[Declude.JunkMail] SmarterMail Admins - Relay Hole
We have been using Declude, Sniffer and invURIBL for years now with great success. But yesterday we got bit by a phish attack through SmarterMail. They used SMPT authentication to bypass all the time and money we spent on defenses against the bad guys. The root of the problem: SmarterMail is lacking simple password rules. For more of the story see: http://forums.smartertools.com/forums/27627/ShowThread.aspx#27627 Michael --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] SmarterMail Admins - Relay Hole
Well, might be news to you but Imail has the same problem. There was discussion about this on the Imail list awhile back and IIRC Kevin said it is now on the list of features to be added. John T -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael Jaworski Sent: Wednesday, February 07, 2007 6:30 AM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] SmarterMail Admins - Relay Hole We have been using Declude, Sniffer and invURIBL for years now with great success. But yesterday we got bit by a phish attack through SmarterMail. They used SMPT authentication to bypass all the time and money we spent on defenses against the bad guys. The root of the problem: SmarterMail is lacking simple password rules. For more of the story see: http://forums.smartertools.com/forums/27627/ShowThread.aspx#27627 Michael --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] SmarterMail Admins - Relay Hole
Are you using the Declude Hijack functionality? That would have quarantined any unauthorized bulk mail from leaving the system. Chris _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John T (lists) Sent: Wednesday, February 07, 2007 11:41 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] SmarterMail Admins - Relay Hole Well, might be news to you but Imail has the same problem. There was discussion about this on the Imail list awhile back and IIRC Kevin said it is now on the list of features to be added. John T -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael Jaworski Sent: Wednesday, February 07, 2007 6:30 AM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] SmarterMail Admins - Relay Hole We have been using Declude, Sniffer and invURIBL for years now with great success. But yesterday we got bit by a phish attack through SmarterMail. They used SMPT authentication to bypass all the time and money we spent on defenses against the bad guys. The root of the problem: SmarterMail is lacking simple password rules. For more of the story see: http://forums.smartertools.com/forums/27627/ShowThread.aspx#27627 Michael --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] SmarterMail Admins - Relay Hole
In the meantime a javascript could be added to the form to validate the password supports your requirements. I have done this with other parts of the interface. Like only allowing forwarding email to the same domain and Removing unwanted report as spam button. Kevin Bilbee From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John T (lists) Sent: Wednesday, February 07, 2007 8:41 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] SmarterMail Admins - Relay Hole Well, might be news to you but Imail has the same problem. There was discussion about this on the Imail list awhile back and IIRC Kevin said it is now on the list of features to be added. John T -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael Jaworski Sent: Wednesday, February 07, 2007 6:30 AM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] SmarterMail Admins - Relay Hole We have been using Declude, Sniffer and invURIBL for years now with great success. But yesterday we got bit by a phish attack through SmarterMail. They used SMPT authentication to bypass all the time and money we spent on defenses against the bad guys. The root of the problem: SmarterMail is lacking simple password rules. For more of the story see: http://forums.smartertools.com/forums/27627/ShowThread.aspx#27627 Michael --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] SmarterMail Admins - Relay Hole
Good point Chris. Not up to this point. We have been pretty lucky up to this date. We are in the process of turning it on as a stop gap against the lack of software password rules. SmarterMail and now it looks like iMail too, need to be part of the solution not the problem. Mike From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chris Asaro Sent: Wednesday, February 07, 2007 9:25 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] SmarterMail Admins - Relay Hole Are you using the Declude Hijack functionality? That would have quarantined any unauthorized bulk mail from leaving the system. Chris _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John T (lists) Sent: Wednesday, February 07, 2007 11:41 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] SmarterMail Admins - Relay Hole Well, might be news to you but Imail has the same problem. There was