Re: [Declude.JunkMail] Declude performance question
Chase Seibert wrote: I don' have UCEPROTECRDO, XBL-DYNA, BLKLST-SURBL and HELOISIP. Can you post your definitions for those? Can I get them off the declude website somehow (I couldn't find them)? I wrote the HELOISIP test. It's not a DNS test. Rather, it will tell you if the HELO or REVDNS of the incoming message has an embedded IP address. While not 100%, this is often an indicator of a spam message from a dynamic IP address. You can download it from http://bud.thedurlands.com Hope this helps -- I don't need anger management; I need people to stop making me angry Bud Durland, CNE Mold-Rite Plastics Network Administrator http://www.mrpcap.com --- [This E-mail scanned for viruses by Declude Virus / Sophos AV] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] OT: Moving mail servers
Dean Lawrence wrote: I host mail for a number of my clients, so there may be a period of time where they cannot get to their mail. I would like to minimize this. I had thought about just turning off the old server once the DNS changes have been made so that no mail would be lost in translation, A few days before the move, change the TTL on the existing DNS records to something very short. That way, once you change the IP address, there's a better chance that the fresh data will go out. but I had also thought about converting it to a store and forward server so that the mail will get delivered to the new server quicker. Not a bad idea, either. -- For it's Tommy this, an' Tommy that, an' Chuck him out, the brute! But it's Saviour of 'is country when the guns begin to shoot; An' it's Tommy this, an' Tommy that, an' anything you please; An' Tommy ain't a bloomin' fool -- you bet that Tommy sees! -- Rudyard Kipling, tommy - Bud Durland, CNE Mold-Rite Plastics Network Administrator http://www.mrpcap.com - --- [This E-mail scanned for viruses by Declude Virus / Sophos AV] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Spammer in the news
Mark E. Smith wrote: Sorta' like living in a town that's driven by tourism and saying I hate the tourists. :) Actually, we say Since it's tourist season, what's the limit? ;) -- For it's Tommy this, an' Tommy that, an' Chuck him out, the brute! But it's Saviour of 'is country when the guns begin to shoot; An' it's Tommy this, an' Tommy that, an' anything you please; An' Tommy ain't a bloomin' fool -- you bet that Tommy sees! -- Rudyard Kipling, tommy - Bud Durland, CNE Mold-Rite Plastics Network Administrator http://www.mrpcap.com - --- [This E-mail scanned for viruses by Declude Virus / Sophos AV] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: CBL:RE: [Declude.JunkMail] Declude and Ipswitch ICS
Markus Gufler wrote: So you're recommendation for the moment is to keep on IMail until you're ready with something else? That's really the most common sense approach, isn't it? There's been an almost hysterical reaction to the ICS announcement. People have right to be angry disappointed over it; but traffic on he iMail list almost seems like a knee-jerk reaction: Good lord that's a lot of money -- I'm buying something else right now. If GM decided to only make Cadillacs, does that mean your Chevy is suddenly un-drivable? Your exiting iMail installation isn't going to stop working just because your service agreement ran out. I mean, are there really any show stopper bugs in iMail right now? Of course, we have a poly-chromatic equine if you are (or will be) in the market for additional server licenses. In that case, it would be prudent to look at some competitor's offerings (Verio, Merak, others). Maybe you'll even find one you like better than iMail. As for losing Declude, that's not really an issue. Even if Computerized Horizons takes 6 months to come out with an iMail independent Declude version (which I am certain they are working on), you could still use a small server running the iMail 8.xx declude that you already own as an SMTP relay for all the new boxes. Regards; -- --- Diagonally parked in a parallel universe. --- Bud Durland, CNE Mold-Rite Plastics Network Administrator http://www.mrpcap.com --- --- [This E-mail scanned for viruses by Declude Virus / Sophos AV] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Prevent Mail to Ex-Employees
Goran Jovanovic wrote: Just to make sure I understand, you would not add any users to the iMail domain you would just add aliases? Right? Correct. -- He made us believe a man could fly Christopher Reeve, 1952-2004 - Bud Durland, CNE Mold-Rite Plastics Network Administrator http://www.mrpcap.com - --- [This E-mail scanned for viruses by Declude Virus / Sophos AV] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Prevent Mail to Ex-Employees
Sanford Whiteman wrote: _IMail_ doesn't refuse anything, it just sends back 5xxs for unknowns. This is exactly like the Outlook/OE/Bat client question surfaced on the IMail list, except that full-fledged MTAs submit the messages they can and kick back DSNs for the ones they can't. Think about it: this is why dictionary attacks work; if a single envelope failure always triggered failure of the entire session, we'd be a lot safer, since spammers could _only_ use a stack of verified addresses. That's the thing about this world -- there's always something cleverer than yourself Merlin, Excalibur Thanks for the correction, Sandy. -- He made us believe a man could fly Christopher Reeve, 1952-2004 - Bud Durland, CNE Mold-Rite Plastics Network Administrator http://www.mrpcap.com - --- [This E-mail scanned for viruses by Declude Virus / Sophos AV] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Prevent Mail to Ex-Employees
