[Declude.JunkMail] Spam says it was whitelisted
I am checking over this header and trying to determine how it could have been whitelisted. One thing I dont understand is that I delete everything from Vietnam. But if it shows its whitelisted Im sure all other tests stop. Thanks Kyle Received: from localhost [203.210.153.25] by esc5.net with ESMTP (SMTPD-8.22) id AB1435B4; Thu, 25 May 2006 20:34:12 -0500 Return-path: [EMAIL PROTECTED] Envelope-to: [EMAIL PROTECTED] Delivery-date: Fri, 26 May 2006 20:35:40 +0700 Received: from [112.61.205.8] (helo=23216878) by localhost with smtp (Exim 4.60 (FreeBSD)) (envelope-from [EMAIL PROTECTED]) id 8alMf-61wVc1-A2 for [EMAIL PROTECTED]; Fri, 26 May 2006 20:35:40 +0700 Received: from 888teleman.com (12611570 [238713367]) by 127.38.184.174 (Qmailv1) with ESMTP id BGSV3NCW for [EMAIL PROTECTED]; Fri, 26 May 2006 19:35:25 +0700 Date: Fri, 26 May 2006 19:35:25 +0700 From: Marvin B. Vasquez [EMAIL PROTECTED] X-Mailer: The Bat! (v2.00.4) Personal X-Priority: 3 Message-ID: [EMAIL PROTECTED] Subject: Full of health. MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=--FQW2ETB3DIRHR11GCT0 X-Declude-Sender: [EMAIL PROTECTED] [203.210.153.25] X-Declude-Spoolname: D5b130a17b677.smd X-Note: This E-mail was scanned by Region 5 ESC using Declude JunkMail for spam. X-Country-Chain: [IANA Reserved]-VIET NAM-destination X-Note: Total spam weight of this E-mail is 0 X-Note: Spam tests: Whitelisted X-Note: Reverse DNS: adsl.hnpt.com.vn ([203.210.153.25]) X-Note: HELO/EHLO Received: localhost X-Note: Header code: a400010b X-Note: Queue name: D5b130a17b677.smd X-RCPT-TO: [EMAIL PROTECTED] Status: U X-UIDL: 448590113 X-IMail-ThreadID: 5b130a17b677
RE: [Declude.JunkMail] Spam says it was whitelisted
Here is one I received. I not seeing the AUTH in the log so I don't think they used my account. 05:26 00:16 SMTPD(8f41090ecd10) [208.191.89.12] connect 68.250.139.149 port 1835 05:26 00:16 SMTPD(8f41090ecd10) [68.250.139.149] EHLO 68-250-139-149.ded.ameritech.net 05:26 00:16 SMTPD(8f41090ecd10) [68.250.139.149] MAIL FROM:[EMAIL PROTECTED] 05:26 00:16 SMTPD(8f41090ecd10) [68.250.139.149] RCPT TO:[EMAIL PROTECTED] 05:26 00:16 SMTPD(8f41090ecd10) [68.250.139.149] DATA 05:26 00:16 SMTPD(8f41090ecd10) [68.250.139.149] D:\IMail\spool\D8f41090ecd10.SMD 8585 05:26 00:16 SMTPD(8f41090ecd10) performing antispam checks 05:26 00:16 SMTP-(8f41090ecd10) processing D:\IMail\spool\q8f41090ecd10.smd 05:26 00:16 SMTP-(8f41090ecd10) ldeliver esc5.net kfisher-main (1) [EMAIL PROTECTED] 9099 Received: from 68-250-139-149.ded.ameritech.net [68.250.139.149] by esc5.net with ESMTP (SMTPD-8.22) id AF4233E8; Fri, 26 May 2006 00:16:50 -0500 Return-path: [EMAIL PROTECTED] Envelope-to: [EMAIL PROTECTED] Delivery-date: Fri, 26 May 2006 00:16:34 -0600 Received: from [54.202.40.178] (helo=67403648) by 68-250-139-149.ded.ameritech.net with smtp (Exim 4.60 (FreeBSD)) (envelope-from [EMAIL PROTECTED]) id M3Q3-r2OV5CP-oX for [EMAIL PROTECTED]; Fri, 26 May 2006 00:16:34 -0600 Received: from muzieknummeriek.nl (27477441257 [8355651465]) by 82.165.167.174 (Qmailv1) with ESMTP id 1I6HR1W6 for [EMAIL PROTECTED]; Fri, 26 May 2006 00:16:19 -0600 Date: Fri, 26 May 2006 00:16:19 -0600 From: Jay T Malloy [EMAIL PROTECTED] X-Mailer: The Bat! (v2.00.4) Personal X-Priority: 3 Message-ID: [EMAIL PROTECTED] Subject: We cure any desease! MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=--SIC3WNR0DUSQYT6 X-Declude-Sender: [EMAIL PROTECTED] [68.250.139.149] X-Declude-Spoolname: D8f41090ecd10.smd X-Note: This E-mail was scanned by Region 5 ESC using Declude JunkMail for spam. X-Country-Chain: UNITED STATES-destination X-Note: Total spam weight of this E-mail is 0 X-Note: Spam tests: Whitelisted X-Note: Reverse DNS: 68-250-139-149.ded.ameritech.net ([68.250.139.149]) X-Note: HELO/EHLO Received: 68-250-139-149.ded.ameritech.net X-Note: Header code: 840a X-Note: Queue name: D8f41090ecd10.smd X-RCPT-TO: [EMAIL PROTECTED] Status: U X-UIDL: 448590122 X-IMail-ThreadID: 8f41090ecd10 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darrell ([EMAIL PROTECTED]) Sent: Friday, May 26, 2006 8:59 AM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] Spam says it was whitelisted Kyle, What do the logs say? WHITELIST AUTH? Whitelisted due to a users address book? Only the logs will say for sure. Darrell --- Quickly and easily review false positives with fpReview. http://www.invariantsystems.com Kyle Fisher writes: I am checking over this header and trying to determine how it could have been whitelisted. One thing I don't understand is that I delete everything from Vietnam. But if it shows its whitelisted I'm sure all other tests stop. Thanks Kyle Received: from localhost [203.210.153.25] by esc5.net with ESMTP (SMTPD-8.22) id AB1435B4; Thu, 25 May 2006 20:34:12 -0500 Return-path: [EMAIL PROTECTED] Envelope-to: [EMAIL PROTECTED] Delivery-date: Fri, 26 May 2006 20:35:40 +0700 Received: from [112.61.205.8] (helo=23216878) by localhost with smtp (Exim 4.60 (FreeBSD)) (envelope-from [EMAIL PROTECTED]) id 8alMf-61wVc1-A2 for [EMAIL PROTECTED]; Fri, 26 May 2006 20:35:40 +0700 Received: from 888teleman.com (12611570 [238713367]) by 127.38.184.174 (Qmailv1) with ESMTP id BGSV3NCW for [EMAIL PROTECTED]; Fri, 26 May 2006 19:35:25 +0700 Date: Fri, 26 May 2006 19:35:25 +0700 From: Marvin B. Vasquez [EMAIL PROTECTED] X-Mailer: The Bat! (v2.00.4) Personal X-Priority: 3 Message-ID: [EMAIL PROTECTED] Subject: Full of health. MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=--FQW2ETB3DIRHR11GCT0 X-Declude-Sender: [EMAIL PROTECTED] [203.210.153.25] X-Declude-Spoolname: D5b130a17b677.smd X-Note: This E-mail was scanned by Region 5 ESC using Declude JunkMail for spam. X-Country-Chain: [IANA Reserved]-VIET NAM-destination X-Note: Total spam weight of this E-mail is 0 X-Note: Spam tests: Whitelisted X-Note: Reverse DNS: adsl.hnpt.com.vn ([203.210.153.25]) X-Note: HELO/EHLO Received: localhost X-Note: Header code: a400010b X-Note: Queue name: D5b130a17b677.smd X-RCPT-TO: [EMAIL PROTECTED] Status: U X-UIDL: 448590113 X-IMail-ThreadID: 5b130a17b677 --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED
RE: [Declude.JunkMail] Spam says it was whitelisted
Here is the Declude log 05/26/2006 00:16:57.630 q8f41090ecd10.smd BADHEADERS:5 INV-URIBL:15 . Total weight = 20. 05/26/2006 00:16:57.630 q8f41090ecd10.smd Tests failed [weight=20]: BADHEADERS=IGNORE[5] IPNOTINMX=IGNORE[0] NOLEGITCONTENT=IGNORE[0] INV-URIBL=IGNORE[15] WEIGHT10=IGNORE[10] WEIGHT20=IGNORE[20] CATCHALLMAILS=IGNORE[0] 05/26/2006 00:16:57.630 q8f41090ecd10.smd R1 Message OK 05/26/2006 00:16:57.630 q8f41090ecd10.smd Subject: We cure any desease! 05/26/2006 00:16:57.630 q8f41090ecd10.smd From: [EMAIL PROTECTED] To: IP: 68.250.139.149 ID: M3Q3-r2OV5CP-oX 05/26/2006 00:16:57.630 q8f41090ecd10.smd Action(s) taken for [copyall_account] = IGNORE [LAST ACTION=IGNORE] 05/26/2006 00:16:57.630 q8f41090ecd10.smd Skipping4 E-mail from [EMAIL PROTECTED]; whitelisted [EMAIL PROTECTED]]. 05/26/2006 00:16:57.630 q8f41090ecd10.smd Tests failed [weight=0]: CATCHALLMAILS=IGNORE[0] 05/26/2006 00:16:57.630 q8f41090ecd10.smd L2 Message OK 05/26/2006 00:16:57.630 q8f41090ecd10.smd Subject: We cure any desease! 05/26/2006 00:16:57.630 q8f41090ecd10.smd From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] IP: 68.250.139.149 ID: M3Q3-r2OV5CP-oX 05/26/2006 00:16:57.630 q8f41090ecd10.smd Action(s) taken for [EMAIL PROTECTED] = WHITELISTED [LAST ACTION=WHITELISTED] 05/26/2006 00:16:57.630 q8f41090ecd10.smd Cumulative action(s) taken on this email = IGNORE [LAST ACTION=IGNORE] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Colbeck, Andrew Sent: Friday, May 26, 2006 11:28 AM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] Spam says it was whitelisted And what does the Declude log show if you do a: Find /I 8f41090ecd10 dec0526.log Andrew 8) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kyle Fisher Sent: Friday, May 26, 2006 9:07 AM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] Spam says it was whitelisted Here is one I received. I not seeing the AUTH in the log so I don't think they used my account. 