discussion about this on the Imail list awhile back and IIRC Kevin said it is now on the list of features to be added. John T -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael Jaworski Sent: Wednesday, February 07, 2007 6:30 AM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] SmarterMail Admins - Relay Hole We have been using Declude, Sniffer and invURIBL for years now with great success. But yesterday we got bit by a phish attack through SmarterMail. They used SMPT authentication to bypass all the time and money we spent on defenses against the bad guys. The root of the problem: SmarterMail is lacking simple password rules. For more of the story see: http://forums.smartertools.com/forums/27627/ShowThread.aspx#27627 Michael --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] OT
I am finally getting my SPF records up but would like some comments on whether I got it right. I would like to be able to send email from any IP address in my 216.15.92.0/25 network. Currently I have MX records for mail.commarts.com (216.15.92.3) which is the only mail server that receives mail and direct.commarts.com (216.15.92.15) and smtp.commarts.com (216.15.92.13). Using the Wizard at openspf.org I generated the following SPF records: commarts.com. IN TXT v=spf1 ip4:216.15.92.0/25 a mx ~all direct.commarts.com. IN TXT v=spf1 a -all mail.commarts.com. IN TXT v=spf1 a -all smtp.commarts.com. IN TXT v=spf1 a -all After reading page 15 of the Whitepaper pertaining to the ~all,-all or ?all part of the text in the first record my question is: If I know that ALL email from my domain will originate from 216.15.92.0/25 should the text be -all and not ~all? And my last question is are the three txt records mentioning my MX servers necessary if I have 216.15.92.0/25 in the first record? Thank you in advance for any insight. -- Michael Hoyt Communication Arts Web Site: http://www.commarts.com --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] OT: SPF record question
Sorry for the re-posting but I forgot to add a Subject. I am finally getting my SPF records up but would like some comments on whether I got it right. I would like to be able to send email from any IP address in my 216.15.92.0/25 network. Currently I have MX records for mail.commarts.com (216.15.92.3) which is the only mail server that receives mail and direct.commarts.com (216.15.92.15) and smtp.commarts.com (216.15.92.13). Using the Wizard at openspf.org I generated the following SPF records: commarts.com. IN TXT v=spf1 ip4:216.15.92.0/25 a mx ~all direct.commarts.com. IN TXT v=spf1 a -all mail.commarts.com. IN TXT v=spf1 a -all smtp.commarts.com. IN TXT v=spf1 a -all After reading page 15 of the Whitepaper pertaining to the ~all,-all or ?all part of the text in the first record my question is: If I know that ALL email from my domain will originate from 216.15.92.0/25 should the text be -all and not ~all? And my last question is are the three txt records mentioning my MX servers necessary if I have 216.15.92.0/25 in the first record? Thank you in advance for any insight. -- Michael Hoyt Web Site: http://www.commarts.com --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] OT: SPF record question
If your MX and A records are also in the 216.15.92.0/25 network, then you don't need to specify the a and mx parameters, so you could simplify to No enforcement, other hosts may send mail for the domain v=spf1 ip4:216.15.92.0/25 ?all Soft fail if policy violated. Filters may or may not block on soft fail. v=spf1 ip4:216.15.92.0/25 ~all Hard fail if policy violated. Filters should block on hard fail. v=spf1 ip4:216.15.92.0/25 -all However, if you send from an MX or A record (web server) that is not in the 216.15.92.0/25 subnet then you may need those. If you use a soft or hard fail policy, it's very important that you identify _all_ sources of outbound mail for the domain, including all mail servers, marketing mail engines, webservers, external hosts, etc. Otherwise you're liable to have mail blocked as a result of your policy. I've see this happen with a number of larger organizations, where they have forgotten web servers with form-to-mail functions, marketing personnel sending out newsletters, or mobile users using ISP SMTP servers. Regarding your last three records, do you have subdomains with MX records for direct.commarts.com, mail.commarts.com, and smtp.commarts.com? I.e. do you receive mail to @direct.commarts.com, @mail.commarts.com, and @smtp.commarts.com addresses? If not, you don't need those records. Hope this helps, Darin. - Original Message - From: Michael Hoyt [EMAIL PROTECTED] To: Declude JunkMail @declude.com Declude.JunkMail@declude.com Sent: Wednesday, February 07, 2007 2:30 PM Subject: [Declude.JunkMail] OT: SPF record question Sorry for the re-posting but I forgot to add a Subject. I am finally getting my SPF records up but would like some comments on whether I got it right. I would like to be able to