Goran Jovanovic wrote: I am doing gateway anti-spam scanning for a school which has GroupWise as the e-mail system. We are seeing many e-mails going to students that are not there anymore which then creates an NDR at their end which then floods their system . Now is it possible to do one of two things: 1) Get a current list of people (staff and students) and somehow only allow mail to those recipients. In a filter you would have to use an ALLRECIPS check perhaps with a negative number, although not sure how this will delete the bad mail since I have nothing to add to the score when the old e-mail address comes up. 2) I think what I would really like to do is work on building up a list of old students getting mail and then if the mail is addressed to them delete it. So something like ALLRECIPS 100 CONTAINS [EMAIL PROTECTED] in a filter but the problem I see with this is if the mail is addressed to both an old student and a current student/staff then it would still trigger and then delete the mail. Anyone have any other thoughts on this or better ways to make this happen? My guess is that you have forwarding turned on for the IP address of the GroupWise server. Mail for that domain (we'll call it 'theschool.com') comes in to your iMail box. A lookup in your iMail server's HOSTS file yields the IP address of the GW server, and the message is forwarded. This would probably be easier (easiest?) using iMail aliases. Set up a virtual domain on your iMail box for 'theschool.com'. Don't add any users yet. Add an entry to the iMail systems HOSTS file, substituting the GW server's IP address: 192.168.1.1 gw.theschool.com Now for legitimate users of the GroupWise system, add an alias to the 'theschool.com' domain: UserName = [EMAIL PROTECTED] With this setup, legitimate mail is sent to the correct address, and bad addresses are rejected at the iMail server -- no bounce traffic, just a closed connection. This can also be a useful tool if the GW administrator want to limit who can be a legitimate 'internal' mail users, but not receive mail from the outside world, or if they have some crazy urge to have all badly addressed mail sent to a particular address (the iMail 'nobody' alias) You might be able adapt one of Sandy's utility scripts to import the GW LDAP directory directly and automatically to the iMail aliases list. -- He made us believe a man could fly Christopher Reeve, 1952-2004 - Bud Durland, CNE Mold-Rite Plastics Network Administrator http://www.mrpcap.com - --- [This E-mail scanned for viruses by Declude Virus / Sophos AV] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Fw: Help, I have been blacklisted
Richard Farris wrote: I have been delisted from SPAMCOP...whew...but I still am in the red with these guys: PSBL JAMMDNSBL BLARSBL I remember right, once you are on BLARS, you don't ever get off... something about paying him exorbitant amount of money to see if it's worth his time to remove you. I suspect many responsible mail admins don't use BLARSBL because of that. -- Luge strategy? Lie flat and try not to die. - Tim Steeves - Bud Durland, CNE Mold-Rite Plastics Network Administrator http://www.mrpcap.com - --- [This E-mail scanned for viruses by Declude Virus / Sophos AV] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] My IP appearing in HELO string
Bud Durland wrote: Darin Cox wrote: Bud Durland created a Declude plugin just for this... try it out from http://bud.thedurlands.com/. Funny you should mention that; while performing my semi-annual clearing of my desktop, I found a note to myself to post the latest version of that test. The new version is better at detecting embedded IP addresses, and can also be invoke to use the declude values for the address: HELO, REVDNS, etc. I dressed up the docs a little bit too. And it's still a 25K monolithic (only one file, no DLLs, frameworks, OCX's etc required) program. P.S. I'll be putting the new version up on my website later tonite. (after 7:00pm est) -- Luge strategy? Lie flat and try not to die. - Tim Steeves - Bud Durland, CNE Mold-Rite Plastics Network Administrator http://www.mrpcap.com - --- [This E-mail scanned for viruses by Declude Virus / Sophos AV] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] My IP appearing in HELO string
Darin Cox wrote: Bud Durland created a Declude plugin just for this... try it out from http://bud.thedurlands.com/. Funny you should mention that; while performing my semi-annual clearing of my desktop, I found a note to myself to post the latest version of that test. The new version is better at detecting embedded IP addresses, and can also be invoke to use the declude values for the address: HELO, REVDNS, etc. I dressed up the docs a little bit too. And it's still a 25K monolithic (only one file, no DLLs, frameworks, OCX's etc required) program. -- Luge strategy? Lie flat and try not to die. - Tim Steeves - Bud Durland, CNE Mold-Rite Plastics Network Administrator http://www.mrpcap.com - --- [This E-mail scanned for viruses by Declude Virus / Sophos AV] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] My IP appearing in HELO string
Bud Durland wrote: Funny you should mention that; while performing my semi-annual clearing of my desktop, I found a note to myself to post the latest version of that test. The new version is better at detecting embedded IP addresses, and can also be invoke to use the declude values for the address: HELO, REVDNS, etc. I dressed up the docs a little bit too. And it's still a 25K monolithic (only one file, no DLLs, frameworks, OCX's etc required) program. P.S. I'll be putting the new version up on my website later tonite. (after 7:00pm est) New version posted at http://bud.thedurlands.com -- Bud Durland, CNE [EMAIL PROTECTED] fax: 518-561-0017 For sale: Parachute. Like new, used once. Small stain. --- [This E-mail scanned for viruses by Declude Virus / Sophos AV] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Imail and declude behind a NAT router.