05:26 00:16 SMTPD(8f41090ecd10) [208.191.89.12] connect 68.250.139.149 port 1835 05:26 00:16 SMTPD(8f41090ecd10) [68.250.139.149] EHLO 68-250-139-149.ded.ameritech.net 05:26 00:16 SMTPD(8f41090ecd10) [68.250.139.149] MAIL FROM:[EMAIL PROTECTED] 05:26 00:16 SMTPD(8f41090ecd10) [68.250.139.149] RCPT TO:[EMAIL PROTECTED] 05:26 00:16 SMTPD(8f41090ecd10) [68.250.139.149] DATA 05:26 00:16 SMTPD(8f41090ecd10) [68.250.139.149] D:\IMail\spool\D8f41090ecd10.SMD 8585 05:26 00:16 SMTPD(8f41090ecd10) performing antispam checks 05:26 00:16 SMTP-(8f41090ecd10) processing D:\IMail\spool\q8f41090ecd10.smd 05:26 00:16 SMTP-(8f41090ecd10) ldeliver esc5.net kfisher-main (1) [EMAIL PROTECTED] 9099 Received: from 68-250-139-149.ded.ameritech.net [68.250.139.149] by esc5.net with ESMTP (SMTPD-8.22) id AF4233E8; Fri, 26 May 2006 00:16:50 -0500 Return-path: [EMAIL PROTECTED] Envelope-to: [EMAIL PROTECTED] Delivery-date: Fri, 26 May 2006 00:16:34 -0600 Received: from [54.202.40.178] (helo=67403648) by 68-250-139-149.ded.ameritech.net with smtp (Exim 4.60 (FreeBSD)) (envelope-from [EMAIL PROTECTED]) id M3Q3-r2OV5CP-oX for [EMAIL PROTECTED]; Fri, 26 May 2006 00:16:34 -0600 Received: from muzieknummeriek.nl (27477441257 [8355651465]) by 82.165.167.174 (Qmailv1) with ESMTP id 1I6HR1W6 for [EMAIL PROTECTED]; Fri, 26 May 2006 00:16:19 -0600 Date: Fri, 26 May 2006 00:16:19 -0600 From: Jay T Malloy [EMAIL PROTECTED] X-Mailer: The Bat! (v2.00.4) Personal X-Priority: 3 Message-ID: [EMAIL PROTECTED] Subject: We cure any desease! MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=--SIC3WNR0DUSQYT6 X-Declude-Sender: [EMAIL PROTECTED] [68.250.139.149] X-Declude-Spoolname: D8f41090ecd10.smd X-Note: This E-mail was scanned by Region 5 ESC using Declude JunkMail for spam. X-Country-Chain: UNITED STATES-destination X-Note: Total spam weight of this E-mail is 0 X-Note: Spam tests: Whitelisted X-Note: Reverse DNS: 68-250-139-149.ded.ameritech.net ([68.250.139.149]) X-Note: HELO/EHLO Received: 68-250-139-149.ded.ameritech.net X-Note: Header code: 840a X-Note: Queue name: D8f41090ecd10.smd X-RCPT-TO: [EMAIL PROTECTED] Status: U X-UIDL: 448590122 X-IMail-ThreadID: 8f41090ecd10 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darrell ([EMAIL PROTECTED]) Sent: Friday, May 26, 2006 8:59 AM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] Spam says it was whitelisted Kyle, What do the logs say? WHITELIST AUTH? Whitelisted due to a users address book? Only the logs will say for sure. Darrell --- Quickly and easily review false
RE: [Declude.JunkMail] Spam says it was whitelisted
That's what I am trying to figure out. I have never whitelisted our domain or any individual account. So if it is whitelisting now I have a problem somewhere. Kyle -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Colbeck, Andrew Sent: Friday, May 26, 2006 12:42 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] Spam says it was whitelisted Well, there you go: Skipping4 E-mail from [EMAIL PROTECTED]; whitelisted [EMAIL PROTECTED]]. It appears that you are whitelisting your own domain or username as a sender! This particular spam was spoofing your own address. Whitelisting based on the MAILFROM addresses is a bad idea, as you've just seen. It's too easily and frequently abused. Andrew 8) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kyle Fisher Sent: Friday, May 26, 2006 10:31 AM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] Spam says it was whitelisted Here is the Declude log 05/26/2006 00:16:57.630 q8f41090ecd10.smd BADHEADERS:5 INV-URIBL:15 . Total weight = 20. 05/26/2006 00:16:57.630 q8f41090ecd10.smd Tests failed [weight=20]: BADHEADERS=IGNORE[5] IPNOTINMX=IGNORE[0] NOLEGITCONTENT=IGNORE[0] INV-URIBL=IGNORE[15] WEIGHT10=IGNORE[10] WEIGHT20=IGNORE[20] CATCHALLMAILS=IGNORE[0] 05/26/2006 00:16:57.630 q8f41090ecd10.smd R1 Message OK 05/26/2006 00:16:57.630 q8f41090ecd10.smd Subject: We cure any desease! 05/26/2006 00:16:57.630 q8f41090ecd10.smd From: [EMAIL PROTECTED] To: IP: 68.250.139.149 ID: M3Q3-r2OV5CP-oX 05/26/2006 00:16:57.630 q8f41090ecd10.smd Action(s) taken for [copyall_account] = IGNORE [LAST ACTION=IGNORE] 05/26/2006 00:16:57.630 q8f41090ecd10.smd Skipping4 E-mail from [EMAIL PROTECTED]; whitelisted [EMAIL PROTECTED]]. 05/26/2006 00:16:57.630 q8f41090ecd10.smd Tests failed [weight=0]: CATCHALLMAILS=IGNORE[0] 05/26/2006 00:16:57.630 q8f41090ecd10.smd L2 Message OK 05/26/2006 00:16:57.630 q8f41090ecd10.smd Subject: We cure any desease! 05/26/2006 00:16:57.630 q8f41090ecd10.smd From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] IP: 68.250.139.149 ID: M3Q3-r2OV5CP-oX 05/26/2006 00:16:57.630 q8f41090ecd10.smd Action(s) taken for [EMAIL PROTECTED] = WHITELISTED [LAST ACTION=WHITELISTED] 05/26/2006 00:16:57.630 q8f41090ecd10.smd Cumulative action(s) taken on this email = IGNORE [LAST ACTION=IGNORE] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Colbeck, Andrew Sent: Friday, May 26, 2006 11:28 AM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] Spam says it was whitelisted And what does the Declude log show if you do a: Find /I 8f41090ecd10 dec0526.log Andrew 8) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kyle Fisher Sent: Friday, May 26, 2006 9:07 AM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] Spam says it was whitelisted Here is one I received. I not seeing the AUTH in the log so I don't think they used my account. 05:26 00:16 SMTPD(8f41090ecd10) [208.191.89.12] connect 68.250.139.149 port 1835 05:26 00:16 SMTPD(8f41090ecd10) [68.250.139.149] EHLO 68-250-139-149.ded.ameritech.net 05:26 00:16 SMTPD(8f41090ecd10) [68.250.139.149] MAIL FROM:[EMAIL PROTECTED] 05:26 00:16 SMTPD(8f41090ecd10) [68.250.139.149] RCPT TO:[EMAIL PROTECTED] 05:26 00:16 SMTPD(8f41090ecd10) [68.250.139.149] DATA 05:26 00:16 SMTPD(8f41090ecd10) [68.250.139.149] D:\IMail\spool\D8f41090ecd10.SMD 8585 05:26 00:16 SMTPD(8f41090ecd10) performing antispam checks 05:26 00:16 SMTP-(8f41090ecd10) processing D:\IMail\spool\q8f41090ecd10.smd 05:26 00:16 SMTP-(8f41090ecd10) ldeliver esc5.net kfisher-main (1) [EMAIL PROTECTED] 9099 Received: from 68-250-139-149.ded.ameritech.net [68.250.139.149] by esc5.net with ESMTP (SMTPD-8.22) id AF4233E8; Fri, 26 May 2006 00:16:50 -0500 Return-path: [EMAIL PROTECTED] Envelope-to: [EMAIL PROTECTED] Delivery-date: Fri, 26 May 2006 00:16:34 -0600 Received: from [54.202.40.178] (helo=67403648) by 68-250-139-149.ded.ameritech.net with smtp (Exim 4.60 (FreeBSD)) (envelope-from [EMAIL PROTECTED]) id M3Q3-r2OV5CP-oX for [EMAIL PROTECTED]; Fri, 26 May 2006 00:16:34 -0600 Received: from muzieknummeriek.nl (27477441257 [8355651465]) by 82.165.167.174 (Qmailv1) with ESMTP id 1I6HR1W6 for [EMAIL PROTECTED]; Fri, 26 May 2006 00:16:19 -0600 Date: Fri, 26 May 2006 00:16:19 -0600 From: Jay T Malloy [EMAIL PROTECTED] X-Mailer: The Bat! (v2.00.4) Personal X-Priority: 3 Message-ID: [EMAIL PROTECTED] Subject: We cure any desease! MIME-Version: 1.0 Content-Type: multipart
[Declude.JunkMail] Proc Directory
What can I do to speed up the Proc directory? I am getting complaints about messages taking 20 to 30min for delivery. This started after upgrading to Junkmail 3.0.5.22. Kyle Fisher
RE: [Declude.JunkMail] Proc Directory
Thanks. I finally found an article in the saying to bump up the threads which I had nothing in my declude.cfg. I moved them to 80 and it works great now. Thanks Kyle From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kyle Fisher Sent: Wednesday, December 14, 2005 11:50 AM To: Declude.JunkMail@declude.com Subject: [Declude.JunkMail] Proc Directory What can I do to speed up the Proc directory? I am getting complaints about messages taking 20 to 30min for delivery. This started after upgrading to Junkmail 3.0.5.22. Kyle Fisher
[Declude.JunkMail] Copyto
I am trying to use copyto and copy all mail sent or received from user. I am receiving all mail to the user but nothing from. This is what I have in my filter file. MAILFROM 0 IS [EMAIL PROTECTED] ALLRECIPS 0 CONTAINS [EMAIL PROTECTED] Kyle
[Declude.JunkMail] Problem with Whitelist
