RE: [Declude.JunkMail] Fprot 6

[Michael Thomas - Mathbox]

Serge,

Frisk licensing for mail server use is not the same as consumer or general
business use. Pricing for mail server use is prohibitive.

Michael Thomas
Mathbox
978-683-6718
1-877-MATHBOX (Toll Free)  

 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On 
 Behalf Of Serge
 Sent: Sunday, January 27, 2008 3:31 PM
 To: declude.junkmail@declude.com
 Subject: [Declude.JunkMail] Fprot 6
 
 I curently use only the built in virus scanner
 But I'm just curious, anyone tested Fpscan from fprot6 ? and 
 what command line options needs to be used ?
  
 TIA
  
 Serge
  
 
 ---
 This E-mail came from the Declude.JunkMail mailing list. To
 unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
 type unsubscribe Declude.JunkMail. The archives can be found
 at http://www.mail-archive.com. 
 



---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

RE: SPAM-WARN:Re: [Declude.JunkMail] OT: SPF record question

[Michael Thomas - Mathbox]

Gary,

I thought I tried to get this across. Most servers check SPF at the
connection, not via the received headers. Further excepting very special
circumstances like having proxies or gateways, anyone checking SPF via
received headers should only be checking the first received header, which
means only from your server to the destination server.

Again, excepting very special circumstances like having proxies or gateways,
checking SPF any deeper than the first received header would be applying SPF
rules incorrectly.

Michael Thomas
Mathbox
978-683-6718
1-877-MATHBOX (Toll Free)
  

 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On 
 Behalf Of Gary Steiner
 Sent: Saturday, February 17, 2007 11:23 PM
 To: declude.junkmail@declude.com
 Subject: SPAM-WARN:Re: [Declude.JunkMail] OT: SPF record question
 
 My question still isn't coming across.  In setting up SPF, I 
 don't want any outgoing messages from my server to be bounced 
 by others because of a bad SPF string.  I can whitelist SMTP 
 auth on my server, but that does't help the SPF problem 
 because potentially when one of my users sends a message to 
 someone, say on hotmail.com, it could get bounced because of bad SPF.
 
 For example, say my SPF string for my domain is v=spf1 mx 
 mx:smtp.mydomain.com -all.  This allows any email sent via 
 my SmarterMail webmail to pass SPF.  Now, if one of my users 
 connects to the server with Outlook  and SMTP Auth, and uses 
 this to send an email, then the IP address that shows up in 
 the last hop is the one he used to connect to my sever, not 
 the IP address of my server.  So the email message he sends 
 would fail SPF.  For it to pass, I would have to change my 
 SPF string to v=spf1 mx mx:smtp.mydomain.com ip4:67.189.34.6 
 -all, and additionally add a ip4: entry for every instance 
 that a user might connect to my server with Outlook .
 
 So does this mean that SPF is impractical for anyone not 
 strictly using webmail?  To me it implies that to cover all 
 bases you would have to have in your SPF string ?all and 
 there would be no way to make it stricter than that, other 
 than to force all your users to use webmail and not Outlook.
 
 Gary
 
 
 
  Original Message 
  From: Darin Cox [EMAIL PROTECTED]
  Sent: Friday, February 16, 2007 4:33 PM
  To: declude.junkmail@declude.com
  Subject: Re: SPAM-WARN:Re: [Declude.JunkMail] OT: SPF 
 record question
  
  Whitelisting SMTP Auth is the key here.  Since you connect 
 with a userID/PW
  to your mail server, Whitelisting connections done through SMTP AUTH
  bypasses Declude filtering.
  
  Darin.
  
  
  - Original Message - 
  From: Gary Steiner [EMAIL PROTECTED]
  To: declude.junkmail@declude.com
  Sent: Friday, February 16, 2007 4:10 PM
  Subject: RE: SPAM-WARN:Re: [Declude.JunkMail] OT: SPF 
 record question
  
  
  Let me give you my case.  For this example I used my home 
 Comcast connection
  to send an email using Outlook and authentication.  My 
 server uses Declude
  and SmarterMail.  The header of the received message shows 
 one IP address in
  a single Received line:
  
  Received: from c-67-189-34-6.hsd1.or.comcast.net [67.189.34.6] by
  mail.plusultraweb.com with SMTP;
 Fri, 16 Feb 2007 15:43:21 -0500
  
  Michael's message via Declude's mailing list had three 
 Received lines:
  
  Received: from smtp.declude.com [63.246.31.248] by 
 mail.plusultraweb.com
  with SMTP;
 Fri, 16 Feb 2007 15:46:48 -0500
  Received: from mail.mathbox.com [63.150.236.14] by 
 smtp.declude.com with
  SMTP;
 Fri, 16 Feb 2007 15:31:18 -0500
  Received: from mikesplace [63.150.236.3] by 
 mail.mathbox.com with ESMTP
(SMTPD-8.22) id A48F027C; Fri, 16 Feb 2007 15:31:11 -0500
  
  In both messages Declude made checks versus the last hop 
 only (67.189.34.6
  in my test message and 63.246.31.248 in the message from 
 Declude's mailing
  list.
  
  Since my Comcast IP address is not listed in my SPF string, 
 it failed
  Declude's SPF test.
  
  So what is the problem here?  Is this a flaw in how 
 SmarterMail lists its
  hops?  Should it be showing the Comcast IP address as the 
 final hop, or
  should it be showing my mail server?
  
  Since it is showing the Comcast address, SPF fails.  The 
 only way to get
  around this is to end the SPF string with ?all, but if 
 I'm going to do
  that, I might as well not use SPF at all.
  
  Gary
  
  
   Original Message 
   From: Michael Thomas - Mathbox [EMAIL PROTECTED]
   Sent: Friday, February 16, 2007 3:47 PM
   To: declude.junkmail@declude.com
   Subject: RE: SPAM-WARN:Re: [Declude.JunkMail] OT: SPF 
 record question
  
   Gary,
  
   Your logic is incorrect. SPF is a check made by the 
 destination mail
  server
   (possibly my mail server) against the sending mail server 
 (your mail
   server). Your users authenticate to your mail server, 
 then submit a
  message
   to your mail server for delivery by your mail server to 
 the remote

RE: SPAM-WARN:Re: [Declude.JunkMail] OT: SPF record question

[Michael Thomas - Mathbox]

Darin,

I am not sure why, but Gary seems to think SPF checks are run against ALL of
the received headers.

I am guessing that he has an SPF test action at the end of his Global.cfg,
so that it is testing outgoing? 

Michael Thomas
Mathbox
978-683-6718
1-877-MATHBOX (Toll Free)
  

 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On 
 Behalf Of Darin Cox
 Sent: Saturday, February 17, 2007 11:37 PM
 To: declude.junkmail@declude.com
 Subject: SPAM-WARN:Re: [Declude.JunkMail] OT: SPF record question
 
 Yes, it does.  Message come in from your mail client and is 
 whitelisted by
 SMTP AUTH.  Now your server sends it to the destination.  
 Receiving server
 sees the message coming from your server, and that your 
 server is a valid
 sender for the domain in question according to your SPF policy.
 
 The last hop seen by the destination is your server, not your 
 mail client.
 Your server satisfies your SPF policy, therefore the 
 receiving server checks
 and records an SPF PASS.
 
 Forget about the client, as long as they send through your 
 server, and you
 don't filter them out... either because they AUTH and you 
 whitelist on AUTH,
 or any other way you avoid filtering your connecting users.  
 Its all about
 your server sending to the destination server.
 
 This has been working for us for the past year and a half or so.
 
 Darin.
 
 
 - Original Message - 
 From: Gary Steiner [EMAIL PROTECTED]
 To: declude.junkmail@declude.com
 Sent: Saturday, February 17, 2007 11:22 PM
 Subject: Re: [Declude.JunkMail] OT: SPF record question
 
 
 My question still isn't coming across.  In setting up SPF, I 
 don't want any
 outgoing messages from my server to be bounced by others 
 because of a bad
 SPF string.  I can whitelist SMTP auth on my server, but that 
 does't help
 the SPF problem because potentially when one of my users 
 sends a message to
 someone, say on hotmail.com, it could get bounced because of bad SPF.
 
 For example, say my SPF string for my domain is v=spf1 mx
 mx:smtp.mydomain.com -all.  This allows any email sent via 
 my SmarterMail
 webmail to pass SPF.  Now, if one of my users connects to the 
 server with
 Outlook  and SMTP Auth, and uses this to send an email, then 
 the IP address
 that shows up in the last hop is the one he used to connect 
 to my sever, not
 the IP address of my server.  So the email message he sends 
 would fail SPF.
 For it to pass, I would have to change my SPF string to v=spf1 mx
 mx:smtp.mydomain.com ip4:67.189.34.6 -all, and additionally 
 add a ip4:
 entry for every instance that a user might connect to my 
 server with Outlook
 .
 
 So does this mean that SPF is impractical for anyone not 
 strictly using
 webmail?  To me it implies that to cover all bases you would 
 have to have in
 your SPF string ?all and there would be no way to make it 
 stricter than
 that, other than to force all your users to use webmail and 
 not Outlook.
 
 Gary
 
 
 
  Original Message 
  From: Darin Cox [EMAIL PROTECTED]
  Sent: Friday, February 16, 2007 4:33 PM
  To: declude.junkmail@declude.com
  Subject: Re: SPAM-WARN:Re: [Declude.JunkMail] OT: SPF 
 record question
 
  Whitelisting SMTP Auth is the key here.  Since you connect with a
 userID/PW
  to your mail server, Whitelisting connections done through SMTP AUTH
  bypasses Declude filtering.
 
  Darin.
 
 
  - Original Message - 
  From: Gary Steiner [EMAIL PROTECTED]
  To: declude.junkmail@declude.com
  Sent: Friday, February 16, 2007 4:10 PM
  Subject: RE: SPAM-WARN:Re: [Declude.JunkMail] OT: SPF 
 record question
 
 
  Let me give you my case.  For this example I used my home Comcast
 connection
  to send an email using Outlook and authentication.  My 
 server uses Declude
  and SmarterMail.  The header of the received message shows 
 one IP address
 in
  a single Received line:
 
  Received: from c-67-189-34-6.hsd1.or.comcast.net [67.189.34.6] by
  mail.plusultraweb.com with SMTP;
 Fri, 16 Feb 2007 15:43:21 -0500
 
  Michael's message via Declude's mailing list had three 
 Received lines:
 
  Received: from smtp.declude.com [63.246.31.248] by 
 mail.plusultraweb.com
  with SMTP;
 Fri, 16 Feb 2007 15:46:48 -0500
  Received: from mail.mathbox.com [63.150.236.14] by 
 smtp.declude.com with
  SMTP;
 Fri, 16 Feb 2007 15:31:18 -0500
  Received: from mikesplace [63.150.236.3] by 
 mail.mathbox.com with ESMTP
(SMTPD-8.22) id A48F027C; Fri, 16 Feb 2007 15:31:11 -0500
 
  In both messages Declude made checks versus the last hop 
 only (67.189.34.6
  in my test message and 63.246.31.248 in the message from 
 Declude's mailing
  list.
 
  Since my Comcast IP address is not listed in my SPF string, 
 it failed
  Declude's SPF test.
 
  So what is the problem here?  Is this a flaw in how 
 SmarterMail lists its
  hops?  Should it be showing the Comcast IP address as the 
 final hop, or
  should it be showing my mail server?
 
  Since it is showing the Comcast

RE: SPAM-WARN:Re: [Declude.JunkMail] OT: SPF record question

[Michael Thomas - Mathbox]

Gary,

Your logic is incorrect. SPF is a check made by the destination mail server
(possibly my mail server) against the sending mail server (your mail
server). Your users authenticate to your mail server, then submit a message
to your mail server for delivery by your mail server to the remote mail
server. So, the remote mail server (possibly my mail server) would check the
SPF to determine if your mail server was listed as a source for the domain
of the sending email address.