Timothy Bohen wrote: Can I put my imail-declude junkmail server behind a firewall? Sure; I daresay that how many of the people on this list are set up. Are there any gotcha's? Only to make sure that there holes poked in the firewall allowing connections on the proper ports for mail traffic to pass. SMTP(25), DNS(53). If you have outside users, POP3(110), IMAP(143), LDAP(389), WebAccess(probably 8383). -- - And crawling on the planet's face; Some insects called the human race Lost in time. Lost in space -- and meaning. - Bud Durland, CNE Mold-Rite Plastics Network Administrator http://www.mrpcap.com - --- [This E-mail scanned for viruses by Declude Virus / Sophos AV] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Useful external test?
Lately, I'm seeing a bunch spam that has sender address like so: [EMAIL PROTECTED] The host/domain part is variable, but the left-hand part is always 'bounceto', then 5 digits, then 10 digits. I use Junkmail Standard (and hence no fancy filtering). I'm thinking of writing a custom test to look for sender addresses in this specific format. Does anyone else see these kind messages? I'll probably make the test available for download when I've got it working. -- (After 9/11) We see with sudden clarity what matters and what before was only clutter in the hearts and minds of an overfed populace. Political Correctness -- the art of camouflaging truth to protect the psyches of the silly -- is, after all, a luxury of full stomachs - Kathleen Parker - Bud Durland, CNE Mold-Rite Plastics Network Administrator http://www.mrpcap.com - --- [This E-mail scanned for viruses by Declude Virus / Sophos AV] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] How do I get a copy of all messages that fail a certain test?
System Administrator wrote: I'd like to get a copy of all message that fail a certain test. I have a copyto action working for messages that fall below our delete weight but I'm not receiving messages that are over the delete weight. Is there anyway that I can get a copy of all messages that fail that test, no matter what their weight is? I belive the remedy is to create a second test, of the same type with the same criteria, and make COPYTO the action for that new test -- - Good is better than Evil because it's nicer -- Mammy Yokum - Bud Durland, CNE Mold-Rite Plastics Network Administrator http://www.mrpcap.com - --- [This E-mail scanned for viruses by Declude Virus / Sophos AV] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] SPF and MTLDB Issue?
Scott Fisher wrote: Personally, I don't recommend crediting any points for an SPF pass result. Too many spammers can set up SPF records for their system (and they do. Yesterday 58% of the SPF Pass results were spam). That pretty much reflects my results here; Right now SPF pass is, more often than not, spam. I think this in indicative of the big ISP's (AOL, ATT, Earthlink, Charter, etc) being slower to adopt SPF than spammers. Also don't expect the world. More than 95% of my e-mail goes into SPFUNKNOWN. Ditto -- - Good is better than Evil because it's nicer -- Mammy Yokum - Bud Durland, CNE Mold-Rite Plastics Network Administrator http://www.mrpcap.com - --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Introduction Preliminary Survey Results
Barry @ CHPZ wrote: I realize that I have been slow in posting on this list and in my own defense we have been very busy, adding new staff to our business, visiting and talking to customers, building the business infrstructure and attempting to learn everything we could about our customers needs for both the short term and long term. * Most common complaints: - Documentation - Only available on IMail (It appears that some customers only use IMail to operate Declude) - Steep learning curve If I may, I would submit that the steep learning curve is at least partially a function of the (lack of / insufficient / not up to date) documentation. And I'd also say that the minute there's a version of delcude that has it's own built-in SMTP engine with decent logging and LDAP verification of e-mail addresses, it's hasta lavista iMail for us. -- - Good is better than Evil because it's nicer -- Mammy Yokum - Bud Durland, CNE Mold-Rite Plastics Network Administrator http://www.mrpcap.com - --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] SPF files
Do the SPF.LOG and SPF.NONE files in C:\ belong to DECLUDE? Is there any housekeeping that I need to do? -- - Good is better than Evil because it's nicer -- Mammy Yokum - Bud Durland, CNE Mold-Rite Plastics Network Administrator http://www.mrpcap.com - --- [This E-mail scanned for viruses by Declude Virus / Sophos AV] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] SPF files
R. Scott Perry wrote: You can delete them, archive them, or let them grow. It's up to you. Cool; just wanted to make sure I wasn't gonna break anything -- - Good is better than Evil because it's nicer -- Mammy Yokum - Bud Durland, CNE Mold-Rite Plastics Network Administrator http://www.mrpcap.com - --- [This E-mail scanned for viruses by Declude Virus / Sophos AV] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] weighting an IP range
dfn Systems wrote: I need to give a negative weight to a range of IP addresses. (actually 5 class C networks) Can I use an IP Blacklist with a negative weight using the test type ipfile? That's how I do it: GOODIPipfile C:\IMail\Declude\GOODIP.TXT x -25 0 -- - Good is better than Evil because it's nicer -- Mammy Yokum - Bud Durland, CNE Mold-Rite Plastics Network Administrator http://www.mrpcap.com - --- [This E-mail scanned for viruses by Declude Virus / Sophos AV] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Domain forwarding
