RE: [Declude.JunkMail] Fprot 6
Serge, Frisk licensing for mail server use is not the same as consumer or general business use. Pricing for mail server use is prohibitive. Michael Thomas Mathbox 978-683-6718 1-877-MATHBOX (Toll Free) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Serge Sent: Sunday, January 27, 2008 3:31 PM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] Fprot 6 I curently use only the built in virus scanner But I'm just curious, anyone tested Fpscan from fprot6 ? and what command line options needs to be used ? TIA Serge --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: SPAM-WARN:Re: [Declude.JunkMail] OT: SPF record question
Gary, I thought I tried to get this across. Most servers check SPF at the connection, not via the received headers. Further excepting very special circumstances like having proxies or gateways, anyone checking SPF via received headers should only be checking the first received header, which means only from your server to the destination server. Again, excepting very special circumstances like having proxies or gateways, checking SPF any deeper than the first received header would be applying SPF rules incorrectly. Michael Thomas Mathbox 978-683-6718 1-877-MATHBOX (Toll Free) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gary Steiner Sent: Saturday, February 17, 2007 11:23 PM To: declude.junkmail@declude.com Subject: SPAM-WARN:Re: [Declude.JunkMail] OT: SPF record question My question still isn't coming across. In setting up SPF, I don't want any outgoing messages from my server to be bounced by others because of a bad SPF string. I can whitelist SMTP auth on my server, but that does't help the SPF problem because potentially when one of my users sends a message to someone, say on hotmail.com, it could get bounced because of bad SPF. For example, say my SPF string for my domain is v=spf1 mx mx:smtp.mydomain.com -all. This allows any email sent via my SmarterMail webmail to pass SPF. Now, if one of my users connects to the server with Outlook and SMTP Auth, and uses this to send an email, then the IP address that shows up in the last hop is the one he used to connect to my sever, not the IP address of my server. So the email message he sends would fail SPF. For it to pass, I would have to change my SPF string to v=spf1 mx mx:smtp.mydomain.com ip4:67.189.34.6 -all, and additionally add a ip4: entry for every instance that a user might connect to my server with Outlook . So does this mean that SPF is impractical for anyone not strictly using webmail? To me it implies that to cover all bases you would have to have in your SPF string ?all and there would be no way to make it stricter than that, other than to force all your users to use webmail and not Outlook. Gary Original Message From: Darin Cox [EMAIL PROTECTED] Sent: Friday, February 16, 2007 4:33 PM To: declude.junkmail@declude.com Subject: Re: SPAM-WARN:Re: [Declude.JunkMail] OT: SPF record question Whitelisting SMTP Auth is the key here. Since you connect with a userID/PW to your mail server, Whitelisting connections done through SMTP AUTH bypasses Declude filtering. Darin. - Original Message - From: Gary Steiner [EMAIL PROTECTED] To: declude.junkmail@declude.com Sent: Friday, February 16, 2007 4:10 PM Subject: RE: SPAM-WARN:Re: [Declude.JunkMail] OT: SPF record question Let me give you my case. For this example I used my home Comcast connection to send an email using Outlook and authentication. My server uses Declude and SmarterMail. The header of the received message shows one IP address in a single Received line: Received: from c-67-189-34-6.hsd1.or.comcast.net [67.189.34.6] by mail.plusultraweb.com with SMTP; Fri, 16 Feb 2007 15:43:21 -0500 Michael's message via Declude's mailing list had three Received lines: Received: from smtp.declude.com [63.246.31.248] by mail.plusultraweb.com with SMTP; Fri, 16 Feb 2007 15:46:48 -0500 Received: from mail.mathbox.com [63.150.236.14] by smtp.declude.com with SMTP; Fri, 16 Feb 2007 15:31:18 -0500 Received: from mikesplace [63.150.236.3] by mail.mathbox.com with ESMTP (SMTPD-8.22) id A48F027C; Fri, 16 Feb 2007 15:31:11 -0500 In both messages Declude made checks versus the last hop only (67.189.34.6 in my test message and 63.246.31.248 in the message from Declude's mailing list. Since my Comcast IP address is not listed in my SPF string, it failed Declude's SPF test. So what is the problem here? Is this a flaw in how SmarterMail lists its hops? Should it be showing the Comcast IP address as the final hop, or should it be showing my mail server? Since it is showing the Comcast address, SPF fails. The only way to get around this is to end the SPF string with ?all, but if I'm going to do that, I might as well not use SPF at all. Gary Original Message From: Michael Thomas - Mathbox [EMAIL PROTECTED] Sent: Friday, February 16, 2007 3:47 PM To: declude.junkmail@declude.com Subject: RE: SPAM-WARN:Re: [Declude.JunkMail] OT: SPF record question Gary, Your logic is incorrect. SPF is a check made by the destination mail server (possibly my mail server) against the sending mail server (your mail server). Your users authenticate to your mail server, then submit a message to your mail server for delivery by your mail server to the remote
RE: SPAM-WARN:Re: [Declude.JunkMail] OT: SPF record question
Darin, I am not sure why, but Gary seems to think SPF checks are run against ALL of the received headers. I am guessing that he has an SPF test action at the end of his Global.cfg, so that it is testing outgoing? Michael Thomas Mathbox 978-683-6718 1-877-MATHBOX (Toll Free) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Saturday, February 17, 2007 11:37 PM To: declude.junkmail@declude.com Subject: SPAM-WARN:Re: [Declude.JunkMail] OT: SPF record question Yes, it does. Message come in from your mail client and is whitelisted by SMTP AUTH. Now your server sends it to the destination. Receiving server sees the message coming from your server, and that your server is a valid sender for the domain in question according to your SPF policy. The last hop seen by the destination is your server, not your mail client. Your server satisfies your SPF policy, therefore the receiving server checks and records an SPF PASS. Forget about the client, as long as they send through your server, and you don't filter them out... either because they AUTH and you whitelist on AUTH, or any other way you avoid filtering your connecting users. Its all about your server sending to the destination server. This has been working for us for the past year and a half or so. Darin. - Original Message - From: Gary Steiner [EMAIL PROTECTED] To: declude.junkmail@declude.com Sent: Saturday, February 17, 2007 11:22 PM Subject: Re: [Declude.JunkMail] OT: SPF record question My question still isn't coming across. In setting up SPF, I don't want any outgoing messages from my server to be bounced by others because of a bad SPF string. I can whitelist SMTP auth on my server, but that does't help the SPF problem because potentially when one of my users sends a message to someone, say on hotmail.com, it could get bounced because of bad SPF. For example, say my SPF string for my domain is v=spf1 mx mx:smtp.mydomain.com -all. This allows any email sent via my SmarterMail webmail to pass SPF. Now, if one of my users connects to the server with Outlook and SMTP Auth, and uses this to send an email, then the IP address that shows up in the last hop is the one he used to connect to my sever, not the IP address of my server. So the email message he sends would fail SPF. For it to pass, I would have to change my SPF string to v=spf1 mx mx:smtp.mydomain.com ip4:67.189.34.6 -all, and additionally add a ip4: entry for every instance that a user might connect to my server with Outlook . So does this mean that SPF is impractical for anyone not strictly using webmail? To me it implies that to cover all bases you would have to have in your SPF string ?all and there would be no way to make it stricter than that, other than to force all your users to use webmail and not Outlook. Gary Original Message From: Darin Cox [EMAIL PROTECTED] Sent: Friday, February 16, 2007 4:33 PM To: declude.junkmail@declude.com Subject: Re: SPAM-WARN:Re: [Declude.JunkMail] OT: SPF record question Whitelisting SMTP Auth is the key here. Since you connect with a userID/PW to your mail server, Whitelisting connections done through SMTP AUTH bypasses Declude filtering. Darin. - Original Message - From: Gary Steiner [EMAIL PROTECTED] To: declude.junkmail@declude.com Sent: Friday, February 16, 2007 4:10 PM Subject: RE: SPAM-WARN:Re: [Declude.JunkMail] OT: SPF record question Let me give you my case. For this example I used my home Comcast connection to send an email using Outlook and authentication. My server uses Declude and SmarterMail. The header of the received message shows one IP address in a single Received line: Received: from c-67-189-34-6.hsd1.or.comcast.net [67.189.34.6] by mail.plusultraweb.com with SMTP; Fri, 16 Feb 2007 15:43:21 -0500 Michael's message via Declude's mailing list had three Received lines: Received: from smtp.declude.com [63.246.31.248] by mail.plusultraweb.com with SMTP; Fri, 16 Feb 2007 15:46:48 -0500 Received: from mail.mathbox.com [63.150.236.14] by smtp.declude.com with SMTP; Fri, 16 Feb 2007 15:31:18 -0500 Received: from mikesplace [63.150.236.3] by mail.mathbox.com with ESMTP (SMTPD-8.22) id A48F027C; Fri, 16 Feb 2007 15:31:11 -0500 In both messages Declude made checks versus the last hop only (67.189.34.6 in my test message and 63.246.31.248 in the message from Declude's mailing list. Since my Comcast IP address is not listed in my SPF string, it failed Declude's SPF test. So what is the problem here? Is this a flaw in how SmarterMail lists its hops? Should it be showing the Comcast IP address as the final hop, or should it be showing my mail server? Since it is showing the Comcast
RE: SPAM-WARN:Re: [Declude.JunkMail] OT: SPF record question