send email from any IP address in my 216.15.92.0/25 network. Currently I have MX records for mail.commarts.com (216.15.92.3) which is the only mail server that receives mail and direct.commarts.com (216.15.92.15) and smtp.commarts.com (216.15.92.13). Using the Wizard at openspf.org I generated the following SPF records: commarts.com. IN TXT v=spf1 ip4:216.15.92.0/25 a mx ~all direct.commarts.com. IN TXT v=spf1 a -all mail.commarts.com. IN TXT v=spf1 a -all smtp.commarts.com. IN TXT v=spf1 a -all After reading page 15 of the Whitepaper pertaining to the ~all,-all or ?all part of the text in the first record my question is: If I know that ALL email from my domain will originate from 216.15.92.0/25 should the text be -all and not ~all? And my last question is are the three txt records mentioning my MX servers necessary if I have 216.15.92.0/25 in the first record? Thank you in advance for any insight. -- Michael Hoyt Web Site: http://www.commarts.com --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] dns attacks today
fyi - http://www.darkreading.com/document.asp?doc_id=116685WT.svl=news2_1 -Nick --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Need hep - mail server sending out stock reports email
Running imail 8.15,sniffer and declude - starting on 2/6/7 my mail server start sending out the stock reports email , even when I stop the imail smtp process , nothing is in the Imail logs indicating problems . I have ran full scans with frprot and Symantec . Need help please , I have already made the spamcop blacklist Howard Smith N.O.R.A.D. Inc. P.O. Box 680116 Miami, Florida 33168 www.norad.com http://www.norad.com/ [EMAIL PROTECTED] Office - (305) NETWORK (638-9675) Sales - (786) 206-0045 Fax 1 - (305) 359-5144 Confidentiality Notice: This email message, including any Attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact [EMAIL PROTECTED] by email and destroy all copies of the original message. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. image001.gif Description: GIF image
RE: [Declude.JunkMail] dns attacks today
Those are not the only DNS attacks... TWC had one as well, I believe. One of their servers was knocked off the net two days ago. I was monitoring my DNS changes at network solutions, waiting for propagation and I kept getting random packet loss on it. Karl Drugge -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nick Hayer Sent: Wednesday, February 07, 2007 5:07 PM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] dns attacks today fyi - http://www.darkreading.com/document.asp?doc_id=116685WT.svl=news2_1 -Nick --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] dns attacks today
So where's Scott in this picture? And who's Paul Parisi, other than CTO of DNSstuff.com? Is Scott selling DNSstuff and DNSreport as well? Darin. - Original Message - From: Nick Hayer [EMAIL PROTECTED] To: declude.junkmail@declude.com Sent: Wednesday, February 07, 2007 5:06 PM Subject: [Declude.JunkMail] dns attacks today fyi - http://www.darkreading.com/document.asp?doc_id=116685WT.svl=news2_1 -Nick --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Need hep - mail server sending out stock reports email
Since you are using Declude, start using Hijack NOW! That is for starters. Review the logs to see where the IP is and block that IP. John T -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Howard Smith (N.O.R.A.D.) Sent: Wednesday, February 07, 2007 2:24 PM To: declude.junkmail@declude.com Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: [Declude.JunkMail] Need hep - mail server sending out stock reports email Running imail 8.15,sniffer and declude - starting on 2/6/7 my mail server start sending out the stock reports email , even when I stop the imail smtp process , nothing is in the Imail logs indicating problems . I have ran full scans with frprot and Symantec . Need help please , I have already made the spamcop blacklist Howard Smith N.O.R.A.D. Inc. P.O. Box 680116 Miami, Florida 33168 www.norad.com http://www.norad.com/ [EMAIL PROTECTED] Office - (305) NETWORK (638-9675) Sales - (786) 206-0045 Fax 1 - (305) 359-5144 Confidentiality Notice: This email message, including any Attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact [EMAIL PROTECTED] by email and destroy all copies of the original message. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. image001.gif Description: GIF image
RE: [Declude.JunkMail] Need hep - mail server sending out stock reports email