We may be setting up a separate mail server for a new venture by our company. I'd like to use our current iMail/Declude server as a gateway to the new server. We are using DecludeJM Standard. Setting up iMail to store-and-forward the mail for the new server is easy enough. I just want to make sure I have my ducks in a row on the Declude side. The on-line manual sez that Declude will treat the mail for the forwarded domain as outgoing, and claims that the standard and pro versions can do this. BUT, when I look at the section for outgoing messages in my GLOBAL.CFG file, it says that only it only applies if I'm using Pro. The manual goes on to say that I could also set up a domain specific config file in a different folder (c:\imail\declude\ForwardedDomain.com, for example). But, now I'm wondering if the DecludeJM Standard version is enough, or if I need the Pro version. -- --- illigitimi non carborundum --- Bud Durland, CNE Mold-Rite Plastics Network Administrator http://www.mrpcap.com --- --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Domain forwarding
R. Scott Perry wrote: Setting up iMail to store-and-forward the mail for the new server is easy enough. I just want to make sure I have my ducks in a row on the Declude side. The on-line manual sez that Declude will treat the mail for the forwarded domain as outgoing, and claims that the standard and pro versions can do this. BUT, when I look at the section for outgoing messages in my GLOBAL.CFG file, it says that only it only applies if I'm using Pro. The manual goes on to say that I could also set up a domain specific config file in a different folder (c:\imail\declude\ForwardedDomain.com, for example). But, now I'm wondering if the DecludeJM Standard version is enough, or if I need the Pro version. Although Declude JunkMail Pro is supposed to be required for gateway E-mail (as in your setup), that's because those E-mails are considered outgoing (and the outgoing actions in the global.cfg file do only work with Declude JunkMail Pro). The per-domain settings of Declude JunkMail Standard, however, would let you get around this (by having per-domain settings for each domain that you gateway E-mail for). -Scott Scott; Thanks for the info. This implementation is probably 3-4 months out, so I have time for planning and so forth. This also made think that if the Declude Gateway product should ever happen, being able to configure it to process send mail to different mail servers based on domain would be cool. -- --- illigitimi non carborundum --- Bud Durland, CNE Mold-Rite Plastics Network Administrator http://www.mrpcap.com --- --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] HELOBOGUS, HELOISIP and HELOISIPX questions
Goran Jovanovic wrote: This is parts of a header I received and I just want to check a few things So the spammer thought that he would use my IP address in the HELO line 205.150.108.8 to identify his domain, even though his real IP address is 220.185.227.109? Obviously an IP address is not a valid domain so it fails the HELOBOGUS test? It failed the HELOISIP test because the domain was an IP address? Yes. It would be more correct to say that HELOISIP failed because the domain _contained_ an IP address. 205.150.108.8.this.is.a.host.name would also have failed HELOISIP It failed the HELOISIPX test ... not sure why since there is no reverse DNS to parse? It failed HELOISIPX because the host name is a pure IP address. 205.150.108.8.this.is.a.host.name will *not* fail HELOISIPX. In the next release, both tests will not fail host names bracketed IP format [205.150.108.8] -- --- illigitimi non carborundum --- Bud Durland, CNE Mold-Rite Plastics Network Administrator http://www.mrpcap.com --- --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] New test
System Administrator wrote: on 4/19/04 5:30 PM, David Dresler wrote: For the most part, its a great new test and is working well. However, i've noticed that Entourage seems to be getting caught. Yes, I can confirm this (I'm using Entourage). I've also noticed that some other e-mail clients are having the same problem (Apple's Mail for one). I'm going to try to have a new release, with refined logic, ready later this week. Other priorities make it impossible to promise anything, but I'll give it the old college try. -- --- illigitimi non carborundum --- Bud Durland, CNE Mold-Rite Plastics Network Administrator http://www.mrpcap.com --- --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] New test
Matt wrote: I have a few suggestions that you might want to consider. The first one would be to skip processing of the message and just have Declude pass off the HELO as an argument to your script. This can be done with %HELO%. This will speed processing and ensure that the HELO comes in the proper context. Declude can be configured for IPBYPASS settings which are used to skip over gateway mail servers and forwarding servers so that you have the HELO of the computer that is actually sending the E-mail. That's a great idea! Not sure why I didn't think of that in the initial implementation Combining both of your tests into one program instead of two would also be useful. You can use any code over 10 for this. Declude also will only call the script once if the command is the same, and it will determine which test would be failed based on the result code that is returned. For a non-zero test, I thought any non-zero result evaluates the same. I have considered configuring it to take a parameter to determine if the X test should be used. The last thing that I'm not very clear about is the logic of the detection. Fairly straight forward: for HELOISIP, convert dashes (-) to dots ., strip out anything that's not a number or a dot, see if there's 4 octets of numbers = 255. I'm not sure why Serge's example failed, I'll test later today. It is possible that there would be a FP from a host name like host11.rack2.location3.bldg4.example.com. His example (alias-1.c10-ave-mta1.cnet.com) should have become 1.10.1, and not failed the test -- only 3 numbers. The HELOISIPX test only does the last step -- no tinkering with the content first. I have a custom filter called DYNAMIC listed in the beta section of my site Unfortunately, I don't have JM pro, so... It's extremely unlikely that you would miss detecting a zombie using the reverse DNS entry as the HELO if you ignored hits below 20 because there aren't many ISP class A's in use below that level (I think just IBM), an you have 4 chances to hit a number above 20. You're right, although ATT is in there as well, and they have a few internet customers, I think. The pattern that you identified is of course a very nice addition to spam fighting. Thanks! We all try to do our part; thanks for the kind words and good suggestions! -- --- illigitimi non carborundum --- Bud Durland, CNE Mold-Rite Plastics Network Administrator http://www.mrpcap.com --- --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] New test