Gary, Your logic is incorrect. SPF is a check made by the destination mail server (possibly my mail server) against the sending mail server (your mail server). Your users authenticate to your mail server, then submit a message to your mail server for delivery by your mail server to the remote mail server. So, the remote mail server (possibly my mail server) would check the SPF to determine if your mail server was listed as a source for the domain of the sending email address. Michael Thomas Mathbox 978-683-6718 1-877-MATHBOX (Toll Free) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gary Steiner Sent: Friday, February 16, 2007 2:56 PM To: declude.junkmail@declude.com Subject: SPAM-WARN:Re: [Declude.JunkMail] OT: SPF record question I have a question to follow this subject. If users have Outlook and they are sending email fromm home or whereever using authentication, then the IP that shows up in the header will be their home connection. That being the case, unless your users are strictly using webmail, your SPF record should show no enforcement otherwise all the non-webmail messages will get blocked. To me this indicates that SPF doesn't help you if your users are not using webmail. Is this correct? Gary Original Message From: Darin Cox [EMAIL PROTECTED] Sent: Wednesday, February 07, 2007 4:33 PM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] OT: SPF record question If your MX and A records are also in the 216.15.92.0/25 network, then you don't need to specify the a and mx parameters, so you could simplify to No enforcement, other hosts may send mail for the domain v=spf1 ip4:216.15.92.0/25 ?all Soft fail if policy violated. Filters may or may not block on soft fail. v=spf1 ip4:216.15.92.0/25 ~all Hard fail if policy violated. Filters should block on hard fail. v=spf1 ip4:216.15.92.0/25 -all However, if you send from an MX or A record (web server) that is not in the 216.15.92.0/25 subnet then you may need those. If you use a soft or hard fail policy, it's very important that you identify _all_ sources of outbound mail for the domain, including all mail servers, marketing mail engines, webservers, external hosts, etc. Otherwise you're liable to have mail blocked as a result of your policy. I've see this happen with a number of larger organizations, where they have forgotten web servers with form-to-mail functions, marketing personnel sending out newsletters, or mobile users using ISP SMTP servers. Regarding your last three records, do you have subdomains with MX records for direct.commarts.com, mail.commarts.com, and smtp.commarts.com? I.e. do you receive mail to @direct.commarts.com, @mail.commarts.com, and @smtp.commarts.com addresses? If not, you don't need those records. Hope this helps, Darin. - Original Message - From: Michael Hoyt [EMAIL PROTECTED] To: Declude JunkMail @declude.com Declude.JunkMail@declude.com Sent: Wednesday, February 07, 2007 2:30 PM Subject: [Declude.JunkMail] OT: SPF record question Sorry for the re-posting but I forgot to add a Subject. I am finally getting my SPF records up but would like some comments on whether I got it right. I would like to be able to send email from any IP address in my 216.15.92.0/25 network. Currently I have MX records for mail.commarts.com (216.15.92.3) which is the only mail server that receives mail and direct.commarts.com (216.15.92.15) and smtp.commarts.com (216.15.92.13). Using the Wizard at openspf.org I generated the following SPF records: commarts.com. IN TXT v=spf1 ip4:216.15.92.0/25 a mx ~all direct.commarts.com. IN TXT v=spf1 a -all mail.commarts.com. IN TXT v=spf1 a -all smtp.commarts.com. IN TXT v=spf1 a -all After reading page 15 of the Whitepaper pertaining to the ~all,-all or ?all part of the text in the first record my question is: If I know that ALL email from my domain will originate from 216.15.92.0/25 should the text be -all and not ~all? And my last question is are the three txt records mentioning my MX servers necessary if I have 216.15.92.0/25 in the first record? Thank you in advance for any insight. -- Michael Hoyt Web Site: http://www.commarts.com --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from
RE: SPAM-WARN:Re: [Declude.JunkMail] OT: SPF record question
Gary, I guess, I should have asked this earlier, but you mentioned authenticated users, which is the other side of the coin. Are you testing SPF for outgoing mail? If so, why? Is it possible to send email from your mail server without authenticating? If none of that was pertinent, continue on == At your mail server, in those three received headers from my message, the only valid SPF check is on the following header: Received: from smtp.declude.com [63.246.31.248] by mail.plusultraweb.com with SMTP; Fri, 16 Feb 2007 15:46:48 -0500 Note that at this point, the email is from declude.junkmail@declude.com and the sending server is smtp.declude.com. The above header was added by your mail server. The SPF check on your mail server should be Does the declude.com SPF indicate that mail from declude.com (in this case declude.junkmail@declude.com) can be sent by smtp.declude.com. As regards SPF, checking any deeper in the received lines makes no sense and is an invalid test. Why? Because at this point, the email is from declude.junkmail@declude.com and I doubt very much if the declude.com SPF record has mail.mathbox.com as a valid SMTP source for mail from declude.com. == The previous header entry (time and motion wise) was the received header for the transmission of the message from my mail server to the declude mail server: Received: from mail.mathbox.com [63.150.236.14] by smtp.declude.com with SMTP; Fri, 16 Feb 2007 15:31:18 -0500 The declude mail server should have performed a SPF check for mail from [EMAIL PROTECTED] being sent from mail.mathbox.com. === If for example, you had an SMTP proxy or a gateway in front of your mail server, then all of the above logic starts to break down. For those situations, you could use IPBYPASS and I suppose HOP. You chose a very good example. List mail is a perfectly good example of why you cannot run SPF against the entire chain of received headers. Michael Thomas Mathbox 978-683-6718 1-877-MATHBOX (Toll Free) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gary Steiner Sent: Friday, February 16, 2007 4:10 PM To: declude.junkmail@declude.com Subject: RE: SPAM-WARN:Re: [Declude.JunkMail] OT: SPF record question Let me give you my case. For this example I used my home Comcast connection to send an email using Outlook and authentication. My server uses Declude and SmarterMail. The header of the received message shows one IP address in a single Received line: Received: from c-67-189-34-6.hsd1.or.comcast.net [67.189.34.6] by mail.plusultraweb.com with SMTP; Fri, 16 Feb 2007 15:43:21 -0500 Michael's message via Declude's mailing list had three Received lines: Received: from smtp.declude.com [63.246.31.248] by mail.plusultraweb.com with SMTP; Fri, 16 Feb 2007 15:46:48 -0500 Received: from mail.mathbox.com [63.150.236.14] by smtp.declude.com with SMTP; Fri, 16 Feb 2007 15:31:18 -0500 Received: from mikesplace [63.150.236.3] by mail.mathbox.com with ESMTP (SMTPD-8.22) id A48F027C; Fri, 16 Feb 2007 15:31:11 -0500 In both messages Declude made checks versus the last hop only (67.189.34.6 in my test message and 63.246.31.248 in the message from Declude's mailing list. Since my Comcast IP address is not listed in my SPF string, it failed Declude's SPF test. So what is the problem here? Is this a flaw in how SmarterMail lists its hops? Should it be showing the Comcast IP address as the final hop, or should it be showing my mail server? Since it is showing the Comcast address, SPF fails. The only way to get around this is to end the SPF string with ?all, but if I'm going to do that, I might as well not use SPF at all. Gary Original Message From: Michael Thomas - Mathbox [EMAIL PROTECTED] Sent: Friday, February 16, 2007 3:47 PM To: declude.junkmail@declude.com Subject: RE: SPAM-WARN:Re: [Declude.JunkMail] OT: SPF record question Gary, Your logic is incorrect. SPF is a check made by the destination mail server (possibly my mail server) against the sending mail server (your mail server). Your users authenticate to your mail server, then submit a message to your mail server for delivery by your mail server to the remote mail server. So, the remote mail server (possibly my mail server) would check the SPF to determine if your mail server was listed as a source for the domain of the sending email address. Michael Thomas Mathbox 978-683-6718 1-877-MATHBOX (Toll Free) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gary Steiner Sent: Friday, February 16, 2007 2:56 PM To: declude.junkmail@declude.com Subject: SPAM-WARN:Re: [Declude.JunkMail] OT: SPF record question I have a question to follow this subject. If users have
RE: SPAM-WARN:Re: [Declude.JunkMail] Per User Filtering
Just create an empty user.junkmail file. As there are no actions, the user will get all of the messages. Michael Thomas Mathbox 978-683-6718 1-877-MATHBOX (Toll Free) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dean Lawrence Sent: Friday, December 15, 2006 2:21 PM To: declude.junkmail@declude.com Subject: SPAM-WARN:Re: [Declude.JunkMail] Per User Filtering Kim, You could just set the action to IGNORE. You cannot fully turn of scanning, but by setting the IGNORE action, all mail will pass through the system. Dean On 12/15/06, Kim Premuda [EMAIL PROTECTED] wrote: Can someone tell me what to put in the per user 'user.junkmail' file that would cause all messages to effectively be whitelisted for that user (user does not want anything tested by JunkMail)? Currently, all tests are set to 'WARN', but that's not producing the desired results. Thanks! Kim W. Premuda -- Kim W. Premuda FastWave Internet Services San Diego, CA -- --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. -- __ Dean Lawrence, CIO/Partner Internet Data Technology 888.GET.IDT1 ext. 701 * fax: 888.438.4381 http://www.idatatech.com/ Corporate Internet Development and Marketing Specialists --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: SPAM-WARN:RE: [Declude.JunkMail] DYNHELO