Michael Thomas
Mathbox
978-683-6718
1-877-MATHBOX (Toll Free)
  

 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On 
 Behalf Of Gary Steiner
 Sent: Friday, February 16, 2007 2:56 PM
 To: declude.junkmail@declude.com
 Subject: SPAM-WARN:Re: [Declude.JunkMail] OT: SPF record question
 
 I have a question to follow this subject.  If users have 
 Outlook and they are sending email fromm home or whereever 
 using authentication, then the IP that shows up in the header 
 will be their home connection.  That being the case, unless 
 your users are strictly using webmail, your SPF record should 
 show no enforcement otherwise all the non-webmail messages 
 will get blocked.  To me this indicates that SPF doesn't help 
 you if your users are not using webmail.  Is this correct?
 
 Gary
 
 
 
  Original Message 
  From: Darin Cox [EMAIL PROTECTED]
  Sent: Wednesday, February 07, 2007 4:33 PM
  To: declude.junkmail@declude.com
  Subject: Re: [Declude.JunkMail] OT: SPF record question
  
  If your MX and A records are also in the 216.15.92.0/25 
 network, then you
  don't need to specify the a and mx parameters, so you 
 could simplify to
  
  No enforcement, other hosts may send mail for the domain
  v=spf1 ip4:216.15.92.0/25 ?all
  
  Soft fail if policy violated.  Filters may or may not block 
 on soft fail.
  v=spf1 ip4:216.15.92.0/25 ~all
  
  
  Hard fail if policy violated.  Filters should block on hard fail.
  v=spf1 ip4:216.15.92.0/25 -all
  
  However, if you send from an MX or A record (web server) 
 that is not in the
  216.15.92.0/25 subnet then you may need those.
  
  If you use a soft or hard fail policy, it's very important 
 that you identify
  _all_ sources of outbound mail for the domain, including 
 all mail servers,
  marketing mail engines, webservers, external hosts, etc.  
 Otherwise you're
  liable to have mail blocked as a result of your policy.  
 I've see this
  happen with a number of larger organizations, where they 
 have forgotten web
  servers with form-to-mail functions, marketing personnel sending out
  newsletters, or mobile users using ISP SMTP servers.
  
  Regarding your last three records, do you have subdomains 
 with MX records
  for direct.commarts.com, mail.commarts.com, and 
 smtp.commarts.com?  I.e. do
  you receive mail to @direct.commarts.com, @mail.commarts.com, and
  @smtp.commarts.com addresses?  If not, you don't need those records.
  
  Hope this helps,
  
  Darin.
  
  
  - Original Message - 
  From: Michael Hoyt [EMAIL PROTECTED]
  To: Declude JunkMail @declude.com Declude.JunkMail@declude.com
  Sent: Wednesday, February 07, 2007 2:30 PM
  Subject: [Declude.JunkMail] OT: SPF record question
  
  
  Sorry for the re-posting but I forgot to add a Subject.
  
  I am finally getting my SPF records up but would like some 
 comments on
  whether I got it right.
  
  I would like to be able to send email from any IP address in my
  216.15.92.0/25 network.  Currently I have MX records for 
 mail.commarts.com
  (216.15.92.3) which is the only mail server that receives mail and
  direct.commarts.com (216.15.92.15) and smtp.commarts.com 
 (216.15.92.13).
  
  Using the Wizard at openspf.org I generated the following 
 SPF records:
  
  commarts.com. IN TXT v=spf1 ip4:216.15.92.0/25 a mx ~all
  direct.commarts.com. IN TXT v=spf1 a -all
  mail.commarts.com. IN TXT v=spf1 a -all
  smtp.commarts.com. IN TXT v=spf1 a -all
  
  After reading page 15 of the Whitepaper pertaining to the 
 ~all,-all or ?all
  part of the text in the first record my question is: If I 
 know that ALL
  email from my domain will originate from 216.15.92.0/25 
 should the text be
  -all and not ~all?
  
  And my last question is are the three txt records 
 mentioning my MX servers
  necessary if I have 216.15.92.0/25 in the first record?
  
  Thank you in advance for any insight.
  
  -- 
  Michael Hoyt
  
  
  Web Site: http://www.commarts.com
  
  
  
  
  
  ---
  This E-mail came from the Declude.JunkMail mailing list.  To
  unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
  type unsubscribe Declude.JunkMail.  The archives can be found
  at http://www.mail-archive.com.
  
  
  
  
  ---
  This E-mail came from the Declude.JunkMail mailing list.  To
  unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
  type unsubscribe Declude.JunkMail.  The archives can be found
  at http://www.mail-archive.com. 
 
 
 
 
 
 ---
 This E-mail came from

RE: SPAM-WARN:Re: [Declude.JunkMail] OT: SPF record question

[Michael Thomas - Mathbox]

Gary,

I guess, I should have asked this earlier, but you mentioned authenticated
users, which is the other side of the coin. Are you testing SPF for outgoing
mail? If so, why? Is it possible to send email from your mail server without
authenticating? If none of that was pertinent, continue on


==
At your mail server, in those three received headers from my message, the
only valid SPF check is on the following header:

Received: from smtp.declude.com [63.246.31.248] by mail.plusultraweb.com
with SMTP;
   Fri, 16 Feb 2007 15:46:48 -0500

Note that at this point, the email is from declude.junkmail@declude.com and
the sending server is smtp.declude.com.

The above header was added by your mail server. The SPF check on your mail
server should be Does the declude.com SPF indicate that mail from
declude.com (in this case declude.junkmail@declude.com) can be sent by
smtp.declude.com.

As regards SPF, checking any deeper in the received lines makes no sense and
is an invalid test. Why? Because at this point, the email is from
declude.junkmail@declude.com and I doubt very much if the declude.com SPF
record has mail.mathbox.com as a valid SMTP source for mail from
declude.com.

==
The previous header entry (time and motion wise) was the received header for
the transmission of the message from my mail server to the declude mail
server:

Received: from mail.mathbox.com [63.150.236.14] by smtp.declude.com with
SMTP;
   Fri, 16 Feb 2007 15:31:18 -0500

The declude mail server should have performed a SPF check for mail from
[EMAIL PROTECTED] being sent from mail.mathbox.com.
===

If for example, you had an SMTP proxy or a gateway in front of your mail
server, then all of the above logic starts to break down. For those
situations, you could use IPBYPASS and I suppose HOP.

You chose a very good example. List mail is a perfectly good example of why
you cannot run SPF against the entire chain of received headers.

Michael Thomas
Mathbox
978-683-6718
1-877-MATHBOX (Toll Free)
  

 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On 
 Behalf Of Gary Steiner
 Sent: Friday, February 16, 2007 4:10 PM
 To: declude.junkmail@declude.com
 Subject: RE: SPAM-WARN:Re: [Declude.JunkMail] OT: SPF record question
 
 Let me give you my case.  For this example I used my home 
 Comcast connection to send an email using Outlook and 
 authentication.  My server uses Declude and SmarterMail.  The 
 header of the received message shows one IP address in a 
 single Received line:
 
 Received: from c-67-189-34-6.hsd1.or.comcast.net 
 [67.189.34.6] by mail.plusultraweb.com with SMTP;
Fri, 16 Feb 2007 15:43:21 -0500
 
 Michael's message via Declude's mailing list had three Received lines:
 
 Received: from smtp.declude.com [63.246.31.248] by 
 mail.plusultraweb.com with SMTP;
Fri, 16 Feb 2007 15:46:48 -0500
 Received: from mail.mathbox.com [63.150.236.14] by 
 smtp.declude.com with SMTP;
Fri, 16 Feb 2007 15:31:18 -0500
 Received: from mikesplace [63.150.236.3] by mail.mathbox.com 
 with ESMTP
   (SMTPD-8.22) id A48F027C; Fri, 16 Feb 2007 15:31:11 -0500
 
 In both messages Declude made checks versus the last hop only 
 (67.189.34.6 in my test message and 63.246.31.248 in the 
 message from Declude's mailing list.
 
 Since my Comcast IP address is not listed in my SPF string, 
 it failed Declude's SPF test.
 
 So what is the problem here?  Is this a flaw in how 
 SmarterMail lists its hops?  Should it be showing the Comcast 
 IP address as the final hop, or should it be showing my mail server?
 
 Since it is showing the Comcast address, SPF fails.  The only 
 way to get around this is to end the SPF string with ?all, 
 but if I'm going to do that, I might as well not use SPF at all.
 
 Gary
 
 
  Original Message 
  From: Michael Thomas - Mathbox [EMAIL PROTECTED]
  Sent: Friday, February 16, 2007 3:47 PM
  To: declude.junkmail@declude.com
  Subject: RE: SPAM-WARN:Re: [Declude.JunkMail] OT: SPF 
 record question
  
  Gary,
  
  Your logic is incorrect. SPF is a check made by the 
 destination mail server
  (possibly my mail server) against the sending mail server (your mail
  server). Your users authenticate to your mail server, then 
 submit a message
  to your mail server for delivery by your mail server to the 
 remote mail
  server. So, the remote mail server (possibly my mail 
 server) would check the
  SPF to determine if your mail server was listed as a source 
 for the domain
  of the sending email address.
  
  Michael Thomas
  Mathbox
  978-683-6718
  1-877-MATHBOX (Toll Free)

  
   -Original Message-
   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On 
   Behalf Of Gary Steiner
   Sent: Friday, February 16, 2007 2:56 PM
   To: declude.junkmail@declude.com
   Subject: SPAM-WARN:Re: [Declude.JunkMail] OT: SPF record question
   
   I have a question to follow this subject.  If users have

RE: SPAM-WARN:Re: [Declude.JunkMail] Per User Filtering

[Michael Thomas - Mathbox]

Just create an empty user.junkmail file. As there are no actions, the user
will get all of the messages.

Michael Thomas
Mathbox
978-683-6718
1-877-MATHBOX (Toll Free)
  

 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On 
 Behalf Of Dean Lawrence
 Sent: Friday, December 15, 2006 2:21 PM
 To: declude.junkmail@declude.com
 Subject: SPAM-WARN:Re: [Declude.JunkMail] Per User Filtering
 
 Kim,
 
 You could just set the action to IGNORE. You cannot fully turn of
 scanning, but by setting the IGNORE action, all mail will pass through
 the system.
 
 Dean
 
 On 12/15/06, Kim Premuda [EMAIL PROTECTED] wrote:
  Can someone tell me what to put in the per user 
 'user.junkmail' file that would cause all messages to 
 effectively be whitelisted for that user (user does not want 
 anything tested by JunkMail)? Currently, all tests are set to 
 'WARN', but that's not producing the desired results.
 
  Thanks!
 
  Kim W. Premuda
 
 
  --
  Kim W. Premuda
  FastWave Internet Services
  San Diego, CA
 
  --
 
 
  ---
  This E-mail came from the Declude.JunkMail mailing list.  To
  unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
  type unsubscribe Declude.JunkMail.  The archives can be found
  at http://www.mail-archive.com.
 
 
 
 
 -- 
 __
 Dean Lawrence, CIO/Partner
 Internet Data Technology
 888.GET.IDT1 ext. 701 * fax: 888.438.4381
 http://www.idatatech.com/
 Corporate Internet Development and Marketing Specialists
 
 
 ---
 This E-mail came from the Declude.JunkMail mailing list.  To
 unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
 type unsubscribe Declude.JunkMail.  The archives can be found
 at http://www.mail-archive.com.
 
 
 




---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

RE: SPAM-WARN:RE: [Declude.JunkMail] DYNHELO

[Michael Thomas - Mathbox]

Jay,

Thanks for the reply. I thought it was checking against blacklists. I had
assumed (for years) that it was an RBL test. I was going nuts trying to find
a list the IP was on. It is fixed now. I had a typographical error on an
in-addr.arpa entry. Even weirder, I had noticed and fixed the issue before I
sent my original post. The caching only name server on the mail server had
not picked up the change and I did not connect the two issues. Bummer.