I am trying to figure out why this email transaction started off with the Last Action = "" then went to WHITELIST. My global.cfg has WHITELIST AUTH and AUTOWHITELIST, but I checked the Imail log and this person did not AUTH and the recipients are not in this persons webmail address book. Any ideas Kyle 06/02/2005 10:31:45 Q265E0149717D Subject: FW: Scripture for Thursday 06/02/2005 10:31:45 Q265E0149717D From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] IP: 198.216.117.200 ID: 06/02/2005 10:31:45 Q265E0149717D Tests failed [weight=-192]: CMDSPACE=WARN IPNOTINMX=IGNORE NOLEGITCONTENT=IGNORE IP-WHITELIST=IGNORE CATCHALLMAILS=IGNORE 06/02/2005 10:31:45 Q265E0149717D Action(s) taken for [EMAIL PROTECTED] = IGNORE WARN [LAST ACTION=""> 06/02/2005 10:31:45 Q265E0149717D L16 Message OK 06/02/2005 10:31:45 Q265E0149717D Subject: FW: Scripture for Thursday 06/02/2005 10:31:45 Q265E0149717D From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] IP: 198.216.117.200 ID: 06/02/2005 10:31:45 Q265E0149717D Tests failed [weight=-192]: CMDSPACE=WARN IPNOTINMX=IGNORE NOLEGITCONTENT=IGNORE IP-WHITELIST=IGNORE CATCHALLMAILS=IGNORE 06/02/2005 10:31:45 Q265E0149717D Action(s) taken for [EMAIL PROTECTED] = IGNORE WARN [LAST ACTION=""> 06/02/2005 10:31:45 Q265E0149717D L17 Message OK 06/02/2005 10:31:45 Q265E0149717D Subject: FW: Scripture for Thursday 06/02/2005 10:31:45 Q265E0149717D From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] IP: 198.216.117.200 ID: 06/02/2005 10:31:45 Q265E0149717D Tests failed [weight=-192]: CMDSPACE=WARN IPNOTINMX=IGNORE NOLEGITCONTENT=IGNORE IP-WHITELIST=IGNORE CATCHALLMAILS=IGNORE 06/02/2005 10:31:45 Q265E0149717D Action(s) taken for [EMAIL PROTECTED] = IGNORE WARN [LAST ACTION=""> 06/02/2005 10:31:45 Q265E0149717D L18 Message OK 06/02/2005 10:31:45 Q265E0149717D Subject: FW: Scripture for Thursday 06/02/2005 10:31:45 Q265E0149717D From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] IP: 198.216.117.200 ID: 06/02/2005 10:31:45 Q265E0149717D Tests failed [weight=-192]: CMDSPACE=WARN IPNOTINMX=IGNORE NOLEGITCONTENT=IGNORE IP-WHITELIST=IGNORE CATCHALLMAILS=IGNORE 06/02/2005 10:31:45 Q265E0149717D Action(s) taken for [EMAIL PROTECTED] = IGNORE WARN [LAST ACTION=""> 06/02/2005 10:31:45 Q265E0149717D Skipping4 E-mail from [EMAIL PROTECTED] ; whitelisted [EMAIL PROTECTED] ]. 06/02/2005 10:31:45 Q265E0149717D L19 Message OK 06/02/2005 10:31:45 Q265E0149717D Subject: FW: Scripture for Thursday 06/02/2005 10:31:45 Q265E0149717D From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] IP: 198.216.117.200 ID: 06/02/2005 10:31:45 Q265E0149717D Tests failed [weight=0]: CATCHALLMAILS=IGNORE 06/02/2005 10:31:45 Q265E0149717D Action(s) taken for [EMAIL PROTECTED] = WHITELISTED [LAST ACTION=""> 06/02/2005 10:31:45 Q265E0149717D L20 Message OK 06/02/2005 10:31:45 Q265E0149717D Subject: FW: Scripture for Thursday 06/02/2005 10:31:45 Q265E0149717D From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] IP: 198.216.117.200 ID: 06/02/2005 10:31:45 Q265E0149717D Tests failed [weight=0]: CATCHALLMAILS=IGNORE 06/02/2005 10:31:45 Q265E0149717D Action(s) taken for [EMAIL PROTECTED] = WHITELISTED [LAST ACTION=""> 06/02/2005 10:31:45
RE: [Declude.JunkMail] Copyto
What I found so far is that the user is using AUTH and I whitelist auth so if the whitelist run before my filter it probably wont work right? How could I get this to work? Kyle From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kyle Fisher Sent: Thursday, June 02, 2005 10:17 AM To: Declude.JunkMail@declude.com Subject: [Declude.JunkMail] Copyto I am trying to use copyto and copy all mail sent or received from user. I am receiving all mail to the user but nothing from. This is what I have in my filter file. MAILFROM 0 IS [EMAIL PROTECTED] ALLRECIPS 0 CONTAINS [EMAIL PROTECTED] Kyle
RE: [Declude.JunkMail] Copyto
Ok thanks. I am already using the copyall account for Imail for monitoring a different user, but there might be a way just to use rules to make it work. Ill try it. Thanks Kyle From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Thursday, June 02, 2005 2:02 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] Copyto Good point. Looks like you would have to turn off AUTH for the user, which may be undesirable for other reasons. I don't think you can run filters if AUTH is enabled. You might use an IMail rule instead. I think others have used that successfully to hide the copying from the user. Darin. - Original Message - From: Kyle Fisher To: Declude.JunkMail@declude.com Sent: Thursday, June 02, 2005 2:28 PM Subject: RE: [Declude.JunkMail] Copyto What I found so far is that the user is using AUTH and I whitelist auth so if the whitelist run before my filter it probably wont work right? How could I get this to work? Kyle From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kyle Fisher Sent: Thursday, June 02, 2005 10:17 AM To: Declude.JunkMail@declude.com Subject: [Declude.JunkMail] Copyto I am trying to use copyto and copy all mail sent or received from user. I am receiving all mail to the user but nothing from. This is what I have in my filter file. MAILFROM 0 IS [EMAIL PROTECTED] ALLRECIPS 0 CONTAINS [EMAIL PROTECTED] Kyle
[Declude.JunkMail] If you whitelist
If you whitelist IPs basically it bypasses the filter right? What I am trying to do is use copyto to monitor accounts, but I am whitelisting and the filter isnt applying. I tried to put my config file above the Whitelist and that didnt work. So I built an ip whitelist file and just applied negative weight for my addresses. Was this the correct way to build this? Thanks Kyle
RE: [Declude.JunkMail] Whitelist
That worked and I also had to change filter to ipfile and in the Junkmail set to ignore instead of warn. Thanks Kyle From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Sent: Monday, May 23, 2005 12:27 AM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] Whitelist Try changing 0 -100 to -100 0. Right now you are subtracting 100 from anything that doesn't hit your whitelist filter. Matt Kyle Fisher wrote: I am trying to find a way to whitelist certain Ip addresses by weight instead of just putting them in as WHITELIST IP Address in the global.cfg. I tried creating a file ip-whitelist.txt and putting in the addresses as follows 172.16.0.0/16 172.16.0.0/16 172.17.0.0/16 172.16.0.0/16 208.191.89.0/24 208.191.89.0./24 In the global.cfg I put in IP-WHITELIST filter c:\imail\declude\filters\ip-whitelist.txt x 0 -100 The problem is that it is adding the negative -100 weight to all emails coming in. My server is in the 208.191.89.x network. Im sure I have my filter line in the global.cfg wrong and it is somehow whitleisting everything on the server. Any ideas. Kyle -- =MailPure custom filters for Declude JunkMail Pro.http://www.mailpure.com/software/=
RE: [Declude.JunkMail] Whitelist
Ok thanks. Scott, I looked through the Junkmail manual and cant find an explanation of what x 0 0 or x x 0 0 actually stands for. Can you explain or is there a document. Kyle From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Scott Fisher Sent: Monday, May 23, 2005 8:47 AM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] Whitelist The IPFile was right on. If you wanted to use the filter type: REMOTEIP -100 CIDR 208.191.89.0/24 would be the format. - Original Message - From: Kyle Fisher To: Declude.JunkMail@declude.com Sent: Monday, May 23, 2005 8:26 AM Subject: RE: [Declude.JunkMail] Whitelist That worked and I also had to change filter to ipfile and in the Junkmail set to ignore instead of warn. Thanks Kyle From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Sent: Monday, May 23, 2005 12:27 AM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] Whitelist Try changing 0 -100 to -100 0. Right now you are subtracting 100 from anything that doesn't hit your whitelist filter. Matt Kyle Fisher wrote: I am trying to find a way to whitelist certain Ip addresses by weight instead of just putting them in as WHITELIST IP Address in the global.cfg. I tried creating a file ip-whitelist.txt and putting in the addresses as follows 172.16.0.0/16 172.16.0.0/16 172.17.0.0/16 172.16.0.0/16 208.191.89.0/24 208.191.89.0./24 In the global.cfg I put in IP-WHITELIST filter c:\imail\declude\filters\ip-whitelist.txt x 0 -100 The problem is that it is adding the negative -100 weight to all emails coming in. My server is in the 208.191.89.x network. Im sure I have my filter line in the global.cfg wrong and it is somehow whitleisting everything on the server. Any ideas. Kyle -- =MailPure custom filters for Declude JunkMail Pro.http://www.mailpure.com/software/=
RE: [Declude.JunkMail] Copyto
