RE: [Declude.JunkMail] Dictionary attacks --- anyone have any solutions.
Yes. Soil-tech.com is a local domain that we host and Tony is a valid user on that domain. It almost appears that Imail is seeing his OutlookExpress as a mail server, not a authenticated mail client. Any other suggestions? In this case, I would suggest using the debug mode to track the problem. To use the debug mode, you can change the "LOGLEVEL LOW" line in \IMail\Declude\global.cfg to "LOGLEVEL DEBUG". Then, have the user try sending another E-mail through (or you can send one using his return address), and then switch back to "LOGLEVEL LOW" (the debug mode adds huge amounts of information to the log file). You can then send me the \IMail\spool\dec.log file (as an attachment, off the list, NOT sent from web messaging), and I can take a look at it to see why this is happening. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Dictionary attacks --- anyone have any solutions.
Yes. Soil-tech.com is a local domain that we host and Tony is a valid user on that domain. It almost appears that Imail is seeing his OutlookExpress as a mail server, not a authenticated mail client. Any other suggestions? Todd Holt Xidix Technologies, Inc Las Vegas, NV USA www.xidix.com 702.319.4349 > -Original Message- > From: [EMAIL PROTECTED] [mailto:Declude.JunkMail- > [EMAIL PROTECTED] On Behalf Of R. Scott Perry > Sent: Saturday, October 11, 2003 5:37 AM > To: [EMAIL PROTECTED] > Subject: RE: [Declude.JunkMail] Dictionary attacks --- anyone have any > solutions. > > > >I have a customer using Outlook Express 6 and each message he sends > >fails the HELOBOGUS test as shown below: > > > >10/10/2003 14:45:30 Q28770c310140cd76 Msg failed HELOBOGUS (Domain TONY > >has no MX or A records.). Action=HEADER. > >10/10/2003 14:45:30 Q28770c310140cd76 From: [EMAIL PROTECTED] To: > >[EMAIL PROTECTED] IP: 24.234.126.165 ID: > > > >What would cause this? > > Is "soil-tech.com" a local domain? If not, the sender needs to use a > valid > host name in the HELO/EHLO data that it sends. "TONY" is not a valid > Internet host name. > > -Scott > --- > Declude JunkMail: The advanced anti-spam solution for IMail mailservers. > Declude Virus: Catches known viruses and is the leader in mailserver > vulnerability detection. > Find out what you've been missing: Ask about our free 30-day evaluation. > > --- > [This E-mail was scanned for viruses by Declude Virus > (http://www.declude.com)] > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. > --- > [This E-mail scanned for viruses by Declude Virus > (http://www.declude.com)] --- [This E-mail scanned for viruses by Declude Virus (http://www.declude.com)] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Dictionary attacks --- anyone have any solutions.
I have a customer using Outlook Express 6 and each message he sends fails the HELOBOGUS test as shown below: 10/10/2003 14:45:30 Q28770c310140cd76 Msg failed HELOBOGUS (Domain TONY has no MX or A records.). Action=HEADER. 10/10/2003 14:45:30 Q28770c310140cd76 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] IP: 24.234.126.165 ID: What would cause this? Is "soil-tech.com" a local domain? If not, the sender needs to use a valid host name in the HELO/EHLO data that it sends. "TONY" is not a valid Internet host name. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Dictionary attacks --- anyone have any solutions.
I have a customer using Outlook Express 6 and each message he sends fails the HELOBOGUS test as shown below: 10/10/2003 14:45:30 Q28770c310140cd76 HELOBOGUS:6 . Total weight = 6 10/10/2003 14:45:30 Q28770c310140cd76 Msg failed HELOBOGUS (Domain TONY has no MX or A records.). Action=HEADER. 10/10/2003 14:45:30 Q28770c310140cd76 Msg failed WEIGHTHEADER (Weight of 6 reaches or exceeds the limit of 1.). Action=IGNORE. 10/10/2003 14:45:30 Q28770c310140cd76 L1 Message OK 10/10/2003 14:45:30 Q28770c310140cd76 Subject: test from tony 10/10/2003 14:45:30 Q28770c310140cd76 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] IP: 24.234.126.165 ID: What would cause this? Todd Holt Xidix Technologies, Inc Las Vegas, NV USA www.xidix.com 702.319.4349 --- [This E-mail scanned for viruses by Declude Virus (http://www.declude.com)] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Dictionary attacks --- anyone have any solutions.