Jason wrote: These headers didn't trigger the HELOISIP test. It looks to me like they should have. Any Ideas? Received: from adsl-63-202-107-44.dsl.lsan03.pacbell.net [63.202.107.44] by areatech.com (SMTPD32-7.14) id A37557AB0118; Mon, 19 Apr 2004 10:42:45 -0500 Because of the 'lsan03', the numeric characters in the host name boil down to 63.202.107.44.03. I'm thinking about how best to make this type of entry fail, without jacking up the risk of a false positive. -- --- illigitimi non carborundum --- Bud Durland, CNE Mold-Rite Plastics Network Administrator http://www.mrpcap.com --- --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] New test
Glenn Brooks wrote: Will Heloisp run on NT ...I do not see any activity in task manager or in the declude logslog level MID It should run on NT just fine, although I couldn't test it on that platform. No surprise that it's not on the task manager -- it does it's thing very quickly an probably doesn't stick around long enough to show up. -- --- illigitimi non carborundum --- Bud Durland, CNE Mold-Rite Plastics Network Administrator http://www.mrpcap.com --- --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] New test
Bud Durland wrote: I am testing a small external test program. A message fails the test if there is an discernable IP address in the HELO entry of the message. The new test is available for download from http://bud.thedurlands.com. -- Bud Durland, CNE [EMAIL PROTECTED] fax: 518-561-0017 For sale: Parachute. Like new, used once. Small stain. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] New test
Andy Schmidt wrote: Hm - isn't that already covered in the HELOBOGUS test? Not really: Received: from morden-res-206-45-166-10.mts.net [206.45.166.10] morden-res-206-45-166-10.mts.net is a valid host name that will not trip HELOBOGUS, but will trip HELOISIP. -- Bud Durland, CNE [EMAIL PROTECTED] fax: 518-561-0017 For sale: Parachute. Like new, used once. Small stain. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] New test
Glenn Brooks wrote: I get an unknow filter type in the log files... HELOISP filter C:\imail\declude\heloisipx.exe 10 0 this apth would point to the exe file is this not correct? It is not a filter; it is an external non-zero test. Your GLOBAL.CG file entry would look like something like this: HELOISIPXexternalnonzero C:\IMail\Declude\HELOISIP\HELOISIPX.EXE50 This line adds 5 points to the overall weight of hte message if it fails. Hope that helps -- Bud Durland, CNE [EMAIL PROTECTED] fax: 518-561-0017 For sale: Parachute. Like new, used once. Small stain. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] New test
Jason wrote: Thanks Bill. All I can say is WOW. This test seems to be working very very well. It is snagging tons of stuff. The question is, is it generating false positives? I hope not; the FP ratio here is very, very low, but I realize everyone's traffic pattern is different. While testing, I had it set of 0 weight, and a HOLD action. That let me review what it caught and determine the appropriate weight value. YMMV -- Bud Durland, CNE [EMAIL PROTECTED] fax: 518-561-0017 For sale: Parachute. Like new, used once. Small stain. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] New test
Markus; Thanks for the detailed feedback and kind words. I haven't had time to the study our numbers (and I believe our statistical universe is much smaller than yours), but generally speaking I'm pleased with the results we're seeing here. For those who are interested, I'll be posting this test for download from my web site (http://bud.thedurlands.com) this weekend Don't look for it earlier than Sunday, but I promise it will be there. There will be two executables. The current one remains unchanged. The additional test, called HELOISIPX only fails if the HELO is a pure IP address: Received: from 12.107.134.252 [69.6.65.63] by mrpcap.com with ESMTP I created this because I see quite a few messages that use an IP for the HELO, (and often it is MY mail server's IP). I have never, ever, not once seen such a message that wasn't spam, so on my system that test will be weighted quite heavily. Markus Gufler wrote: Two days ago Bud has announced HELOISIP as new external test. After trying this test now for 36 hours I can report the following results for 04/15/2004 Processed messages: 9832 Hold as Spam: 4728 (48% of all messages) Detected by HELOISIP: 1340 (28% of hold spam / 14% of all messages) FP's from SURBL: 55 All of this 55 legit messages has had a final weight below 60% of our hold weight and so hasn't caused any real FP. 91% of all spam messages catched by HELOISIP has already reached a weight 200% of our hold weight. So having a possibility to skip this external test if a certain weight is already reached should significantly save resources. Good test! Markus -- --- illigitimi non carborundum --- Bud Durland, CNE Mold-Rite Plastics Network Administrator http://www.mrpcap.com --- --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] New test = EHLOFILTER
Markus Gufler wrote: No other MTA should connect to your MTA using your MTA's IP as HELO string. I don't know if there is any reason to connect with any other IP-address as HELO-string. My thinking exactly Several people has set up a filter file containing HELO 0 CONTAINS [your.servers.ip.address] Now add this filter file to your global.cfg file and assign a very high weight. If I had Declude JM Pro, I probably would. I only have Standard, so no filters.. -- --- illigitimi non carborundum --- Bud Durland, CNE Mold-Rite Plastics Network Administrator http://www.mrpcap.com --- --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] New test