Jay, Thanks for the reply. I thought it was checking against blacklists. I had assumed (for years) that it was an RBL test. I was going nuts trying to find a list the IP was on. It is fixed now. I had a typographical error on an in-addr.arpa entry. Even weirder, I had noticed and fixed the issue before I sent my original post. The caching only name server on the mail server had not picked up the change and I did not connect the two issues. Bummer. Michael Thomas Mathbox 978-683-6718 1-877-MATHBOX (Toll Free) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jay Sudowski - Handy Networks LLC Sent: Thursday, December 07, 2006 4:56 AM To: declude.junkmail@declude.com Subject: SPAM-WARN:RE: [Declude.JunkMail] DYNHELO DYNHELO dynhelo x x 5 0 This test type, attempts to detect dynamic IPs in HELO/EHLO hostnames. This test should be quite effective, since mailservers on IPs that have dynamic-like reverse DNS entries will *not* normally send an HELO/EHLO that look dynamic. DYNHELO is not an RBL test. -Jay -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael Thomas - Mathbox Sent: Thursday, December 07, 2006 3:06 AM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] DYNHELO Hi All, Does anyone know what list(s) DYNHELO uses? The mail archive has nothing useful. DYNHELO does not appear in the documentation for 3.1.3 or any of the others that I checked. I just noticed that on 12/1/06, at least one of my web server IP addresses, 63.150.236.34, started returning positive for DYNHELO. I checked that IP address at DNSstuff against 272 lists and all passed. I checked at Spamhaus, SORBS, NJABL, and MAPS (Checked by DNSstuff, but I looked anyway.). Still no listing. It is not a DNS problem. I run a caching only DNS on my mail server and it is working just fine. Michael Thomas Mathbox 978-683-6718 1-877-MATHBOX (Toll Free) --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] DYNHELO
Hi All, Does anyone know what list(s) DYNHELO uses? The mail archive has nothing useful. DYNHELO does not appear in the documentation for 3.1.3 or any of the others that I checked. I just noticed that on 12/1/06, at least one of my web server IP addresses, 63.150.236.34, started returning positive for DYNHELO. I checked that IP address at DNSstuff against 272 lists and all passed. I checked at Spamhaus, SORBS, NJABL, and MAPS (Checked by DNSstuff, but I looked anyway.). Still no listing. It is not a DNS problem. I run a caching only DNS on my mail server and it is working just fine. Michael Thomas Mathbox 978-683-6718 1-877-MATHBOX (Toll Free) --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: SPAM-WARN:Re: [Declude.JunkMail] RE: On RFC Violation - Declude allows attachments and Virus to pass through untouched and unscanned
Matt, Justa minor point, it doesn't affect your logic. Now according to Michael's tests, the CR-only pattern leads to parsing issues in Declude Virus where it can't even find the attachment to scan it. Actually, it was the "No Cr" (I.E. LF only) test that passed completely undetected. By the way, I agree with you. As I pointed out in my original message, there are several web sites that send legitimate response messages (an Airline comes to mind readily) that fail the test. They are not entirely broken, but some lines are missing the Cr. I think it depends on what section of code they happen to be running through. It is a typical issue of Linux/Unix '\n' programming habit. Michael ThomasMathbox978-683-67181-877-MATHBOX (Toll Free) ---This E-mail came from the Declude.JunkMail mailing list. Tounsubscribe, just send an E-mail to [EMAIL PROTECTED], andtype "unsubscribe Declude.JunkMail". The archives can be foundat http://www.mail-archive.com.
[Declude.JunkMail] Different issue - Process flow question
Hi All, 1. Is it not true that when properly installed and running, that Declude handles EVERY message that passes through the mail server? 2. There is only one GLOBAL.CFG. 3. Every message processed should attempt to run every external test. (That's why many external tests accept the current weight as a parameter so it can bail out early if the current weight meets or exceeds the external test's set bail out weight) But regardless of whether the external test decides to bail early, it should still get invoked. Isn't that correct? Michael Thomas Mathbox 978-683-6718 1-877-MATHBOX (Toll Free) --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: SPAM-WARN: Re: [Declude.JunkMail] RE: On RFC Violation - Declude allows attachments and Virus to pass through untouched and unscanned
Hi All, I said in my original email that Declude had been notified of LF only issue. I just looked back through my email and found the report. It was Declude case [06D-0BBF1866-F5A3] on Thu, 30 Mar 2006 22:29:58 -0500. Michael Thomas Mathbox 978-683-6718 1-877-MATHBOX (Toll Free) --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: SPAM-WARN: RE: [Declude.JunkMail] On RFC Violation - Declude allows attachments and Virus to pass through untouched and unscanned
John, Looked normal in Outlook Express and in WebMail Both had an extractable executable. Michael Thomas Mathbox 978-683-6718 1-877-MATHBOX (Toll Free) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John T (Lists) Sent: Friday, October 20, 2006 2:22 AM To: declude.junkmail@declude.com Subject: SPAM-WARN: RE: [Declude.JunkMail] On RFC Violation - Declude allows attachments and Virus to pass through untouched and unscanned But Declude let RfcNoCr.eml pass straight through without calling the virus scanners, because Declude did NOT see an attachment. Also, because Declude did not see an attachment, Declude did not ban the .EXE extension. OK, question. What happened then when that message got to your email client? John T eServices For You Seek, and ye shall find! --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] On RFC Violation - Declude allows attachments and Virus to pass through untouched and unscanned
John, The link was just before my signature in the original message. Michael Thomas Mathbox 978-683-6718 1-877-MATHBOX (Toll Free) --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: SPAM-WARN: Re: [Possible Spam][Declude.JunkMail] On RFC Violation - Declude allows attachments and Virus to pass through untouched and unscanned
David, In my opinion, which others may not share, Declude should detect all RFC/MIME violations and flag them in some manner. There exist quite a few that are common to spam messages, but not flagged by Declude. However, that is a totally different subject than the point of my test. The RFC violation was simply a symptom. Some admins might not choose to delete or block messages with that construction. There exist well-known web sites that generate response email messages where one or two lines out 50-100 are missing one of the Cr/Lf pair characters. The point is that for many (maybe most) people on this list, Declude is the lock and keys for securing email passing through their mail servers. Declude trusts that the email message will be well-formed. Because of that mis-placed trust, Declude did not reliably detect any attachment, regardless of type, and therefore did not invoke the scanners. Note that this test was performed on Declude version 3.1.1. Maybe, the new gateway product is not quite so trusting. I have no idea. We are an ISP and would not pay the fees associated with ISP use of the gateway product. In any event, this is a well-known issue and has been for some time. I reported this issue to Declude and the list some time ago regarding spam not being scanned because of this issue. At that time, I was so focused on the spam problem, I did not think about the attachment/virus side of the issue, which should have been obvious to me. Michael Thomas Mathbox 978-683-6718 1-877-MATHBOX (Toll Free) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Sullivan Sent: Friday, October 20, 2006 3:51 PM To: declude.junkmail@declude.com Subject: SPAM-WARN: Re: [Possible Spam][Declude.JunkMail] On RFC Violation - Declude allows attachments and Virus to pass through untouched and unscanned Hello Michael, Thanks for the great research. Wouldn't this be the purpose of Vulnerability detection in Declude? Declude detects mal-formed messages that can allow viruses to be hidden from email server virus scanners. We treat all vulnerabilities as viruses, send the notice and 86 the message. -David Thursday, October 19, 2006, 10:52:25 PM, you wrote: MTM Hi All, MTM Well, when responding on declude.junkmail@declude.com to Will about RFC MTM violations, I said I would test this and I did. MTM MTM While writing this message, I happened to think about attachments. It would MTM appear to me, that there is an implied possibility for attachments and MTM therefore viruses to pass through undetected. All that should be required is MTM that the lines that make up the entire email, including the attachment MTM section, be terminated with line feeds instead of carriage return/line feed MTM pairs. Under such condition, Declude would see only one line and not find MTM the relevant sections. I will test this possibility. MTM MTM Tested: Declude v3.1.1 for IMail MTM As it happens, my suspicions were accurate. I wrote a script that could be MTM modified to remove either the carriage-returns or the line-feeds from a MTM message file. I then created a message in Outlook Express, added an MTM executable file (uptime.exe) as an attachment and saved it in my Draft MTM folder. I then dragged that message to the same location as the script and MTM renamed it to match the file name in the script (Rfc.eml) I ran the script, MTM which stripped the carriage-returns and produced Rfc2.eml. I renamed MTM Rfc2.eml to RfcNoCr.eml. In the script, I then changed vbCr to vbLf and ran MTM it again, which stripped the line-feeds and produced Rfc2.eml. I renamed MTM Rfc2.eml to RfcNoLf.eml. MTM Now, to get IIS SMTP to actually process the file, you must edit each file MTM and remove the single Cr or Lf and press the Enter Key, producing a CrLf MTM pair after the To field and the From field. I also added the string No Cr MTM to the end of the subject of RfcNoCr.eml and added No Lf to the subject of MTM RfcNoLf.eml. So for example change: MTM MTM From: Michael Thomas - Mathbox [EMAIL PROTECTED][Cr]To: MTM [EMAIL PROTECTED][Cr]Subject: Test Attachment Pass-Through on RFC MTM Violation[Cr]line continues MTM MTM Change To MTM MTM From: Michael Thomas - Mathbox [EMAIL PROTECTED] MTM To: [EMAIL PROTECTED] MTM Subject: Test Attachment Pass-Through on RFC Violation No Cr[Cr]line continues MTM MTM Now it so happens, a long time ago, I wrote a couple of tests to detect MTM these RFC violations, so first I had to disable them in my GLOBAL.CFG, which MTM I did by commenting them out. Note that I also BAN the .EXE extension and I MTM left that enabled. MTM Now copy and paste the two files into the pickup directory of your favorite MTM IIS SMTP pickup
RE: [Declude.JunkMail] Suge of spam in recient week.
