Re: [Declude.JunkMail] OT: Erasing Cisco Pix 515 flash RAM
Only thing I can think of is from monitor mode...copy over the flash with tftp. Otherwise you have to call cisco support and get an erase utility. - Original Message - From: S.J.Stanaitis To: Declude.JunkMail@declude.com Sent: Monday, November 28, 2005 2:00 PM Subject: Re: [Declude.JunkMail] OT: Erasing Cisco Pix 515 flash RAM Sucks dude. Any chance it's part of a load balanced config and it's looking for the other PIX? Have you just let it sit to see if it times out?Darin Cox wrote: Unfortunately, wr erase only works from enable mode. We can only get to monitor mode, as the Pix hangs after loading the flash image... I'm guessing it hangs in the process of loading the startup-config. Darin. - Original Message - From: S.J.Stanaitis To: Declude.JunkMail@declude.com Sent: Monday, November 28, 2005 2:12 PM Subject: Re: [Declude.JunkMail] OT: Erasing Cisco Pix 515 flash RAM Best way to reset a PIX to factory defaults (if you can log in) is "write erase" then reboot. If you don't have the password, check this out: "http://www.cisco.com/warp/public/110/34.shtml#pix_without".Not 100% if you can do it from the monitor, but I've been in a similar trap in the past and distinctly remember using "write erase."Enjoy!SamDarin Cox wrote: This is way off topic, but I'm desperate so I'm appealing to the list... We just purchased a used Cisco pix 515 running 7.0(4) that won't boot due to what we believe is a corrupted startup-config. Does anyone out there know how to clear NVRAM on a pix from monitor mode? We can't get to enable mode due to the corrupted start-config, so it has to be done from monitor mode. We've tried everything we can think of, even a special flash erase image from Cisco, but it needs the Pix to be running 6.2(2) to work, and we don't have that image. Any Pix experts out there have any ideas? Thanks in advance, Darin. -- S.J.Stanaitis Network Administrator, Decorative Product Source http://www.dpsource.com/ [EMAIL PROTECTED] (877)-650-8054 x160-- S.J.Stanaitis Network Administrator, Decorative Product Source http://www.dpsource.com/ [EMAIL PROTECTED] (877)-650-8054 x160
[Declude.JunkMail] example
Does anyone have an example of a declude junkmail config file they can share which has a inbound from a gateway server? We have an external service scanning the emails for virus and spam (adding x-header only). So our mx record points to them. They then send the email via smtp to us. What I'm hearing from the users is more spam coming through and what I'm seeing in the headers makes me wonder if we're really checking with completely. In my global I have IPBYPASS for all the spam service IP's Does any other settingsneed to be set?
Re: [Declude.JunkMail] example
Anything's possible with sprint. Below is a header. It seems to be the common theme. BADHEADERS, MAILFROM: SPAMHEADERS, and HELOBOGUS. Nothing more, nothing less. I've scaned my declude logs for the last 2 days. no IP4r or rhsbl test have run. I put a at the mark where sprint's headers end and what I want checked. Shouldn't IPBYPASS look at the 63.161.60.61 and say ignore this part? My understanding is IPBYPASS should say that's one of mine - don't check it, check the next hop. Received: from mail39-res-R.bigfish.com [63.161.60.61] by mail.ameripride.org with ESMTP (SMTPD32-8.15) id A16C43E01AE; Tue, 17 May 2005 17:34:20 -0500 Received: from mail39-res.bigfish.com (localhost.localdomain [127.0.0.1]) by mail39-res-R.bigfish.com (Postfix) with ESMTP id 1DDC75A8670 for [EMAIL PROTECTED]; Tue, 17 May 2005 22:31:24 + (UTC) X-BigFish: vpcs45(z7b5iqca0ilzz2dh) x-sprint-detected-spam: This message appears to be spam. X-SpamScore: 45 X-CustomSpam: This message was filtered by custom spam filter option - Image links to remote sites Received: by mail39-res.bigfish.com (MessageSwitch) id 1116369083564041_21303; Tue, 17 May 2005 22:31:23 + (UCT) Received: from OUTGOING58.postalmailhostings.com (unknown [69.1.199.58]) by mail39-res.bigfish.com (Postfix) with SMTP id 30BB45A86B1 for [EMAIL PROTECTED]; Tue, 17 May 2005 22:31:23 + (UTC) Date:Tue, 17 May 2005 18:31:23 -0700 From:Approval Department[EMAIL PROTECTED] To:[EMAIL PROTECTED] Subject:NEED FUNDS NOW? Get a 1000USD Cash Advance today X-ID:4285425 Mime-Version:1.0 Content-Type: text/html; Content-Transfer-Encoding: 7bit Message-Id: [EMAIL PROTECTED] X-RBL-Warning: BADHEADERS: This E-mail was sent from a broken mail client [c010140e]. X-RBL-Warning: HELOBOGUS: Domain mail39-res.bigfish.com has no MX or A records [0001]. X-RBL-Warning: MAILFROM: Domain OUTGOING58.emailfriendlyhoster.com has no MX or A records [0001]. X-RBL-Warning: SPAMHEADERS: This E-mail has headers consistent with spam [c010140e]. X-Declude-Sender: [EMAIL PROTECTED] [127.0.0.1] X-Declude-Spoolname: D716C043E01AE0738.SMD X-Declude-Note: Scanned by Declude 2.0.6 (http://www.declude.com/x-note.htm) for spam. X-Declude-Scan: Score [26] at 17:34:22 on 17 May 2005 X-Declude-Tests: BADHEADERS, HELOBOGUS, MAILFROM, SPAMHEADERS, WEIGHT25PLUS X-Country-Chain: UNITED STATES-destination X-RCPT-TO: [EMAIL PROTECTED] Status: U X-UIDL: 374011979 - Original Message - From: Darrell ([EMAIL PROTECTED]) [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Tuesday, May 17, 2005 5:24 PM Subject: Spam-Junk-Ad:Re: [Declude.JunkMail] example Doug, Is it possible that the spam service you are using may send your message through multiple servers on their end? Darrell DLAnalyzer - Comprehensive reporting for Declude Junkmail and Virus. Try it today - http://www.invariantsystems.com Doug Anderson writes: Does anyone have an example of a declude junkmail config file they can share which has a inbound from a gateway server? We have an external service scanning the emails for virus and spam (adding x-header only). So our mx record points to them. They then send the email via smtp to us. What I'm hearing from the users is more spam coming through and what I'm seeing in the headers makes me wonder if we're really checking with completely. In my global I have IPBYPASS for all the spam service IP's Does any other settings need to be set? --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re::Re: [Declude.JunkMail] example
de.com/x-note.htm) for spam. X-Declude-Scan: Score [26] at 17:34:22 on 17 May 2005 X-Declude-Tests: BADHEADERS, HELOBOGUS, MAILFROM, SPAMHEADERS, WEIGHT25PLUS X-Country-Chain: UNITED STATES-destination X-RCPT-TO: [EMAIL PROTECTED] Status: U X-UIDL: 374011979 - Original Message - From: "Darrell ([EMAIL PROTECTED])" [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Tuesday, May 17, 2005 5:24 PM Subject: Spam-Junk-Ad:Re: [Declude.JunkMail] example Doug, Is it possible that the spam service you are using may send your message through multiple servers on their end? Darrell DLAnalyzer - Comprehensive reporting for Declude Junkmail and Virus. Try it today - http://www.invariantsystems.com Doug Anderson writes: Does anyone have an example of a declude junkmail config file they can share which has a inbound from a gateway server? We have an external service scanning the emails for virus and spam (adding x-header only). So our mx record points to them. They then send the email via smtp to us. What I'm hearing from the users is more spam coming through and what I'm seeing in the headers makes me wonder if we're really checking with completely. In my global I have IPBYPASS for all the spam service IP's Does any other settings need to be set? --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =
[Declude.JunkMail] Strange behavior
Alright, due to "management decisions" they want me to test a product from sprint for spam and virus protection. It is setup a pre-cursor to our imail and declude setup, but is only set to add a x-header into the email. Since I've done this, more spam seems to be coming through. Do I need to set hop 0 and hophigh 1 or 2 now? hop is currently set to 0 and hophigh is commented out. Does declude virus need any modification as such?
