After searching the declude log I dont see where the filter has been triggered a single time in the last day. There are no errors in the declude log calling the test either. To check it I took one of the gifs and sent it to myself. I received it. Here is the header from the email. You will see in red where the gif seems to have a but the original emails did not. Todd Received: from backup.progressive.loc [192.168.1.19] by net.smart-mail.net (SMTPD32-8.15) id A7821E0198; Wed, 07 Dec 2005 13:26:58 -0600 Received: (from office [68.203.154.122]) by backup.progressive.loc (SMSSMTP 4.0.0.59) with SMTP id M2005120713264209805 for hunter; Wed, 07 Dec 2005 13:26:42 -0600 Message-ID: [EMAIL PROTECTED] From: Hunter hunter To: Todd -Progressive.biz hunter Subject: breaking news Date: Wed, 7 Dec 2005 13:26:41 -0600 MIME-Version: 1.0 Content-Type: multipart/related; type=multipart/alternative; boundary==_NextPart_000_0095_01C5FB31.DC30EB90 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1409 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409 X-mxGuard-Info: Processed by net.smart-mail.net using mxGuard v1.5.0 X-mxGuard-Spool-ID: 377c001e01984a62 X-mxGuard-Sender: hunter@ X-mxGuard-Spam-Score: 0 X-Note: This message has been scanned for spam and viruses using mxGuard for IMail X-RBL-Warning: IPNOTINMX: X-RBL-Warning: SPFUNKNOWN: SPF returned UNKNOWN for this E-mail. X-RBL-Warning: SPAMCHK: Message failed SPAMCHK: -10. X-Declude-Sender: hunter [68.203.154.122] X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. X-Spam-Tests-Failed: IPNOTINMX, SPFUNKNOWN, SPAMCHK, CATCHALLMAILS [-25] X-Note: Total spam weight of this E-mail is -25 . X-Country-Chain: UNITED STATES-destination X-Note: This E-mail was sent from cpe-68-203-154-122.houston.res.rr.com ([68.203.154.122]). X-RCPT-TO: hunter@ Status: R X-UIDL: 370538202 This is a multi-part message in MIME format. --=_NextPart_000_0095_01C5FB31.DC30EB90 Content-Type: multipart/alternative; boundary==_NextPart_001_0096_01C5FB31.DC30EB90 --=_NextPart_001_0096_01C5FB31.DC30EB90 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable --=_NextPart_001_0096_01C5FB31.DC30EB90 Content-Type: text/html; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable !DOCTYPE HTML PUBLIC -//W3C//DTD HTML 4.0 Transitional//EN HTMLHEAD META http-equiv=3DContent-Type content=3Dtext/html; = charset=3Diso-8859-1 META content=3DMSHTML 6.00.2800.1400 name=3DGENERATOR STYLE/STYLE /HEAD BODY bgColor=3D#ff DIVIMG src=3Dcid:009401c5fb64$26cb5b90$1401a8c0@office = /DIV/BODY/HTML --=_NextPart_001_0096_01C5FB31.DC30EB90-- --=_NextPart_000_0095_01C5FB31.DC30EB90 Content-Type: image/gif; name=lzj.gif Content-Transfer-Encoding: base64 Content-ID: [EMAIL PROTECTED] - Original Message - From: Scott Fisher To: Declude.JunkMail@declude.com Sent: Tuesday, December 06, 2005 3:51 PM Subject: Re: [Declude.JunkMail] CBL:Fw: news basically it will end the filter if any of the statements are not true. These stock emails have always met these 4 criteria, so if it doesn't meet them end the filter. 1. contains a gif attachment hence:Content-Type: image/gif 23. contains a header like: Received: from unknown (HELO randomword [192.168. 4. Always fails cmdspace You could use mine and Kevin's combined: BODY END NOTCONTAINS Content-Type: image/gif HEADERS END NOTCONTAINS Received: from unknown (HELO HEADERS END NOTCONTAINS [192.168. TESTSFAILED END NOTCONTAINS CMDSPACE BODY 15 CONTAINS img src=3Dcid - Original Message - From: Todd To:
Re: [Declude.JunkMail] CBL:Fw: news