Will, Use Notepad to check the tail end of the file. The Declude headers may be at the end of the file. If the Declude headers are at the end of the file, note whether or not: 1. The Received: lines appear normal 2. There may or may not be some X-Header lines immediately after the Received: lines that appear normal 3. The From, To, Subject and body of the message all appear to be onone or two lines in Notepad. 4. Followed by Declude headers If the above is true, then: 1.The message is in violation of RFC in that it is missing either carriage returns or line feeds. The RFC calls for lines to be terminated by a carriage return/line feed pair. 2. This is a known issue with Declude handling these types of messages. Based on observation, it appears that Declude processes messages in line-mode rather than byte-mode. Rather interesting that Declude trusts spammers and virus writers toconstruct messages according to RFC. - Let me know what you find. While writing this message, I happened to think about attachments. It would appear to me, that there is an implied possibility for attachments and therefore viruses to pass through undetected. All that should berequired is that the lines that make up the entire email, including the attachment section, be terminated with line feeds instead of carriage return/line feed pairs. Under such condition, Declude would see only one line and not find the relevant sections. I will test this possibility. Michael ThomasMathbox978-683-67181-877-MATHBOX (Toll Free) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of WillSent: Thursday, October 19, 2006 4:52 PMTo: declude.junkmail@declude.comSubject: [Declude.JunkMail] Suge of spam in recient week. I have been getting a lot of spam reciently. The subjects are typical and the From always displays as a common first name. For each of these messages, I see no declude content. The ip and the address are not excluded or whitelisted and if it were an xheader should say it was. For some reason there is no declude processing here. Any ideas? The following is the header for one of these messages: Received: from cyrix [82.201.160.214] by mail.ncats.net with ESMTP (SMTPD-9.10) id A0881C80; Wed, 18 Oct 2006 21:10:32 -0400 Message-ID: [EMAIL PROTECTED] From: "Robert" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Cheapest way to solve health problems. Date: Thu, 19 Oct 2006 03:10:34 +0100 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="ms030809000704050003000706" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 I would normally see a header like this: Received: from 203.111.235.51 [203.111.235.51] by mail.ncats.net (SMTPD-9.10) id AD4E1464; Wed, 18 Oct 2006 20:56:46 -0400 Received: from mx3.mail.yahoo.com by 203.111.235.51 (8.12.11/8.12.11) with ESMTP id Yz77Trqj3H8fGj for [EMAIL PROTECTED]; Wed, 18 Oct 2006 21:53:53 -0400 Received: from [251.130.5.67] by mx3.mail.yahoo.com with ESMTP (Exim 4.05) id NyG7OgPl6HWI for [EMAIL PROTECTED]; Wed, 18 Oct 2006 21:53:53 -0400 Date: Wed, 18 Oct 2006 21:53:53 -0400 From: Bridgett Kim [EMAIL PROTECTED] Reply-To: Bridgett Kim [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: SEXUALLY EXPLICIT : Hidden upskirt camera shots MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-RBL-Warning: CBL: "Blocked - see http://cbl.abuseat.org/lookup.cgi?ip=203.111.235.51" X-RBL-Warning: SORBS-WEB: "Exploitable Server See: http://www.sorbs.net/lookup.shtml?203.111.235.51" X-RBL-Warning: BADWHOIS: "Inaccurate or missing WHOIS data" X-RBL-Warning: NOABUSE: "Not supporting [EMAIL PROTECTED]" X-RBL-Warning: NOPOSTMASTER: "Not supporting [EMAIL PROTECTED]" X-RBL-Warning: CMDSPACE: Space found in RCPT TO: command. X-RBL-Warning: DYNHELO: Dynamic HELO found. X-RBL-Warning: HELOBOGUS: Domain 203.111.235.51 has no MX or A records [0301]. X-RBL-Warning: REVDNS: This E-mail was sent from a MUA/MTA 203.111.235.51 with no reverse DNS entry. X-RBL-Warning: ROUTING: This E-mail was routed in a poor manner consistent with spam [210f]. X-RBL-Warning: WEIGHT10: Weight of 52 reaches or exceeds the limit of 10. X-RBL-Warning: WEIGHT14: Weight of 52 reaches or exceeds the limit of 14. X-RBL-Warning: WEIGHT20: Weight of 52 reaches or exceeds the limit of 20. X-Declude-Sender: [EMAIL PROTECTED] [203.111.235.51] X-Declude-Spoolname: Dcd4d0321c10b.smd X-Declude-RefID: X-Declude-Note: Scanned by
[Declude.JunkMail] Phone number spam
Hi All, Of those of you that examine spam messages, are you bothered by phone number spam? If you have eliminated it, how did you do that? Were you able to eliminate it with Declude? I am getting a little tired of the spammer whose number ends in 3 x 9 x 0 x 0, if you know what I mean... Michael Thomas Mathbox 978-683-6718 1-877-MATHBOX (Toll Free) --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Phone Number spammers
Hi All, Maybe my last post did not make it through some filters. Anyone interested in discussing spam containing phone numbers with ever changing character patterns? Michael Thomas Mathbox 978-683-6718 1-877-MATHBOX (Toll Free) --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Why is Declude Not Scanning This?
Hi, I reported this issue to Declude as follows: Declude v3.10 [30A-0C30A9AC-1BB6] 6/26/2006 Declude V3.11 [040-0C6669E9-2D9E] 8/7/2006 XINHEADERS not appearing in every email message for which scanning is enabled. Michael Thomas Mathbox 978-683-6718 1-877-MATHBOX (Toll Free) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Dodell Sent: Sunday, September 03, 2006 1:11 PM To: Declude.JunkMail@declude.com Subject: [Declude.JunkMail] Why is Declude Not Scanning This? I see this occasionally ... a spam message will come in, but according to the headers, it isn't even touch or scanned by Declude since none of my normal declude headers are there; the address [EMAIL PROTECTED] is NOT whitelisted, and even so, would show the declude headers still. Any ideas? David From: [EMAIL PROTECTED] Subject:Best love [EMAIL PROTECTED] at best store! Date: September 3, 2006 5:20:39 AM MST To: [EMAIL PROTECTED] Received: from friend [70.109.234.122] by stat.com with ESMTP (SMTPD-9.03) id AA770B24; Sun, 03 Sep 2006 10:01:43 -0700 Message-Id: [EMAIL PROTECTED] Mime-Version: 1.0 Content-Type: multipart/related; type=multipart/alternative; boundary=ms030208050508080001090405 X-Priority: 3 X-Msmail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-Mimeole: Produced By Microsoft MimeOLE V6.00.2900.2180 --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Version 3.1.1 Fails to add headers on COPYTO action
Hi all, I noticed in version 3.1.0 that Declude often failed to insert XINHEADER (Global.cfg) and WARN ($default$.junkmail) headers in messages sent to a mailbox using the COPYTO action. This was reported to Declude in issue [30A-0C30A9AC-1BB6]. This issue was reportedly fixed in version 3.1.1, but I have noted in Declude issue [040-0C6669E9-2D9E], that the problem still exists. Michael Thomas Mathbox 978-683-6718 1-877-MATHBOX (Toll Free) --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Number of times per test
If you do not have StopAtFirstHit enabled, then each hit adds the specified points to the total. So, set the MinWeightToFail to 10 and apply 2 point for each hit like: #SKIPIFWEIGHT 10 MINWEIGHTTOFAIL 10 #MAXWEIGHT 15 #STOPATFIRSTHIT BODY 2 CONTAINS replikas Michael Thomas Mathbox 978-683-6718 1-877-MATHBOX (Toll Free) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of IS - Systems Eng. (Karl Drugge) Sent: Friday, July 14, 2006 1:52 PM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] Number of times per test I looked through the manual, but didn't see this defined... I want a test that applies 10 points if a certain string appears in the body of a message a number of times... So if, for example, 'replikas' appears 5 times, and I want to apply ten points only if that string is there 5 times or more, what part of the test definition string do I modify ? Which variable determines that ? Or, could I assign it 2 points each time it appears ? And which variable is that ? Numberoftimes filter C:\Declude\sampletest.txt x 10 0 Karl Drugge --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Declude Config File (as shipped)
Hi, A few months back, I submitted a ticket against ENCODEDURL and IPURL in Declude 3.0.x. They did not work. At that time I was told these were non-functional stubs. Michael Thomas Mathbox 978-683-6718 1-877-MATHBOX (Toll Free) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy Schmidt Sent: Friday, July 14, 2006 1:25 PM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] Declude Config File (as shipped) Hi, A few questions/comments on the Global.cfg of V4: These config options don't seem to be documented (e.g., in the manual). I can make some assumptions regarding some - but SPAMID? SPAMIDOFF ENCODEDURLencodedurl x x 1 0 IPURL ipurl x x 2 0 The default configuration uses the following 3 blacklists. IMP-SPAM ip4rspamrbl.imp.ch This one is used, but not documented in http://www.declude.com/Articles.asp?ID=97 INTERSIL ip4rblackholes.intersil.net This one is used, but the site has a note: Undocumented but confirmed!. So may be not a good choice if no one knows what it does? JAMDNSBL This one is used, but the site has the WARNING: Lists IP ranges for some entire countries. Any blacklist that whitelists entirecountries MAY be useful for some of your customers - but it should NOT be active for ALL your customers by default! Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax:+1 201 934-9206 --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: SPAM-WARN: RE: [Declude.JunkMail] Has a 3. version been released with the same fixes as 4.2 build 20