I am testing a small external test program. A message fails the test if there is an discernable IP address in the HELO entry of the message. These fail the test: Received: from host-68-212-107-146.msy.bellsouth.net [68.212.107.146] by mrpcap.com Received: from ip-62-129-160-91.evhr.net [62.129.160.91] by mrpcap.com Received: from acs-24-154-41-142.zoominternet.net [24.154.41.142] by mrpcap.com Only the bolded part of the line (HELO name) is tested. Basically, dashes become 'dots', and anything other than numbers and dots are stripped out. If what remains looks like a valid 4-octet IP address, the test fails. These entries would NOT fail -- stray number make the location of the IP ambiguous Received: from wbar3.lax1-4-8-227-083.dsl-verizon.net [4.8.227.83] by mrpcap.com Received: from c-24-125-42-12.va.client2.attbi.com [24.125.42.12] by mrpcap.com For testing, I set it up with 0 weight and a HOLD action. So far, it has not flagged anything that was not spam. If anyone is interested in trying it out, let me know. I'll probably be putting it up for download from my web site later this week. -- --- illigitimi non carborundum --- Bud Durland, CNE Mold-Rite Plastics Network Administrator http://www.mrpcap.com ---
Re: [Declude.JunkMail] OT: Internet Usage Monitoring
Sanford Whiteman wrote: You might seriously want to consider putting up an HTTP proxy--transparent or standard. And though I'm not the type to blindly tout Unix-only stuff in Windows groups, Squid (www.squid-cache.org) is really very cool, if you feel like a little learnin'. Got to know it while working on a (commercial) content filtering add-on...still use Squid, while the add-on was never as stable. :) Or checkout SmoothWall (http://www.smoothwall.org). It's a Linux based firewall/proxy package that runs on intel hardware (I'm supporting 70+ users, with e-mail and web servers behind the firewall) on a PIII/733 with no complaints. Being very *nix-phobic, I snuck up on this thing, but I had it up and running within 20 minutes of skimming the manual, and it really works very well. -- --- illigitimi non carborundum --- Bud Durland, CNE Mold-Rite Plastics Network Administrator http://www.mrpcap.com --- --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Cheap router to limit by IP
Matt wrote: I have yet another customer that is running GroupWise 5x that is getting attacked by some asian spammer trying to dictionary attack Yahoo.co.jp and other regional sites. Until they can get onto GroupWise 6 (which will reject at the SMTP envelope), my recommendation was for them to install a new router capable of limiting port 25 to just my server's IP, the only problem is that he needs something fast and cheap. Does anyone know of any cheap, chain store stocked routers that are capable of limiting a particular port to a particular IP on inbound only (it still has to deliver by SMTP, just only receive from my IP)? I figure that the following are the best candidates based on the fact that they are readily available. This may be a bit of overkill for this particular application, but check out SmoothWall (http://www.smoothwall.org). It's a hardened Linux installation, but has been made easy to manage for Linux-phobes like me. The price is right (free), and it runs on any old 486/low end pentium you've got lying around. Takes about 20 minutes to install. In the port forwarding page, you can specify that connections from a specific address, on a specific port, should get forwarded. (i.e., port 25 traffic only from your server gets through). Most of the firewall stuff can be configured via web browser, including blocking a specific IP address. About an hour of surfing on their BBS, and I figured out how to get to a lower level config file that gives me greater granularity over allow/block rules, but for your immediate need, The GUI stuff will probably be enough. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Declude version
I downloaded and installed the interim version of Delcude, and added 'banext ezip' to the virus.cfg file, but an encryptedzip file still got through. 'banext zip' wroks OK, though. I want to confirm that I've got the right declude executable, but am having cranial flatulence trying to remember the command to have delcude display version information. Help, please? -- --- illigitimi non carborundum --- Bud Durland, CNE Mold-Rite Plastics Network Administrator http://www.mrpcap.com --- --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Declude version
R. Scott Perry wrote: I downloaded and installed the interim version of Delcude, and added 'banext ezip' to the virus.cfg file, but an encryptedzip file still got through. 'banext zip' wroks OK, though. I want to confirm that I've got the right declude executable, but am having cranial flatulence trying to remember the command to have delcude display version information. If you type \IMail\Declude from a command prompt, it should show 1.78i9. If not, you aren't running the latest interim release, and will need to copy the new Declude.exe file to the \IMail\ directory. The system responds: C:\\imail\declude Declude 1.78i9 (C) Copyright 2000-2004 Computerized Horizons. So far so good. Also, make sure that the BANEXT EZIP line isn't on the last line of the file (in any text file, you should be able to move a cursor to the line below the last line). BANEXT EZIP is in the middle of the file; and it seems that the system is ignoring it. When BANEXT EZIP is in place, all zip files are allowed through. I sent eicar tests from www.declude.com/tools, both static and dynamic zip files. if I change the line to BANEXT ZIP, the zip files get shunted to the virus holding area. -- Bud Durland, CNE [EMAIL PROTECTED] fax: 518-561-0017 For sale: Parachute. Like new, used once. Small stain. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] OT: How do I bounce or reject ...