[Declude.JunkMail] Opinion
Anyone use Postini before? in addition to? New manager wants to look at it Comments?
Re: [Declude.JunkMail] [IMail Forum] odd behavior
That's the thing, I have one white list file (hate whitelists) and ameripride is not in it Did anything change in declude junkmail lately in reguards to whitelists (I just upgrade 2 nights ago)? All I have for references to whitelist are : $default.junkmail WHITELISTFILE D:\Imail\Declude\AWHITELST.txt #note AWhitelst.txt does not include ameripride.org Global.cfg CODE LOGFILE d:\declude\logfiles\dec.logLOGLEVEL LOWHOP 0HIDETESTSCATCHALLMAILS IPNOTINMX NOLEGITCONTENTXINHEADERX-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam.XINHEADERX-Spam-Tests-Failed: %TESTSFAILED% [%WEIGHT%]XINHEADERX-Country-Chain: %COUNTRYCHAIN%XOUTHEADERX-Note: E-mail scanned by Declude-JunkMail for spam by CRC.XSENDERONXSPOOLNAMEONXINHEADERX-Note: This E-mail was sent from %REVDNS% ([%REMOTEIP%]).PREWHITELISTONAUTOWHITELIST ONWHITELISTAUTH . . WHITELIST IP 192.168.0.182WHITELIST IP 192.168.0.85WHITELIST IP 192.168.0.86 #Servers on local network (not exposed to public) that send emails (status reports) - Original Message - From: E. Shanbrom (Ipswitch) To: IMail_Forum@list.ipswitch.com Sent: Thursday, February 24, 2005 2:48 PM Subject: Re: [IMail Forum] odd behavior Says ameripride.org is on the whitelist (decludes not IMail's) Eric S - Original Message - From: Doug Anderson To: IMail_Forum@list.ipswitch.com Sent: Thursday, February 24, 2005 3:03 PM Subject: Re: [IMail Forum] odd behavior Trying to figure out why it's white listed. 02:22 07:40 SMTPD(3664039604421990) [192.168.0.135] connect 221.127.179.32 port 119402:22 07:41 SMTPD(3664039604421990) [221.127.179.32] HELO 67.130.17.12602:22 07:41 SMTPD(3664039604421990) [221.127.179.32] MAIL FROM: [EMAIL PROTECTED]02:22 07:41 SMTPD(3664039604421990) [221.127.179.32] RCPT TO: [EMAIL PROTECTED]02:22 07:41 SMTPD(3664039604421990) [221.127.179.32] RCPT TO: [EMAIL PROTECTED]02:22 07:41 SMTPD(3664039604421990) [221.127.179.32] RCPT TO: [EMAIL PROTECTED]02:22 07:41 SMTPD(3664039604421990) [221.127.179.32] d:\IMail\spool\D3664039604421990.SMD 20102:22 07:41 SMTP-(3664039604421990) processing d:\IMail\spool\Q3664039604421990.SMD02:22 07:41 SMTPD(3664039604421990) [ameripride.org] in white list02/22/2005 07:41:11 Q3664039604421990 Scanned: Virus Free 02/22/2005 07:41:14 Q3664039604421990 L1 Message OK02/22/2005 07:41:14 Q3664039604421990 Tests failed [weight=25]: BADHEADERS=WARN CMDSPACE=WARN IPNOTINMX=IGNORE NOLEGITCONTENT=IGNORE REVDNS=WARN TLD=WARN COUNTRY=WARN WEIGHT10PLUS=SUBJECT CATCHALLMAILS=IGNORE 02/22/2005 07:41:14 Q3664039604421990 L2 Message OK02/22/2005 07:41:14 Q3664039604421990 Tests failed [weight=25]: BADHEADERS=WARN CMDSPACE=WARN IPNOTINMX=IGNORE NOLEGITCONTENT=IGNORE REVDNS=WARN TLD=WARN COUNTRY=WARN WEIGHT10PLUS=SUBJECT CATCHALLMAILS=IGNORE 02/22/2005 07:41:14 Q3664039604421990 Skipping4 E-mail from [EMAIL PROTECTED]; whitelisted [EMAIL PROTECTED]02/22/2005 07:41:14 Q3664039604421990 Skipping4 E-mail from [EMAIL PROTECTED]; whitelisted [EMAIL PROTECTED]02/22/2005 07:41:14 Q3664039604421990 L3 Message OK02/22/2005 07:41:14 Q3664039604421990 Tests failed [weight=0]: CATCHALLMAILS=IGNORE 02:22 07:41 SMTP-(3664039604421990) ldeliver mail.ameripride.org maria.snyder-main (1) [EMAIL PROTECTED] 97202:22 07:41 SMTP-(3664039604421990) ldeliver mail.ameripride.org reggie.licari-main (1) [EMAIL PROTECTED] 97202:22 07:41 SMTP-(3664039604421990) ldeliver mail.ameripride.org richard.boudreau-main (1) [EMAIL PROTECTED] 97202:22 07:41 SMTP-(3664039604421990) finished d:\IMail\spool\Q3664039604421990.SMD status=1 - Original Message - From: Travis Rabe To: IMail_Forum@list.ipswitch.com Sent: Thursday, February 24, 2005 1:09 PM Subject: RE: [IMail Forum] odd behavior What do the logs show you? T From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Doug AndersonSent: Thursday, February 24, 2005 11:04 AMTo: IMail_Forum@list.ipswitch.comSubject: [IMail Forum] odd behavior I have the following type of email showing up...basically blank. I'm trying to figure out if our imail server is hacked or something - because it's coming from local host. Any ideas here? Got 8.15 and the most current release of declude running. Received: from 67.130.17.126 [221.127.179.32] by mail.ameripride.org (SMTPD32-8.15) id A66D3960442; Tue, 22 Feb 2005 07:41:01 -0600Received: from localhost (HELO localhost [127.0.0.1])by actsX-RBL
Re: [Declude.JunkMail] [IMail Forum] odd behavior
John's semi right. Forgive me for not using plain text...but I've colored the lines red and put ** by it. The first line is imail whitelist, the next 2 are declude. Does declude understand when imail whitelists? Maybe I got it - under trusted addresses ameripride.org and our other domain WERE in there - I've removed it. - Original Message - From: John Tolmachoff (Lists) To: IMail_Forum@list.ipswitch.com Sent: Thursday, February 24, 2005 4:29 PM Subject: RE: [IMail Forum] odd behavior No it is not. Look at the log line again. It is in the Imail log and that line is on the SMTPD line. Declude does not log to the Imail log. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of E. Shanbrom (Ipswitch)Sent: Thursday, February 24, 2005 12:48 PMTo: IMail_Forum@list.ipswitch.comSubject: Re: [IMail Forum] odd behavior Says ameripride.org is on the whitelist (decludes not IMail's) Eric S - Original Message - From: Doug Anderson To: IMail_Forum@list.ipswitch.com Sent: Thursday, February 24, 2005 3:03 PM Subject: Re: [IMail Forum] odd behavior Trying to figure out why it's white listed. 