I called Howard on this, but for everyone else's info, if you are seeing this, look for ssm.exe to be a running process. I found this on an Imail server that I administer for another company this morning. The file was showing processing time in the task manager and showed up on the Services list at Security Systems Manager, but the file had a modified date of 2/5/07 and no updated had been done on that server for over a week. Stopping this service stopped the junk messages from going out. Neither F-prot or Symantec showed this file as a virus; however I did submit it to Symantec for analysis. Justin Moose Information Technology Manager Sioux Valley Energy DID: (605) 256-1644 Fax: (605) 256-1690 Toll Free: (800) 234 1960 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Howard Smith (N.O.R.A.D.) Sent: Wednesday, February 07, 2007 4:24 PM To: declude.junkmail@declude.com Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: [Declude.JunkMail] Need hep - mail server sending out stock reports email Running imail 8.15,sniffer and declude - starting on 2/6/7 my mail server start sending out the stock reports email , even when I stop the imail smtp process , nothing is in the Imail logs indicating problems . I have ran full scans with frprot and Symantec . Need help please , I have already made the spamcop blacklist Howard Smith N.O.R.A.D. Inc. P.O. Box 680116 Miami, Florida 33168 www.norad.com http://www.norad.com/ [EMAIL PROTECTED] Office - (305) NETWORK (638-9675) Sales - (786) 206-0045 Fax 1 - (305) 359-5144 Confidentiality Notice: This email message, including any Attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact [EMAIL PROTECTED] by email and destroy all copies of the original message. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. image001.gif Description: image001.gif
RE: [Declude.JunkMail] Need hep - mail server sending out stock reports email
Howard What version of Declude? Do you have Hijack? If so turn it on. Do your delcude logs show anything? Are you scanning all outgoing mail as well? If you are behind a firewall, ( you better be) shut down imail and check the firewall logs for outgoing smtp traffic. Perhaps even disallow outgoing smtp to see if you are blocking traffic in the firewall log. Or try to put a port sniffer on to see if somethings still going out. If Imail is off and you are getting traffic, you have to find the bugger and kill it. That can be a chore! John -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Howard Smith (N.O.R.A.D.) Sent: Wednesday, February 07, 2007 2:24 PM To: declude.junkmail@declude.com Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: [Declude.JunkMail] Need hep - mail server sending out stock reports email Running imail 8.15,sniffer and declude - starting on 2/6/7 my mail server start sending out the stock reports email , even when I stop the imail smtp process , nothing is in the Imail logs indicating problems . I have ran full scans with frprot and Symantec . Need help please , I have already made the spamcop blacklist Howard Smith N.O.R.A.D. Inc. P.O. Box 680116 Miami, Florida 33168 www.norad.com [EMAIL PROTECTED] Office - (305) NETWORK (638-9675) Sales - (786) 206-0045 Fax 1 - (305) 359-5144 Confidentiality Notice: This email message, including any Attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact [EMAIL PROTECTED] by email and destroy all copies of the original message. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. image001.gif Description: GIF image
RE: [Declude.JunkMail] Need hep - mail server sending out stock reports email
Also look at black ice server from ISS. Hijack is an excellent tool too. Kindest Regards Craig Edmonds 123 Marbella Internet www.123marbella.net www.marbellaguide.com From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John T (lists) Sent: Thursday, February 08, 2007 12:15 AM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Need hep - mail server sending out stock reports email Since you are using Declude, start using Hijack NOW! That is for starters. Review the logs to see where the IP is and block that IP. John T -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Howard Smith (N.O.R.A.D.) Sent: Wednesday, February 07, 2007 2:24 PM To: declude.junkmail@declude.com Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: [Declude.JunkMail] Need hep - mail server sending out stock reports email Running imail 8.15,sniffer and declude - starting on 2/6/7 my mail server start sending out the stock reports email , even when I stop the imail smtp process , nothing is in the Imail logs indicating problems . I have ran full scans with frprot and Symantec . Need help please , I have already made the spamcop blacklist Howard Smith N.O.R.A.D. Inc. P.O. Box 680116 Miami, Florida 33168 www.norad.com http://www.norad.com/ [EMAIL PROTECTED] Office - (305) NETWORK (638-9675) Sales - (786) 206-0045 Fax 1 - (305) 359-5144 Confidentiality Notice: This email message, including any Attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact [EMAIL PROTECTED] by email and destroy all copies of the original message. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. image001.gif Description: GIF image
RE: [Declude.JunkMail] Need help - mail server sending out stock reports email - process found ssm