Thanks. The article got me working. Kyle From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Panda Consulting S.A. Luis Alberto Arango Sent: Friday, May 20, 2005 4:31 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] Copyto Check this archived message. I believe It has the answer you are looking for http://www.mail-archive.com/declude.junkmail@declude.com/msg24505.html it the solution has a small error than is later fixed in the posts. Instead of warn, the test should use COPYTO Hope it helps Luis From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kyle Fisher Sent: Viernes, 20 de Mayo de 2005 03:42 p.m. To: Declude.JunkMail@declude.com Subject: [Declude.JunkMail] Copyto I would like to use copyto to receive a copy of all email sent/receive from a particular user. I am already using the Imail copy all mail, but I have that setup for another customer to monitor and I now have another customer that wants a user monitored. Is there anyway in Junkmail to monitor all email from a user and to setup multiple sessions? Kyle Imail 8.20 Junkmail 2.0.6 Pro
[Declude.JunkMail] Whitelist
I am trying to find a way to whitelist certain Ip addresses by weight instead of just putting them in as WHITELIST IP Address in the global.cfg. I tried creating a file ip-whitelist.txt and putting in the addresses as follows 172.16.0.0/16 172.16.0.0/16 172.17.0.0/16 172.16.0.0/16 208.191.89.0/24 208.191.89.0./24 In the global.cfg I put in IP-WHITELIST filter c:\imail\declude\filters\ip-whitelist.txt x 0 -100 The problem is that it is adding the negative -100 weight to all emails coming in. My server is in the 208.191.89.x network. Im sure I have my filter line in the global.cfg wrong and it is somehow whitleisting everything on the server. Any ideas. Kyle
RE: [Declude.JunkMail] Whitelist
Alright I will try that. Is there a document for the actions in the global.cfg for the x 0 0 or anything like that. Kyle From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Sent: Monday, May 23, 2005 12:27 AM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] Whitelist Try changing 0 -100 to -100 0. Right now you are subtracting 100 from anything that doesn't hit your whitelist filter. Matt Kyle Fisher wrote: I am trying to find a way to whitelist certain Ip addresses by weight instead of just putting them in as WHITELIST IP Address in the global.cfg. I tried creating a file ip-whitelist.txt and putting in the addresses as follows 172.16.0.0/16 172.16.0.0/16 172.17.0.0/16 172.16.0.0/16 208.191.89.0/24 208.191.89.0./24 In the global.cfg I put in IP-WHITELIST filter c:\imail\declude\filters\ip-whitelist.txt x 0 -100 The problem is that it is adding the negative -100 weight to all emails coming in. My server is in the 208.191.89.x network. Im sure I have my filter line in the global.cfg wrong and it is somehow whitleisting everything on the server. Any ideas. Kyle -- =MailPure custom filters for Declude JunkMail Pro.http://www.mailpure.com/software/=
[Declude.JunkMail] Copyto
I would like to use copyto to receive a copy of all email sent/receive from a particular user. I am already using the Imail copy all mail, but I have that setup for another customer to monitor and I now have another customer that wants a user monitored. Is there anyway in Junkmail to monitor all email from a user and to setup multiple sessions? Kyle Imail 8.20 Junkmail 2.0.6 Pro
RE: [Declude.JunkMail] DNS SPF Record
The way I understand it is that the server receiving the email does an SPF query to your DNS server to see if you have an SPF record defining that only mail from this domain should come from this mx or ip4 address. This doesnt work very well if the receiving server doesnt do an SPF record lookup. I guess it will take some time until everyone implements this into their DNS. I did it for mine yesterday. I didnt even know what this was until I saw SPFFAIL in my declude file then I started researching it. Kyle From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of William Stillwell Sent: Tuesday, April 26, 2005 9:29 AM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] DNS SPF Record How does SPF tell you that a rouge server is forging mail from one of your customers, if you server isn't receiving the forged mail? I noticed the majority of other email admins arn't even Running spf.. for example: nremc.com then, there are the 1,000,000,000,000 hosts that don't even have postmaster or abuse even setup. - Original Message - From: Darin Cox To: Declude.JunkMail@declude.com Sent: Tuesday, April 26, 2005 9:57 AM Subject: Re: [Declude.JunkMail] DNS SPF Record We use it. For us the main benefit is to keep spammers from forging our customers' domains. SPF tells us when the mail server sending the email from one of our customer's domains is not ours. Works very nicely, and also is used as anotherbit ofevidence to other email admins (since they often cannot be troubled to read the email headers...no one on this list, though grin) that the forged spam they received really did not originate from our servers. Darin. - Original Message - From: Kyle Fisher To: Declude.JunkMail@declude.com Sent: Monday, April 25, 2005 12:44 PM Subject: [Declude.JunkMail] DNS SPF Record Are most of you using a SPF record in your DNS? Are you noticing a difference? Kyle
RE: [Declude.JunkMail] SMD Files
Title: Message The article talked about getting ICMP packets for the MTU updates. I guess I will plug in my sniffer and see if this is happening to determine if this is the problem. Kyle From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Colbeck, Andrew Sent: Sunday, April 24, 2005 8:04 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] SMD Files Another recent problematic patch is: MS05-019 aka KB898060, see: http://support.microsoft.com/default.aspx?scid=898060 It has to do with the TCP/IP MTA value being set. I imagine this would mostly affect people with PPPoE connections or anywhere a connection is through a routerconfigured for a non-standard MTU size. And sometimes, it's one particular sender that clogs up your Spool folder with broken T*.smd files. Andrew 8) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darrell ([EMAIL PROTECTED]) Sent: Saturday, April 23, 2005 7:30 AM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] SMD Files Not saying this is your problem - but... If you have applied the KB 893066 patch from the latest round of MS Patches you may want to look into that. We have seen substantial issues with this patch internally and externally. Darrell --- invURIBL - Intelligent URI filtering plug-in for Declude. Stops 85% of the SPAM with the default configuration. Try it for free - http://www.invariantsystems.com - Original Message - From: Kyle Fisher To: Declude.JunkMail@declude.com Sent: Saturday, April 23, 2005 2:40 AM Subject: RE: [Declude.JunkMail] SMD Files Ok thanks John. Why do you think this just started happening the past 3 days I went from about 200 spool files to 1000 during the day and then 2 days later there are all of those left over files. Do you mean the SMTP session from the client. I have had some complaints (for about two weeks) from clients (connected by T1) saying they are getting SMTP errors occasionally. They have there client set to check mail every 5 minutes and throughout the day they get SMTP connection errors. I mean I really dont know I am just searching at this point, but thanks for the info Kyle From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Saturday, April 23, 2005 12:28 AM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] SMD Files T files are incomplete Q files, where by some how the SMTP session was not completed. They along with the associated D file can be deleted. The reason it looks like they have already been sent is that the sending server/user upon disconnection of the SMTP session the resent the message in full. John T eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kyle Fisher Sent: Friday, April 22, 2005 2:49 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] SMD Files Looking at some of these it looks like they have already been sent and it is trying to resend them again. Also in some of these it is going to [EMAIL PROTECTED] From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kyle Fisher Sent: Friday, April 22, 2005 3:50 PM To: Declude.JunkMail@declude.com Subject: [Declude.JunkMail] SMD Files I am trying to find the article that explains the build up of Txx.smd and Dxx.smd files in the spool directory. The past few days I have quite a few of these hanging around in the spool directory. Here is a sample of whats in the files. Some are from my local clients and some or from other mail servers. Kyle Imail 8.15 2.0.6 Junkmail and Antivirus 3.16b F-Prot Message Sniffer 2.3 D03bc03690136cf5a.SMD Received: from gwmsrm42 [172.16.52.2] by esc5.net with ESMTP (SMTPD32-8.15) id A3BC3690136; Thu, 21 Apr 2005 14:49:16 -0500 T03bc03690136cf5a.SMD QD:\IMail\spool\D03bc03690136cf5a.SMD Hesc5.net I03bc03690136cf5a X1 WE:\IMail E0, R[EMAIL PROTECTED] S[EMAIL PROTECTED] NRCPT TO: [EMAIL PROTECTED] R[EMAIL PROTECTED]