02:22 07:40 SMTPD(3664039604421990) [192.168.0.135] connect 221.127.179.32 port 119402:22 07:41 SMTPD(3664039604421990) [221.127.179.32] HELO 67.130.17.12602:22 07:41 SMTPD(3664039604421990) [221.127.179.32] MAIL FROM: [EMAIL PROTECTED]02:22 07:41 SMTPD(3664039604421990) [221.127.179.32] RCPT TO: [EMAIL PROTECTED]02:22 07:41 SMTPD(3664039604421990) [221.127.179.32] RCPT TO: [EMAIL PROTECTED]02:22 07:41 SMTPD(3664039604421990) [221.127.179.32] RCPT TO: [EMAIL PROTECTED]02:22 07:41 SMTPD(3664039604421990) [221.127.179.32] d:\IMail\spool\D3664039604421990.SMD 20102:22 07:41 SMTP-(3664039604421990) processing d:\IMail\spool\Q3664039604421990.SMD** 02:22 07:41 SMTPD(3664039604421990) [ameripride.org] in white list02/22/2005 07:41:11 Q3664039604421990 Scanned: Virus Free 02/22/2005 07:41:14 Q3664039604421990 L1 Message OK02/22/2005 07:41:14 Q3664039604421990 Tests failed [weight=25]: BADHEADERS=WARN CMDSPACE=WARN IPNOTINMX=IGNORE NOLEGITCONTENT=IGNORE REVDNS=WARN TLD=WARN COUNTRY=WARN WEIGHT10PLUS=SUBJECT CATCHALLMAILS=IGNORE 02/22/2005 07:41:14 Q3664039604421990 L2 Message OK02/22/2005 07:41:14 Q3664039604421990 Tests failed [weight=25]: BADHEADERS=WARN CMDSPACE=WARN IPNOTINMX=IGNORE NOLEGITCONTENT=IGNORE REVDNS=WARN TLD=WARN COUNTRY=WARN WEIGHT10PLUS=SUBJECT CATCHALLMAILS=IGNORE ** 02/22/2005 07:41:14 Q3664039604421990 Skipping4 E-mail from [EMAIL PROTECTED]; whitelisted [EMAIL PROTECTED]** 02/22/2005 07:41:14 Q3664039604421990 Skipping4 E-mail from [EMAIL PROTECTED]; whitelisted [EMAIL PROTECTED]02/22/2005 07:41:14 Q3664039604421990 L3 Message OK02/22/2005 07:41:14 Q3664039604421990 Tests failed [weight=0]: CATCHALLMAILS=IGNORE 02:22 07:41 SMTP-(3664039604421990) ldeliver mail.ameripride.org maria.snyder-main (1) [EMAIL PROTECTED] 97202:22 07:41 SMTP-(3664039604421990) ldeliver mail.ameripride.org reggie.licari-main (1) [EMAIL PROTECTED] 97202:22 07:41 SMTP-(3664039604421990) ldeliver mail.ameripride.org richard.boudreau-main (1) [EMAIL PROTECTED] 97202:22 07:41 SMTP-(3664039604421990) finished d:\IMail\spool\Q3664039604421990.SMD status=1 - Original Message - From: Travis Rabe To: IMail_Forum@list.ipswitch.com Sent: Thursday, February 24, 2005 1:09 PM Subject: RE: [IMail Forum] odd behavior What do the logs show you? T From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Doug AndersonSent: Thursday, February 24, 2005 11:04 AMTo: IMail_Forum@list.ipswitch.comSubject: [IMail Forum] odd behavior I have the following type of email showing up...basically blank. I'm trying to figure out if our imail server is hacked or something - because it's coming from local host. Any ideas here? Got 8.15 and the most current release of declude running. Received: from 67.130.17.126 [221.127.179.32] by mail.ameripride.org (SMTPD32-8.15) id A66D3960442; Tue, 22 Feb 2005 07:41:01 -0600Received: from localhost (HELO localhost [127.0.0.1])by actsX-RBL-Warning: BADHEADERS: This E-mail was sent from a broken mail client
[Declude.JunkMail] Spamhaus
Anyone use the xbl db from spamhaus? Good, bad, otherwise?
[Declude.JunkMail] would any valid email contain
I'm wondering, would any valid corporate email contain a href=""rect" href=""body 0 contains a href="" and "body 0 contains shape="rect" href="" href="http://%">http://% Any valid reasons these would be in a corporate email?
Re: [Declude.JunkMail] Upgrading from 1.78 to 1.81
Title: Message upgrade manual is in the zip. - Original Message - From: Alejandro Valenzuela To: [EMAIL PROTECTED] Sent: Monday, October 04, 2004 2:29 PM Subject: [Declude.JunkMail] Upgrading from 1.78 to 1.81 Last upgrades from declude, where a single file, now the 1.81 zip file has many files in it, Could I just copy declude.exe to my Imail directory as always or there is an installation procedure ? Where can I get that info/Upgrade manual ?? Thanks Alex V
Re: [Declude.JunkMail] Outlook 2003
vb code to give you a dos error code In your declares use Private Declare Sub ExitProcess Lib kernel32 (ByVal uExitCode As Long) and then call ExitProcess 2 - Original Message - From: Dave Doherty [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, August 22, 2004 10:55 PM Subject: Re: [Declude.JunkMail] Outlook 2003 Hi Scott- Would you write the exe in C? I have not found a way to have VB return a result code from an exe. Am I missing something? -d - Original Message - From: Scott Fisher [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, August 20, 2004 12:24 PM Subject: Re: [Declude.JunkMail] Outlook 2003 I have a specific spamheader code that I punish very heavily for one specific spammer. You could use this code and change the spamheader code to the one Outlook generates. If you supply the spamheader code and ask nicely, I could generate an EXE to do it also. global.cfg: HEADER-C040120E external 2 CScript D:\IMail\Declude\FPFilters\vbs\header.vbs %HEADERCODE% 100 0 header.vbs code: ' Initialize error checking On Error Resume Next Dim Headertocheck ' As String Dim intResult ' As Integer intresult = 0 if Wscript.Arguments(0) = c040120e then Intresult = 2 End If WScript.Quit(intresult) [EMAIL PROTECTED] 8/20 9:57a Has anyone found a way to add a negative weight to Outlook 2003 clients for the spamheaders test? I am running into a problem where it is failing the spamheaders test which is causing the weight to go over the and hold the emails? Thanks, Kris McElroy [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. *Scanned for viruses by Declude Virus* --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Country Configuration?
After looking at the manual/archives andgetting a little more confused I've decided to consult the masses. What would be the easiest way of adding a few points for emails NOT orgininating from Canada, US, and Mexico? We have users in all three areas so I'm guessing the nonenglish won't work because we have english, spanish, and french emails traveling through. I just want to add 2 or 3 points for Non Canada/US/Mexico emails because what I'm doing now (endswith .ac, endwith ad...) needs to be enhanced somehow. I'm running 1.75
Re: [Declude.JunkMail] Country Configuration?