I caught a change in the headers. Some have parens and some have brackets around the IP. Use this. HEADERS END NOTCONTAINS 192.168. All of them that I have seen fail CMDSPACE. So this is a good countermeasure: TESTSFAILED END NOTCONTAINS CMDSPACE - Original Message - From: Erik [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Wednesday, December 07, 2005 2:30 PM Subject: RE: [Declude.JunkMail] CBL:Fw: news Using CONTAINS will trap a lot of real email if that is the only line in your filter. Could try this and set up the $default$.junkmail to HOLD so you can monitor the filter for false positives: SKIPIFWEIGHT 125 --your delete weight MAXWEIGHT 70 --your hold weight BODY END NOTCONTAINS Content-Type: image/gif HEADERS END NOTCONTAINS Received: from unknown (HELO HEADERS END NOTCONTAINS [192.168. BODY 20 CONTAINS img src=cid: SUBJECT 50 STARTSWITH breaking news SUBJECT 50 STARTSWITH OTC News SUBJECT 50 STARTSWITH press release SUBJECT 50 STARTSWITH news SUBJECT 50 STARTSWITH top news SUBJECT 50 STARTSWITH headline news -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nick Hayer Sent: Wednesday, December 07, 2005 1:16 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] CBL:Fw: news Try CONTAINS instead of BEGINSWITH Make sure you have at least one crlf [a bunch would not hurt] at the end of the filter file. -Nick Todd wrote: I created a filter with the string BODY 0 BEGINSWITH img src=3Dcid: The declude.cfg goes like this GIFINBODYFILTER filter d:\imail\declude\filters\gifinbodyfilter.txtx1500 After searching the declude log I dont see where the filter has been triggered a single time in the last day. There are no errors in the declude log calling the test either. To check it I took one of the gifs and sent it to myself. I received it. Here is the header from the email. You will see in red where the gif seems to have a but the original emails did not. Todd Received: from backup.progressive.loc [192.168.1.19] by net.smart-mail.net (SMTPD32-8.15) id A7821E0198; Wed, 07 Dec 2005 13:26:58 -0600 Received: (from office [68.203.154.122]) by backup.progressive.loc (SMSSMTP 4.0.0.59) with SMTP id M2005120713264209805 for hunter; Wed, 07 Dec 2005 13:26:42 -0600 Message-ID: [EMAIL PROTECTED] From: Hunter hunter To: Todd -Progressive.biz hunter Subject: breaking news Date: Wed, 7 Dec 2005 13:26:41 -0600 MIME-Version: 1.0 Content-Type: multipart/related; type=multipart/alternative; boundary==_NextPart_000_0095_01C5FB31.DC30EB90 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1409 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409 X-mxGuard-Info: Processed by net.smart-mail.net using mxGuard v1.5.0 X-mxGuard-Spool-ID: 377c001e01984a62 X-mxGuard-Sender: hunter@ X-mxGuard-Spam-Score: 0 X-Note: This message has been scanned for spam and viruses using mxGuard for IMail X-RBL-Warning: IPNOTINMX: X-RBL-Warning: SPFUNKNOWN: SPF returned UNKNOWN for this E-mail. X-RBL-Warning: SPAMCHK: Message failed SPAMCHK: -10. X-Declude-Sender: hunter [68.203.154.122] X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. X-Spam-Tests-Failed: IPNOTINMX, SPFUNKNOWN, SPAMCHK, CATCHALLMAILS [-25] X-Note: Total spam weight of this E-mail is -25 . X-Country-Chain: UNITED STATES-destination X-Note: This E-mail was sent from cpe-68-203-154-122.houston.res.rr.com ([68.203.154.122]). X-RCPT-TO: hunter@ Status: R X-UIDL: 370538202 This is a multi-part message in MIME format. --=_NextPart_000_0095_01C5FB31.DC30EB90 Content-Type: multipart/alternative; boundary==_NextPart_001_0096_01C5FB31.DC30EB90 --=_NextPart_001_0096_01C5FB31.DC30EB90 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable --=_NextPart_001_0096_01C5FB31.DC30EB90 Content-Type: text/html; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable !DOCTYPE HTML PUBLIC -//W3C//DTD HTML 4.0 Transitional//EN HTMLHEAD META http-equiv=3DContent-Type content=3Dtext/html; = charset=3Diso-8859-1 META content=3DMSHTML 6.00.2800.1400 name=3DGENERATOR STYLE/STYLE /HEAD BODY bgColor=3D#ff DIVIMG src=3Dcid:009401c5fb64$26cb5b90$1401a8c0@office = /DIV/BODY/HTML --=_NextPart_001_0096_01C5FB31.DC30EB90-- --=_NextPart_000_0095_01C5FB31.DC30EB90 Content-Type: image/gif; name=lzj.gif Content-Transfer-Encoding: base64 Content-ID: [EMAIL PROTECTED] - Original Message - From: Scott Fisher To: Declude.JunkMail@declude.com Sent: Tuesday, December 06, 2005 3:51 PM Subject: Re: [Declude.JunkMail] CBL:Fw: news basically it will end the filter if any of the statements are not true. These stock emails have always met these 4 criteria, so if it doesn't meet them end the filter. 1. contains a gif attachment hence:Content-Type: image/gif 23. contains a header like: Received: from unknown (HELO randomword [192.168. 4.
Re: [Declude.JunkMail] Nigerian Spam
What I use is listed on my website here: http://it.farmprogress.com/declude/Multiline.htm I'll look for various indicators of a 419 and must fail 4 of them to get weighted. (mailfrom a webemail system / subject / body filters/ Upper case subject). It is very CPU intensive (lots of body filters). But because of the multiline, I rarely see a false positive. - Original Message - From: Brian To: Declude.JunkMail@declude.com Sent: Wednesday, December 07, 2005 2:22 PM Subject: [Declude.JunkMail] Nigerian Spam Anyone have a list of keywords that effectively stops the Nigerianspam emails that you would be willing to share? Thanks, Brian
AW: [Declude.JunkMail] Bugfix: Imail 8.22 and ICS 2.02 released
hi, we're using imail 7.15, does anybody know if this is effected too? bernd goebbels LDSNRW duesseldorf germany -Ursprüngliche Nachricht- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Darrell ([EMAIL PROTECTED]) Gesendet: Mittwoch, 7. Dezember 2005 17:15 An: Declude.JunkMail@declude.com Betreff: Re: [Declude.JunkMail] Bugfix: Imail 8.22 and ICS 2.02 released Bill, I am actually looking for any information pertaining to 8.1x specifically is 8.15 vulnerable. Darrell Bill Landry writes: Yes, 8.2 needs to be patched, as well. See: http://www.ipswitch.com/support/imail/releases/imail_professional/im82 2.as p Bill - Original Message - From: Darrell ([EMAIL PROTECTED]) [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Wednesday, December 07, 2005 5:54 AM Subject: Re: [Declude.JunkMail] Bugfix: Imail 8.22 and ICS 2.02 released Anyone hear anything about if 8.1x is affected? It talks only about 8.2. Darrell Hirthe, Alexander writes: Hello, there are two bugs in Imail, one for authenticated users in Imap, one for all in SMTP. Please upgrade your systems! http://www.ipswitch.com/support/ics/updates/ics202.asp http://www.ipswitch.com/support/ics/updates/ics202.asp http://www.ipswitch.com/support/imail/releases/imail_professional/im822. asp http://www.ipswitch.com/support/imail/releases/imail_professional/i m822 .asp Advisories: - http://www.idefense.com/application/poi/display?id=347type=vulnerab ilit ies http://www.idefense.com/application/poi/display?id=347type=vulnera bili ties - http://www.idefense.com/application/poi/display?id=346type=vulnerab ilit ies http://www.idefense.com/application/poi/display?id=346type=vulnera bili ties Alex --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. - --- Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.