Also, doesn't 3.1 have a problem with writing headers under specific conditions (possibly identified in 4.2 as headers sometimes not written with copyfile)? See Declude ticket [30A-0C30A9AC-1BB6]. Michael ThomasMathbox978-683-67181-877-MATHBOX (Toll Free) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mark ReimerSent: Tuesday, July 11, 2006 4:20 PMTo: declude.junkmail@declude.comSubject: SPAM-WARN: RE: [Declude.JunkMail] Has a 3. version been released with the same fixes as 4.2 build 20 So 3.10 does not have a buffer overflow in BANEXT for EVA? Mark Reimer IT Project Manager American CareSource 214-596-2464 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David BarkerSent: Tuesday, July 11, 2006 3:07 PMTo: declude.junkmail@declude.comSubject: RE: [Declude.JunkMail] Has a 3. version been released with the same fixes as 4.2 build 20 No version 3 is still 3.10 are you experiencing any of the same problems exhibited by 4 ? David B www.declude.com From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mark ReimerSent: Tuesday, July 11, 2006 4:01 PMTo: declude.junkmail@declude.comSubject: [Declude.JunkMail] Has a 3. version been released with the same fixes as 4.2 build 20 David, Has a 3. version been released with the same fixes as in 4.2 build 20? Mark Reimer IT Project Manager American CareSource 214-596-2464 ---This E-mail came from the Declude.JunkMail mailing list. Tounsubscribe, just send an E-mail to [EMAIL PROTECTED], andtype "unsubscribe Declude.JunkMail". The archives can be foundat http://www.mail-archive.com. ---This E-mail came from the Declude.JunkMail mailing list. Tounsubscribe, just send an E-mail to [EMAIL PROTECTED], andtype "unsubscribe Declude.JunkMail". The archives can be foundat http://www.mail-archive.com. ---This E-mail came from the Declude.JunkMail mailing list. Tounsubscribe, just send an E-mail to [EMAIL PROTECTED], andtype "unsubscribe Declude.JunkMail". The archives can be foundat http://www.mail-archive.com. ---This E-mail came from the Declude.JunkMail mailing list. Tounsubscribe, just send an E-mail to [EMAIL PROTECTED], andtype "unsubscribe Declude.JunkMail". The archives can be foundat http://www.mail-archive.com.
RE: SPAM-WARN: [Declude.JunkMail] FW: [SPAM]I must apologize for this unsolicited nature of my email. I am Mr. Lewis Musasike, General Manager (Treasury) of Development Bank of Southern Africa. This i
Hi, You should be able to use subjectchars to nail those birds. Examples from the default global.cfg: SUBCHARS-50 subjectchars 50 x 1 0SUBCHARS-55 subjectchars 55 x 1 0SUBCHARS-60 subjectchars 60 x 1 0 Michael ThomasMathbox978-683-67181-877-MATHBOX (Toll Free) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Marc CatuognoSent: Thursday, June 22, 2006 9:38 PMTo: declude.junkmail@declude.comSubject: SPAM-WARN: [Declude.JunkMail] FW: [SPAM]I must apologize for this unsolicited nature of my email. I am Mr. Lewis Musasike, General Manager (Treasury) of Development Bank of Southern Africa. This is an urgent and very confidential business proposition. On Is this from broken spamware? The whole pitch is in the subject What a pain to filter. From: LEWIS MUSASIKE [mailto:[EMAIL PROTECTED] Sent: Thursday, June 22, 2006 3:03 PMTo: [EMAIL PROTECTED]Subject: [SPAM]I must apologize for this unsolicited nature of my email. I am Mr. Lewis Musasike, General Manager (Treasury) of Development Bank of Southern Africa. This is an urgent and very confidential business proposition. On June 6, 2001,a Foreign Oil consult I have a new email address! You can now email me at: [EMAIL PROTECTED]- LEWIS MUSASIKE---This E-mail came from the Declude.JunkMail mailing list. Tounsubscribe, just send an E-mail to [EMAIL PROTECTED], andtype "unsubscribe Declude.JunkMail". The archives can be foundat http://www.mail-archive.com. ---This E-mail came from the Declude.JunkMail mailing list. Tounsubscribe, just send an E-mail to [EMAIL PROTECTED], andtype "unsubscribe Declude.JunkMail". The archives can be foundat http://www.mail-archive.com.
[Declude.JunkMail] Heads Up - Plain Text Base64 Not Decoded
Plain text messages (No MIME parts) with the body text encoded as BASE64 are not decoded, before the FILTERS are run against it. So, the FILTERS are run against the BASE64 encoding, not against the text that the BASE64 encoding represents. Declude FILTERS are totally ineffective against plain text messages with BASE64 encoding. Because of this, a PayPal phishing message just slipped through. Michael Thomas Mathbox 978-683-6718 1-877-MATHBOX (Toll Free) --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: Re[2]: [Declude.JunkMail] Spam
John, Do not know why they would want to rewrite the message. They should add a test name for the condition and say it failed the test. I believe it fails a Declude Virus Vulnerability test. What test is that and in what version? That wouldn't be 4.x would it? Although, that would seem a little weird as it is spam issue not a virus issue. Michael Thomas Mathbox 978-683-6718 1-877-MATHBOX (Toll Free) --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Spam
Dave, You might want to look at the NOCRTEST. See: http://www.mail-archive.com/declude.junkmail@declude.com/msg28884.html The problem is that the messages have no carriage returns. I am guessing here and that guess is based on a lot of circumstantial evidence that Declude was written in Visual Basic and uses standard line handling, which likes normal CrLf pairs. If you examine those messages in Notepad, you see that the only lines with CRs are the lines prepended by the mail server or appended by Declude. So basically, Declude sees one line and does not see anything to parse. It cannot even see the headers. However, if NoCr detects a message of that type and you give the NoCr test enough points to delete the message, Declude will delete the message. Those messages are definitely outside of the RFC, which specifies CRLF pairs at least in the headers, but I believe everywhere. I haven't seen one of those messages in a long long time. Michael Thomas Mathbox 978-683-6718 1-877-MATHBOX (Toll Free) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave Doherty Sent: Friday, May 19, 2006 9:47 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] Spam I've been seeing a lot more of that headers-at-the-bottom stuff lately where the message gets scanned but no action occurs. A lot of it doesn't have broken GIFs, just text. -d --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: Re[2]: [Declude.JunkMail] Spam
Sandy, Shrug. Never felt the desire to run dependency walker on it. I said it was a guess. I said it was circumstantial. Maybe in the end, I was hoping it was some silly language limitation that they didn't know how to get around rather than think it was a bug or even a bad assumption on the part of the company, whose tool scans my email. Don't know which would be worse. I do not know if anyone else has, but I did report the issue to Declude. I thought their response was interesting: Snip - The fact that this email contains only linefeeds and no carriage returns shows that it is a seriously broken email. The Subject: line was added by Declude because the action called for SPAM-WARN to be added, and Declude could not locate the actual subject line. Declude is not alone in having serious problems with these emails. IMail itself put headers at the end of the message because it could not figure out where the real headers ended. At some point we will have to rewrite incoming messages to make sure that lone linefeeds do not exist; however, that will incur a lot of overhead. It would have made much more sense for IMail to have done this as the message was arriving, prior to writing it to disk in the first place. - Snip Do not know why they would want to rewrite the message. They should add a test name for the condition and say it failed the test. Michael Thomas Mathbox 978-683-6718 1-877-MATHBOX (Toll Free) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sanford Whiteman Sent: Friday, May 19, 2006 11:57 PM To: Michael Thomas - Mathbox Subject: Re[2]: [Declude.JunkMail] Spam ...a lot of circumstantial evidence that Declude was written in Visual Basic... Er, what evidence was that? Declude.exe was *not* written in VB, as a quick Dependency Walker check would tell you. It's clearly always been a Win32 C/C++ app. As far as the CRLF issue goes, it's clearly buggy code, but has nothing to do with language choice. --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/do wnload/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2a liases/download/release/ http://www.imprimia.com/products/software/freeutils/ldap2alias es/download/release/ --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] OT: Recommendations? Updgrading Equipment.