Michael Thomas
Mathbox
978-683-6718
1-877-MATHBOX (Toll Free)
  

 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On 
 Behalf Of Jay Sudowski - Handy Networks LLC
 Sent: Thursday, December 07, 2006 4:56 AM
 To: declude.junkmail@declude.com
 Subject: SPAM-WARN:RE: [Declude.JunkMail] DYNHELO
 
 DYNHELO   dynhelo  x   x   5   0
 
 This test type, attempts to detect dynamic IPs in HELO/EHLO hostnames.
 This test should be quite effective, since mailservers on IPs 
 that have
 dynamic-like reverse DNS entries will *not* normally send an HELO/EHLO
 that look dynamic.  
 
 DYNHELO is not an RBL test.  
 
 -Jay
 
 
 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
 Michael Thomas - Mathbox
 Sent: Thursday, December 07, 2006 3:06 AM
 To: declude.junkmail@declude.com
 Subject: [Declude.JunkMail] DYNHELO
 
 
 Hi All,
 
 Does anyone know what list(s) DYNHELO uses? The mail archive 
 has nothing
 useful. DYNHELO does not appear in the documentation for 
 3.1.3 or any of
 the
 others that I checked. I just noticed that on 12/1/06, at least one of
 my
 web server IP addresses, 63.150.236.34, started returning positive for
 DYNHELO. I checked that IP address at DNSstuff against 272 
 lists and all
 passed. I checked at Spamhaus, SORBS, NJABL, and MAPS (Checked by
 DNSstuff,
 but I looked anyway.). Still no listing. It is not a DNS 
 problem. I run
 a
 caching only DNS on my mail server and it is working just fine.
 
 Michael Thomas
 Mathbox
 978-683-6718
 1-877-MATHBOX (Toll Free)
  
 
 
 
 
 ---
 This E-mail came from the Declude.JunkMail mailing list.  To
 unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
 type unsubscribe Declude.JunkMail.  The archives can be found
 at http://www.mail-archive.com.
 
 
 
 
 ---
 This E-mail came from the Declude.JunkMail mailing list.  To
 unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
 type unsubscribe Declude.JunkMail.  The archives can be found
 at http://www.mail-archive.com.
 
 
 




---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

[Declude.JunkMail] DYNHELO

[Michael Thomas - Mathbox]

Hi All,

Does anyone know what list(s) DYNHELO uses? The mail archive has nothing
useful. DYNHELO does not appear in the documentation for 3.1.3 or any of the
others that I checked. I just noticed that on 12/1/06, at least one of my
web server IP addresses, 63.150.236.34, started returning positive for
DYNHELO. I checked that IP address at DNSstuff against 272 lists and all
passed. I checked at Spamhaus, SORBS, NJABL, and MAPS (Checked by DNSstuff,
but I looked anyway.). Still no listing. It is not a DNS problem. I run a
caching only DNS on my mail server and it is working just fine.

Michael Thomas
Mathbox
978-683-6718
1-877-MATHBOX (Toll Free)
 




---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

RE: SPAM-WARN:Re: [Declude.JunkMail] RE: On RFC Violation - Declude allows attachments and Virus to pass through untouched and unscanned

[Michael Thomas - Mathbox]

Matt,

Justa minor point, it doesn't affect your 
logic.

Now according to Michael's tests, the 
CR-only pattern leads to parsing issues in Declude Virus where it can't even 
find the attachment to scan it.
Actually, it was the "No Cr" (I.E. LF only) test that passed 
completely undetected.

By the 
way, I agree with you. As I pointed out in my original message, there are 
several web sites that send legitimate response messages (an Airline comes to 
mind readily) that fail the test. They are not entirely broken, but some lines 
are missing the Cr. I think it depends on what section of code they happen to be 
running through. It is a typical issue of Linux/Unix '\n' programming 
habit.

Michael ThomasMathbox978-683-67181-877-MATHBOX (Toll 
Free) 


---This E-mail came from the Declude.JunkMail mailing list.  Tounsubscribe, just send an E-mail to [EMAIL PROTECTED], andtype "unsubscribe Declude.JunkMail".  The archives can be foundat http://www.mail-archive.com.

[Declude.JunkMail] Different issue - Process flow question

[Michael Thomas - Mathbox]

Hi All,

1. Is it not true that when properly installed and running, that Declude
handles EVERY message that passes through the mail server?

2. There is only one GLOBAL.CFG.

3. Every message processed should attempt to run every external test.
(That's why many external tests accept the current weight as a parameter
so it can bail out early if the current weight meets or exceeds the external
test's set bail out weight) But regardless of whether the external test
decides to bail early, it should still get invoked. Isn't that correct?

Michael Thomas
Mathbox
978-683-6718
1-877-MATHBOX (Toll Free)
 





---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

RE: SPAM-WARN: Re: [Declude.JunkMail] RE: On RFC Violation - Declude allows attachments and Virus to pass through untouched and unscanned

[Michael Thomas - Mathbox]

Hi All,

I said in my original email that Declude had been notified of LF only issue.
I just looked back through my email and found the report. It was Declude
case [06D-0BBF1866-F5A3] on Thu, 30 Mar 2006 22:29:58 -0500.

Michael Thomas
Mathbox
978-683-6718
1-877-MATHBOX (Toll Free)





---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

RE: SPAM-WARN: RE: [Declude.JunkMail] On RFC Violation - Declude allows attachments and Virus to pass through untouched and unscanned

[Michael Thomas - Mathbox]

John,

Looked normal in Outlook Express and in WebMail Both had an extractable
executable.

Michael Thomas
Mathbox
978-683-6718
1-877-MATHBOX (Toll Free)
  

 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On 
 Behalf Of John T (Lists)
 Sent: Friday, October 20, 2006 2:22 AM
 To: declude.junkmail@declude.com
 Subject: SPAM-WARN: RE: [Declude.JunkMail] On RFC Violation - 
 Declude allows attachments and Virus to pass through 
 untouched and unscanned
 
  But Declude let RfcNoCr.eml pass straight through without 
 calling the
 virus
  scanners, because Declude did NOT see an attachment. Also, 
 because Declude
  did not see an attachment, Declude did not ban the .EXE extension.
 
 OK, question. What happened then when that message got to 
 your email client?
 
 John T
 eServices For You
 
 Seek, and ye shall find!
 
 
 
 
 
 ---
 This E-mail came from the Declude.JunkMail mailing list.  To
 unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
 type unsubscribe Declude.JunkMail.  The archives can be found
 at http://www.mail-archive.com.
 
 
 





---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] On RFC Violation - Declude allows attachments and Virus to pass through untouched and unscanned

[Michael Thomas - Mathbox]

John,

The link was just before my signature in the original message.

Michael Thomas
Mathbox
978-683-6718
1-877-MATHBOX (Toll Free)
  





---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

RE: SPAM-WARN: Re: [Possible Spam][Declude.JunkMail] On RFC Violation - Declude allows attachments and Virus to pass through untouched and unscanned

[Michael Thomas - Mathbox]

David,

In my opinion, which others may not share, Declude should detect all
RFC/MIME violations and flag them in some manner. There exist quite a few
that are common to spam messages, but not flagged by Declude. However, that
is a totally different subject than the point of my test. The RFC violation
was simply a symptom. Some admins might not choose to delete or block
messages with that construction. There exist well-known web sites that
generate response email messages where one or two lines out 50-100 are
missing one of the Cr/Lf pair characters.

The point is that for many (maybe most) people on this list, Declude is the
lock and keys for securing email passing through their mail servers. Declude
trusts that the email message will be well-formed. Because of that
mis-placed trust, Declude did not reliably detect any attachment, regardless
of type, and therefore did not invoke the scanners. Note that this test was
performed on Declude version 3.1.1. Maybe, the new gateway product is not
quite so trusting. I have no idea. We are an ISP and would not pay the fees
associated with ISP use of the gateway product.

In any event, this is a well-known issue and has been for some time. I
reported this issue to Declude and the list some time ago regarding spam not
being scanned because of this issue. At that time, I was so focused on the
spam problem, I did not think about the attachment/virus side of the issue,
which should have been obvious to me.

Michael Thomas
Mathbox
978-683-6718
1-877-MATHBOX (Toll Free)
  

 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On 
 Behalf Of David Sullivan
 Sent: Friday, October 20, 2006 3:51 PM
 To: declude.junkmail@declude.com
 Subject: SPAM-WARN: Re: [Possible Spam][Declude.JunkMail] On 
 RFC Violation - Declude allows attachments and Virus to pass 
 through untouched and unscanned
 
 Hello Michael,
 
 Thanks for the great research.
 
 Wouldn't this be the purpose of
 Vulnerability detection in Declude? Declude detects mal-formed
 messages that can allow viruses to be hidden from email server virus
 scanners.
 
 We treat all vulnerabilities as viruses, send the notice and 86 the
 message.
 
 -David
 
 
 
 Thursday, October 19, 2006, 10:52:25 PM, you wrote:
 
 MTM Hi All,
 
 MTM Well, when responding on declude.junkmail@declude.com to 
 Will about RFC
 MTM violations, I said I would test this and I did.
 MTM 
 MTM While writing this message, I happened to think about 
 attachments. It would
 MTM appear to me, that there is an implied possibility for 
 attachments and
 MTM therefore viruses to pass through undetected. All that 
 should be required is
 MTM that the lines that make up the entire email, including 
 the attachment
 MTM section, be terminated with line feeds instead of 
 carriage return/line feed
 MTM pairs. Under such condition, Declude would see only one 
 line and not find
 MTM the relevant sections. I will test this possibility.
 MTM 
 
 MTM Tested: Declude v3.1.1 for IMail
 
 MTM As it happens,  my suspicions were accurate. I wrote a 
 script that could be
 MTM modified to remove either the carriage-returns or the 
 line-feeds from a
 MTM message file. I then created a message in Outlook 
 Express, added an
 MTM executable file (uptime.exe) as an attachment and saved 
 it in my Draft
 MTM folder. I then dragged that message to the same location 
 as the script and
 MTM renamed it to match the file name in the script 
 (Rfc.eml) I ran the script,
 MTM which stripped the carriage-returns and produced 
 Rfc2.eml. I renamed
 MTM Rfc2.eml to RfcNoCr.eml. In the script, I then changed 
 vbCr to vbLf and ran
 MTM it again, which stripped the line-feeds and produced 
 Rfc2.eml. I renamed
 MTM Rfc2.eml to RfcNoLf.eml.
 
 MTM Now, to get IIS SMTP to actually process the file, you 
 must edit each file
 MTM and remove the single Cr or Lf and press the Enter Key, 
 producing a CrLf
 MTM pair after the To field and the From field. I also added 
 the string No Cr
 MTM to the end of the subject of RfcNoCr.eml and added No Lf 
 to the subject of
 MTM RfcNoLf.eml. So for example change:
 MTM 
 MTM From: Michael Thomas - Mathbox [EMAIL PROTECTED][Cr]To:
 MTM [EMAIL PROTECTED][Cr]Subject: Test Attachment 
 Pass-Through on RFC
 MTM Violation[Cr]line continues
 MTM 
 MTM Change To
 MTM 
 MTM From: Michael Thomas - Mathbox [EMAIL PROTECTED]
 MTM To: [EMAIL PROTECTED]
 MTM Subject: Test Attachment Pass-Through on RFC Violation 
 No Cr[Cr]line
 continues
 MTM 
 
 MTM Now it so happens, a long time ago, I wrote a couple of 
 tests to detect
 MTM these RFC violations, so first I had to disable them in 
 my GLOBAL.CFG, which
 MTM I did by commenting them out. Note that I also BAN the 
 .EXE extension and I
 MTM left that enabled.
 
 MTM Now copy and paste the two files into the pickup 
 directory of your favorite
 MTM IIS SMTP pickup

RE: [Declude.JunkMail] Suge of spam in recient week.