Hello All Justin Moose , hit it on the nail it was an worm process ssm , for info it bypass imail completely thus it was nor in any logs , so declude could not help . We do not know how it got there, but it show up on 1/28/7 then when dormant until 2/5/7 . Please explain how blackice will help and has anyone ever used winshark by advances inc . Howard Smith N.O.R.A.D. Inc. P.O. Box 680116 Miami, Florida 33168 www.norad.com http://www.norad.com/ [EMAIL PROTECTED] Office - (305) NETWORK (638-9675) Sales - (786) 206-0045 Fax 1 - (305) 359-5144 Confidentiality Notice: This email message, including any Attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact [EMAIL PROTECTED] by email and destroy all copies of the original message. _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Justin Moose Sent: Wednesday, February 07, 2007 6:11 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Need hep - mail server sending out stock reports email I called Howard on this, but for everyone else's info, if you are seeing this, look for ssm.exe to be a running process. I found this on an Imail server that I administer for another company this morning. The file was showing processing time in the task manager and showed up on the Services list at Security Systems Manager, but the file had a modified date of 2/5/07 and no updated had been done on that server for over a week. Stopping this service stopped the junk messages from going out. Neither F-prot or Symantec showed this file as a virus; however I did submit it to Symantec for analysis. Justin Moose Information Technology Manager Sioux Valley Energy DID: (605) 256-1644 Fax: (605) 256-1690 Toll Free: (800) 234 1960 _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Howard Smith (N.O.R.A.D.) Sent: Wednesday, February 07, 2007 4:24 PM To: declude.junkmail@declude.com Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: [Declude.JunkMail] Need hep - mail server sending out stock reports email Running imail 8.15,sniffer and declude - starting on 2/6/7 my mail server start sending out the stock reports email , even when I stop the imail smtp process , nothing is in the Imail logs indicating problems . I have ran full scans with frprot and Symantec . Need help please , I have already made the spamcop blacklist Howard Smith N.O.R.A.D. Inc. P.O. Box 680116 Miami, Florida 33168 www.norad.com http://www.norad.com/ [EMAIL PROTECTED] Office - (305) NETWORK (638-9675) Sales - (786) 206-0045 Fax 1 - (305) 359-5144 Confidentiality Notice: This email message, including any Attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact [EMAIL PROTECTED] by email and destroy all copies of the original message. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. image003.gif Description: GIF image image004.gif Description: GIF image
[Declude.JunkMail] Smarter Mail Changes Update
Posted By: ST-TUzzanti in SmarterMail Subject: Re: Heads up to all e-mail server and domain admins __ There is a task for a future minor version allowing the system admin to force certain password requirements. This will go beyond length and will allow dictating of strenght by choosing how many alpha, numeric etc... --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Need help - mail server sending out stock reports email - process found ssm
Our black ice display has been showing: [Suspicious Activity] This signature detects PE/COFF executable files that have been packed using the UPX tool. While the presence of a UPX packed executable does not in itself represent an attack, it can be considered an anomaly. The UPX tool is commonly used to pack trojans and malware, while it is somewhat uncommon for the tool to be used to distribute legitimate We started seeing hundreds of these being caught by blackice server, starting about a week ago. _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Howard Smith (N.O.R.A.D.) Sent: Wednesday, February 07, 2007 6:14 PM To: declude.junkmail@declude.com Cc: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Need help - mail server sending out stock reports email - process found ssm Hello All Justin Moose , hit it on the nail it was an worm process ssm , for info it bypass imail completely thus it was nor in any logs , so declude could not help . We do not know how it got there, but it show up on 1/28/7 then when dormant until 2/5/7 . Please explain how blackice will help and has anyone ever used winshark by advances inc . Howard Smith N.O.R.A.D. Inc. P.O. Box 680116 Miami, Florida 33168 www.norad.com http://www.norad.com/ [EMAIL PROTECTED] Office - (305) NETWORK (638-9675) Sales - (786) 206-0045 Fax 1 - (305) 359-5144 Confidentiality Notice: This email message, including any Attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact [EMAIL PROTECTED] by email and destroy all copies of the original message. _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Justin Moose Sent: Wednesday, February 07, 2007 6:11 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Need hep - mail server sending out stock reports email I called Howard on this, but for everyone