Ok, that's where I was getting confused. Didn't have the countries file, couldn't find it on the site anywhere. - Original Message - From: Dan Geiser To: [EMAIL PROTECTED] Sent: Friday, July 09, 2004 10:14 AM Subject: Re: [Declude.JunkMail] Country Configuration? Hello, Doug, I would recommend using the COUNTRY/COUNTRIES functionality in a filter. Here is how I do it... 1. Download the file, http://www.declude.com/release/179/all_list.dat, and place it in the directory that your GLOBAL.CFG file is in. 2. Add the following... GLOBAL.CFG -- XINHEADER X-Country-Chain: %COUNTRYCHAIN% -- This will add a header in each e-mail which shows you the countries that own each IP thata message passes through. 3. Add the following... GLOBAL.CFG FILTER-COUNTRYfilterD:\IMail\declude\JunkMail.01.Filter.Country.txtx00 This will tell the GLOBAL.CFG file to use the filter file referenced above. 4. Create a file called JunkMail.01.Filter.Country.txt and place it in the same directory as GLOBAL.CFG. I have attached my JunkMail.01.Filter.Country.txtfile. Keep in mind IHOLD on 100 andDELETE on 300and that my countries are heavily scaled towards the countries that our customers receive e-mail from. COUNTRY adds points for the last country in the chain. COUNTRIES adds points for a country anywhere in the chain. Let me know if it makes sense or not. Thanks, Dan Geiser [EMAIL PROTECTED] - Original Message - From: Doug Anderson To: [EMAIL PROTECTED] Sent: Friday, July 09, 2004 10:52 AM Subject: [Declude.JunkMail] Country Configuration? After looking at the manual/archives andgetting a little more confused I've decided to consult the masses. What would be the easiest way of adding a few points for emails NOT orgininating from Canada, US, and Mexico? We have users in all three areas so I'm guessing the nonenglish won't work because we have english, spanish, and french emails traveling through. I just want to add 2 or 3 points for Non Canada/US/Mexico emails because what I'm doing now (endswith .ac, endwith ad...) needs to be enhanced somehow. I'm running 1.75
Re: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail
Admin server can not be reached...Error 3592. Need any special ports open or anything? - Original Message - From: Jay Calvert To: [EMAIL PROTECTED] Sent: Friday, July 09, 2004 10:49 AM Subject: Re: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail I don't think I have ever had an username and password with Declude. Where do we find this information? All we ever had to provide as verification was our Hostname. - Original Message - From: Dan Geiser To: [EMAIL PROTECTED] Sent: Friday, July 09, 2004 8:39 AM Subject: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail Is this guy serious when he says "The test is available for download". What do we have to download? What version number includes this test? What is the format of the test? Is it just an IP4R test? What host name do we use? - Original Message - From: Barry @ CPHZ To: [EMAIL PROTECTED] Sent: Friday, July 09, 2004 10:35 AM Subject: New Multiple Threat Lookup Database test for Declude JunkMail We are pleased to let you know that today we have released a new test for all Declude JunkMail customers who are covered by a currently valid Support Agreement. The MTLDB test will test each E-mail against our database of IP addresses that have sent viruses. If the IP address is listed, the E-mail will fail the test. Otherwise, the E-mail will pass the test. The MTLDB test is used in the same way as other Declude JunkMail tests. For most customers, it would be used towards the weighting system, so that it is more likely that spam will get caught. However, like other tests in Declude JunkMail, it is possible to take a separate action for E-mails failing the MTLDB test (such as quarantining them with the HOLD action). The test is available for download www.declude.com Thanks for your support. Barry Barry SimpsonPresident CEOComputerized Horizons, LLC65 Parker StreetUnit 5Newburyport, MA 01950
Re: Re[2]: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail
We block all incoming and outgoing icmp traffic. A live reg should check at 80 or 443 because that typical allowable outbound traffic in my opinion. - Original Message - From: Sanford Whiteman [EMAIL PROTECTED] To: Scott Fisher [EMAIL PROTECTED] Sent: Friday, July 09, 2004 11:47 AM Subject: Re[2]: [Declude.JunkMail] Fw: New Multiple Threat Lookup Database test for Declude JunkMail Allow ICMP packets fixed this for me. That's a pretty big issue, IMO. Lots of SOHO routers don't allow you to pick-and-choose different ICMP traffic types, so if you're blocking any, you end up blocking all. Why does this thing need ICMP? I don't know of other LiveReg-type stuff requiring access on a port other than the port on which the registration server _actually_ runs on. --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.mailmage.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange Addresses into IMail Aliases! http://www.mailmage.com/products/software/freeutils/exchange2aliases/download/release/ --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. *Scanned for viruses by Declude Virus* *Scanned for viruses by Declude Virus* --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] NOW OT: ICMP
Actually Russ, ICMP still works. Can you ping 127.0.0.1, the local loop back? Can you ping other items on your local network? It comes down intranet vs internet separated by a firewall. Many corporations kill ICMP externally, but it works fine internally and is used as intended OR they allow outgoing only on the intranet and outgoing/incoming to the DMZ. Since I deal with security, I get to read firewall logs (real boring). We get a number of ping attacks (DOS attempts) and/or ping scans (up and down the range from same ip) per day...script monkey's looking for a way in. If you ever go through a security audit like we do, you'll understand. - Original Message - From: Russ Uhte (Lists) [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, July 09, 2004 3:16 PM Subject: Re: [Declude.JunkMail] NOW OT: ICMP At 03:03 PM 7/9/2004, Dan Horne wrote: if you block ICMP, you break IP. That's the bottom line, and nobody can argue that. Sorry, but I can and will argue with that. ICMP relies on IP, not the other way around. IP works with or without ICMP. RFC792, which defines ICMP, states The purpose of these control messages is to provide feedback about problems in the communication environment, not to make IP reliable. Acknowledged!! It also states that ICMP is actually an integral part of IP, and must be implemented by every IP module, but that only means that anything that has an IP address must also understand ICMP. It does NOT mean (IMO) that I must accept ICMP across my firewall. I guess this is open to interpretation. My interpretation is that if my machine is behind an ICMP blocking firewall, ICMP is no longer actually implemented on my machine because ICMP no longer works on my machine. Again, just my personal interpretation. -Russ --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. *Scanned for viruses by Declude Virus* *Scanned for viruses by Declude Virus* --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] OT: Internet Usage Monitoring
web trends firewall suite maybe? - Original Message - From: Kevin Bilbee [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, March 30, 2004 2:43 PM Subject: [Declude.JunkMail] OT: Internet Usage Monitoring Management wants to do web usage mainitoring. They do not at this time want to do blocking. We have a pix firewall that does what Cisco calls URL logging but in relaity it does not log the url but the ip address of the server and the path on the server to the document being viewed. What they want is a log of client ip and url including the host name. They also do not want to abandon the PIX. Any one have any suggestions? Kevin Bilbee --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] declude virus - additional info
We have mcafee at our location. I understand that I can use declude virus with it - but got some questions 1. which version of mcafee should I use? I have access to both the windows Virus Scan Enterprise 7.1.0 and the dos based Version 4.3.20. 2. If the suggestion is dos based 4.3.20, does anyone have a good automated update routine for it? If you say 7.1.0 then updating is not a problem, I'm just not sure of the command line needed. We're at a point were I've convinced Mgmnt that if they want zips to go through they need Declude Virus to get rid of the encrypted zips. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Haeds up!