[Declude.JunkMail] DNS SPF Record
Are most of you using a SPF record in your DNS? Are you noticing a difference? Kyle
RE: [Declude.JunkMail] SMD Files
Ok thanks John. Why do you think this just started happening the past 3 days I went from about 200 spool files to 1000 during the day and then 2 days later there are all of those left over files. Do you mean the SMTP session from the client. I have had some complaints (for about two weeks) from clients (connected by T1) saying they are getting SMTP errors occasionally. They have there client set to check mail every 5 minutes and throughout the day they get SMTP connection errors. I mean I really dont know I am just searching at this point, but thanks for the info Kyle From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists) Sent: Saturday, April 23, 2005 12:28 AM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] SMD Files T files are incomplete Q files, where by some how the SMTP session was not completed. They along with the associated D file can be deleted. The reason it looks like they have already been sent is that the sending server/user upon disconnection of the SMTP session the resent the message in full. John T eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kyle Fisher Sent: Friday, April 22, 2005 2:49 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] SMD Files Looking at some of these it looks like they have already been sent and it is trying to resend them again. Also in some of these it is going to [EMAIL PROTECTED] From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kyle Fisher Sent: Friday, April 22, 2005 3:50 PM To: Declude.JunkMail@declude.com Subject: [Declude.JunkMail] SMD Files I am trying to find the article that explains the build up of Txx.smd and Dxx.smd files in the spool directory. The past few days I have quite a few of these hanging around in the spool directory. Here is a sample of whats in the files. Some are from my local clients and some or from other mail servers. Kyle Imail 8.15 2.0.6 Junkmail and Antivirus 3.16b F-Prot Message Sniffer 2.3 D03bc03690136cf5a.SMD Received: from gwmsrm42 [172.16.52.2] by esc5.net with ESMTP (SMTPD32-8.15) id A3BC3690136; Thu, 21 Apr 2005 14:49:16 -0500 T03bc03690136cf5a.SMD QD:\IMail\spool\D03bc03690136cf5a.SMD Hesc5.net I03bc03690136cf5a X1 WE:\IMail E0, R[EMAIL PROTECTED] S[EMAIL PROTECTED] NRCPT TO: [EMAIL PROTECTED] R[EMAIL PROTECTED]
[Declude.JunkMail] Country Code test
Can someone look at this header and tell me why it didnt fail my country code test for Korea, is it because the final country code was the US. Kyle Received: from new-murphey.tenet.edu [198.213.2.103] by esc5.net (SMTPD32-8.15) id A3D312F022A; Thu, 21 Apr 2005 21:39:15 -0500 Received: (qmail 121684 invoked by uid 4244); 22 Apr 2005 02:39:15 - Delivered-To: [EMAIL PROTECTED] Received: (qmail 123298 invoked from network); 22 Apr 2005 02:39:14 - Received: from unknown (HELO 198.213.2.103) (168.126.18.65) by new-murphey.tenet.edu with SMTP; 22 Apr 2005 02:39:14 - Received: from dire5.fibertel.com.ar by mt84.fibertel.com.ar (7.0.015) id 405D7AEB00499223 for [EMAIL PROTECTED]; Fri, 22 Apr 2005 12:33:29 -0700 From: Y Helms Corp. [EMAIL PROTECTED] Date: Fri, 22 Apr 2005 22:34:29 +0300 To: [EMAIL PROTECTED] Subject: Mr.$aver Message-Id: [EMAIL PROTECTED] X-Sender: [EMAIL PROTECTED] X-RBL-Warning: SD-STRONG-SPAMDOMAINS: Spamdomain '@hush.com' found: Address of [EMAIL PROTECTED] sent from invalid new-murphey.tenet.edu. X-Declude-Sender: [EMAIL PROTECTED] [198.213.2.103] X-Declude-Spoolname: D63D3012F022A3398.SMD X-Note: This E-mail was scanned by Region 5 ESC using Declude JunkMail for spam. X-Country-Chain: KOREA-KR-UNITED STATES-destination X-Note: Total spam weight of this E-mail is 5 X-Note: Spam tests: IPNOTINMX, NOLEGITCONTENT, SPFFAIL, SD-STRONG-SPAMDOMAINS X-Note: Reverse DNS: new-murphey.tenet.edu ([198.213.2.103]) X-Note: HELO/EHLO Received: new-murphey.tenet.edu X-Note: Header code: e X-Note: Queue name: D63D3012F022A3398.SMD X-RCPT-TO: [EMAIL PROTECTED] Status: R X-UIDL: 398308930
RE: [Declude.JunkMail] SMD Files
Looking at some of these it looks like they have already been sent and it is trying to resend them again. Also in some of these it is going to [EMAIL PROTECTED] From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kyle Fisher Sent: Friday, April 22, 2005 3:50 PM To: Declude.JunkMail@declude.com Subject: [Declude.JunkMail] SMD Files I am trying to find the article that explains the build up of Txx.smd and Dxx.smd files in the spool directory. The past few days I have quite a few of these hanging around in the spool directory. Here is a sample of whats in the files. Some are from my local clients and some or from other mail servers. Kyle Imail 8.15 2.0.6 Junkmail and Antivirus 3.16b F-Prot Message Sniffer 2.3 D03bc03690136cf5a.SMD Received: from gwmsrm42 [172.16.52.2] by esc5.net with ESMTP (SMTPD32-8.15) id A3BC3690136; Thu, 21 Apr 2005 14:49:16 -0500 T03bc03690136cf5a.SMD QD:\IMail\spool\D03bc03690136cf5a.SMD Hesc5.net I03bc03690136cf5a X1 WE:\IMail E0, R[EMAIL PROTECTED] S[EMAIL PROTECTED] NRCPT TO: [EMAIL PROTECTED] R[EMAIL PROTECTED]
RE: [Declude.JunkMail] Country Code test
Thanks. I will create a COUNTRIES filter with STARTSWITH Kyle From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Sent: Friday, April 22, 2005 10:36 AM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] Country Code test COUNTRY will match only the connecting hop (prior to IPBYPASS settings) and should contain only one value. COUNTRIES will contain from the first to the last (connecting) hop, and you should be able to test for the first country with a STARTSWITH filter. Your filter didn't match because the connecting hop was US. The following filter would have hit if you were looking for Korea being the originating hop: COUNTRIES 5 STARTSWITH KR Alternatively, if you only wanted to know if Korea was anywhere in the chain, especially considering that some zombie spammers will forge headers to mask the true point of origination, you would do the following: COUNTRIES 5 CONTAINS KR Matt Kyle Fisher wrote: So are there different test for COUNTRIES and COUNTRY. I have my country-3point.txt test COUNTRY 5 IS KR Do I need another test for COUNTRIES? Kyle From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Scott Fisher Sent: Friday, April 22, 2005 8:52 AM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] Country Code test KOREA-KR-UNITED STATES-destinationwould trigger COUNTRIES 1 IS KR But KOREA-KR-UNITED STATES-destination would not trigger COUNTRY 1 IS KR - Original Message - From: Kyle Fisher To: Declude.JunkMail@declude.com Sent: Friday, April 22, 2005 8:08 AM Subject: [Declude.JunkMail] Country Code test Can someone look at this header and tell me why it didnt fail my country code test for Korea, is it because the final country code was the US. Kyle Received: from new-murphey.tenet.edu [198.213.2.103] by esc5.net (SMTPD32-8.15) id A3D312F022A; Thu, 21 Apr 2005 21:39:15 -0500 Received: (qmail 121684 invoked by uid 4244); 22 Apr 2005 02:39:15 - Delivered-To: [EMAIL PROTECTED] Received: (qmail 123298 invoked from network); 22 Apr 2005 02:39:14 - Received: from unknown (HELO 198.213.2.103) (168.126.18.65) by new-murphey.tenet.edu with SMTP; 22 Apr 2005 02:39:14 - Received: from dire5.fibertel.com.ar by mt84.fibertel.com.ar (7.0.015) id 405D7AEB00499223 for [EMAIL PROTECTED]; Fri, 22 Apr 2005 12:33:29 -0700 From: Y Helms Corp. [EMAIL PROTECTED] Date: Fri, 22 Apr 2005 22:34:29 +0300 To: [EMAIL PROTECTED] Subject: Mr.$aver Message-Id: [EMAIL PROTECTED] X-Sender: [EMAIL PROTECTED] X-RBL-Warning: SD-STRONG-SPAMDOMAINS: Spamdomain '@hush.com' found: Address of [EMAIL PROTECTED] sent from invalid new-murphey.tenet.edu. X-Declude-Sender: [EMAIL PROTECTED] [198.213.2.103] X-Declude-Spoolname: D63D3012F022A3398.SMD X-Note: This E-mail was scanned by Region 5 ESC using Declude JunkMail for spam. X-Country-Chain: KOREA-KR-UNITED STATES-destination X-Note: Total spam weight of this E-mail is 5 X-Note: Spam tests: IPNOTINMX, NOLEGITCONTENT, SPFFAIL, SD-STRONG-SPAMDOMAINS X-Note: Reverse DNS: new-murphey.tenet.edu ([198.213.2.103]) X-Note: HELO/EHLO Received: new-murphey.tenet.edu X-Note: Header code: e X-Note: Queue name: D63D3012F022A3398.SMD X-RCPT-TO: [EMAIL PROTECTED] Status: R X-UIDL: 398308930 -- =MailPure custom filters for Declude JunkMail Pro.http://www.mailpure.com/software/=