[Michael Thomas - Mathbox]

Will,

Use Notepad to check the tail end of the file. The Declude 
headers may be at the end of the file. If the Declude headers are at the end of 
the file, note whether or not:

1. The Received: lines appear 
normal
2. There may or may not be some X-Header lines immediately 
after the Received: lines that appear normal
3. The From, To, Subject and body of the message all appear 
to be onone or two lines in Notepad.
4. Followed by Declude headers

If the above is true, then:

1.The 
message is in violation of RFC in that it is missing either carriage returns or 
line feeds. The RFC calls for lines to be terminated by a carriage return/line 
feed pair.

2. This is a known issue with Declude handling these 
types of messages. Based on observation, it appears that Declude processes 
messages in line-mode rather than byte-mode. Rather interesting that Declude 
trusts spammers and virus writers toconstruct messages according to 
RFC.

-

Let me know what you 
find.

While writing this message, I happened to think about 
attachments. It would appear to me, that there is an implied possibility for 
attachments and therefore viruses to pass through undetected. All that should 
berequired is that the lines that make up the entire email, including the 
attachment section, be terminated with line feeds instead of carriage 
return/line feed pairs. Under such condition, Declude would see only one line 
and not find the relevant sections. I will test this 
possibility.

Michael ThomasMathbox978-683-67181-877-MATHBOX (Toll 
Free) 


  
  
  From: [EMAIL PROTECTED] 
  [mailto:[EMAIL PROTECTED] On Behalf Of WillSent: 
  Thursday, October 19, 2006 4:52 PMTo: 
  declude.junkmail@declude.comSubject: [Declude.JunkMail] Suge of 
  spam in recient week.
  
  
  
  I 
  have been getting a lot of spam reciently. The subjects are typical and 
  the From always displays as a common first name.
  
  For 
  each of these messages, I see no declude content. The ip and the address 
  are not excluded or whitelisted and if it were an xheader should say it 
  was. For some reason there is no declude processing here. Any 
  ideas? The following is the header for one of these 
  messages:
  
  Received: from cyrix 
  [82.201.160.214] by mail.ncats.net with ESMTP
   (SMTPD-9.10) 
  id A0881C80; Wed, 18 Oct 
  2006 21:10:32 
  -0400
  Message-ID: 
  [EMAIL PROTECTED]
  From: "Robert" 
  [EMAIL PROTECTED]
  To: 
  [EMAIL PROTECTED]
  Subject: Cheapest way 
  to solve health problems.
  Date: Thu, 
  19 Oct 
  2006 03:10:34 
  +0100
  MIME-Version: 
  1.0
  Content-Type: 
  multipart/alternative;
   
  boundary="ms030809000704050003000706"
  X-Priority: 
  3
  X-MSMail-Priority: 
  Normal
  X-Mailer: Microsoft 
  Outlook Express 6.00.2900.2180
  X-MimeOLE: Produced 
  By Microsoft MimeOLE V6.00.2900.2180
  
  
  
  
  I 
  would normally see a header like this:
  
  Received: from 
  203.111.235.51 [203.111.235.51] by mail.ncats.net
   (SMTPD-9.10) 
  id AD4E1464; Wed, 18 Oct 
  2006 20:56:46 
  -0400
  Received: from 
  mx3.mail.yahoo.com
   
  by 203.111.235.51 (8.12.11/8.12.11) with ESMTP id 
  Yz77Trqj3H8fGj
   
  for [EMAIL PROTECTED]; Wed, 18 
  Oct 2006 21:53:53 
  -0400
  Received: from 
  [251.130.5.67]
   
  by mx3.mail.yahoo.com with ESMTP (Exim 4.05) id NyG7OgPl6HWI
   
  for [EMAIL PROTECTED]; Wed, 18 
  Oct 2006 21:53:53 
  -0400
  Date: 
  Wed, 18 Oct 
  2006 21:53:53 
  -0400
  From: Bridgett Kim 
  [EMAIL PROTECTED]
  Reply-To: Bridgett 
  Kim [EMAIL PROTECTED]
  Message-ID: 
  [EMAIL PROTECTED]
  To: 
  [EMAIL PROTECTED]
  Subject: SEXUALLY 
  EXPLICIT : Hidden upskirt camera shots
  MIME-Version: 
  1.0
  Content-Type: 
  text/plain; charset="iso-8859-1"
  Content-Transfer-Encoding: 
  7bit
  X-RBL-Warning: CBL: 
  "Blocked - see 
  http://cbl.abuseat.org/lookup.cgi?ip=203.111.235.51"
  X-RBL-Warning: 
  SORBS-WEB: "Exploitable Server See: 
  http://www.sorbs.net/lookup.shtml?203.111.235.51"
  X-RBL-Warning: 
  BADWHOIS: "Inaccurate or missing WHOIS data"
  X-RBL-Warning: 
  NOABUSE: "Not supporting [EMAIL PROTECTED]"
  X-RBL-Warning: 
  NOPOSTMASTER: "Not supporting [EMAIL PROTECTED]"
  X-RBL-Warning: 
  CMDSPACE: Space found in RCPT TO: command.
  X-RBL-Warning: 
  DYNHELO: Dynamic HELO found.
  X-RBL-Warning: 
  HELOBOGUS: Domain 203.111.235.51 has no MX or A records 
  [0301].
  X-RBL-Warning: 
  REVDNS: This E-mail was sent from a MUA/MTA 203.111.235.51 with no reverse DNS 
  entry.
  X-RBL-Warning: 
  ROUTING: This E-mail was routed in a poor manner consistent with spam 
  [210f].
  X-RBL-Warning: 
  WEIGHT10: Weight of 52 reaches or exceeds the limit of 10.
  X-RBL-Warning: 
  WEIGHT14: Weight of 52 reaches or exceeds the limit of 14.
  X-RBL-Warning: 
  WEIGHT20: Weight of 52 reaches or exceeds the limit of 20.
  X-Declude-Sender: 
  [EMAIL PROTECTED] [203.111.235.51]
  X-Declude-Spoolname: 
  Dcd4d0321c10b.smd
  X-Declude-RefID: 
  
  X-Declude-Note: 
  Scanned by 

[Declude.JunkMail] Phone number spam

[Michael Thomas - Mathbox]

Hi All,

Of those of you that examine spam messages, are you bothered by phone number
spam?

If you have eliminated it, how did you do that? Were you able to eliminate
it with Declude?

I am getting a little tired of the spammer whose number ends in 3 x 9 x 0 x
0, if you know what I mean...

Michael Thomas
Mathbox
978-683-6718
1-877-MATHBOX (Toll Free) 




---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

[Declude.JunkMail] Phone Number spammers

[Michael Thomas - Mathbox]

Hi All,

Maybe my last post did not make it through some filters. Anyone interested
in discussing spam containing phone numbers with ever changing character
patterns?

Michael Thomas
Mathbox
978-683-6718
1-877-MATHBOX (Toll Free)
 




---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] Why is Declude Not Scanning This?

[Michael Thomas - Mathbox]

Hi,

I reported this issue to Declude as follows: 

Declude v3.10 [30A-0C30A9AC-1BB6] 6/26/2006
Declude V3.11 [040-0C6669E9-2D9E] 8/7/2006

XINHEADERS not appearing in every email message for which scanning is
enabled.

Michael Thomas
Mathbox
978-683-6718
1-877-MATHBOX (Toll Free)
  

 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On 
 Behalf Of David Dodell
 Sent: Sunday, September 03, 2006 1:11 PM
 To: Declude.JunkMail@declude.com
 Subject: [Declude.JunkMail] Why is Declude Not Scanning This?
 
 I see this occasionally ... a spam message will come in, but  
 according to the headers, it isn't even touch or scanned by Declude  
 since none of my normal declude headers are there; the address  
 [EMAIL PROTECTED] is NOT whitelisted, and even so, would show the  
 declude headers still.
 
 Any ideas?
 
 
 David
 
 
 
 From:   [EMAIL PROTECTED]
   Subject:Best love [EMAIL PROTECTED] at best store!
   Date:   September 3, 2006 5:20:39 AM MST
   To:   [EMAIL PROTECTED]
   Received:   from friend [70.109.234.122] by 
 stat.com with ESMTP  
 (SMTPD-9.03) id AA770B24; Sun, 03 Sep 2006 10:01:43 -0700
   Message-Id: [EMAIL PROTECTED]
   Mime-Version:   1.0
   Content-Type:   multipart/related; 
 type=multipart/alternative;  
 boundary=ms030208050508080001090405
   X-Priority: 3
   X-Msmail-Priority:  Normal
   X-Mailer:   Microsoft Outlook Express 6.00.2900.2180
   X-Mimeole:  Produced By Microsoft MimeOLE V6.00.2900.2180
 
 
 ---
 This E-mail came from the Declude.JunkMail mailing list.  To
 unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
 type unsubscribe Declude.JunkMail.  The archives can be found
 at http://www.mail-archive.com.
 
 
 




---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

[Declude.JunkMail] Version 3.1.1 Fails to add headers on COPYTO action

[Michael Thomas - Mathbox]

Hi all,

I noticed in version 3.1.0 that Declude often failed to insert XINHEADER
(Global.cfg) and WARN ($default$.junkmail) headers in messages sent to a
mailbox using the COPYTO action. This was reported to Declude in issue
[30A-0C30A9AC-1BB6]. This issue was reportedly fixed in version 3.1.1, but I
have noted in Declude issue [040-0C6669E9-2D9E], that the problem still
exists.

Michael Thomas
Mathbox
978-683-6718
1-877-MATHBOX (Toll Free)
 




---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] Number of times per test

[Michael Thomas - Mathbox]

If you do not have StopAtFirstHit enabled, then each hit adds the specified
points to the total. So, set the MinWeightToFail to 10 and apply 2 point for
each hit like:

#SKIPIFWEIGHT 10
MINWEIGHTTOFAIL 10
#MAXWEIGHT 15
#STOPATFIRSTHIT

BODY 2 CONTAINS replikas

Michael Thomas
Mathbox
978-683-6718
1-877-MATHBOX (Toll Free)
  

 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On 
 Behalf Of IS - Systems Eng. (Karl Drugge)
 Sent: Friday, July 14, 2006 1:52 PM
 To: declude.junkmail@declude.com
 Subject: [Declude.JunkMail] Number of times per test
 
 I looked through the manual, but didn't see this defined...
 
 I want a test that applies 10 points if a certain string 
 appears in the
 body of a message a number of times... 
 
 So if, for example, 'replikas' appears 5 times, and I want to 
 apply ten
 points only if that string is there 5 times or more, what part of the
 test definition string do I modify ? Which variable determines that ?
 Or, could I assign it 2 points each time it appears ? And 
 which variable
 is that ?
 
 Numberoftimes filter  C:\Declude\sampletest.txt   x   10
 0
 
 
 Karl Drugge
  
 
 
 
 ---
 This E-mail came from the Declude.JunkMail mailing list.  To
 unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
 type unsubscribe Declude.JunkMail.  The archives can be found
 at http://www.mail-archive.com.
 
 
 




---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] Declude Config File (as shipped)

[Michael Thomas - Mathbox]

Hi,

A few months back, I submitted a ticket against ENCODEDURL and IPURL in
Declude 3.0.x. They did not work. At that time I was told these were
non-functional stubs.


Michael Thomas
Mathbox
978-683-6718
1-877-MATHBOX (Toll Free)
  

 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On 
 Behalf Of Andy Schmidt
 Sent: Friday, July 14, 2006 1:25 PM
 To: declude.junkmail@declude.com
 Subject: [Declude.JunkMail] Declude Config File (as shipped)
 
 Hi,
 
 A few questions/comments on the Global.cfg of V4:
 
 These config options don't seem to be documented (e.g., in 
 the manual). I
 can make some assumptions regarding some - but SPAMID?
 
 SPAMIDOFF
 ENCODEDURLencodedurl  x   x   1   0
 IPURL ipurl   x   x   2   0
 
 
 The default configuration uses the following 3 blacklists.
 
 IMP-SPAM  ip4rspamrbl.imp.ch  
 This one is used, but not documented in
 http://www.declude.com/Articles.asp?ID=97
 
 INTERSIL  ip4rblackholes.intersil.net 
 This one is used, but the site has a note: Undocumented but 
 confirmed!.
 So may be not a good choice if no one knows what it does?
 