I just got a wave of pif's, scr's, com's, exe's both mcaffee and symantec had updates for a new netsky variant - Original Message - From: Dave Doherty [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, February 25, 2004 1:35 PM Subject: [Declude.JunkMail] Haeds up! I've gotten a bunch of very short messages this AM with attachments. They don't seem to be coming from known spam sources, so it looks like we might have another virus storm starting up. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] idea for a test - maybe
Is there a test out there that checks for an email address in the subject line? Example: Jon Doe gets an email. In the subject line it has: Card #29546 - Award Pending for [EMAIL PROTECTED] I'm seeing alot more of these. A test to match the to email address and subject contains
Re: [Declude.JunkMail] Whitelisting and SPAM
check in global for WHITELIST HABEAS Spammers are putting Habeas headers in to their mail...we've reported 3 of them today to www.habeas.com. - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, February 18, 2004 11:40 AM Subject: Re: [Declude.JunkMail] Whitelisting and SPAM I received a message from a customer that was receiving SPAM. For some reason, this message was whitelisted but we do not have any of theses domains or IP addresses whitelisted. Am I missing something from this message header or can someone add the whitelist line to the message header. Have you checked the Declude JunkMail log file? It should say why the E-mail was whitelisted. Do you have mail.com whitelisted? That would cause the E-mail to be whitelisted. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Virus Warning - Netsky.b@mm
New ONE Moving fast! Virus Warning - [EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Off topic - iis, web servers and txt files
Ok, I'm running IIS 5.0 on my imail server. I've written a program to read the ldap and create a ldif file. I put the ldif file (xxx.ldif)in a sub directory on the web server and when I put a link to it, it displays it directly in the browser. I want it to download, not display as text. Any ideas on how to config IIS to make it download? P.S. Once I get this program fully functional I'll put it out on my personal web site for download if anyone wants it. It's a console app made with .net that will create: csv, ldif, alias, or list-lst/txt files from the ldap.
Re: [Declude.JunkMail] Off topic - iis, web servers and txt files
That's what I'm trying to get away from. Actually have it pop up to open or download. my users have problems understanding right click. Plus I'm rewriting it so that have to enter username and password to get to the link. - Original Message - From: Kevin Bilbee To: [EMAIL PROTECTED] Sent: Wednesday, February 04, 2004 1:16 PM Subject: RE: [Declude.JunkMail] Off topic - iis, web servers and txt files In internet explorer right click your link and choose "Save Target As" Kevin Bilbee -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of Doug AndersonSent: Wednesday, February 04, 2004 11:06 AMTo: [EMAIL PROTECTED]Subject: [Declude.JunkMail] Off topic - iis, web servers and txt files Ok, I'm running IIS 5.0 on my imail server. I've written a program to read the ldap and create a ldif file. I put the ldif file (xxx.ldif)in a sub directory on the web server and when I put a link to it, it displays it directly in the browser. I want it to download, not display as text. Any ideas on how to config IIS to make it download? P.S. Once I get this program fully functional I'll put it out on my personal web site for download if anyone wants it. It's a console app made with .net that will create: csv, ldif, alias, or list-lst/txt files from the ldap.
Re: [Declude.JunkMail] Off topic - iis, web servers and txt files
Title: Message I tried mime types for the "web site" and that wasn't working. one of the emails mentioned the onlineworkshop...I forgot about setting it for all of IIS. Now it downloads. Thanks for all the help! Soon to be published...ldaplst - an ldap reader / file creator. I'll post it here when ready..I'm just fine tuning and error proofing right now. - Original Message - From: Omar K. To: [EMAIL PROTECTED] Sent: Wednesday, February 04, 2004 2:21 PM Subject: RE: [Declude.JunkMail] Off topic - iis, web servers and txt files Mess around with the mime maps for your IIS server, define that file extension as anything other than clear-text, I think that will tell the browser to treat it as an attachment and not open it up in the browser. -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Doug AndersonSent: Wednesday, February 04, 2004 9:25 PMTo: [EMAIL PROTECTED]Subject: Re: [Declude.JunkMail] Off topic - iis, web servers and txt files That's what I'm trying to get away from. Actually have it pop up to open or download. my users have problems understanding right click. Plus I'm rewriting it so that have to enter username and password to get to the link. - Original Message - From: Kevin Bilbee To: [EMAIL PROTECTED] Sent: Wednesday, February 04, 2004 1:16 PM Subject: RE: [Declude.JunkMail] Off topic - iis, web servers and txt files In internet explorer right click your link and choose "Save Target As" Kevin Bilbee -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of Doug AndersonSent: Wednesday, February 04, 2004 11:06 AMTo: [EMAIL PROTECTED]Subject: [Declude.JunkMail] Off topic - iis, web servers and txt files Ok, I'm running IIS 5.0 on my imail server. I've written a program to read the ldap and create a ldif file. I put the ldif file (xxx.ldif)in a sub directory on the web server and when I put a link to it, it displays it directly in the browser. I want it to download, not display as text. Any ideas on how to config IIS to make it download? P.S. Once I get this program fully functional I'll put it out on my personal web site for download if anyone wants it. It's a console app made with .net that will create: csv, ldif, alias, or list-lst/txt files from the ldap.
Re: [Declude.JunkMail] Slightly OT: calculating bandwidth
Do you have read access to the router's snmp community? if you doMRTG gives some great stats - Original Message - From: Omar K. [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, February 04, 2004 9:26 PM Subject: [Declude.JunkMail] Slightly OT: calculating bandwidth Hello list, Im trying to figure out how much bandwidth my imail server sends/receives, I know its best to do this on the router level, but I don't have access to these. Is this information stored in any log file ? Thanks, --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Question / interesting occurence
Is anyone getting on either of these lists getting slammed with [EMAIL PROTECTED] virus? Out Symantec AV is set to email the administrator warnings. Reading through the warnings, they're coming from everywhere outside of the us canada. The weird part is they're only going at the email address I use for these boards which was created when I setup imail. I don't use that email for any other boards or lists. Strange.