System Administrator wrote: What would be the best way to setup IMail/Declude to bounce or reject all e-mail messages from rr.com subscribers? If possible, in that bounce or reject message I'd like to add a note telling the sender to have someone at rr.com call us to discuss the problem. You could reject the messages at the time of receipt using the black hole list at rr.blackholes.us (see http://www.blackholes.us for more info). Set it up as a trusted DNS black list in IMail administrator and you'll the server will reject the messages. This won't produce the bounce message you're looking for, though. (OTOH, it will shut off some spam -- I get quite a bit from RR cable modem subscribers.) -- --- illigitimi non carborundum --- Bud Durland, CNE Mold-Rite Plastics Network Administrator http://www.mrpcap.com --- --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Not really a white list..
The number of white list address entries in my GLOBAL.CFG file is growing; many customers using broken clients, or automated responses that look like spam. I have this entry in my GLOBAL.CFG: MRPBADADDR fromfileC:\IMail\Declude\BADADDRESS.TXT x 20 0 Is there any reason I couldn't put the addresses I'm white listing now into a file, and do something like this: MRPGOODADDR fromfileC:\IMail\Declude\GOODADDRESS.TXT x -15 0 -- --- illigitimi non carborundum --- Bud Durland, CNE Mold-Rite Plastics Network Administrator http://www.mrpcap.com --- --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] OT: Domain Registrar recommendation
Todd wrote: Anyone using a registrar that they like? I want to get some of my clients accounts off of NetSol. I have some registered at www.dotearth.com but I would like a registrar that I can maintain multiple domains from a central interface like at NetSol. I've been happy with Dotster for my personal stuff (http://www.dotster.com) -- --- illigitimi non carborundum --- Bud Durland, CNE Mold-Rite Plastics Network Administrator http://www.mrpcap.com --- --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Multiple inbound Junkmail Gateways for the same domain...
Mark Smith wrote: Before I start on this project, has anyone already done something like this? Yes. Contact me off-list. for more info -- --- illigitimi non carborundum --- Bud Durland, CNE Mold-Rite Plastics Network Administrator http://www.mrpcap.com --- --- [This E-mail scanned for viruses by Declude Virus / Sophos AV] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Declude log files
I have a program that reads and archives iMail log files to a SQL server. I'd like to add the capability to archive Declude log files in a meaningful manner. I'm studying the log files (LOGLEVEL set to MID), and I've noticed something I don't understand. For example (lines edited for brevity): 11/28/2003 11:56:50 Q7e4a069f00606ad1 SPAMCOP:7 SORBS-SPAM:8 MAILPOLICE-BULK:10 11/28/2003 11:56:50 Q7e4a069f00606ad1 Msg failed SPAMCOP ... Action=IGNORE. 11/28/2003 11:56:50 Q7e4a069f00606ad1 Msg failed SORBS-SPAM Action=IGNORE. 11/28/2003 11:56:50 Q7e4a069f00606ad1 Msg failed MAILPOLICE-BULK... Action=IGNORE. 11/28/2003 11:56:50 Q7e4a069f00606ad1 Msg failed AHBLDNSBL Action=IGNORE. 11/28/2003 11:56:50 Q7e4a069f00606ad1 Msg failed WEIGHT10 Action=IGNORE. 11/28/2003 11:56:50 Q7e4a069f00606ad1 Msg failed WEIGHT20 Action=IGNORE. 11/28/2003 11:56:50 Q7e4a069f00606ad1 R1 Message OK 11/28/2003 11:56:50 Q7e4a069f00606ad1 Msg failed SPAMCOP Action=DELETE. 11/28/2003 11:56:50 Q7e4a069f00606ad1 Msg failed SORBS-SPAM Action=IGNORE. 11/28/2003 11:56:50 Q7e4a069f00606ad1 Msg failed MAILPOLICE-BULK Action=WARN. 11/28/2003 11:56:50 Q7e4a069f00606ad1 Msg failed AHBLDNSBL ... Action=IGNORE. 11/28/2003 11:56:50 Q7e4a069f00606ad1 Msg failed WEIGHT10 Action=HOLD. 11/28/2003 11:56:50 Q7e4a069f00606ad1 Msg failed WEIGHT20 Action=DELETE. 11/28/2003 11:56:50 Q7e4a069f00606ad1 Deleting spam from [EMAIL PROTECTED] to [EMAIL PROTECTED] 11/28/2003 11:56:50 Q7e4a069f00606ad1 Subject: A holiday gift anyone would love - digital camera 11/28/2003 11:56:50 Q7e4a069f00606ad1 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] IP: 64.88.151.68 ID: This entry appears to be processing file Q7e4a069f00606ad1. However, it looks like the file was process twice, and that it passed on the first run. I'm especially curious about why the first time out, WEIGHT20's action is IGNORE, but on the second it's action is (correctly) set to DELETE. Might I have something mis-configured? -- Bud Durland, CNE [EMAIL PROTECTED] fax: 518-561-0017 For sale: Parachute. Like new, used once. Small stain. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Declude log files