 JAMDNSBL
 This one is used, but the site has the WARNING: Lists IP 
 ranges for some
 entire countries.
 Any blacklist that whitelists entirecountries MAY be useful 
 for some of your
 customers - but it should NOT be active for ALL your 
 customers by default!
 
 Best Regards
 Andy Schmidt
 
 Phone:  +1 201 934-3414 x20 (Business)
 Fax:+1 201 934-9206 
 
 
 
 ---
 This E-mail came from the Declude.JunkMail mailing list.  To
 unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
 type unsubscribe Declude.JunkMail.  The archives can be found
 at http://www.mail-archive.com.
 
 
 




---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

RE: SPAM-WARN: RE: [Declude.JunkMail] Has a 3. version been released with the same fixes as 4.2 build 20

[Michael Thomas - Mathbox]

Also, doesn't 3.1 have a problem with writing headers under 
specific conditions (possibly identified in 4.2 as headers sometimes not written 
with copyfile)? See Declude ticket [30A-0C30A9AC-1BB6].

Michael ThomasMathbox978-683-67181-877-MATHBOX (Toll 
Free) 


  
  
  From: [EMAIL PROTECTED] 
  [mailto:[EMAIL PROTECTED] On Behalf Of Mark ReimerSent: 
  Tuesday, July 11, 2006 4:20 PMTo: 
  declude.junkmail@declude.comSubject: SPAM-WARN: RE: 
  [Declude.JunkMail] Has a 3. version been released with the same fixes as 4.2 
  build 20
  
  
  So 3.10 does not have 
  a buffer overflow in BANEXT for EVA?
  
  
  Mark 
  Reimer
  IT Project 
  Manager
  American 
  CareSource
  214-596-2464
  
  
  
  
  
  From: 
  [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David BarkerSent: Tuesday, July 11, 2006 3:07 
  PMTo: 
  declude.junkmail@declude.comSubject: RE: [Declude.JunkMail] Has a 3. 
  version been released with the same fixes as 4.2 build 
  20
  
  No version 3 is still 
  3.10 are you experiencing any of the same problems exhibited by 4 
  ?
  David 
  B
  www.declude.com
  
  
  
  
  From: 
  [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mark ReimerSent: Tuesday, July 11, 2006 4:01 
  PMTo: 
  declude.junkmail@declude.comSubject: [Declude.JunkMail] Has a 3. 
  version been released with the same fixes as 4.2 build 
  20
  David,
  Has a 3. version been released 
  with the same fixes as in 4.2 build 20?
  
  
  Mark 
  Reimer
  IT Project Manager
  American CareSource
  214-596-2464
  
  ---This E-mail came from the Declude.JunkMail 
  mailing list. Tounsubscribe, just send an E-mail to [EMAIL PROTECTED], 
  andtype "unsubscribe Declude.JunkMail". The archives can be foundat 
  http://www.mail-archive.com. 
  ---This E-mail came from the 
  Declude.JunkMail mailing list. Tounsubscribe, just send an E-mail to 
  [EMAIL PROTECTED], andtype "unsubscribe Declude.JunkMail". The archives 
  can be foundat http://www.mail-archive.com. ---This E-mail came 
  from the Declude.JunkMail mailing list. Tounsubscribe, just send an E-mail 
  to [EMAIL PROTECTED], andtype "unsubscribe Declude.JunkMail". The 
  archives can be foundat http://www.mail-archive.com. 


---This E-mail came from the Declude.JunkMail mailing list.  Tounsubscribe, just send an E-mail to [EMAIL PROTECTED], andtype "unsubscribe Declude.JunkMail".  The archives can be foundat http://www.mail-archive.com.

RE: SPAM-WARN: [Declude.JunkMail] FW: [SPAM]I must apologize for this unsolicited nature of my email. I am Mr. Lewis Musasike, General Manager (Treasury) of Development Bank of Southern Africa. This i

[Michael Thomas - Mathbox]

Hi,
You should be able to use subjectchars to nail those birds. Examples from the 
default global.cfg:
SUBCHARS-50 subjectchars 50 x 1 0SUBCHARS-55 subjectchars 55 x 1 
0SUBCHARS-60 subjectchars 60 x 1 0
Michael ThomasMathbox978-683-67181-877-MATHBOX (Toll 
Free) 


  
  
  From: [EMAIL PROTECTED] 
  [mailto:[EMAIL PROTECTED] On Behalf Of Marc CatuognoSent: 
  Thursday, June 22, 2006 9:38 PMTo: 
  declude.junkmail@declude.comSubject: SPAM-WARN: [Declude.JunkMail] 
  FW: [SPAM]I must apologize for this unsolicited nature of my email. I am Mr. 
  Lewis Musasike, General Manager (Treasury) of Development Bank of Southern 
  Africa. This is an urgent and very confidential business proposition. On 
  
  
  
  Is this from broken 
  spamware? The whole pitch is in the subject What a pain to 
  filter.
  
  
  
  
  
  From: LEWIS 
  MUSASIKE [mailto:[EMAIL PROTECTED] Sent: Thursday, June 22, 2006 3:03 
  PMTo: 
  [EMAIL PROTECTED]Subject: [SPAM]I must apologize for this 
  unsolicited nature of my email. I am Mr. Lewis Musasike, General Manager 
  (Treasury) of Development Bank of Southern 
  Africa. This is an urgent and very confidential business 
  proposition. On June 6, 2001,a Foreign Oil 
  consult
  
  
  


  
I have a new email 
address!
  
  You can now email me at: [EMAIL PROTECTED]- 
  LEWIS 
  MUSASIKE---This 
  E-mail came from the Declude.JunkMail mailing list. Tounsubscribe, just 
  send an E-mail to [EMAIL PROTECTED], andtype "unsubscribe 
  Declude.JunkMail". The archives can be foundat 
  http://www.mail-archive.com. 

---This E-mail came from the Declude.JunkMail mailing list.  Tounsubscribe, just send an E-mail to [EMAIL PROTECTED], andtype "unsubscribe Declude.JunkMail".  The archives can be foundat http://www.mail-archive.com.

[Declude.JunkMail] Heads Up - Plain Text Base64 Not Decoded

[Michael Thomas - Mathbox]

Plain text messages (No MIME parts) with the body text encoded as BASE64 are
not decoded, before the FILTERS are run against it. So, the FILTERS are run
against the BASE64 encoding, not against the text that the BASE64 encoding
represents. Declude FILTERS are totally ineffective against plain text
messages with BASE64 encoding.

Because of this, a PayPal phishing message just slipped through.

Michael Thomas
Mathbox
978-683-6718
1-877-MATHBOX (Toll Free)
 


---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

RE: Re[2]: [Declude.JunkMail] Spam

[Michael Thomas - Mathbox]

John,

  Do not know why they would want to rewrite the message. 
 They should add a
  test name for the condition and say it failed the test.
 
 I believe it fails a Declude Virus Vulnerability test.

What test is that and in what version? That wouldn't be 4.x would it?

Although, that would seem a little weird as it is spam issue not a virus
issue.

Michael Thomas
Mathbox
978-683-6718
1-877-MATHBOX (Toll Free)


---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] Spam

[Michael Thomas - Mathbox]

Dave,

You might want to look at the NOCRTEST. See:

http://www.mail-archive.com/declude.junkmail@declude.com/msg28884.html

The problem is that the messages have no carriage returns. I am guessing
here and that guess is based on a lot of circumstantial evidence that
Declude was written in Visual Basic and uses standard line handling, which
likes normal CrLf pairs. If you examine those messages in Notepad, you see
that the only lines with CRs are the lines prepended by the mail server or
appended by Declude. So basically, Declude sees one line and does not see
anything to parse. It cannot even see the headers. However, if NoCr detects
a message of that type and you give the NoCr test enough points to delete
the message, Declude will delete the message. Those messages are definitely
outside of the RFC, which specifies CRLF pairs at least in the headers, but
I believe everywhere. I haven't seen one of those messages in a long long
time.

Michael Thomas
Mathbox
978-683-6718
1-877-MATHBOX (Toll Free)
  

 -Original Message-
 From: [EMAIL PROTECTED] 
 [mailto:[EMAIL PROTECTED] On Behalf Of Dave Doherty
 Sent: Friday, May 19, 2006 9:47 PM
 To: Declude.JunkMail@declude.com
 Subject: Re: [Declude.JunkMail] Spam
 
 I've been seeing a lot more of that headers-at-the-bottom 
 stuff lately where 
 the message gets scanned but no action occurs. A lot of it 
 doesn't have 
 broken GIFs, just text.
 
 -d
 
 
 
 ---
 This E-mail came from the Declude.JunkMail mailing list.  To
 unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
 type unsubscribe Declude.JunkMail.  The archives can be found
 at http://www.mail-archive.com.
 
 


---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

RE: Re[2]: [Declude.JunkMail] Spam

[Michael Thomas - Mathbox]

Sandy,

Shrug. Never felt the desire to run dependency walker on it. I said it was a
guess. I said it was circumstantial. Maybe in the end, I was hoping it was
some silly language limitation that they didn't know how to get around
rather than think it was a bug or even a bad assumption on the part of the
company, whose tool scans my email. Don't know which would be worse.

I do not know if anyone else has, but I did report the issue to Declude. I
thought their response was interesting:

Snip
-
The fact that this email contains only linefeeds and no carriage returns
shows that it is a seriously broken email. The Subject: line was added by
Declude because the action called for SPAM-WARN to be added, and Declude
could not locate the actual subject line. Declude is not alone in having
serious problems with these emails. IMail itself put headers at the end of
the message because it could not figure out where the real headers ended. At
some point we will have to rewrite incoming messages to make sure that lone
linefeeds do not exist; however, that will incur a lot of overhead. It would
have made much more sense for IMail to have done this as the message was
arriving, prior to writing it to disk in the first place.
-
Snip

Do not know why they would want to rewrite the message. They should add a
test name for the condition and say it failed the test.

Michael Thomas
Mathbox
978-683-6718
1-877-MATHBOX (Toll Free)
  

 -Original Message-
 From: [EMAIL PROTECTED] 
 [mailto:[EMAIL PROTECTED] On Behalf Of 
 Sanford Whiteman
 Sent: Friday, May 19, 2006 11:57 PM
 To: Michael Thomas - Mathbox
 Subject: Re[2]: [Declude.JunkMail] Spam
 
  ...a  lot  of  circumstantial  evidence  that Declude was written in
  Visual  Basic...
 
 Er, what evidence was that?
 
 Declude.exe  was  *not*  written  in  VB, as a quick Dependency Walker
 check would tell you. It's clearly always been a Win32 C/C++ app.
 
 As  far  as  the  CRLF  issue  goes,  it's clearly buggy code, but has
 nothing to do with language choice.
 
 --Sandy
 
 
 
 Sanford Whiteman, Chief Technologist
 Broadleaf Systems, a division of
 Cypress Integrated Systems, Inc.
 e-mail: [EMAIL PROTECTED]
 
 SpamAssassin plugs into Declude!
   
 http://www.imprimia.com/products/software/freeutils/SPAMC32/do
 wnload/release/
 
 Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes 
 into IMail Aliases!
   
 http://www.imprimia.com/products/software/freeutils/exchange2a
 liases/download/release/
   
 http://www.imprimia.com/products/software/freeutils/ldap2alias
 es/download/release/
 
 ---
 This E-mail came from the Declude.JunkMail mailing list.  To
 unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
 type unsubscribe Declude.JunkMail.  The archives can be found
 at http://www.mail-archive.com.
 
 


---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

RE: [Declude.JunkMail] OT: Recommendations? Updgrading Equipment.

[Michael Thomas - Mathbox]

Why is your service offline while you edit text files? Edit your text files.
Select the zone in the DNS GUI and click Reload...