Re: [Declude.JunkMail] Question / interesting occurence
Hi Scott, Symantic returns this type of message to the administrator account Message contained a virus Virus detected - [EMAIL PROTECTED] The message was Deleted The message was from [EMAIL PROTECTED] The message was to [EMAIL PROTECTED] Subject: Spam-Junk-Ad: bug announcement Message-Id: [EMAIL PROTECTED] I search the syslog for [EMAIL PROTECTED], grab the ip address from there, look it up at dnsstuff and see where it's coming from. If it's a country that we don't do business with or in, I've been adding them to the my ip blacklist. I'm also contemplating adding them to the kill file. In the last hour I've had over 75 from various ip's. I just find it strange that the email address is mine (email admin), it's a new address (change in spelling) and I typically don't subscribe to lists or news with a primary address. The Swen virus is know for haunting lists and news groups, so I thought I'd mention itso people can check themselves if they so desire. - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Monday, January 26, 2004 11:02 AM Subject: Re: [Declude.JunkMail] Question / interesting occurence Is anyone getting on either of these lists getting slammed with mailto:[EMAIL PROTECTED][EMAIL PROTECTED] virus? Our customers are seeing Swen account for about 10% of the viruses (excluding vulnerabilities). Out Symantec AV is set to email the administrator warnings. Reading through the warnings, they're coming from everywhere outside of the us canada. Are you referring to the From: or return address ([EMAIL PROTECTED]) or the country of the IP address (which is highly accurate)? The weird part is they're only going at the email address I use for these boards which was created when I setup imail. I don't use that email for any other boards or lists. Then it sounds like someone with IMail caught the Swen virus, and it's getting sent out to you. IIRC, the return address of Swen is correct. So if you can find the return address (from an X-Declude-Sender: header or MAIL FROM in the IMail SMTP log file) you should find the person who was sending it to you. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] [IMail Forum] New, fast-spreading virus
http://vil.nai.com/vil/content/v_100983.htm - Original Message - From: Travis Rabe [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, January 26, 2004 3:55 PM Subject: RE: [IMail Forum] New, fast-spreading virus McAfee just put out new defs about 30 minutes ago. Travis -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of R. Scott Perry Sent: Monday, January 26, 2004 1:34 PM To: [EMAIL PROTECTED] Subject: [IMail Forum] New, fast-spreading virus FYI, there is a new fast-spreading virus out there, that is too new to be caught by AV programs yet. So far we have seen filenames of body, data, document, file, glszfj, message, readme, test, text, vgsu042a, and vncexdl, with extensions of .pif, .scr, .zip. It may be a wise idea to temporarily ban .pif and .scr files (and possibly .zip as well), if you do not already. If you are using Declude Virus, you can use BANEXT PIF and BANEXT SCR in the virus.cfg file to do this. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] New MS updates Bug Report emails making the rounds
Thought I'd warn everyone Some different/newer (I haven't seen it before) versions of two emails arefloating around #1 From Microsoft Corporation Network Security to Commercial customer No subject Attachment "UPGRADE88.exe" It claims to be updates from microsoft. #2 From Internet Delivery Service To Net Recipient Subject Bug Report Text : I'm sorry the message returned below could not be delivered to the following addresses: Attachment "ctge.exe" They making the rounds. There wereolder versions, that we were catchingbut they've changed it a bit So watch out. Headers are #1 Received: from FE-mail03.sfg.albacom.net [213.217.149.83] by mail.ameripride.org with ESMTP (SMTPD32-8.05) id A2A9E2A0166; Thu, 22 Jan 2004 00:50:17 -0600Received: from wyadonm (217.220.55.169) by FE-mail03.sfg.albacom.net (7.0.009) id 400CF7D10001F68F; Thu, 22 Jan 2004 07:48:41 +0100Date: Thu, 22 Jan 2004 07:48:41 +0100 (added by [EMAIL PROTECTED])Message-ID: [EMAIL PROTECTED] (added by [EMAIL PROTECTED])FROM: "Microsoft Corporation Network Security Center" [EMAIL PROTECTED]TO: "Commercial Customer" [EMAIL PROTECTED]SUBJECT: Mime-Version: 1.0Content-Type: multipart/mixed; boundary="nxjzttswpsxvy"X-RBL-Warning: GIBBERISH: Message failed GIBBERISH test (line 137, weight 0)X-RBL-Warning: ANTI-GIBBERISH: Message failed ANTI-GIBBERISH test (line 106, weight 0)X-Declude-Sender: [EMAIL PROTECTED] [213.217.149.83]X-Declude-Spoolname: D72a90e2a01660543.SMDX-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam.X-Spam-Tests-Failed: GIBBERISH, ANTI-GIBBERISH [0]X-Note: This E-mail was sent from FE-mail03.albacom.net ([213.217.149.83]).X-RCPT-TO: xxStatus: UX-UIDL: 373063459 (at the end of the email) Content-Type: application/x-msdownload; n a m e = " U P G R A D E 8 8 . e x e "Content-Transfer-Encoding: base64Content-Disposition: attachment #2 Received: from FE-mail04.sfg.albacom.net [213.217.149.84] by mail.ameripride.org with ESMTP (SMTPD32-8.05) id A3A6E3A0166; Thu, 22 Jan 2004 00:54:30 -0600Received: from xkxxp (217.220.55.169) by FE-mail04.sfg.albacom.net (7.0.009) id 400CB88400024360; Thu, 22 Jan 2004 07:52:18 +0100Date: Thu, 22 Jan 2004 07:52:18 +0100 (added by [EMAIL PROTECTED])Message-ID: [EMAIL PROTECTED] (added by [EMAIL PROTECTED])FROM: "Internet Delivery System" [EMAIL PROTECTED]TO: "Net Recipient" [EMAIL PROTECTED]SUBJECT: Bug ReportMime-Version: 1.0Content-Type: multipart/alternative;boundary="fxsnozzuqz"X-RBL-Warning: GIBBERISH: Message failed GIBBERISH test (line 137, weight 0)X-RBL-Warning: ANTI-GIBBERISH: Message failed ANTI-GIBBERISH test (line 106, weight 0)X-Declude-Sender: [EMAIL PROTECTED] [213.217.149.84]X-Declude-Spoolname: D73a60e3a0166e227.SMDX-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam.X-Spam-Tests-Failed: GIBBERISH, ANTI-GIBBERISH [0]X-Note: This E-mail was sent from FE-mail04.albacom.net ([213.217.149.84]).X-RCPT-TO: xxxStatus: UX-UIDL: 373063460 (at the end of the email) Content-Type: audio/x-wav; n a m e = " c t g e . e x e "Content-Transfer-Encoding: base64Content-Id: qfrsqcgf
[Declude.JunkMail] Off topic - Ldap
I tried this on the normal Imail list with no answers, so I figured since this list is more of the imail power users I'd try here I'm trying to write a vb.net program to query the ldap and create a 3 different files from it. one is a standard csv file, next is an ldif file for importing into Win Addr Book, and 3rd is a format compatible to the alias.txt file in users directories. This program runs nightly. The problem I'm running into is you call Ldap : / / xx.xx.xx.xx / ou=orgunit, o=org (space intentional so I don't get a link) since Imail's ldap is flat not a tree, I'm not sure what to put for the part ou=orgunit, o=org Any idea's? --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Russian letters
Careful if using NonEnglish. We have Spanish and French users - nonEnglish can catch them. Don't want to piss off our friends to the north or south. - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, December 31, 2003 1:18 PM Subject: Re: [Declude.JunkMail] Russian letters Is there any way to delete the Russian type spam that you cant read because it is all in Russian but it is a nuisance. The NONENGLISH test is designed to do this. You can use it by adding a line: NONENGLISH nonenglish x x 0 0 to your \IMail\Declude\global.cfg file. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Suggestion
Since old programmers never die, they just flip their bits...and Unix people...I won't go there... I have a suggestion for our declude creators out there. Underfilters you can use CONTAINS, STARTSWITH, ENDSWITH or IS on any of the pieces of an email. I wouldn't mind seeing a MATCHES qualifier which you could put a Full Regular _expression_in with. Then you use a statement like chat.with.me where the period is 'anycharacter' so chat.with me = true chat with me = true chat-with-me = true chat--with--me = false or in the same case chat.+with.+me where the period is 'anycharacter' and the + sign means 1 or more chat.with me = true chat with me = true chat-with-me = true chat--with--me = true It's just a suggestion
[Declude.JunkMail] declude program suggestion (wishlist)
Since old programmers never die, they just flip their bits...and Unix people...I won't go there... I have a suggestion for our declude creators out there. Underfilters you can use CONTAINS, STARTSWITH, ENDSWITH or IS on any of the pieces of an email. I wouldn't mind seeing a MATCHES qualifier which you could put a Full Regular _expression_in with. Then you use a statement like (for those not knowing regualar expressions) x.y.z where the period is 'anycharacter' so x.y z = true x y z = true x-y-z = true x--y--z = false x tz = false or in the same case x.+y.+z where the period is 'anycharacter' and the + sign means 1 or more x.y z = true x y z = true x-y-z = true x--y--z = true xy--z = false all someone would have to do is link in vbscript.dll to make it work.