[Declude.JunkMail] SMD Files
I am trying to find the article that explains the build up of Txx.smd and Dxx.smd files in the spool directory. The past few days I have quite a few of these hanging around in the spool directory. Here is a sample of whats in the files. Some are from my local clients and some or from other mail servers. Kyle Imail 8.15 2.0.6 Junkmail and Antivirus 3.16b F-Prot Message Sniffer 2.3 D03bc03690136cf5a.SMD Received: from gwmsrm42 [172.16.52.2] by esc5.net with ESMTP (SMTPD32-8.15) id A3BC3690136; Thu, 21 Apr 2005 14:49:16 -0500 T03bc03690136cf5a.SMD QD:\IMail\spool\D03bc03690136cf5a.SMD Hesc5.net I03bc03690136cf5a X1 WE:\IMail E0, R[EMAIL PROTECTED] S[EMAIL PROTECTED] NRCPT TO: [EMAIL PROTECTED] R[EMAIL PROTECTED]
[Declude.JunkMail] DSBL Road Runner
I am trying to determine why some email from Road Runner is getting picked up by DSBL. When I query DSBL for 24.93.47.42 it says Status Ip not listed by DSBL. Here is the line in my global.cfg DSBL ip4r list.dsbl.org * 8 0 Is the * picking up something since it looks for anything maybe some other record on their list? Kyle
RE: [Declude.JunkMail] DSBL Road Runner
This is what I have #= LOGS == # in the LOGFILE option, if present, automatically gets replaced with the month/date. # Log Level options: WARN / LOW / MID / HIGH / DEBUG / ERROR LOGFILE d:\imail\spool\dec.log LOGLEVEL MID HOP 0 #HOPHIGH 1 #= HEADERS == XSENDER ON XSPOOLNAME ON XINHEADER X-Note: This E-mail was scanned by Region 5 ESC using Declude JunkMail for spam. XINHEADER X-Country-Chain: %COUNTRYCHAIN% XINHEADER X-Note: Total spam weight of this E-mail is %WEIGHT% XINHEADER X-Note: Spam tests: %TESTSFAILED% XINHEADER X-Note: Reverse DNS: %REVDNS% ([%REMOTEIP%]) XINHEADER X-Note: HELO/EHLO Received: %HELO% XINHEADER X-Note: Header code: %HEADERCODE% XINHEADER X-Note: Queue name: %QUEUENAME% XOUTHEADER X-Note: This E-mail was scanned by Region 5 ESC using Declude JunkMail for spam. XOUTHEADER X-Note: Queue name: %QUEUENAME% XOUTHEADER X-Note: Spam tests: %TESTSFAILED% XOUTHEADER X-Note: Total spam weight of this e-mail is %WEIGHT% XOUTHEADER X-Note: Reverse DNS: %REVDNS% ([%REMOTEIP%]) XOUTHEADER X-Note: HELO/EHLO Received: %HELO% XOUTHEADER X-Note: Header code: %HEADERCODE% XOUTHEADER X-Country-Chain: %COUNTRYCHAIN% #= ADVANCED OPTIONS = HIDETESTS CATCHALLMAILS #IPNOTINMX NOLEGITCONTENT Rem out 2-25-05 For testing to see all test. HOP 0 # reduced from 3 to 2 to see if dns improves HOPHIGH 2 ### Orignal Settings Below ### #HOP 0 #HOPHIGH 1 #= WHITELISTS == From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Sent: Friday, April 15, 2005 10:13 AM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] DSBL Road Runner You might be scanning on multiple hops, and this might be picking up the client PC instead of the connecting server. Look for the HOP setting and see if it is anything besides 0, and if so, you are scanning on multiple hops. Prior hops are much more often listed in open relay lists such as DSBL, and it isn't wise to score DSBL on multiple hops at the same score as the last hop. DSBL doesn't like to delist IP's, and their automated removal process will not work with residential broadband IP's. They have no interest in changing this. Matt Kyle Fisher wrote: I am trying to determine why some email from Road Runner is getting picked up by DSBL. When I query DSBL for 24.93.47.42 it says Status Ip not listed by DSBL. Here is the line in my global.cfg DSBL ip4r list.dsbl.org * 8 0 Is the * picking up something since it looks for anything maybe some other record on their list? Kyle -- =MailPure custom filters for Declude JunkMail Pro.http://www.mailpure.com/software/=
RE: [Declude.JunkMail] DSBL Road Runner
Ok thanks. I think I will just comment out HOPHIGH. Kyle From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Sent: Friday, April 15, 2005 10:44 AM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] DSBL Road Runner The HOPHIGH setting in combination I believe will result in the last 3 hops being scanned. In your config that is set to 2. It is advisable that you either comment out HOPHIGH, or take a bunch of time to work out how to score differently the open relay type tests on hops besides the last. Here's an example of how to do this with DSBL: DSBL(LAST) dnsbl %IP4R%.list.dsbl.org 127.0.0.2 5 0 DSBL(ALL) ip4r list.dsbl.org 127.0.0.2 2 0 Note that this technique only needs to be applied to what you currently list as ip4r tests, and only lists that will tag residential IP space, which are primarily open relay type lists (generally spamtrap driven, or ones that test), but SBL and AHBL-SOURCES will also do this sometimes, primarily with international IP space. Matt Kyle Fisher wrote: This is what I have #= LOGS == # in the LOGFILE option, if present, automatically gets replaced with the month/date. # Log Level options: WARN / LOW / MID / HIGH / DEBUG / ERROR LOGFILE d:\imail\spool\dec.log LOGLEVEL MID HOP 0 #HOPHIGH 1 #= HEADERS == XSENDER ON XSPOOLNAME ON XINHEADER X-Note: This E-mail was scanned by Region 5 ESC using Declude JunkMail for spam. XINHEADER X-Country-Chain: %COUNTRYCHAIN% XINHEADER X-Note: Total spam weight of this E-mail is %WEIGHT% XINHEADER X-Note: Spam tests: %TESTSFAILED% XINHEADER X-Note: Reverse DNS: %REVDNS% ([%REMOTEIP%]) XINHEADER X-Note: HELO/EHLO Received: %HELO% XINHEADER X-Note: Header code: %HEADERCODE% XINHEADER X-Note: Queue name: %QUEUENAME% XOUTHEADER X-Note: This E-mail was scanned by Region 5 ESC using Declude JunkMail for spam. XOUTHEADER X-Note: Queue name: %QUEUENAME% XOUTHEADER X-Note: Spam tests: %TESTSFAILED% XOUTHEADER X-Note: Total spam weight of this e-mail is %WEIGHT% XOUTHEADER X-Note: Reverse DNS: %REVDNS% ([%REMOTEIP%]) XOUTHEADER X-Note: HELO/EHLO Received: %HELO% XOUTHEADER X-Note: Header code: %HEADERCODE% XOUTHEADER X-Country-Chain: %COUNTRYCHAIN% #= ADVANCED OPTIONS = HIDETESTS CATCHALLMAILS #IPNOTINMX NOLEGITCONTENT Rem out 2-25-05 For testing to see all test. HOP 0 # reduced from 3 to 2 to see if dns improves HOPHIGH 2 ### Orignal Settings Below ### #HOP 0 #HOPHIGH 1 #= WHITELISTS == From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Matt Sent: Friday, April 15, 2005 10:13 AM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] DSBL Road Runner You might be scanning on multiple hops, and this might be picking up the client PC instead of the connecting server. Look for the HOP setting and see if it is anything besides 0, and if so, you are scanning on multiple hops. Prior hops are much more often listed in open relay lists such as DSBL, and it isn't wise to score DSBL on multiple hops at the same score as the last hop. DSBL doesn't like to delist IP's, and their automated removal process will not work with residential broadband IP's. They have no interest in changing this. Matt Kyle Fisher wrote: I am trying to determine why some email from Road Runner is getting picked up by DSBL. When I query DSBL for 24.93.47.42 it says Status Ip not listed by DSBL. Here is the line in my global.cfg DSBL ip4r list.dsbl.org * 8 0 Is the * picking up something since it looks for anything maybe some other record on their list? Kyle -- =MailPure custom filters for Declude JunkMail Pro.http://www.mailpure.com/software/= -- =MailPure custom filters for Declude JunkMail Pro.http://www.mailpure.com/software/=
[Declude.JunkMail] SMTP Service
If you are running Imail should you ever see the stmp32.exe process ever come up? I know youll see SMTPd32.exe Occasionally I will see the smtp32.exe process come up, but none of that is enabled and I was wondering if I have been Hi-jacked or something. This morning I had a very heavy load as users got into work and I was seeing stmp32.exe and stmpd32.exe at about the same rate. For the past 2 weeks I have noticed the SMTPd32.exe process getting up to 2.32 Gig and staying there normally it is about 7 Mb in the task manager. I had a problem about 3 months ago with the spool filling up but that was do to a memory leak in 2003 DNS and I put that hot fix on and it has been working fine until 2 weeks. The only weird thing about 3 weeks ago when I looked into my network connections I had a RAC connection setup and it was connected and I have never seen that before. I also have a RAC VNC Service under services now. I did read something about Dell having RAC VNC Service, but unless it installed it on its own I have never seen it. I have turned it all off and It hasnt affected anything on my end so I dont know what it is. Kyle 2003 Windows Server Imail 8.15 Declude 2.05 Junkmail/Antivirus Sniffer F-Prot 3.16a