Mike

 -Original Message-
 From: [EMAIL PROTECTED] 
 [mailto:[EMAIL PROTECTED] On Behalf Of 
 William Stillwell
 Sent: Wednesday, May 03, 2006 11:22 AM
 To: Declude.JunkMail@declude.com
 Subject: Re: [Declude.JunkMail] OT: Recommendations? 
 Updgrading Equipment.
 
 Becuase, I have to RD into the box, and manage 50 domains by 
 editing the 
 text files becuase ms dns doesn't allow wildcards., and if i 
 need to edit an 
 ip for all the domains, i have to stop the server, edit the 
 zone files, the 
 start the service.
 
 ms dns works fine if you have no issues editing the zone 
 files one by one 
 while your service is offline.
 
 
 
 
 - Original Message - 
 From: Darin Cox [EMAIL PROTECTED]
 To: Declude.JunkMail@declude.com
 Sent: Wednesday, May 03, 2006 8:46 AM
 Subject: Re: [Declude.JunkMail] OT: Recommendations? 
 Updgrading Equipment.
 
 
  Can you clarify why you think MS DNS sucks?  We've used it 
 for years and 
  it
  has worked perfectly.  We also built additional tools to 
 integrate it into
  our setup and management processes.  The only problem or lack of
  functionality we've experienced is the inability to 
 retrieve a list of
  subdomains programmatically without parsing the zone file.
 
  Darin.
 
 
  - Original Message - 
  From: William Stillwell [EMAIL PROTECTED]
  To: Declude.JunkMail@declude.com
  Sent: Wednesday, May 03, 2006 8:36 AM
  Subject: [Declude.JunkMail] OT: Recommendations? Updgrading 
 Equipment.
 
 
 
 
  Anybody have any recommendations on a server upgrade? (CPU/RAM/HDD)
  Suggestions?
 
  Running, Imail, Declude JunkMail, Anti-Virus, Mcafee 
 Scanner, Sniffer. As
  you can tell, we
  have a ton of Internal Mail..
 
  We are currently running a PIII 750 w/512Mb ram, and a 
 30gig Scsi Mirror.
  (Two Drives mirrored)..
 
  I also want to Dump M$ DNS, as it sucks.. Any Suggestions 
 on a easy to
  configure alternative, with
  possible web front end?
 
  Here are our STMP Daily Totals for the last couple days.
 
  SpamPhrase75
  LocalDeliver10519
  RemoteDeliver1020
 
  SpamPhrase61
  LocalDeliver9401
  RemoteDeliver745
 
  SpamPhrase44
  LocalDeliver5059
  RemoteDeliver73
 
  SpamPhrase38
  LocalDeliver5271
  RemoteDeliver39
 
  SpamPhrase61
  LocalDeliver8657
  RemoteDeliver604
 
  SpamPhrase57
  LocalDeliver10215
  RemoteDeliver865
 
  SpamPhrase77
  LocalDeliver10634
  RemoteDeliver807
 
  SpamPhrase62
  LocalDeliver10504
  RemoteDeliver892
 
 
 
  ---
  This E-mail came from the Declude.JunkMail mailing list.  To
  unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
  type unsubscribe Declude.JunkMail.  The archives can be found
  at http://www.mail-archive.com.
  
 
 ---
 This E-mail came from the Declude.JunkMail mailing list.  To
 unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
 type unsubscribe Declude.JunkMail.  The archives can be found
 at http://www.mail-archive.com.
 
 


---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] Emails not be scanned by Declude

[Michael Thomas - Mathbox]

Hi,

You might want to look at the entire typical file, in Notepad or Dump it
contents as hex values. I have noticed a similar percentage of spam that has
no carriage returns. Which means that the Declude headers get added to the
end of the file, rather than after the headers. If you also happen to run
invURIBL, you will note that the currently available version does not parse
the message, apparently because at most there is only one line in the
message. Don't know if this is your issue, but thought I would point it out
as a possiblity. If that is the case, it was fairly simple to write a test
for it.

Mike

.
- Original Message - 
From: David Lewis-Waller [EMAIL PROTECTED]
To: Declude.JunkMail@declude.com
Sent: Tuesday, April 25, 2006 2:11 AM
Subject: [Declude.JunkMail] Emails not be scanned by Declude


 We are noticing a large amount of email, approx 20-30%, are not being
 processed by Declude.

 Here is a typical header:

 Received: from friend [68.57.43.190] by mail.nthost.co.uk with ESMTP
   (SMTPD-8.20) id A5DA0830; Tue, 25 Apr 2006 06:38:34 +0100
 Message-ID: [EMAIL PROTECTED]
 From: Henry [EMAIL PROTECTED]
 To: [EMAIL PROTECTED]
 Subject: All love enhancers on one portal!
 Date: Tue, 25 Apr 2006 01:36:00 +0100
 MIME-Version: 1.0
 Content-Type: multipart/related;
 type=multipart/alternative;
 boundary=ms020304020609000206080301
 X-Priority: 3
 X-MSMail-Priority: Normal
 X-Mailer: Microsoft Outlook Express 6.00.2900.2180
 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180


 Does any one have any idea why Declude is not processing these.

 David

 ---
 This E-mail came from the Declude.JunkMail mailing list.  To
 unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
 type unsubscribe Declude.JunkMail.  The archives can be found
 at http://www.mail-archive.com.




---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] Emails not be scanned by Declude

[Michael Thomas - Mathbox]

For those who would like to try it, here is the URL to ZIP file containing
two tests, NoCrTest.exe and NoLFTest.exe. Per this thread, you may find the
NoCrTest useful. See the file NoCrTest.txt, which is included below. Enjoy.

http://www.mathbox.com/NoCrTest/NoCrTest.zip

Michael Thomas
Mathbox
978-683-6718
1-877-MATHBOX (Toll Free)


What NoCrTest Does
==

NoCrTest scans the file and counts CR/LF pairs and bare LF instances. If the
LF count exceeds the CRLF count, NoCrTest returns NoCrTestScore.
Otherwise, it returns 0 (zero).

NoCrTest is non-destructive. It writes no files and modifies nothing. It
only reads the specified file and returns a value.

At a minimum. IMail adds a Received: line with a CR/LF pair to the
beginning of the file. Other SMTP servers may have previously prepended
other Received: lines with a CR/LF pair as well.

Finally, if there is no Message-ID:, IMail will insert a Message-ID:.

The remainder of the file was generated by the mail tool, whether that tool
was Outlook, OE, a script, or a spammer tool.

NoCrTest scans the file for the following strings as a trigger that
indicates it has parsed beyond the SMTP added Recieved: lines:
Message-ID:
Subject:
Date:
From:
To:

On seeing one of the trigger strings, NoCrTest starts counting CR/LF pairs
and bare LF instances. NoCrTest reads to the end of the file or up to
500,000 bytes, whichever comes first. It then compares the CR/LF pair count
to the bare LF count. If the bare LF count is more than the CR/LF pair
count, NoCrTest returns the NoCrTestScore parameter. Otherwise, NoCrTest
returns 0 (zero).


What NoLfTest Does
==

NoLfTest scans the file and counts CR/LF pairs and bare CR instances. If the
CR count exceeds the CR/LF count, NoLfTest returns NoLfTestScore.
Otherwise, it returns 0 (zero).

NoLfTest is non-destructive. It writes no files and modifies nothing. It
only reads the specified file and returns a value.

At a minimum. IMail adds a Received: line with a CR/LF pair to the
beginning of the file. Other SMTP servers may have previously prepended
other Received: lines with a CR/LF pair as well.

Finally, if there is no Message-ID:, IMail will insert a Message-ID:.

The remainder of the file was generated by the mail tool, whether that tool
was Outlook, OE, a script, or a spammer tool.

NoLfTest scans the file for the following strings as a trigger that
indicates it has parsed beyond the SMTP added Recieved: lines:
Message-ID:
Subject:
Date:
From:
To:

On seeing one of the trigger strings, NoLfTest starts counting CR/LF pairs
and bare CR instances. NoLfTest reads to the end of the file or up to
500,000 bytes, whichever comes first. It then compares the CR/LF pair count
to the bare CR count. If the bare CR count is more than the CR/LF pair
count, NoLfTest returns the NoLfTestScore parameter. Otherwise, NoLfTest
returns 0 (zero).


ZIP FILE CONTENTS
==
NoCrTest.exe The NoCrTest executable.
NoLfTest.exe The NoLfTest executable.
ManualTest.cmd   An example command file for manual testing
NoCrTest.txt This explanatory file
FailNoCr.txt An example file that will fail NoCrTest
FailNoLf.txt An example file that will fail NoLfTest

USAGE
==
Unzip the contents of NoCrTest.zip to any directory where System has execute
permission. For example, the typical Declude installation is:

C:\IMail\Declude


Add the plugin to your Declude GLOBAL.CFG as:

NOCRTEST external weight PathToExecutable NoCrTestScore 5 0


Where PathToExecutable is the full path to invoke the executable. For
example, if you unzipped NoCrTest in the typical Declude directory, the full
path would be:

C:\IMail\Declude\NoCrTest.exe


Where NoCrTestScore is the numeric value (for example 50) returned when
NoCrTest detects more bare LF than CR/LF pairs.


Eaxmple of typical GLOBAL.CFG entry that returns 10 on detection:
NOCRTEST external weight C:\IMail\Declude\NoCrTest.exe 10 5 0

Eaxmple of GLOBAL.CFG entry
with NoCrTest in its own directory
that returns 20 on detection:
NOCRTEST external weight C:\NoCrTest\NoCrTest.exe 20 5 0


MANUAL TESTING
==
For testing, You can invoke NoCrTest manually or in a batch file:

NoCrTest 1 TestMessage.ext

or

C:\NoCrTest\NoCrTest.exe 99 C:\IMail\Spool\proc\review\D69c8020cb758.smd


LOGGING
==
NoCrTest performs no logging. It performs only one test which either passes
or fails. Use Declude logging to track its effectiveness.


SUPPORT
==
There is no support for NoCrTest. If it does not perform to your
expectations, delete it.


CAN I RENAME THE EXECUATABLE?
==
Sure. NoCrTest.exe does not care what its executable name is.


---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

[Declude.JunkMail] NoCrTest and NoLfTest

[Michael Thomas - Mathbox]

For those who would like to try it, here is the URL to ZIP file containing
two tests, NoCrTest.exe and NoLFTest.exe. Per this thread, you may find the
NoCrTest useful. See the file NoCrTest.txt, which is included below. Enjoy.

http://www.mathbox.com/NoCrTest/NoCrTest.zip

Michael Thomas
Mathbox
978-683-6718
1-877-MATHBOX (Toll Free)


What NoCrTest Does
==

NoCrTest scans the file and counts CR/LF pairs and bare LF instances. If the
LF count exceeds the CRLF count, NoCrTest returns NoCrTestScore.
Otherwise, it returns 0 (zero).

NoCrTest is non-destructive. It writes no files and modifies nothing. It
only reads the specified file and returns a value.

At a minimum. IMail adds a Received: line with a CR/LF pair to the
beginning of the file. Other SMTP servers may have previously prepended
other Received: lines with a CR/LF pair as well.

Finally, if there is no Message-ID:, IMail will insert a Message-ID:.

The remainder of the file was generated by the mail tool, whether that tool
was Outlook, OE, a script, or a spammer tool.

NoCrTest scans the file for the following strings as a trigger that
indicates it has parsed beyond the SMTP added Recieved: lines:
Message-ID:
Subject:
Date:
From:
To:

On seeing one of the trigger strings, NoCrTest starts counting CR/LF pairs
and bare LF instances. NoCrTest reads to the end of the file or up to
500,000 bytes, whichever comes first. It then compares the CR/LF pair count
to the bare LF count. If the bare LF count is more than the CR/LF pair
count, NoCrTest returns the NoCrTestScore parameter. Otherwise, NoCrTest
returns 0 (zero).


What NoLfTest Does
==

NoLfTest scans the file and counts CR/LF pairs and bare CR instances. If the
CR count exceeds the CR/LF count, NoLfTest returns NoLfTestScore.
Otherwise, it returns 0 (zero).