R. Scott Perry wrote: This entry appears to be processing file Q7e4a069f00606ad1. However, it looks like the file was process twice, and that it passed on the first run. I'm especially curious about why the first time out, WEIGHT20's action is IGNORE, but on the second it's action is (correctly) set to DELETE. Might I have something mis-configured? That is because there were two recipients, whose settings were different. Now I know I must have something set up wrong. We're using Declude JunkMail lite, and to my knowledge there is only one set of configuration files (global.cfg and $default$.junkmail). The message is question (as far as I can tell) was addressed to only one recipient, though I was doing some debugging using iMail's copy-to feature to send copied of e-mails to a filecopy type address. -- Bud Durland, CNE [EMAIL PROTECTED] fax: 518-561-0017 For sale: Parachute. Like new, used once. Small stain. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Wildcard kill list entries
Kami Razvan wrote: In version 8 you can have wildcards in the kill list but only before a qualified domain. Imail 8. kill list e.g. @*.mail4you678.biz @*.maildeliverynow.com @*.mailestate.com @*.mailexpect.com @*.mailsprites.com @*.mailthankyou.com The way I understand it, having the leading '.' on the domain name is significant. If you have this entry in your iMail kill list: @*.mailthankyou.com It will stop mail from this address: '[EMAIL PROTECTED]' But will *not* stop mail from this address: '[EMAIL PROTECTED]' To stop the first example, your kill list entry would have to be '@*mailthankyou.com'. The side effect is that it would also stop mail from '[EMAIL PROTECTED]' (i.e., anything that ends in 'mailthankyou.com'). -- --- illigitimi non carborundum --- Bud Durland, CNE Mold-Rite Plastics Network Administrator http://www.mrpcap.com --- --- [This E-mail scanned for viruses by Declude Virus / Sophos AV] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] OT: google.com not returning correctly
Todd Holt wrote: I have a customer that has 2 computers behind a d-link router implementing NAT. One computer works fine and can goto www.google.com just fine. The other computer, however, cannot. This can be caused by a virus modifying the HOSTS file, and adding an entry for google, etc. Edit the hosts file to remove any reference to sites that don't seem to be working. Usually, the only entry is 'localhost', but you may have legitimate network specific changes. On Win2k: c:\winnt\system32\drivers\etc\hosts OnWin9X c:\windows\hosts (I think, might be c:\windows\system32\hosts) On WinXP c:\windows\system32\drivers\etc\hosts hth -- --- illigitimi non carborundum --- Bud Durland, CNE Mold-Rite Plastics Network Administrator http://www.mrpcap.com --- --- [This E-mail scanned for viruses by Declude Virus / Sophos AV] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] [OT] iMail 6.06 behind firewall
Jeff Maze - Hostmaster wrote: I know this is off-topic, but I've attempted numerous times to put our server behind a firewall, but upon doing so, the queue grows to an enormous proportion and the only way to clear it is to remove it from behind the firewall. Some firewalls apply the same filters to both incoming and outgoing traffic, others have separate filter rules depending on direction. If the build up is outgoing messages, it sounds like you firewall is one of the latter type -- bugs check in but the can't check out Make sure that port 25 is open *outbound*. -- --- illigitimi non carborundum --- Bud Durland, CNE Mold-Rite Plastics Network Administrator http://www.mrpcap.com --- --- [This E-mail scanned for viruses by Declude Virus / Sophos AV] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Dopey question
Ok, here's a easy one from a declude newbie. Are the config files whitespace agnostic? Are tab and space the same thing? can I have more than one separating the various columns of parameters? -- --- illigitimi non carborundum --- Bud Durland, CNE Mold-Rite Plastics Network Administrator http://www.mrpcap.com --- --- [This E-mail scanned for viruses by Declude Virus / Sophos AV] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.