[Declude.JunkMail] Junkmail Syntax
In the Junkmail file you have DELETE, HOLD, WARN, IGNORE. What does IGNORE actually do? Kyle
RE: [Declude.JunkMail] Junkmail Syntax
Looking at the log it doesn't seem that way. If you look at the header it shows the same. 02/28/2005 15:00:19 Q865e00e001301b5a nIPNOTINMX:-3 nNOLEGITCONTENT:-5 . Total weight = -8. 02/28/2005 15:00:19 Q865e00e001301b5a L1 Message OK 02/28/2005 15:00:19 Q865e00e001301b5a Subject: Read: [Fwd: FW: Applebees - don't delete - enjoy] 02/28/2005 15:00:19 Q865e00e001301b5a From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] IP: 209.34.96.3 ID: 02/28/2005 15:00:19 Q865e00e001301b5a Tests failed [weight=-8]: CATCHALLMAILS=IGNORE 02/28/2005 15:00:19 Q865e00e001301b5a Last action = IGNORE. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darrell ([EMAIL PROTECTED]) Sent: Monday, February 28, 2005 3:20 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] Junkmail Syntax It will do nothing other than log an entry to your log. Darrell Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. Kyle Fisher writes: In the Junkmail file you have DELETE, HOLD, WARN, IGNORE. What does IGNORE actually do? Kyle --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Junkmail Syntax
Right now I am not hiding any tests. I have IPNOTINMX -3 and NOLEGITCONTENT -5 set to ignore (default when I purchased Declude). In the sample below you can see where it has a negative weight of 8 and the header shows the same, but they are set to ignore. I have more samples where it might have only failed sniffer (weight 8) and in the header it shows total weight 5 but you will see nolegitcontent in the header too. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darrell ([EMAIL PROTECTED]) Sent: Monday, February 28, 2005 3:35 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] Junkmail Syntax The message's last action is IGNORE which means it will be delivered. What are the actions set on the two tests it hit on? If they are WARN then they will show in the headers. Darrell Kyle Fisher writes: Looking at the log it doesn't seem that way. If you look at the header it shows the same. 02/28/2005 15:00:19 Q865e00e001301b5a nIPNOTINMX:-3 nNOLEGITCONTENT:-5 . Total weight = -8. 02/28/2005 15:00:19 Q865e00e001301b5a L1 Message OK 02/28/2005 15:00:19 Q865e00e001301b5a Subject: Read: [Fwd: FW: Applebees - don't delete - enjoy] 02/28/2005 15:00:19 Q865e00e001301b5a From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] IP: 209.34.96.3 ID: 02/28/2005 15:00:19 Q865e00e001301b5a Tests failed [weight=-8]: CATCHALLMAILS=IGNORE 02/28/2005 15:00:19 Q865e00e001301b5a Last action = IGNORE. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darrell ([EMAIL PROTECTED]) Sent: Monday, February 28, 2005 3:20 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] Junkmail Syntax It will do nothing other than log an entry to your log. Darrell Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. Kyle Fisher writes: In the Junkmail file you have DELETE, HOLD, WARN, IGNORE. What does IGNORE actually do? Kyle --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] casino spam
Has anyone noticed in the past week an increase in casino, or party poker, etc.. spam? Kyle
RE: [Declude.JunkMail] casino spam
Whats funny is I did sign up for an account a couple of weeks ago and I still havent won. I did it for the free set of poker chips. Thats what I figured. Its strange everything will be going fine for a few weeks then for some reason we get a small flood of something. Like casino. What I hate is that these messages getting through fail sniffer but thats it no other tests. Kyle From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Barker Sent: Friday, February 25, 2005 4:51 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] casino spam Kyle, When willyou stop signing up for those gambling sites, you know you can't win? :) No reported increase on our side. David B www.declude.com - Original Message - From: Kyle Fisher To: Declude.JunkMail@declude.com Sent: Friday, February 25, 2005 5:40 PM Subject: [Declude.JunkMail] casino spam Has anyone noticed in the past week an increase in casino, or party poker, etc.. spam? Kyle
RE: [Declude.JunkMail] casino spam
So its not just me getting it. I thought maybe it was pay back for not betting enough when I play. Gamestrek is the biggest one I am seeing. Thanks for the info didnt know about British Columbia. Scott is the MAILFROM-IP.txt filter ok to use since you did all the work? If it is do I just add the statements you posted Kyle From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Scott Fisher Sent: Friday, February 25, 2005 8:43 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] casino spam gambling, strip clubs, isBC the Nevada of Canada? - Original Message - From: Matt To: Declude.JunkMail@declude.com Sent: Friday, February 25, 2005 8:35 PM Subject: Re: [Declude.JunkMail] casino spam If you do a lookup on ARIN, you will find that this netblock is delegated by BChosting, which is a subdivision of AssertiveNetworks. All of their IP space is treated as suspect by our system. You might also note their address...Vancouver, British Columbia... http://ws.arin.net/cgi-bin/whois.pl?queryinput=66.154.96.0 There is a smattering of legitimate traffic from AssertiveNetworks, but most of what you will see is in fact spam. Matt Scott Fisher wrote: I added this to my ipfile today: 66.154.124.0/2966.154.124.0/29gamingpen.comadded 02-25-05 gamingpen, playerjuice and gamestrek all .com. Also in kind of a spammy neighborhood with several SBL entries near: 66.154.111.0/2466.154.111.0/24agooba.comadded 02-17-05SBL13709 66.154.112.0/2466.154.112.0/24erfooble.comadded 02-05-05SBL20378 66.154.113.0/2466.154.113.0/24gamblingadded 02-05-05SBL20539 - Original Message - From: Kyle Fisher To: Declude.JunkMail@declude.com Sent: Friday, February 25, 2005 4:40 PM Subject: [Declude.JunkMail] casino spam Has anyone noticed in the past week an increase in casino, or party poker, etc.. spam? Kyle -- =MailPure custom filters for Declude JunkMail Pro.http://www.mailpure.com/software/=
[Declude.JunkMail] More Tests
Declude Support, I need a little help. I have many of these emails that just fail one test like CMDSPACE. I have a 8 weight to CMDSPACE and you will see that the first header weighted at 8 and the second at 3 and they failed the same tests. My biggest problem is I cant find a way for these headers to fail more tests than just the CMDSPACE. Can you look at these and help me find out if I can enable another test for these to fail. I am sending you my files to see if I need more tests enabled. Kyle Received: from 191.46.98-84.rev.gaoland.net [84.98.46.191] by esc5.net (SMTPD32-8.15) id AE2917D60116; Mon, 14 Feb 2005 18:11:21 -0600 Received: from atrophy.timormail.com ([216.106.111.117]) by bluegill.bayarea.net (Sun Java System Messaging Server 6.1 HotFix 0.02 (built Aug 28 2004)) with ESMTP id [EMAIL PROTECTED] for [EMAIL PROTECTED] (ORCPT [EMAIL PROTECTED]); Tue, 15 Feb 2005 03:09:56 +0300 (IST) Received: from Marcos (IGLD-164-190.timormail.com [209.50.235.72] by wary.timormail.com (MOS 3.5.7-GR) with ESMTP id LPG04353 (AUTH qgpq-86) ; Mon, 14 Feb 2005 17:14:56 -0700 (IST) Date: Tue, 15 Feb 2005 01:11:56 +0100 From: Marcos [EMAIL PROTECTED] Subject: Millions of horny swingers looking for sex To: Marcos Abraham [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] X-RBL-Warning: CMDSPACE: Space found in RCPT TO: command. X-Declude-Sender: [EMAIL PROTECTED] [84.98.46.191] X-Note: Scanned by Declude JunkMail (www.declude.com) for spam. X-Spam-Tests-Failed: CMDSPACE [8] X-Note: This E-mail was sent from 191.46.98-84.rev.gaoland.net ([84.98.46.191]). X-RCPT-TO: [EMAIL PROTECTED] Status: U X-UIDL: 307998261 Received: from 191.46.98-84.rev.gaoland.net [84.98.46.191] by esc5.net (SMTPD32-8.15) id ADD117CD0116; Mon, 14 Feb 2005 18:09:53 -0600 Received: from chattel.wanet.net ([209.185.162.155]) by brahmaputra.womerica.com (InterMail vK.4.04.00.03 766-453-007-20036337 license 6hx828jp5813b5km6s1dcv3298s8gjk8) with SMTP id [EMAIL PROTECTED] for [EMAIL PROTECTED]; Mon, 14 Feb 2005 22:04:28 -0200 Received: from www.wanet.net (216.57.216.3) by chattel.wanet.net (RS ver 1.0.92vs) with SMTP id 3-26c877302853 for [EMAIL PROTECTED]; Tue, 15 Feb 2005 05:11:28 +0500 (EDT) Date: Tue, 15 Feb 2005 06:08:28 +0600 From: Alyssa Gunter [EMAIL PROTECTED] Subject: Get laid today! To: [EMAIL PROTECTED] References: [EMAIL PROTECTED] In-Reply-To: [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7Bit X-RBL-Warning: CMDSPACE: Space found in RCPT TO: command. X-Declude-Sender: [EMAIL PROTECTED] [84.98.46.191] X-Note: Scanned by Declude JunkMail (www.declude.com) for spam. X-Spam-Tests-Failed: CMDSPACE [3] X-Note: This E-mail was sent from 191.46.98-84.rev.gaoland.net ([84.98.46.191]). X-RCPT-TO: [EMAIL PROTECTED] Status: U Global.CFG Description: Binary data $default$.junkmail Description: Binary data