[Declude.JunkMail] Stupid question
I'm setting up a Sender "Black list" Given the following header, what would I put in my black list file? Is it the reply to or the from I need to look at? In this instance I would like to kill everything from quill.com, so would I just use that? Received: from om-quill.rgc3.net [66.35.244.68] by mail.ameripride.org with ESMTP (SMTPD32-8.04) id A88E1B4014A; Wed, 10 Dec 2003 09:15:26 -0600Received: by om-quill.rgc3.net (PowerMTA(TM) v2.0r5) id hqss6804faso; Wed, 10 Dec 2003 07:14:44 -0800 (envelope-from [EMAIL PROTECTED])MIME-Version: 1.0Content-Type: text/html;charset="ISO-8859-1"Content-Transfer-Encoding: quoted-printableDate: Wed, 10 Dec 2003 07:14:44 -0800From: "Quill.com" [EMAIL PROTECTED]Reply-To: "Quill.com" [EMAIL PROTECTED]Subject: Quill Values Your OpinionX-cid: quil.954.1To: [EMAIL PROTECTED]Message-Id: [EMAIL PROTECTED]X-RBL-Warning: SPAMHEADERS: This E-mail has headers consistent with spam [420e].X-Declude-Sender: [EMAIL PROTECTED] [66.35.244.68]X-Declude-Spoolname: D388e01b4014a4491.SMDX-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam.X-Spam-Tests-Failed: IPNOTINMX, NOLEGITCONTENT, SPAMHEADERS [3]X-Note: This E-mail was sent from (timeout) ([66.35.244.68]).X-RCPT-TO: [EMAIL PROTECTED]Status: UX-UIDL: 367773216
Re: [Declude.JunkMail] Stupid question
For all those answering back Quill was just an example. I check into a sender before bl'ing them and attempt list removal if they have it. - Original Message - From: Matthew Bramble [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, December 22, 2003 9:52 AM Subject: Re: [Declude.JunkMail] Stupid question Just another follow-up. This might be dangerous to blacklist anything from quill.com since they are an ecommerce site and you may very well be blocking receipts and other order related information. It would then be safer to go after the MAILFROM, though this won't work if they change the third-party bulk mailer. MAILFROM 15 CONTAINS quill.rsc01.com I generally unsubscribe customers from such lists when they report it as spam since they seem legit and they are probably only being sent E-mail because they have done business with the site. Matt Doug Anderson wrote: I'm setting up a Sender Black list Given the following header, what would I put in my black list file? Is it the reply to or the from I need to look at? In this instance I would like to kill everything from quill.com, so would I just use that? Received: from om-quill.rgc3.net [66.35.244.68] by mail.ameripride.org with ESMTP (SMTPD32-8.04) id A88E1B4014A; Wed, 10 Dec 2003 09:15:26 -0600 Received: by om-quill.rgc3.net (PowerMTA(TM) v2.0r5) id hqss6804faso; Wed, 10 Dec 2003 07:14:44 -0800 (envelope-from [EMAIL PROTECTED] mailto:[EMAIL PROTECTED]) MIME-Version: 1.0 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Date: Wed, 10 Dec 2003 07:14:44 -0800 From: Quill.com [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] Reply-To: Quill.com [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] Subject: Quill Values Your Opinion X-cid: quil.954.1 To: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] Message-Id: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] X-RBL-Warning: SPAMHEADERS: This E-mail has headers consistent with spam [420e]. X-Declude-Sender: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] [66.35.244.68] X-Declude-Spoolname: D388e01b4014a4491.SMD X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com http://www.declude.com) for spam. X-Spam-Tests-Failed: IPNOTINMX, NOLEGITCONTENT, SPAMHEADERS [3] X-Note: This E-mail was sent from (timeout) ([66.35.244.68]). X-RCPT-TO: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] Status: U X-UIDL: 367773216 --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] SPAMCOP Question
I was looking at the headers and saw SPAMCOP : Blocked Is that how it should be - what it's returning? If not, ideas on what could be wrong? X-RBL-Warning: SORBS-SPAM: Spam Received See: http://www.dnsbl.sorbs.net/cgi-bin/lookup?IP=66.111.254.21X-RBL-Warning: SPAMCOP: Blocked - see http://www.spamcop.net/bl.shtml?66.111.254.21X-RBL-Warning: SPAMHEADERS: This E-mail has headers consistent with spam [4000120e].X-RBL-Warning: GIBBERISH: Message failed GIBBERISH test (line 303, weight 0)X-RBL-Warning: ANTI-GIBBERISH: Message failed ANTI-GIBBERISH test (line 283, weight 0)X-RBL-Warning: BLASTER: Message failed BLASTER test (line 3, weight 0)X-Declude-Sender: [EMAIL PROTECTED] [66.111.254.21]X-Declude-Spoolname: D25320b0a00f84423.SMDX-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam.X-Spam-Tests-Failed: SORBS-SPAM, SPAMCOP, SPAMHEADERS, GIBBERISH, ANTI-GIBBERISH, BLASTER, WEIGHT10, WEIGHT20 [22]X-Note: This E-mail was sent from net21.netholdem.com ([66.111.254.21]).X-RCPT-TO: [EMAIL PROTECTED]Status: UX-UIDL: 367795725
Re: [Declude.JunkMail] OT: DNS Issue (HELP)
From an earthlink dsl user Ping test 1 wltx.com 56 60 Success 2 wltx.com 56 60 Success 3 wltx.com 56 60 Success 4 wltx.com 56 60 Success 5 wltx.com 56 60 Success trace rt 1 0 0 172.16.0.254 2 35 35 172.31.255.251 3 30 -5 192.168.5.53 4 30 0 209.247.34.177 ge-8-0-131.ipcolo1.Chicago1.Level3.net 5 30 0 4.68.112.201 so-7-0-0.bbr1.Chicago1.Level3.net 6 70 40 64.159.0.234 so-0-0-0.bbr1.NewYork1.Level3.net 7 60 -10 64.159.17.3 ge-6-0.ipcolo1.NewYork1.Level3.net 8 70 10 209.244.13.198 so-10-0.hsa1.Newark1.Level3.net 9 65 -5 64.156.0.26 unknown.Level3.net 10 Timed out 11 70 5 66.54.32.202 gannetttv.cust.loudcloud.com Official name: wltx.com (stack DNS) IP address: 66.54.32.202 wltx.com. (Earthlink DNS) nameserver = ns1.infi.net. wltx.com. nameserver = ns2.infi.net. wltx.com. 66.54.32.202 Whois Server Version 1.3 Domain names in the .com and .net domains can now be registered with many different competing registrars. Go to http://www.internic.net for detailed information. Domain Name: WLTX.COM Registrar: NETWORK SOLUTIONS, INC. Whois Server: whois.networksolutions.com Referral URL: http://www.networksolutions.com Name Server: NS1.INFI.NET Name Server: NS2.INFI.NET Status: ACTIVE Updated Date: 18-dec-2003 Creation Date: 19-dec-1997 Expiration Date: 18-dec-2007 Scan (DNS,FTP,HTTP,POP3,SMTP,ECHO,GOPHER,NNTP,TIME,IMAP) 066.054.032.202 HTTP gannetttv.cust.loudcloud.com Stupid question, what are you testing with? W2k? Turn of DNS Client Service and Clear DNS Cache...just a thought. - Original Message - From: Darrell LaRock [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, December 19, 2003 8:46 PM Subject: Re: [Declude.JunkMail] OT: DNS Issue (HELP) I am absolutly baffled. Eathlink Dial-up - Does not work Charter Cable Connection - Does not work ATT T1 using local bind server - Works Roadrunner Cable - Does not work AOL - Intermittent. Several users who replied - Works Darrell -- Original Message -- From: Scott Winberg [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Fri, 19 Dec 2003 19:13:55 -0700 Hello Darrell, Working from here. Denver, CO area. Scott Friday, December 19, 2003, 6:59:06 PM, you wrote: Darrell This is off topic, but I need some help in a bad way to figure out a DNS problem I am having that is preventing one of our sites from receiving mail and thier web site from loading. Darrell We recently (this week) switched the name servers from our current provider to another provider. The zone files are duplicate between providers. Darrell However, something is seriously wrong as the major ISP's can't resolve it (Earthlink, Charter, Some AOL Users, Road Runner). This occured right after the whois info was updated to the new Darrell authoratative servers. Darrell Now the crazy thing is I can resolve the site using the auth. servers, but not off one of Earthlink's or charters. Darrell The site is wltx.com. Darrell Can you resolve it? Darrell How can I verify that the site did not fall out of the root servers? Anyone else have any input? Darrell Darrell Darrell --- Darrell [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] Darrell --- Darrell This E-mail came from the Declude.JunkMail mailing list. To Darrell unsubscribe, just send an E-mail to [EMAIL PROTECTED], and Darrell type unsubscribe Declude.JunkMail. The archives can be found Darrell at http://www.mail-archive.com. -- Scottmailto:[EMAIL PROTECTED] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Active X filter
If anyone wants BODY4CONTAINSobject classid=""BODY4CONTAINS.cab#version=BODY4CONTAINSparam name=" ACTIVEX-FILTERfilterActiveX-filter.txtx40 Seems to work. Anyone got anything else?