Why is your service offline while you edit text files? Edit your text files. Select the zone in the DNS GUI and click Reload... Mike -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of William Stillwell Sent: Wednesday, May 03, 2006 11:22 AM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] OT: Recommendations? Updgrading Equipment. Becuase, I have to RD into the box, and manage 50 domains by editing the text files becuase ms dns doesn't allow wildcards., and if i need to edit an ip for all the domains, i have to stop the server, edit the zone files, the start the service. ms dns works fine if you have no issues editing the zone files one by one while your service is offline. - Original Message - From: Darin Cox [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Wednesday, May 03, 2006 8:46 AM Subject: Re: [Declude.JunkMail] OT: Recommendations? Updgrading Equipment. Can you clarify why you think MS DNS sucks? We've used it for years and it has worked perfectly. We also built additional tools to integrate it into our setup and management processes. The only problem or lack of functionality we've experienced is the inability to retrieve a list of subdomains programmatically without parsing the zone file. Darin. - Original Message - From: William Stillwell [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Wednesday, May 03, 2006 8:36 AM Subject: [Declude.JunkMail] OT: Recommendations? Updgrading Equipment. Anybody have any recommendations on a server upgrade? (CPU/RAM/HDD) Suggestions? Running, Imail, Declude JunkMail, Anti-Virus, Mcafee Scanner, Sniffer. As you can tell, we have a ton of Internal Mail.. We are currently running a PIII 750 w/512Mb ram, and a 30gig Scsi Mirror. (Two Drives mirrored).. I also want to Dump M$ DNS, as it sucks.. Any Suggestions on a easy to configure alternative, with possible web front end? Here are our STMP Daily Totals for the last couple days. SpamPhrase75 LocalDeliver10519 RemoteDeliver1020 SpamPhrase61 LocalDeliver9401 RemoteDeliver745 SpamPhrase44 LocalDeliver5059 RemoteDeliver73 SpamPhrase38 LocalDeliver5271 RemoteDeliver39 SpamPhrase61 LocalDeliver8657 RemoteDeliver604 SpamPhrase57 LocalDeliver10215 RemoteDeliver865 SpamPhrase77 LocalDeliver10634 RemoteDeliver807 SpamPhrase62 LocalDeliver10504 RemoteDeliver892 --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Emails not be scanned by Declude
Hi, You might want to look at the entire typical file, in Notepad or Dump it contents as hex values. I have noticed a similar percentage of spam that has no carriage returns. Which means that the Declude headers get added to the end of the file, rather than after the headers. If you also happen to run invURIBL, you will note that the currently available version does not parse the message, apparently because at most there is only one line in the message. Don't know if this is your issue, but thought I would point it out as a possiblity. If that is the case, it was fairly simple to write a test for it. Mike . - Original Message - From: David Lewis-Waller [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Tuesday, April 25, 2006 2:11 AM Subject: [Declude.JunkMail] Emails not be scanned by Declude We are noticing a large amount of email, approx 20-30%, are not being processed by Declude. Here is a typical header: Received: from friend [68.57.43.190] by mail.nthost.co.uk with ESMTP (SMTPD-8.20) id A5DA0830; Tue, 25 Apr 2006 06:38:34 +0100 Message-ID: [EMAIL PROTECTED] From: Henry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: All love enhancers on one portal! Date: Tue, 25 Apr 2006 01:36:00 +0100 MIME-Version: 1.0 Content-Type: multipart/related; type=multipart/alternative; boundary=ms020304020609000206080301 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 Does any one have any idea why Declude is not processing these. David --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Emails not be scanned by Declude
For those who would like to try it, here is the URL to ZIP file containing two tests, NoCrTest.exe and NoLFTest.exe. Per this thread, you may find the NoCrTest useful. See the file NoCrTest.txt, which is included below. Enjoy. http://www.mathbox.com/NoCrTest/NoCrTest.zip Michael Thomas Mathbox 978-683-6718 1-877-MATHBOX (Toll Free) What NoCrTest Does == NoCrTest scans the file and counts CR/LF pairs and bare LF instances. If the LF count exceeds the CRLF count, NoCrTest returns NoCrTestScore. Otherwise, it returns 0 (zero). NoCrTest is non-destructive. It writes no files and modifies nothing. It only reads the specified file and returns a value. At a minimum. IMail adds a Received: line with a CR/LF pair to the beginning of the file. Other SMTP servers may have previously prepended other Received: lines with a CR/LF pair as well. Finally, if there is no Message-ID:, IMail will insert a Message-ID:. The remainder of the file was generated by the mail tool, whether that tool was Outlook, OE, a script, or a spammer tool. NoCrTest scans the file for the following strings as a trigger that indicates it has parsed beyond the SMTP added Recieved: lines: Message-ID: Subject: Date: From: To: On seeing one of the trigger strings, NoCrTest starts counting CR/LF pairs and bare LF instances. NoCrTest reads to the end of the file or up to 500,000 bytes, whichever comes first. It then compares the CR/LF pair count to the bare LF count. If the bare LF count is more than the CR/LF pair count, NoCrTest returns the NoCrTestScore parameter. Otherwise, NoCrTest returns 0 (zero). What NoLfTest Does == NoLfTest scans the file and counts CR/LF pairs and bare CR instances. If the CR count exceeds the CR/LF count, NoLfTest returns NoLfTestScore. Otherwise, it returns 0 (zero). NoLfTest is non-destructive. It writes no files and modifies nothing. It only reads the specified file and returns a value. At a minimum. IMail adds a Received: line with a CR/LF pair to the beginning of the file. Other SMTP servers may have previously prepended other Received: lines with a CR/LF pair as well. Finally, if there is no Message-ID:, IMail will insert a Message-ID:. The remainder of the file was generated by the mail tool, whether that tool was Outlook, OE, a script, or a spammer tool. NoLfTest scans the file for the following strings as a trigger that indicates it has parsed beyond the SMTP added Recieved: lines: Message-ID: Subject: Date: From: To: On seeing one of the trigger strings, NoLfTest starts counting CR/LF pairs and bare CR instances. NoLfTest reads to the end of the file or up to 500,000 bytes, whichever comes first. It then compares the CR/LF pair count to the bare CR count. If the bare CR count is more than the CR/LF pair count, NoLfTest returns the NoLfTestScore parameter. Otherwise, NoLfTest returns 0 (zero). ZIP FILE CONTENTS == NoCrTest.exe The NoCrTest executable. NoLfTest.exe The NoLfTest executable. ManualTest.cmd An example command file for manual testing NoCrTest.txt This explanatory file FailNoCr.txt An example file that will fail NoCrTest FailNoLf.txt An example file that will fail NoLfTest USAGE == Unzip the contents of NoCrTest.zip to any directory where System has execute permission. For example, the typical Declude installation is: C:\IMail\Declude Add the plugin to your Declude GLOBAL.CFG as: NOCRTEST external weight PathToExecutable NoCrTestScore 5 0 Where PathToExecutable is the full path to invoke the executable. For example, if you unzipped NoCrTest in the typical Declude directory, the full path would be: C:\IMail\Declude\NoCrTest.exe Where NoCrTestScore is the numeric value (for example 50) returned when NoCrTest detects more bare LF than CR/LF pairs. Eaxmple of typical GLOBAL.CFG entry that returns 10 on detection: NOCRTEST external weight C:\IMail\Declude\NoCrTest.exe 10 5 0 Eaxmple of GLOBAL.CFG entry with NoCrTest in its own directory that returns 20 on detection: NOCRTEST external weight C:\NoCrTest\NoCrTest.exe 20 5 0 MANUAL TESTING == For testing, You can invoke NoCrTest manually or in a batch file: NoCrTest 1 TestMessage.ext or C:\NoCrTest\NoCrTest.exe 99 C:\IMail\Spool\proc\review\D69c8020cb758.smd LOGGING == NoCrTest performs no logging. It performs only one test which either passes or fails. Use Declude logging to track its effectiveness. SUPPORT == There is no support for NoCrTest. If it does not perform to your expectations, delete it. CAN I RENAME THE EXECUATABLE? == Sure. NoCrTest.exe does not care what its executable name is. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] NoCrTest and NoLfTest