[Declude.JunkMail] Custom Filters
Can you have spaces in you custom filter files? EX. BODY 5 CONTAINS Application is Pre Approved BODY 5 CONTAINS Take advantage now BODY 5 CONTAINS You don't want to miss this Also does any one have a set of filters they would be willing to share with more tests other than words? I am down to about 5 spams per user/day but I am trying to get it a little lower. Kyle
RE: [Declude.JunkMail] 2003 Server DNS Declude
I just applied the hot fix and we will see if it works. I wont know until about 8:30am CST when the email load really hits. Just to let you all know that I setup 3 different DNS servers with 2003 and they all had the same memory leak. I setup one NT4.0 and it worked fine. So in my case any 2003 DNS server had the memory leak. I only have about 60,000 messages a day and it should have handled it fine, but due to Microsofts great programming it didnt. I am learning Linux and BIND and will soon be switching, but I want to know it like the back of my hand before I go into production. If the hot fix works this will most likely be the reason why a good bit of spam was still getting through. I will keep you all updated. Kyle From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Goran Jovanovic Sent: Friday, November 19, 2004 12:19 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] 2003 Server DNS Declude Hi, Phone MS Tech Adv (WinNT) 800-936-4900 Tell them the KB article number and tell them to e-mail you the link. You will not be charged. One of two things will happen. Most probably you will spend a bunch of time answering questions and then they will e-mail you the link. Sometime the dispatch people do not have access to the hotfix and they will put you through to tech support. In both cases you will get an SRX number etc. Now if you are a bit persistent and you say that you want to talk to the tech before you apply the hotfix you can usually be put through to a tech support person and they will discuss the patch with you and what it may or may not do. You can review your symptoms with them and query them if this is really going to fix it or not. The techs are quite willing to talk to you once you get to them. You cannot branch out and try to cover some other topic. Good Luck Goran Jovanovic The LAN Shoppe From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kyle Fisher Sent: Thursday, November 18, 2004 11:38 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] 2003 Server DNS Declude Ok thanks. I will try and find one of the millions of phone numbers to contact them and get the fix. Kyle From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darrell ([EMAIL PROTECTED]) Sent: Thursday, November 18, 2004 10:23 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] 2003 Server DNS Declude You will be able to get this hotfix for free. They do not charge for issues like this. Darrell --- Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, MRTG Integration, and Log Parsers. - Original Message - From: Kyle Fisher To: [EMAIL PROTECTED] ; [EMAIL PROTECTED] Sent: Thursday, November 18, 2004 11:19 PM Subject: [Declude.JunkMail] 2003 Server DNS Declude I am having a problem with 2003 Std. DNS and Decludes queries. It is not Declude but actually MS DNS. I finally found two articles from Microsoft saying it is a memory leak do to excessive queries and to contact them for the hot fix, but there is nowhere to download it without contacting MS. I was wondering if anyone else has had this problem and maybe you already have the hot fix. There is actually two. If I do have to contact MS do you have to pay for the hot fix even though it is their problem? I probably will be switching to BIND but I have to learn it first and I need a quick fix. Right now I have a batch file restarting the DNS Service every hour. Server Responsiveness Degrades and Queries Time Out When You Run the DNS Server Service http://support.microsoft.com/?kbid=830381 DNS Intermittently Stops Resolving Some Host Names http://support.microsoft.com/?kbid=830905 Thanks Kyle image001.gif
RE: [Declude.JunkMail] 2003 Server DNS Declude
Ok thanks. I will try and find one of the millions of phone numbers to contact them and get the fix. Kyle From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darrell ([EMAIL PROTECTED]) Sent: Thursday, November 18, 2004 10:23 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] 2003 Server DNS Declude You will be able to get this hotfix for free. They do not charge for issues like this. Darrell --- Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, MRTG Integration, and Log Parsers. - Original Message - From: Kyle Fisher To: [EMAIL PROTECTED] ; [EMAIL PROTECTED] Sent: Thursday, November 18, 2004 11:19 PM Subject: [Declude.JunkMail] 2003 Server DNS Declude I am having a problem with 2003 Std. DNS and Decludes queries. It is not Declude but actually MS DNS. I finally found two articles from Microsoft saying it is a memory leak do to excessive queries and to contact them for the hot fix, but there is nowhere to download it without contacting MS. I was wondering if anyone else has had this problem and maybe you already have the hot fix. There is actually two. If I do have to contact MS do you have to pay for the hot fix even though it is their problem? I probably will be switching to BIND but I have to learn it first and I need a quick fix. Right now I have a batch file restarting the DNS Service every hour. Server Responsiveness Degrades and Queries Time Out When You Run the DNS Server Service http://support.microsoft.com/?kbid=830381 DNS Intermittently Stops Resolving Some Host Names http://support.microsoft.com/?kbid=830905 Thanks Kyle
[Declude.JunkMail] 2003 Server DNS Declude
I am having a problem with 2003 Std. DNS and Decludes queries. It is not Declude but actually MS DNS. I finally found two articles from Microsoft saying it is a memory leak do to excessive queries and to contact them for the hot fix, but there is nowhere to download it without contacting MS. I was wondering if anyone else has had this problem and maybe you already have the hot fix. There is actually two. If I do have to contact MS do you have to pay for the hot fix even though it is their problem? I probably will be switching to BIND but I have to learn it first and I need a quick fix. Right now I have a batch file restarting the DNS Service every hour. Server Responsiveness Degrades and Queries Time Out When You Run the DNS Server Service http://support.microsoft.com/?kbid=830381 DNS Intermittently Stops Resolving Some Host Names http://support.microsoft.com/?kbid=830905 Thanks Kyle
[Declude.JunkMail] No Host or MX records
Scott, I was looking through the Dec.log and one of the messages says 04/06/2004 22:31:23 Q76090ad600e6a9cc Msg failed HELOBOGUS (Domain hounexs.dataprojections.com has no MX or A records.). Action=""> But when I did a lookup it has a Host Record and a MX record, but it is for dataprojections.com does it need to have records for hounexs.dataprojections.com to pass. Kyle Fisher
[Declude.JunkMail] Blocking virus bounce messages
I am sure you have talked about this before, but is there any way in junkmail to block virus notifications from other servers. My users are getting tons of undeliverable messages that they never sent due to outside users infected with viruses. Any help would be appreciated Kyle
[Declude.JunkMail] How to Block overseas domains
Does any one know how to block overseas domains? Like UK, DE, NL etc Thanks Kyle