Hi Chuck: We have done that and it works great for us. We have designed a database that all spam data goes in there. All filter parameters are entered in a relational table. We have a script that downloads various queries into text files and then they are copied on a schedule in the IMail directory. - Stop SMTP service - Copy all files - Start SMTP service All people do is when they see a spam in the spam account they enter it in the replicated database which then does everything automatically. I am sure there is an easier way but with our system we can simply state a 7 month window for queries so all entries are not always entered. Regards, Kami -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chuck Schick Sent: Friday, October 10, 2003 1:03 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Dictionary attacks --- anyone have any solutions. Thanks Scott: The reason blocking IPs is not the answer is because I would have to spend 24 hours a day doing it. Also Imail's control access list is just a list of IPs. It would be nice if the list was part of a database where you could put dates and reasons for blacklisting IPs - Chuck Schick Warp 8, Inc. 303-421-5140 www.warp8.com > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of R. Scott Perry > Sent: Friday, October 10, 2003 10:24 AM > To: [EMAIL PROTECTED] > Subject: Re: [Declude.JunkMail] Dictionary attacks --- anyone have any > solutions. > > > > >We are constantly getting hammered with dictionary attacks. > Does anyone > >have any solutions? Does the new version of Imail address > this issue? > >Whenever I check a lot of it comes from open proxies. > > > >Blocking the IPs is not a solution. Any ideas are appreciated. > > Blocking the IPs is the only solution. :) > > Some people have reported that BlackIce Server can be set up to stop > dictionary attacks (check the IMail and Declude JunkMail forum > archives for "BlackIce", and you should be able to find more > information). > > IMail doesn't address this issue, nor can addons to IMail effectively > do so, since Ipswtich doesn't document the file format used for their > control access file. > > -Scott > --- > Declude JunkMail: The advanced anti-spam solution for IMail > mailservers. > Declude Virus: Catches known viruses and is the leader in mailserver > vulnerability detection. > Find out what you've been missing: Ask about our free 30-day > evaluation. > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Dictionary attacks --- anyone have any solutions.
Thanks Scott: The reason blocking IPs is not the answer is because I would have to spend 24 hours a day doing it. Also Imail's control access list is just a list of IPs. It would be nice if the list was part of a database where you could put dates and reasons for blacklisting IPs - Chuck Schick Warp 8, Inc. 303-421-5140 www.warp8.com > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of R. Scott Perry > Sent: Friday, October 10, 2003 10:24 AM > To: [EMAIL PROTECTED] > Subject: Re: [Declude.JunkMail] Dictionary attacks --- anyone have any > solutions. > > > > >We are constantly getting hammered with dictionary attacks. > Does anyone > >have any solutions? Does the new version of Imail address > this issue? > >Whenever I check a lot of it comes from open proxies. > > > >Blocking the IPs is not a solution. Any ideas are appreciated. > > Blocking the IPs is the only solution. :) > > Some people have reported that BlackIce Server can be set up to stop > dictionary attacks (check the IMail and Declude JunkMail > forum archives for > "BlackIce", and you should be able to find more information). > > IMail doesn't address this issue, nor can addons to IMail > effectively do > so, since Ipswtich doesn't document the file format used for > their control > access file. > > -Scott > --- > Declude JunkMail: The advanced anti-spam solution for IMail > mailservers. > Declude Virus: Catches known viruses and is the leader in mailserver > vulnerability detection. > Find out what you've been missing: Ask about our free 30-day > evaluation. > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Dictionary attacks --- anyone have any solutions.
I use BlackIce server. Give me an idea as to what to look for and I will tell you if it is working. Fred - Original Message - From: "R. Scott Perry" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, October 10, 2003 12:23 PM Subject: Re: [Declude.JunkMail] Dictionary attacks --- anyone have any solutions. > > >We are constantly getting hammered with dictionary attacks. Does anyone > >have any solutions? Does the new version of Imail address this issue? > >Whenever I check a lot of it comes from open proxies. > > > >Blocking the IPs is not a solution. Any ideas are appreciated. > > Blocking the IPs is the only solution. :) > > Some people have reported that BlackIce Server can be set up to stop > dictionary attacks (check the IMail and Declude JunkMail forum archives for > "BlackIce", and you should be able to find more information). > > IMail doesn't address this issue, nor can addons to IMail effectively do > so, since Ipswtich doesn't document the file format used for their control > access file. > > -Scott > --- > Declude JunkMail: The advanced anti-spam solution for IMail mailservers. > Declude Virus: Catches known viruses and is the leader in mailserver > vulnerability detection. > Find out what you've been missing: Ask about our free 30-day evaluation. > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. > --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Dictionary attacks --- anyone have any solutions.
We are constantly getting hammered with dictionary attacks. Does anyone have any solutions? Does the new version of Imail address this issue? Whenever I check a lot of it comes from open proxies. Blocking the IPs is not a solution. Any ideas are appreciated. Blocking the IPs is the only solution. :) Some people have reported that BlackIce Server can be set up to stop dictionary attacks (check the IMail and Declude JunkMail forum archives for "BlackIce", and you should be able to find more information). IMail doesn't address this issue, nor can addons to IMail effectively do so, since Ipswtich doesn't document the file format used for their control access file. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Dictionary attacks --- anyone have any solutions.
We are constantly getting hammered with dictionary attacks. Does anyone have any solutions? Does the new version of Imail address this issue? Whenever I check a lot of it comes from open proxies. Blocking the IPs is not a solution. Any ideas are appreciated. Chuck Schick Warp 8, Inc. 303-421-5140 www.warp8.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