For those who would like to try it, here is the URL to ZIP file containing two tests, NoCrTest.exe and NoLFTest.exe. Per this thread, you may find the NoCrTest useful. See the file NoCrTest.txt, which is included below. Enjoy. http://www.mathbox.com/NoCrTest/NoCrTest.zip Michael Thomas Mathbox 978-683-6718 1-877-MATHBOX (Toll Free) What NoCrTest Does == NoCrTest scans the file and counts CR/LF pairs and bare LF instances. If the LF count exceeds the CRLF count, NoCrTest returns NoCrTestScore. Otherwise, it returns 0 (zero). NoCrTest is non-destructive. It writes no files and modifies nothing. It only reads the specified file and returns a value. At a minimum. IMail adds a Received: line with a CR/LF pair to the beginning of the file. Other SMTP servers may have previously prepended other Received: lines with a CR/LF pair as well. Finally, if there is no Message-ID:, IMail will insert a Message-ID:. The remainder of the file was generated by the mail tool, whether that tool was Outlook, OE, a script, or a spammer tool. NoCrTest scans the file for the following strings as a trigger that indicates it has parsed beyond the SMTP added Recieved: lines: Message-ID: Subject: Date: From: To: On seeing one of the trigger strings, NoCrTest starts counting CR/LF pairs and bare LF instances. NoCrTest reads to the end of the file or up to 500,000 bytes, whichever comes first. It then compares the CR/LF pair count to the bare LF count. If the bare LF count is more than the CR/LF pair count, NoCrTest returns the NoCrTestScore parameter. Otherwise, NoCrTest returns 0 (zero). What NoLfTest Does == NoLfTest scans the file and counts CR/LF pairs and bare CR instances. If the CR count exceeds the CR/LF count, NoLfTest returns NoLfTestScore. Otherwise, it returns 0 (zero). NoLfTest is non-destructive. It writes no files and modifies nothing. It only reads the specified file and returns a value. At a minimum. IMail adds a Received: line with a CR/LF pair to the beginning of the file. Other SMTP servers may have previously prepended other Received: lines with a CR/LF pair as well. Finally, if there is no Message-ID:, IMail will insert a Message-ID:. The remainder of the file was generated by the mail tool, whether that tool was Outlook, OE, a script, or a spammer tool. NoLfTest scans the file for the following strings as a trigger that indicates it has parsed beyond the SMTP added Recieved: lines: Message-ID: Subject: Date: From: To: On seeing one of the trigger strings, NoLfTest starts counting CR/LF pairs and bare CR instances. NoLfTest reads to the end of the file or up to 500,000 bytes, whichever comes first. It then compares the CR/LF pair count to the bare CR count. If the bare CR count is more than the CR/LF pair count, NoLfTest returns the NoLfTestScore parameter. Otherwise, NoLfTest returns 0 (zero). ZIP FILE CONTENTS == NoCrTest.exe The NoCrTest executable. NoLfTest.exe The NoLfTest executable. ManualTest.cmd An example command file for manual testing NoCrTest.txt This explanatory file FailNoCr.txt An example file that will fail NoCrTest FailNoLf.txt An example file that will fail NoLfTest USAGE == Unzip the contents of NoCrTest.zip to any directory where System has execute permission. For example, the typical Declude installation is: C:\IMail\Declude Add the plugin to your Declude GLOBAL.CFG as: NOCRTEST external weight PathToExecutable NoCrTestScore 5 0 Where PathToExecutable is the full path to invoke the executable. For example, if you unzipped NoCrTest in the typical Declude directory, the full path would be: C:\IMail\Declude\NoCrTest.exe Where NoCrTestScore is the numeric value (for example 50) returned when NoCrTest detects more bare LF than CR/LF pairs. Eaxmple of typical GLOBAL.CFG entry that returns 10 on detection: NOCRTEST external weight C:\IMail\Declude\NoCrTest.exe 10 5 0 Eaxmple of GLOBAL.CFG entry with NoCrTest in its own directory that returns 20 on detection: NOCRTEST external weight C:\NoCrTest\NoCrTest.exe 20 5 0 MANUAL TESTING == For testing, You can invoke NoCrTest manually or in a batch file: NoCrTest 1 TestMessage.ext or C:\NoCrTest\NoCrTest.exe 99 C:\IMail\Spool\proc\review\D69c8020cb758.smd LOGGING == NoCrTest performs no logging. It performs only one test which either passes or fails. Use Declude logging to track its effectiveness. SUPPORT == There is no support for NoCrTest. If it does not perform to your expectations, delete it. CAN I RENAME THE EXECUATABLE? == Sure. NoCrTest.exe does not care what its executable name is. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Under specific conditions, action not as specified
Declude Version: 3.0.5.23 In JunkMail, a message scores more than enough points to be DELETED. In VIRUS.CFG AVAFTERJM ON DELETEVULNERABILITIES OFF The result is that the message is moved to the /sppol/virus folder. It should have been deleted Michael Thomas Mathbox 978-683-6718 1-877-MATHBOX (Toll Free)
[Declude.JunkMail] Apologies
Hi All, I inadvertently sent a plain text message encoded as base64 to list. I had been comparing spammer generated plain text messages encoded as base64 to the same generated by Outlook Express. I forgot to switch it back. My Apologies, Michael Thomas Mathbox 978-683-6718 1-877-MATHBOX (Toll Free) --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] SmarterMail 3.x
Kevin, Just a thought here. With the IMail single file storage environment, having an alias trigger a program was a convenient solution. However, the SmarterMail storage is one file per message. It should be fairly simple to set up a directory monitor that watches/checks for new files and processes whatever it finds. Mike - Original Message - From: Kevin Bilbee [EMAIL PROTECTED] To: JunkMail Declude declude.junkmail@declude.com Sent: Thursday, February 09, 2006 3:19 PM Subject: [Declude.JunkMail] SmarterMail 3.x Does anyone know if SmarterMail has Program aliases. I have checked the docs and am going back and forth with SmarterTools sales, but not to be found. It is the only missing feature I would need to move away from Imail. So now here is my declude question. Could I use smartermail/declude, with an external test, to identify a message form a specific account then process and move the message/delete a message to where I would like. What would happen when declude gets control back and the message no longer exists? We currently use program aliases to process EDI orders from customers. Kevin Bilbee Network Administrator Standard Abrasives, Inc. [EMAIL PROTECTED] (805) 520-5800 x7332 Changing the way industry works. --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] [OT] SmarterMail 3.x
Kevin, As I recall, yes. Also note that SmarterMail provides a COM object interface for pulling the message out of the file. I believe The COM object also provides for disposing of the message when you are done with it. If I am little vague, I apologize. I haven't looked at it in quite a while, even though I am licensed for the 2.x version. Mike - Original Message - From: Kevin Bilbee [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Thursday, February 09, 2006 6:30 PM Subject: [Declude.JunkMail] [OT] SmarterMail 3.x Are you saying the mailbox is a folder and it contains one message per file? Kevin -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Michael Thomas - Mathbox Sent: Thursday, February 09, 2006 3:21 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] SmarterMail 3.x Kevin, Just a thought here. With the IMail single file storage environment, having an alias trigger a program was a convenient solution. However, the SmarterMail storage is one file per message. It should be fairly simple to set up a directory monitor that watches/checks for new files and processes whatever it finds. Mike - Original Message - From: Kevin Bilbee [EMAIL PROTECTED] To: JunkMail Declude declude.junkmail@declude.com Sent: Thursday, February 09, 2006 3:19 PM Subject: [Declude.JunkMail] SmarterMail 3.x Does anyone know if SmarterMail has Program aliases. I have checked the docs and am going back and forth with SmarterTools sales, but not to be found. It is the only missing feature I would need to move away from Imail. So now here is my declude question. Could I use smartermail/declude, with an external test, to identify a message form a specific account then process and move the message/delete a message to where I would like. What would happen when declude gets control back and the message no longer exists? We currently use program aliases to process EDI orders from customers. Kevin Bilbee Network Administrator Standard Abrasives, Inc. [EMAIL PROTECTED] (805) 520-5800 x7332 Changing the way industry works. --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. N-±¢®±yuu¹¢Sjj®.rx---N²rz¶uT¶j®ryjÊz±mrx.jSqy?ÿÂ.? --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. N¬f¢¬±Æ§ç_¢»â®ë±¼yÉnuá 0uç%¹×¢dáÁj)\jg® àÞr[x§Æ¢f¢)à+-N§²æìr¸z;¬¶Ç§u©Ä¨¥¶¦j)l®÷^r[yÊjwmʮ˱ÊâmàÞr[x§Æ¢8^j·!÷¬q©Ûyú.ÖÛiÿü0Âf¢ªÜ+Þr
Re: [Declude.JunkMail] OT Snow
Yeah, and the earthquakes are not seasonal at all. :) Mike - Original Message - From: John T (Lists) [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Saturday, December 03, 2005 2:51 PM Subject: RE: [Declude.JunkMail] OT Snow Now wait just a carn cerned minute. Our time is short enough as it is without getting rid of 3 months. Besides, temperatures are just fine here in Southern California. ;-) John T eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- [EMAIL PROTECTED] On Behalf Of Matt Sent: Saturday, December 03, 2005 11:06 AM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] OT Snow It was 65 degrees last week in Upstate NY, almost a record high. Now of course it is quite seasonal and I am afraid that we won't see those temps again until March or April. Fear not, there is no ice age on the horizon...except of course what is expected. I wouldn't care at all if the year was 3 months shorter. Matt Orin Wells wrote: We had a blanket of snow here in the Seattle area Thursday night too - still hanging around. We had almost zero snow last year. All the ski areas are in operation. Some opened a month ago - the earliest in decades. Maybe we are going into the next ice age? At 09:08 AM 12/3/2005, you wrote: let me know if you get the BANEXT .snow working, we got 24 inches yesterday and last night, good ol Lake Erie lake effect snow... sigh Rick Davidson National Systems Manager North American Title Group - - Original Message - From: Markus Gufler [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Saturday, December 03, 2005 3:49 AM Subject: RE: [Declude.JunkMail] Paranoia What's even funnier is by the time I am ready to get in bed, Europe is going to work. yawning mmmh, what? ... ... Ah, hi guys, good morning from Europe! We've around 12 inches of snow here over night. Where's the snowshovel? Maybe I will add BANEXT .snow to my config file ;-) /yawning Markus --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] OT - At wits end