Re: [Declude.JunkMail] Active X filter
what will it filter out? Anything with ActiveX embedded in the HTML of the email. From our system that would be ads for "micro shaver", some miracle bra,a travel "good dealz" ad, and as seen on TV ads. I'm not familar with mypoints.com adshaven't seen any yet. Typically, you'll recognize them when the email comes and you have your internet browsing set at high or medium security. - Original Message - From: Richard Farris To: [EMAIL PROTECTED] Sent: Thursday, December 18, 2003 3:28 PM Subject: Re: [Declude.JunkMail] Active X filter What will this filter out...will it filter out email like MyPoints.com which is not a good idea.. Richard FarrisEthixs Online1.270.247. Office1.800.548.3877 Tech Support - Original Message ----- From: Doug Anderson To: [EMAIL PROTECTED] Sent: Thursday, December 18, 2003 2:48 PM Subject: [Declude.JunkMail] Active X filter If anyone wants BODY4CONTAINSobject classid=""BODY4CONTAINS.cab#version=BODY4CONTAINSparam name=" ACTIVEX-FILTERfilterActiveX-filter.txtx40 Seems to work. Anyone got anything else?
[Declude.JunkMail] Filter question
This may sound stupid, but if I create a filter searching for a string in an email... BODY2CONTAINSxyz and the email contains 4 instances of that string now is the xyx time for all xyz good men xyz to come to the aid xyz of their country does the filter return an internal value of 8 or 2?
Re: [Declude.JunkMail] WHITELIST AUTH
So in Global if I have PREWHITELIST ON WHITELIST IP XXX.XXX.XXX.XXX/XXX where XXX.XXX.XXX.XXX/XXX is an ip in our local range it will bypass all spam tests? (using 8.04 1.77) - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, December 15, 2003 10:25 AM Subject: Re: [Declude.JunkMail] WHITELIST AUTH Question, when using this in the Global.cfg and Imail 8.x, do the tests still run and no action, or does it cause tests not to run? With PREWHITELIST ON, the tests will not be run (for WHITELIST AUTH). Otherwise, they will be run. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] whitelist
What is auth in the commented out whitelist? I'm trying to bypass spam testing for internal emails on the local network, any examples? Right now I have in global PREWHITELISTONWHITELISTHABEASAUTOWHITELIST ON#WHITELISTAUTHWHITELIST IP 192.168.0.0/22WHITELIST IP 10.1.0.0/22WHITELIST IP 10.1.4.0/22WHITELIST IP 10.1.12.0/22WHITELIST IP 10.1.16.0/22WHITELIST IP 10.1.20.0/22(and soforth for all theaddresses within our network) Right track or barking up the wrong tree?
Re: [Declude.JunkMail] whitelist
I have the beta in place already, users all have to authenticate (no relay what-so-ever) Any additional settings or reg hacks? - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, December 15, 2003 1:07 PM Subject: Re: [Declude.JunkMail] whitelist What is auth in the commented out whitelist? WHITELIST AUTH will automatically whitelist E-mail where IMail lets Declude JunkMail know that the user authenticated (which happens with IMail v8). It is commented out because it is only available in the latest beta, and a warning will appear in the log file for previous versions of Declude JunkMail. I'm trying to bypass spam testing for internal emails on the local network, any examples? If your users authenticate, and you are using IMail v8 and the latest beta of Declude JunkMail, WHITELIST AUTH would be a good idea. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] declude junkmail and external tests (info)
Previously posted on Imail site: When does declude junkmail add it's xheaders? Do it add as it conducts it's test(s)? can I conduct a test (if exists) on a previously added header? Maybe I should explain it better I wrote an external phrase test program. I'm trying to come up with a way of bypassing the test/program if the email is orginating from with the local domain. I've read the manual and I can pass variables to the external file per the paragraph: For more flexibility, you can have Declude JunkMail pass parameters to your program, using variables. For example, you can set up the test as 'TESTNAME external returnvalue "filename %INOROUT%"', which would send the %INOROUT% variable as a parameter to your program (which would be "incoming" for an incoming E-mail, or "outgoing" for an outgoing E-mail). if I'm passing a variable as a parameter would it be equal to program-name %variable% c:\IMail\spool\D1234567.SMD or program-namec:\IMail\spool\D1234567.SMD %variable% I need the recieving order of the "parameter list"
Re: [Declude.JunkMail] declude junkmail and external tests (info)
so if I have in global.cfg: PHRASESCAN external nonzero D:\Imail\mail_ameripride_org\phrscan.exe %REVDNS% 10 0 it will give me: phrscan (Private IP) c:\IMail\spool\D1234567.SMD phrscan (timeout) c:\IMail\spool\D1234567.SMD depending on internal emails vs external emails or does %REVDNS% actually give something I'm not seeing and it is replaced in the header? When I look at the headers %REVDNS% returns the private or timeout - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, December 12, 2003 1:24 PM Subject: Re: [Declude.JunkMail] declude junkmail and external tests (info) if I'm passing a variable as a parameter would it be equal to program-name %variable% c:\IMail\spool\D1234567.SMD or program-name c:\IMail\spool\D1234567.SMD %variable% I need the recieving order of the parameter list The variables will appear before the spool file name. The spool file name will be the last parameter. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] declude junkmail and external tests (info)
oPPs! I think the %REVDNS% was getting timeout because both the box and imails dns settings were still set to the ip of the box (durning install and testing phase) for the primary. Modified them to point to the dns server. It was the only thing having dns issues to my knowledge (users weren't complaining). Does it always return the text '(Private IP)' for internal addresses? - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, December 12, 2003 3:24 PM Subject: Re: [Declude.JunkMail] declude junkmail and external tests (info) so if I have in global.cfg: PHRASESCAN external nonzero D:\Imail\mail_ameripride_org\phrscan.exe %REVDNS% 10 0 it will give me: phrscan (Private IP) c:\IMail\spool\D1234567.SMD phrscan (timeout) c:\IMail\spool\D1234567.SMD depending on internal emails vs external emails Correct. or does %REVDNS% actually give something I'm not seeing and it is replaced in the header? When I look at the headers %REVDNS% returns the private or timeout That would occur if your DNS server is only returning certain answers, and timing out on others. That's going to cause a lot of problems -- you should look into why that is happening. Normally, if everything (on your end and the remote end) is set up properly, the %REVDNS% variable will display the reverse DNS entry of the IP that connected to your server. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.