else's info, if you are seeing this, look for ssm.exe to be a running process. I found this on an Imail server that I administer for another company this morning. The file was showing processing time in the task manager and showed up on the Services list at Security Systems Manager, but the file had a modified date of 2/5/07 and no updated had been done on that server for over a week. Stopping this service stopped the junk messages from going out. Neither F-prot or Symantec showed this file as a virus; however I did submit it to Symantec for analysis. Justin Moose Information Technology Manager Sioux Valley Energy DID: (605) 256-1644 Fax: (605) 256-1690 Toll Free: (800) 234 1960 _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Howard Smith (N.O.R.A.D.) Sent: Wednesday, February 07, 2007 4:24 PM To: declude.junkmail@declude.com Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: [Declude.JunkMail] Need hep - mail server sending out stock reports email Running imail 8.15,sniffer and declude - starting on 2/6/7 my mail server start sending out the stock reports email , even when I stop the imail smtp process , nothing is in the Imail logs indicating problems . I have ran full scans with frprot and Symantec . Need help please , I have already made the spamcop blacklist Howard Smith N.O.R.A.D. Inc. P.O. Box 680116 Miami, Florida 33168 www.norad.com http://www.norad.com/ [EMAIL PROTECTED] Office - (305) NETWORK (638-9675) Sales - (786) 206-0045 Fax 1 - (305) 359-5144 Confidentiality Notice: This email message, including any Attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact [EMAIL PROTECTED] by email and destroy all copies of the original message. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. image001.gif Description: GIF
RE: [Declude.JunkMail] Need hep - mail server sending out stock reports email
Going aGoogling found that the Intel LANDesk uses a file called ssm.exe and there are a couple of programs listed as monitors using it, so be careful before just deleting that file. Exactly where was the file? Since Howard is running IMail 8.15 this means that his server has been compromised ala the SMTP vulnerability that is fixed only in 8.22 (patched) and 9.1. So, it is not a virus that would be found by F-prot or Symantec, but a server hijack or comprise. John T -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Justin Moose Sent: Wednesday, February 07, 2007 3:11 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Need hep - mail server sending out stock reports email I called Howard on this, but for everyone else's info, if you are seeing this, look for ssm.exe to be a running process. I found this on an Imail server that I administer for another company this morning. The file was showing processing time in the task manager and showed up on the Services list at Security Systems Manager, but the file had a modified date of 2/5/07 and no updated had been done on that server for over a week. Stopping this service stopped the junk messages from going out. Neither F-prot or Symantec showed this file as a virus; however I did submit it to Symantec for analysis. Justin Moose Information Technology Manager Sioux Valley Energy DID: (605) 256-1644 Fax: (605) 256-1690 Toll Free: (800) 234 1960 _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Howard Smith (N.O.R.A.D.) Sent: Wednesday, February 07, 2007 4:24 PM To: declude.junkmail@declude.com Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: [Declude.JunkMail] Need hep - mail server sending out stock reports email Running imail 8.15,sniffer and declude - starting on 2/6/7 my mail server start sending out the stock reports email , even when I stop the imail smtp process , nothing is in the Imail logs indicating problems . I have ran full scans with frprot and Symantec . Need help please , I have already made the spamcop blacklist Howard Smith N.O.R.A.D. Inc. P.O. Box 680116 Miami, Florida 33168 www.norad.com http://www.norad.com/ [EMAIL PROTECTED] Office - (305) NETWORK (638-9675) Sales - (786) 206-0045 Fax 1 - (305) 359-5144 Confidentiality Notice: This email message, including any Attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact [EMAIL PROTECTED] by email and destroy all copies of the original message. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. image001.gif Description: GIF image
RE: [Declude.JunkMail] Need hep - mail server sending out stock reports email