Andrew, I was reading your reponse, thinking This is one of the more lucid responses coming from the list (There is a huge amount of useful information from the list, but not all of it is lucid. Sometimes you have to dig for the gems.). And then I got down to the last paragraph and read hinky results! I almost fell out of my chair laughing... Don't get me wrong, I have used the word myself. But seeing it at the end of that response was like being handed the punch line to joke. So you have provided useful feedback AND brightened at least one persons day... Mike - Original Message - From: Colbeck, Andrew [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Wednesday, November 30, 2005 12:53 PM Subject: RE: [Declude.JunkMail] OT - At wits end My two cents ... John and Matt are offering sound best practices advice for installing a cacheing only DNS on your Windows 2000. It's dead easy, and you'll find that your queries to find mail servers and RBL answers are faster. Cacheing only means that this DNS service on your Imail server won't be responsible for serving up any zones, so you don't need to worry about messing that up. If you're worried about the bad guys (of course!), you can easily configure the service to only accept queries from your internal machines by IP, and/or use your firewall to block inbound queries. I tested using the nameserver you cited to look up ucancap.org and found that it could timeout, but once I got the record, it would be cached for 24 hours. I found that the reply came by UDP, was less than 512 bytes, and nicely included the IP address of the MX host along with the MX record. I noted that, at least from my network, I had really good tracert times (but they block ICMP). Their mailhost is slow to respond; reaching them, I see that their HELO greeting is barracuda.ucancap.org so I'd have to wonder how long they've had an antispam device from barracuda.com in front of their real mail host, and is this when you stopped being able to send them mail? ... I just did some nslookup tests using ns1.dnswizards.com and also ns2.dnswizards.com and get hinky results, with ridiculous timeouts. I'd suggest that if nothing else, you stop using them for your DNS queries! Andrew 8) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Orin Wells Sent: Wednesday, November 30, 2005 8:09 AM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] OT - At wits end At 11:03 PM 11/29/2005, Dave Doherty wrote: Hi, Orin- A couple of suggestions First, look at your HOSTS file in c:\winnt\system32\drivers\etc to see if 64.62.134.10 is listed there. Delete the entry if you find it there. Thanks. Done that. Nothing there. Next, add DNS service to your IMail server. I have been hesitant to do our own DNS services because of others who have told me doing your own DNS can become a full time job. I am assuming they are talking about a registered DNS server when every hacker in the world wants to play with it. I hadn't thought about activating DNS though. We are running a 2000 server and I would have to figure out how to turn it on. We will be going to 2003 soon if we can ever get the servers running correctly. I hate hardware!! Set the DNS servers in Network Properties to known-good upstream DNS resolvers. Other than this, the primary servers for all our domains are thought to be good. I believe they have another server we could add to the stream. Set the DNS address in IMail to 127.0.0.1. This has the effect of providing mulitple DNS servers to IMail. Ahhh. That was a piece I was missing here. We have 64.85.13.6 which is the primary DNS server. Will this then use the servers in Network Properties or is it going to expect the local server to be providing DNS services? Thanks for the suggestions. -d - Original Message - From: Orin Wells [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Wednesday, November 30, 2005 1:35 AM Subject: [Declude.JunkMail] OT - At wits end We have a bit of a puzzler with one our clients in trying to communicate with another domain. What happens is they get 20 attempts failure to deliver. What is REALLY happening is that the DNS servers that service our environment do not see the target domain for some unknown reason and thus iMail is unable to resolve the domain to an ip address for delivery. And since our imail server is pointing to one of these DNS servers as our primary server I have been unable to find a way around the problem. It seems to have started on or about November 9th when the firewall at the target site received the last message from our server. We think something changed but no one will admit to anything changing. The sending environment is running under iMail 7.07 and is cado-oregon.org (IP 64.85.18.53). There are two dns servers providing our DNS: ns1.dnswizards.com and
Re: [Declude.JunkMail] OT: SmarterMail auto-create users
Robert, I have not programmed to SmarterMail API's, but I did look at them some time ago. As I recall, the API is just a COM object, which you can call from ASP. I don't believe ASP.NET is required for the management end. Mike - Original Message - From: Robert E. Spivack [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Tuesday, October 25, 2005 2:47 PM Subject: [Declude.JunkMail] OT: SmarterMail auto-create users Hi, I have a question for those of you that are using SmarterMail. We are looking at the software to determine how we can link it to our user creation process. Currently, we have both classic asp (ASP not ASP.NET) and php scripts that create users by POSTing to a form. The back-end of the form hander spawns a commandline to actually create the user. SmarterMail has a web services programmatic interface, but we'd prefer not to write completely new software in ASP.NET Does anyone have a wrapper or some other method that will allow us to continue to use our existing ASP and PHP scripts by (hopefully) only changing the back-end form handler? --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Adding Filter Match Text to header
Hi, Is there a way to add the matching text from a filter to the headers of the message? I only see a way to indicate that a filter failed: MYFILTER WARN X-Warning: Failed FILTER Thank You, Mike --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] OT: Co-Location Space
Hi, No, actually they monitor specific channels to determine if advertisements appeared on that channel and at what times. They also collect information on what shows were running when the advertisements appeared. Because much of cable advertising is geographically driven, they need access to cable TV in specific geographic areas. Mike - Original Message - From: William Stillwell [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Friday, June 17, 2005 11:42 PM Subject: Re: [Declude.JunkMail] OT: Co-Location Space It sounds like there trying to start a service like WebVCR which was of course shutdown by the MPAA.. - Original Message - From: Michael Thomas - Mathbox [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Friday, June 17, 2005 5:51 PM Subject: [Declude.JunkMail] OT: Co-Location Space Hi All, I have a customer that is looking for co-location space in 50+ locations all over the US. There main requirement is a local cable TV feed. They will pay to have their own drop installed from the street. Their equipment is 50% rack-mount and 50% tower. Cabinet, rack, or wire shelf will work. Their requirements are: 10U 128k 2 IP's 3-5 amps Cable TV feed If you are interested, please contact me off list at [EMAIL PROTECTED] Below is a list of locations. Thank You, Michael Thomas Mathbox Anchorage AK Fairbanks AK Juneau AK Dothan AL Jonesboro AR Palm Springs CA Yuma-El Centro CA Eureka CA Grand Junction-Montrose CO Panama City FL Gainesville FL Ottumwa-Kirksville IA Idaho Falls-Pocatello ID Twin Falls ID Lafayette IN Bowling Green KY Alexandra LA Lake Charles LA Bangor ME Presque Isle ME Marquette MI Alpena MI Mankato MN St Joseph MO Biloxi-Gulfport MS Hattiesburg-Laurel MS Greenwood-Greenville MS Meridian MS Missoula MT Billings MT Great Falls MT Butte-Boseman MT Helena MT Glendive MT Minot-Bismarck-Dickinson ND North Platte NE Binghamton NY Utica NY Watertown NY Wheeling-Steubenville OH Lima OH Zanesville OH Bend OR Rapod City SD Jackson TN Odessa-Midland TX Abilene-Sweetwater TX Laredo TX San Angelo TX Victoria TX Sherman-Ada TX/OK Harrisonburg VA Charlottesville VA Clarksburg-Weston WV Parkersburg WV Casper-Riverton WY Cheyenne-Scottsbluff WY/NE --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This email has been scanned for possible viruses by Declude Antivirus. For more information on Declude Antivirus, Visit www.declude.com --- This email has been scanned for possible viruses by Declude Antivirus. For more information on Declude Antivirus, Visit www.declude.com --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] AutoWhiteList
Serge, The javascript checker shipped with standard web mail templates (V8.05 I have 8.14, but did not test) will not allow @domain.com to be added. The checker requires [EMAIL PROTECTED] Javascript checkers with other template sets may allow it. Or you could modify the checker to allow it. You can add @domain.com as a contact in the contact list. Note that AFAIK Declude still only whitelists the first address in a contact list. I reported that issue to Declude on 5/24/2004. I have not heard that it was fixed. Note that the issue is I may have an address in a contact list that is not anywhere else in my address book. And a final note regarding whitelisting, which is still true AFAIK. Assume the situation, [EMAIL PROTECTED], [EMAIL PROTECTED], and [EMAIL PROTECTED] are valid email addresses and that emailb has emaila listed in emailb's addresss book. If emaila sends a message to emailc on the TO line and puts emailb on the BCC line, then the message is whitelisted for both emailb AND emailc. If you have XINHEADER X-Message: %TESTSFAILED% in your rules, you will see that the headers of each recipient indicated the sender was whitelisted. I would have expected the message to be processed on the merits of each recipients settings, including whitelisting by address book. Mike - Original Message - From: Serge [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, December 12, 2004 7:48 PM Subject: [Declude.JunkMail] AutoWhiteList Can we use @domain.com in our webmail adress book to whitelist all mail from specific domain ? also, if one of the recepient has the sender in his adress book, this will whitelist for all recepients, correct ? TIA --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.