NoLfTest is non-destructive. It writes no files and modifies nothing. It
only reads the specified file and returns a value.

At a minimum. IMail adds a Received: line with a CR/LF pair to the
beginning of the file. Other SMTP servers may have previously prepended
other Received: lines with a CR/LF pair as well.

Finally, if there is no Message-ID:, IMail will insert a Message-ID:.

The remainder of the file was generated by the mail tool, whether that tool
was Outlook, OE, a script, or a spammer tool.

NoLfTest scans the file for the following strings as a trigger that
indicates it has parsed beyond the SMTP added Recieved: lines:
Message-ID:
Subject:
Date:
From:
To:

On seeing one of the trigger strings, NoLfTest starts counting CR/LF pairs
and bare CR instances. NoLfTest reads to the end of the file or up to
500,000 bytes, whichever comes first. It then compares the CR/LF pair count
to the bare CR count. If the bare CR count is more than the CR/LF pair
count, NoLfTest returns the NoLfTestScore parameter. Otherwise, NoLfTest
returns 0 (zero).


ZIP FILE CONTENTS
==
NoCrTest.exe The NoCrTest executable.
NoLfTest.exe The NoLfTest executable.
ManualTest.cmd   An example command file for manual testing
NoCrTest.txt This explanatory file
FailNoCr.txt An example file that will fail NoCrTest
FailNoLf.txt An example file that will fail NoLfTest

USAGE
==
Unzip the contents of NoCrTest.zip to any directory where System has execute
permission. For example, the typical Declude installation is:

C:\IMail\Declude


Add the plugin to your Declude GLOBAL.CFG as:

NOCRTEST external weight PathToExecutable NoCrTestScore 5 0


Where PathToExecutable is the full path to invoke the executable. For
example, if you unzipped NoCrTest in the typical Declude directory, the full
path would be:

C:\IMail\Declude\NoCrTest.exe


Where NoCrTestScore is the numeric value (for example 50) returned when
NoCrTest detects more bare LF than CR/LF pairs.


Eaxmple of typical GLOBAL.CFG entry that returns 10 on detection:
NOCRTEST external weight C:\IMail\Declude\NoCrTest.exe 10 5 0

Eaxmple of GLOBAL.CFG entry
with NoCrTest in its own directory
that returns 20 on detection:
NOCRTEST external weight C:\NoCrTest\NoCrTest.exe 20 5 0


MANUAL TESTING
==
For testing, You can invoke NoCrTest manually or in a batch file:

NoCrTest 1 TestMessage.ext

or

C:\NoCrTest\NoCrTest.exe 99 C:\IMail\Spool\proc\review\D69c8020cb758.smd


LOGGING
==
NoCrTest performs no logging. It performs only one test which either passes
or fails. Use Declude logging to track its effectiveness.


SUPPORT
==
There is no support for NoCrTest. If it does not perform to your
expectations, delete it.


CAN I RENAME THE EXECUATABLE?
==
Sure. NoCrTest.exe does not care what its executable name is.


---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

[Declude.JunkMail] Under specific conditions, action not as specified

[Michael Thomas - Mathbox]

Declude Version: 3.0.5.23

In JunkMail, a message scores more than enough points to be DELETED.

In VIRUS.CFG
AVAFTERJM ON
DELETEVULNERABILITIES   OFF

The result is that the message is moved to the /sppol/virus folder. It should 
have been deleted

Michael Thomas
Mathbox
978-683-6718
1-877-MATHBOX (Toll Free)

[Declude.JunkMail] Apologies

[Michael Thomas - Mathbox]

Hi All,

I inadvertently sent a plain text message encoded as base64 to list. I had
been comparing spammer generated plain text messages encoded as base64 to
the same generated by Outlook Express. I forgot to switch it back.

My Apologies,

Michael Thomas
Mathbox
978-683-6718
1-877-MATHBOX (Toll Free)


---
[This E-mail was scanned for viruses by Declude EVA www.declude.com]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] SmarterMail 3.x

[Michael Thomas - Mathbox]

Kevin,

Just a thought here. With the IMail single file storage environment, having an 
alias trigger a program was a convenient solution. However, the SmarterMail 
storage is one file per message. It should be fairly simple to set up a 
directory monitor that watches/checks for new files and processes whatever it 
finds.

Mike

- Original Message - 
From: Kevin Bilbee [EMAIL PROTECTED]
To: JunkMail Declude declude.junkmail@declude.com
Sent: Thursday, February 09, 2006 3:19 PM
Subject: [Declude.JunkMail] SmarterMail 3.x


 Does anyone know if SmarterMail has Program aliases. I have checked the docs
 and am going back and forth with SmarterTools sales, but not to be found.
 
 It is the only missing feature I would need to move away from Imail.
 
 
 
 So now here is my declude question.
 
 Could I use smartermail/declude, with an external test, to identify a
 message form a specific account then process and move the message/delete a
 message to where I would like. What would happen when declude gets control
 back and the message no longer exists?
 
 
 We currently use program aliases to process EDI orders from customers.
 
 
 Kevin Bilbee
 Network Administrator
 Standard Abrasives, Inc.
 [EMAIL PROTECTED]
 (805) 520-5800 x7332
 
 Changing the way industry works.
 
 ---
 [This E-mail was scanned for viruses by Declude EVA www.declude.com]
 
 ---
 This E-mail came from the Declude.JunkMail mailing list.  To
 unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
 type unsubscribe Declude.JunkMail.  The archives can be found
 at http://www.mail-archive.com.
 
 

Re: [Declude.JunkMail] [OT] SmarterMail 3.x

[Michael Thomas - Mathbox]

Kevin,

As I recall, yes. Also note that SmarterMail provides a COM object interface 
for pulling the message out of the file. I believe The COM object also provides 
for disposing of the message when you are done with it. If I am little vague, I 
apologize. I haven't looked at it in quite a while, even though I am licensed 
for the 2.x version.

Mike

- Original Message - 
From: Kevin Bilbee [EMAIL PROTECTED]
To: Declude.JunkMail@declude.com
Sent: Thursday, February 09, 2006 6:30 PM
Subject: [Declude.JunkMail] [OT] SmarterMail 3.x


 Are you saying the mailbox is a folder and it contains one message per file?
 
 
 Kevin
 
 
  -Original Message-
  From: [EMAIL PROTECTED]
  [mailto:[EMAIL PROTECTED] Behalf Of Michael Thomas -
  Mathbox
  Sent: Thursday, February 09, 2006 3:21 PM
  To: Declude.JunkMail@declude.com
  Subject: Re: [Declude.JunkMail] SmarterMail 3.x
 
 
  Kevin,
 
  Just a thought here. With the IMail single file storage
  environment, having an alias trigger a program was a convenient
  solution. However, the SmarterMail storage is one file per
  message. It should be fairly simple to set up a directory monitor
  that watches/checks for new files and processes whatever it finds.
 
  Mike
 
  - Original Message -
  From: Kevin Bilbee [EMAIL PROTECTED]
  To: JunkMail Declude declude.junkmail@declude.com
  Sent: Thursday, February 09, 2006 3:19 PM
  Subject: [Declude.JunkMail] SmarterMail 3.x
 
 
   Does anyone know if SmarterMail has Program aliases. I have
  checked the docs
   and am going back and forth with SmarterTools sales, but not to
  be found.
  
   It is the only missing feature I would need to move away from Imail.
  
  
  
   So now here is my declude question.
  
   Could I use smartermail/declude, with an external test, to identify a
   message form a specific account then process and move the
  message/delete a
   message to where I would like. What would happen when declude
  gets control
   back and the message no longer exists?
  
  
   We currently use program aliases to process EDI orders from customers.
  
  
   Kevin Bilbee
   Network Administrator
   Standard Abrasives, Inc.
   [EMAIL PROTECTED]
   (805) 520-5800 x7332
   
   Changing the way industry works.
  
   ---
   [This E-mail was scanned for viruses by Declude EVA www.declude.com]
  
   ---
   This E-mail came from the Declude.JunkMail mailing list.  To
   unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
   type unsubscribe Declude.JunkMail.  The archives can be found
   at http://www.mail-archive.com.
  
   N-±¢®±yuu¹¢Sjj®.rx---N²rz¶uT¶j®ryjÊz±mrx.jSqy?ÿÂ.?
 
 ---
 [This E-mail was scanned for viruses by Declude EVA www.declude.com]
 
 ---
 This E-mail came from the Declude.JunkMail mailing list.  To
 unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
 type unsubscribe Declude.JunkMail.  The archives can be found
 at http://www.mail-archive.com.
 
 N¬f¢—¬±Æ§ç_¢»â®ë±¼ƒyÉnuá
 0uç%¹×œ¢dáŠÁj)\jgŸ®‰­…àÞr[x›§Æ¢–f¢–)à–+-N‹§²æìr¸›z;¬¶Ç§u©Ä™¨¥¶ˆ¦j)l®÷^r[yÊjwmʗ®žË›±ÊâmàÞr[x›§Æ¢•8^j·!Š÷¬q©Ûyú.Ö­†Ûiÿü0Âf¢•ªÜ†+Þr‰

Re: [Declude.JunkMail] OT Snow

[Michael Thomas - Mathbox]

Yeah, and the earthquakes are not seasonal at all. :)

Mike

- Original Message - 
From: John T (Lists) [EMAIL PROTECTED]
To: Declude.JunkMail@declude.com
Sent: Saturday, December 03, 2005 2:51 PM
Subject: RE: [Declude.JunkMail] OT Snow


Now wait just a carn cerned minute.

Our time is short enough as it is without getting rid of 3 months.

Besides, temperatures are just fine here in Southern California.

;-)

John T
eServices For You


 -Original Message-
 From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
 [EMAIL PROTECTED] On Behalf Of Matt
 Sent: Saturday, December 03, 2005 11:06 AM
 To: Declude.JunkMail@declude.com
 Subject: Re: [Declude.JunkMail] OT Snow

 It was 65 degrees last week in Upstate NY, almost a record high.  Now of
 course it is quite seasonal and I am afraid that we won't see those
 temps again until March or April.  Fear not, there is no ice age on the
 horizon...except of course what is expected.  I wouldn't care at all if
 the year was 3 months shorter.

 Matt



 Orin Wells wrote:

  We had a blanket of snow here in the Seattle area Thursday night too -
  still hanging around.  We had almost zero snow last year.  All the ski
  areas are in operation.  Some opened a month ago - the earliest in
  decades.  Maybe we are going into the next ice age?
 
  At 09:08 AM 12/3/2005, you wrote:
 
  let me know if you get the BANEXT .snow working, we got 24 inches
  yesterday and last night, good ol Lake Erie lake effect snow... sigh
 
  Rick Davidson
  National Systems Manager
  North American Title Group
  -
  - Original Message - From: Markus Gufler [EMAIL PROTECTED]
  To: Declude.JunkMail@declude.com
  Sent: Saturday, December 03, 2005 3:49 AM
  Subject: RE: [Declude.JunkMail] Paranoia
 
 
 
 
  What's even funnier is by the time I am ready to get in bed,
  Europe is going to work.
 
 
  yawning
  mmmh, what? ...  ...
  Ah, hi guys, good morning from Europe!
  We've around 12 inches of snow here over night. Where's the
  snowshovel?
  Maybe I will add BANEXT .snow to my config file  ;-)
  /yawning
 
  Markus
 
  ---
  [This E-mail was scanned for viruses by Declude EVA www.declude.com]
 
  ---
  This E-mail came from the Declude.JunkMail mailing list.  To
  unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
  type unsubscribe Declude.JunkMail.  The archives can be found
  at http://www.mail-archive.com.
 
 
  ---
  [This E-mail was scanned for viruses by Declude EVA www.declude.com]
 
  ---
  This E-mail came from the Declude.JunkMail mailing list.  To
  unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
  type unsubscribe Declude.JunkMail.  The archives can be found
  at http://www.mail-archive.com.
 