The file location is C:\WINNT\system32\ssm.exe - 118kb date 02/05/7 2:45 Howard Smith N.O.R.A.D. Inc. P.O. Box 680116 Miami, Florida 33168 www.norad.com http://www.norad.com/ [EMAIL PROTECTED] Office - (305) NETWORK (638-9675) Sales - (786) 206-0045 Fax 1 - (305) 359-5144 Confidentiality Notice: This email message, including any Attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact [EMAIL PROTECTED] by email and destroy all copies of the original message. _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John T (lists) Sent: Wednesday, February 07, 2007 8:57 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Need hep - mail server sending out stock reports email Going aGoogling found that the Intel LANDesk uses a file called ssm.exe and there are a couple of programs listed as monitors using it, so be careful before just deleting that file. Exactly where was the file? Since Howard is running IMail 8.15 this means that his server has been compromised ala the SMTP vulnerability that is fixed only in 8.22 (patched) and 9.1. So, it is not a virus that would be found by F-prot or Symantec, but a server hijack or comprise. John T -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Justin Moose Sent: Wednesday, February 07, 2007 3:11 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Need hep - mail server sending out stock reports email I called Howard on this, but for everyone else's info, if you are seeing this, look for ssm.exe to be a running process. I found this on an Imail server that I administer for another company this morning. The file was showing processing time in the task manager and showed up on the Services list at Security Systems Manager, but the file had a modified date of 2/5/07 and no updated had been done on that server for over a week. Stopping this service stopped the junk messages from going out. Neither F-prot or Symantec showed this file as a virus; however I did submit it to Symantec for analysis. Justin Moose Information Technology Manager Sioux Valley Energy DID: (605) 256-1644 Fax: (605) 256-1690 Toll Free: (800) 234 1960 _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Howard Smith (N.O.R.A.D.) Sent: Wednesday, February 07, 2007 4:24 PM To: declude.junkmail@declude.com Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: [Declude.JunkMail] Need hep - mail server sending out stock reports email Running imail 8.15,sniffer and declude - starting on 2/6/7 my mail server start sending out the stock reports email , even when I stop the imail smtp process , nothing is in the Imail logs indicating problems . I have ran full scans with frprot and Symantec . Need help please , I have already made the spamcop blacklist Howard Smith N.O.R.A.D. Inc. P.O. Box 680116 Miami, Florida 33168 www.norad.com http://www.norad.com/ [EMAIL PROTECTED] Office - (305) NETWORK (638-9675) Sales - (786) 206-0045 Fax 1 - (305) 359-5144 Confidentiality Notice: This email message, including any Attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact [EMAIL PROTECTED] by email and destroy all copies of the original message. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. image003.gif Description: GIF image image004.gif Description: GIF image
Re: [Declude.JunkMail] Need hep - mail server sending out stock reports email
Howard, These are always blended threats. You were hacked through another mechanism and through that mechanism this file was placed on your system. There's a 99.9% chance that your server is still hacked and that this program can be placed there again, or might even appear automatically at your next reboot. You are running an insecure version of IMail, and this is the most likely way that you were hacked. You need to be on 8.22 with the latest hotfix or 9.1 and above. In the mean time, you should firewall your server so that only the minimum necessary ports are open. This can inhibit the botnet owners from controlling you and it will most likely stop what is going on since they use automation to control their zombies, but that certainly wouldn't mean that you are safe. Once hacked, the best advice is always to reformat and reinstall, plus immediately change all administrator passwords everywhere on your network and break all network shares from the hacked box to others. Keep a unique password on the hacked box until you have rebuilt it. While it is possible that one could fully remove all elements of a hack, it is neither likely nor safe to assume that you could, and it generally takes more hours to fiddle with things rather than format and rebuild it. Also, until you upgrade to a non-hackable version, you are at risk of being re-hacked, so there is no sense in rebuilding until then. The only way to protect an older version of IMail from these exploits is to firewall it and place the SMTP service behind a proxy that won't forward the exploitable commands. It is of course easier just to upgrade, and at least 8.22 with the latest hotfix is very solid and not that much different from 8.15 on the surface, however Declude will need to be upgraded to version 3 or 4. Sorry for the grim outlook, but it is all good advice. Matt Howard Smith (N.O.R.A.D.) wrote: The file location is C:\WINNT\system32\ssm.exe 118kb date 02/05/7 2:45 Howard Smith N.O.R.A.D. Inc. P.O. Box 680116 Miami, Florida 33168 www.norad.com [EMAIL PROTECTED] Office - (305) NETWORK (638-9675) Sales - (786) 206-0045 Fax1 - (305) 359-5144 Confidentiality Notice: This email message, including any Attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact [EMAIL PROTECTED] by email and destroy all copies of the original message. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of John T (lists) Sent: Wednesday, February 07, 2007 8:57 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Need hep - mail server sending out stock reports email Going aGoogling found that the Intel LANDesk uses a file called ssm.exe and there are a couple of programs listed as monitors using it, so be careful before just deleting that file. Exactly where was the file? Since Howard is running IMail 8.15 this means that his server has been compromised ala the SMTP vulnerability that is fixed only in 8.22 (patched) and 9.1. So, it is not a virus that would be found by F-prot or Symantec, but a server hijack or comprise. John T -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Justin Moose Sent: Wednesday, February 07, 2007 3:11 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Need hep - mail server sending out stock reports email I called Howard on this, but for everyone elses info, if you are seeing this, look for ssm.exe to be a running process. I found this on an Imail server that I administer for another company this morning. The file was showing processing time in the task manager and showed up on the Services list at Security Systems Manager, but the file had a modified date of 2/5/07 and no updated had been done on that server for over a week. Stopping this service stopped the junk messages from going out. Neither F-prot or Symantec showed this file as a virus; however I did submit it to Symantec for analysis. Justin Moose Information Technology Manager Sioux Valley Energy DID: (605) 256-1644 Fax: (605) 256-1690 Toll Free: (800) 234 1960 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Howard Smith (N.O.R.A.D.) Sent: Wednesday, February 07, 2007 4:24 PM To: declude.junkmail@declude.com Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: [Declude.JunkMail] Need hep - mail server sending out stock reports email Running imail 8.15,sniffer and declude - starting on 2/6/7 my mail server start sending out the stock reports email , even when I stop the imail smtp process , nothing is in the Imail logs indicating problems . I have ran full scans with frprot
RE: [Declude.JunkMail] Need hep - mail server sending out stock reports email
SMSS.exe is also a legitimate program in the Windows OS (Session Manager Subsystem ). Mike At 07:57 PM 2/7/2007, you wrote: Going aGoogling found that the Intel LANDesk uses a file called ssm.exe and there are a couple of programs listed as monitors using it, so be careful before just deleting that file. Exactly where was the file? Since Howard is running IMail 8.15 this means that his server has been compromised ala the SMTP vulnerability that is fixed only in 8.22 (patched) and 9.1. So, it is not a virus that would be found by F-prot or Symantec, but a server hijack or comprise. John T -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Justin Moose Sent: Wednesday, February 07, 2007 3:11 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Need hep - mail server sending out stock reports email I called Howard on this, but for everyone else's info, if you are seeing this, look for ssm.exe to be a running process. I found this on an Imail server that I administer for another company this morning. The file was showing processing time in the task manager and showed up on the Services list at Security Systems Manager, but the file had a modified date of 2/5/07 and no updated had been done on that server for over a week. Stopping this service stopped the junk messages from going out. Neither F-prot or Symantec showed this file as a virus; however I did submit it to Symantec for analysis. Justin Moose Information Technology Manager Sioux Valley Energy DID: (605) 256-1644 Fax: (605) 256-1690 Toll Free: (800) 234 1960 -- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Howard Smith (N.O.R.A.D.) Sent: Wednesday, February 07, 2007 4:24 PM To: declude.junkmail@declude.com Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: [Declude.JunkMail] Need hep - mail server sending out stock reports email Running imail 8.15,sniffer and declude - starting on 2/6/7 my mail server start sending out the stock reports email , even when I stop the imail smtp process , nothing is in the Imail logs indicating problems . I have ran full scans with frprot and Symantec . Need help please , I have already made the spamcop blacklist Howard Smith N.O.R.A.D. Inc. P.O. Box 680116 Miami, Florida 33168 http://www.norad.com/www.norad.com [EMAIL PROTECTED] Office - (305) NETWORK (638-9675) Sales - (786) 206-0045 Fax 1 - (305) 359-5144 [] Confidentiality Notice: This email message, including any Attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact [EMAIL PROTECTED] by email and destroy all copies of the original message. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.