 
  ---
  [This E-mail was scanned for viruses by Declude EVA www.declude.com]
 
  ---
  This E-mail came from the Declude.JunkMail mailing list.  To
  unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
  type unsubscribe Declude.JunkMail.  The archives can be found
  at http://www.mail-archive.com.
 
 
 ---
 [This E-mail was scanned for viruses by Declude EVA www.declude.com]

 ---
 This E-mail came from the Declude.JunkMail mailing list.  To
 unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
 type unsubscribe Declude.JunkMail.  The archives can be found
 at http://www.mail-archive.com.

---
[This E-mail was scanned for viruses by Declude EVA www.declude.com]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.



---
[This E-mail was scanned for viruses by Declude EVA www.declude.com]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] OT - At wits end

[Michael Thomas - Mathbox]

Andrew,

I was reading your reponse, thinking This is one of the more lucid
responses coming from the list (There is a huge amount of useful
information from the list, but not all of it is lucid. Sometimes you have to
dig for the  gems.). And then I got down to the last paragraph and read
hinky results! I almost fell out of my chair laughing... Don't get me
wrong, I have used the word myself. But seeing it at the end of that
response was like being handed the punch line to joke. So you have provided
useful feedback AND brightened at least one persons day...

Mike



- Original Message - 
From: Colbeck, Andrew [EMAIL PROTECTED]
To: Declude.JunkMail@declude.com
Sent: Wednesday, November 30, 2005 12:53 PM
Subject: RE: [Declude.JunkMail] OT - At wits end


My two cents ...

John and Matt are offering sound best practices advice for installing
a cacheing only DNS on your Windows 2000.  It's dead easy, and you'll
find that your queries to find mail servers and RBL answers are faster.

Cacheing only means that this DNS service on your Imail server won't
be responsible for serving up any zones, so you don't need to worry
about messing that up.

If you're worried about the bad guys (of course!), you can easily
configure the service to only accept queries from your internal machines
by IP, and/or use your firewall to block inbound queries.

I tested using the nameserver you cited to look up ucancap.org and found
that it could timeout, but once I got the record, it would be cached for
24 hours.

I found that the reply came by UDP, was less than 512 bytes, and nicely
included the IP address of the MX host along with the MX record.

I noted that, at least from my network, I had really good tracert times
(but they block ICMP).

Their mailhost is slow to respond; reaching them, I see that their HELO
greeting is barracuda.ucancap.org so I'd have to wonder how long
they've had an antispam device from barracuda.com in front of their real
mail host, and is this when you stopped being able to send them mail?

...

I just did some nslookup tests using ns1.dnswizards.com and also
ns2.dnswizards.com and get hinky results, with ridiculous timeouts.  I'd
suggest that if nothing else, you stop using them for your DNS queries!

Andrew 8)


 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] On Behalf Of Orin Wells
 Sent: Wednesday, November 30, 2005 8:09 AM
 To: Declude.JunkMail@declude.com
 Subject: Re: [Declude.JunkMail] OT - At wits end

 At 11:03 PM 11/29/2005, Dave Doherty wrote:
 Hi, Orin-
 
 A couple of suggestions
 
 First, look at your HOSTS file in
 c:\winnt\system32\drivers\etc to see
 if 64.62.134.10 is listed there. Delete the entry if you
 find it there.

 Thanks.  Done that.  Nothing there.


 Next, add DNS service to your IMail server.

 I have been hesitant to do our own DNS services because of
 others who have told me doing your own DNS can become a full
 time job.  I am assuming they are talking about a registered
 DNS server when every hacker in the world wants to play with
 it.  I hadn't thought about activating DNS though.  We are
 running a 2000 server and I would have to figure out how to
 turn it on.  We will be going to 2003 soon if we can ever get
 the servers running correctly.  I hate hardware!!

 Set the DNS servers in Network Properties to known-good upstream DNS
 resolvers.

 Other than this, the primary servers for all our domains are
 thought to be good.  I believe they have another server we
 could add to the stream.

 Set the DNS address in IMail to 127.0.0.1. This has the effect of
 providing mulitple DNS servers to IMail.

 Ahhh.  That was a piece I was missing here.  We have
 64.85.13.6 which is the primary DNS server.  Will this then
 use the servers in Network Properties or is it going to
 expect the local server to be providing DNS services?

 Thanks for the suggestions.


 -d
 
 
 - Original Message - From: Orin Wells
 [EMAIL PROTECTED]
 To: Declude.JunkMail@declude.com
 Sent: Wednesday, November 30, 2005 1:35 AM
 Subject: [Declude.JunkMail] OT - At wits end
 
 
 We have a bit of a puzzler with one our clients in trying to
 communicate with another domain.  What happens is they get
 20 attempts
 failure to deliver.  What is REALLY happening is that the
 DNS servers
 that service our environment do not see the target domain for some
 unknown reason and thus iMail is unable to resolve the
 domain to an ip
 address for delivery. And since our imail server is
 pointing to one of
 these DNS servers as our primary server I have been unable
 to find a
 way around the problem.
 
 It seems to have started on or about November 9th when the
 firewall at
 the target site received the last message from our server.
 We think
 something changed but no one will admit to anything changing.
 
 The sending environment is running under iMail 7.07 and is
 cado-oregon.org (IP 64.85.18.53).  There are two dns
 servers providing
 our DNS: ns1.dnswizards.com and 

Re: [Declude.JunkMail] OT: SmarterMail auto-create users

[Michael Thomas - Mathbox]

Robert,

I have not programmed to SmarterMail API's, but I did look at them some time
ago. As I recall, the API is just a COM object, which you can call from ASP.
I don't believe ASP.NET is required for the management end.

Mike

- Original Message - 
From: Robert E. Spivack [EMAIL PROTECTED]
To: Declude.JunkMail@declude.com
Sent: Tuesday, October 25, 2005 2:47 PM
Subject: [Declude.JunkMail] OT: SmarterMail auto-create users


 Hi,

 I have a question for those of you that are using SmarterMail.

 We are looking at the software to determine how we can link it to our user
 creation process.

 Currently, we have both classic asp (ASP not ASP.NET) and php scripts that
 create users by POSTing to a form.  The back-end of the form hander spawns
a
 commandline to actually create the user.

 SmarterMail has a web services programmatic interface, but we'd prefer not
 to write completely new software in ASP.NET

 Does anyone have a wrapper or some other method that will allow us to
 continue to use our existing ASP and PHP scripts by (hopefully) only
 changing the back-end form handler?

 ---
 This E-mail came from the Declude.JunkMail mailing list.  To
 unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
 type unsubscribe Declude.JunkMail.  The archives can be found
 at http://www.mail-archive.com.




---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

[Declude.JunkMail] Adding Filter Match Text to header

[Michael Thomas - Mathbox]

Hi,

Is there a way to add the matching text from a filter to the headers of the
message? I only see a way to indicate that a filter failed:

MYFILTER WARN X-Warning: Failed FILTER

Thank You,
Mike


---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] OT: Co-Location Space

[Michael Thomas - Mathbox]

Hi,

No, actually they monitor specific channels to determine if advertisements
appeared on that channel and at what times. They also collect information on
what shows were running when the advertisements appeared. Because much of
cable advertising is geographically driven, they need access to cable TV in
specific geographic areas.

Mike


- Original Message - 
From: William Stillwell [EMAIL PROTECTED]
To: Declude.JunkMail@declude.com
Sent: Friday, June 17, 2005 11:42 PM
Subject: Re: [Declude.JunkMail] OT: Co-Location Space


 It sounds like there trying to start a service like WebVCR which was of
 course shutdown by the MPAA..


 - Original Message - 
 From: Michael Thomas - Mathbox [EMAIL PROTECTED]
 To: Declude.JunkMail@declude.com
 Sent: Friday, June 17, 2005 5:51 PM
 Subject: [Declude.JunkMail] OT: Co-Location Space


  Hi All,
 
  I have a customer that is looking for co-location space in 50+ locations
  all
  over the US. There main requirement is a local cable TV feed. They will
  pay
  to have their own drop installed from the street. Their equipment is 50%
  rack-mount and 50% tower. Cabinet, rack, or wire shelf will work. Their
  requirements are:
 
  10U
  128k
  2 IP's
  3-5 amps
  Cable TV feed
 
  If you are interested, please contact me off list at [EMAIL PROTECTED]
  Below
  is a list of locations.
 
  Thank You,
  Michael Thomas
  Mathbox
 
  Anchorage AK
  Fairbanks AK
  Juneau AK
  Dothan AL
  Jonesboro AR
  Palm Springs CA
  Yuma-El Centro CA
  Eureka CA
  Grand Junction-Montrose CO
  Panama City FL
  Gainesville FL
  Ottumwa-Kirksville IA
  Idaho Falls-Pocatello ID
  Twin Falls ID
  Lafayette IN
  Bowling Green KY
  Alexandra LA
  Lake Charles LA
  Bangor ME
  Presque Isle ME
  Marquette MI
  Alpena  MI
  Mankato MN
  St Joseph MO
  Biloxi-Gulfport MS
  Hattiesburg-Laurel MS
  Greenwood-Greenville MS
  Meridian MS
  Missoula MT
  Billings MT
  Great Falls MT
  Butte-Boseman MT
  Helena MT
  Glendive MT
  Minot-Bismarck-Dickinson ND
  North Platte NE
  Binghamton NY
  Utica NY
  Watertown NY
  Wheeling-Steubenville OH
  Lima OH
  Zanesville OH
  Bend OR
  Rapod City SD
  Jackson TN
  Odessa-Midland TX
  Abilene-Sweetwater TX
  Laredo TX
  San Angelo TX
  Victoria TX
  Sherman-Ada TX/OK
  Harrisonburg VA
  Charlottesville VA
  Clarksburg-Weston WV
  Parkersburg WV
  Casper-Riverton WY
  Cheyenne-Scottsbluff WY/NE
 
 
  ---
  This E-mail came from the Declude.JunkMail mailing list.  To
  unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
  type unsubscribe Declude.JunkMail.  The archives can be found
  at http://www.mail-archive.com.
  ---
  This email has been scanned for possible viruses by Declude Antivirus.
  For more information on Declude Antivirus, Visit www.declude.com
 
 

 ---
 This email has been scanned for possible viruses by Declude Antivirus.
 For more information on Declude Antivirus, Visit www.declude.com

 ---
 This E-mail came from the Declude.JunkMail mailing list.  To
 unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
 type unsubscribe Declude.JunkMail.  The archives can be found
 at http://www.mail-archive.com.



---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] AutoWhiteList

[Michael Thomas - Mathbox]

Serge,

The javascript checker shipped with standard web mail templates (V8.05 I
have 8.14, but did not test) will not allow @domain.com to be added. The
checker requires [EMAIL PROTECTED] Javascript checkers with other template
sets may allow it. Or you could modify the checker to allow it.

You can add @domain.com as a contact in the contact list. Note that AFAIK
Declude still only whitelists the first address in a contact list. I
reported that issue to Declude on 5/24/2004. I have not heard that it was
fixed. Note that the issue is I may have an address in a contact list that
is not anywhere else in my address book.

And a final note regarding whitelisting, which is still true AFAIK. Assume
the situation, [EMAIL PROTECTED], [EMAIL PROTECTED], and [EMAIL PROTECTED] are 
valid
email addresses and that emailb has emaila listed in emailb's addresss book.
If emaila sends a message to emailc on the TO line and puts emailb on the
BCC line, then the message is whitelisted for both emailb AND emailc. If you
have XINHEADER X-Message: %TESTSFAILED% in your rules, you will see that
the headers of each recipient indicated the sender was whitelisted. I would
have expected the message to be processed on the merits of each recipients
settings, including whitelisting by address book.

Mike

- Original Message - 
From: Serge [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Sunday, December 12, 2004 7:48 PM
Subject: [Declude.JunkMail] AutoWhiteList


Can we use @domain.com in our webmail adress book to whitelist all mail from
specific domain ?
also, if one of the recepient has the sender in his adress book, this will
whitelist for all recepients, correct ?

TIA


---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.