Re: [Declude.JunkMail] [IMail Forum] odd behavior
That's the thing, I have one white list file (hate whitelists) and ameripride is not in it Did anything change in declude junkmail lately in reguards to whitelists (I just upgrade 2 nights ago)? All I have for references to whitelist are : $default.junkmail WHITELISTFILE D:\Imail\Declude\AWHITELST.txt #note AWhitelst.txt does not include ameripride.org Global.cfg CODE LOGFILE d:\declude\logfiles\dec.logLOGLEVEL LOWHOP 0HIDETESTSCATCHALLMAILS IPNOTINMX NOLEGITCONTENTXINHEADERX-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam.XINHEADERX-Spam-Tests-Failed: %TESTSFAILED% [%WEIGHT%]XINHEADERX-Country-Chain: %COUNTRYCHAIN%XOUTHEADERX-Note: E-mail scanned by Declude-JunkMail for spam by CRC.XSENDERONXSPOOLNAMEONXINHEADERX-Note: This E-mail was sent from %REVDNS% ([%REMOTEIP%]).PREWHITELISTONAUTOWHITELIST ONWHITELISTAUTH . . WHITELIST IP 192.168.0.182WHITELIST IP 192.168.0.85WHITELIST IP 192.168.0.86 #Servers on local network (not exposed to public) that send emails (status reports) - Original Message - From: E. Shanbrom (Ipswitch) To: IMail_Forum@list.ipswitch.com Sent: Thursday, February 24, 2005 2:48 PM Subject: Re: [IMail Forum] odd behavior Says ameripride.org is on the whitelist (decludes not IMail's) Eric S - Original Message - From: Doug Anderson To: IMail_Forum@list.ipswitch.com Sent: Thursday, February 24, 2005 3:03 PM Subject: Re: [IMail Forum] odd behavior Trying to figure out why it's white listed. 02:22 07:40 SMTPD(3664039604421990) [192.168.0.135] connect 221.127.179.32 port 119402:22 07:41 SMTPD(3664039604421990) [221.127.179.32] HELO 67.130.17.12602:22 07:41 SMTPD(3664039604421990) [221.127.179.32] MAIL FROM: [EMAIL PROTECTED]02:22 07:41 SMTPD(3664039604421990) [221.127.179.32] RCPT TO: [EMAIL PROTECTED]02:22 07:41 SMTPD(3664039604421990) [221.127.179.32] RCPT TO: [EMAIL PROTECTED]02:22 07:41 SMTPD(3664039604421990) [221.127.179.32] RCPT TO: [EMAIL PROTECTED]02:22 07:41 SMTPD(3664039604421990) [221.127.179.32] d:\IMail\spool\D3664039604421990.SMD 20102:22 07:41 SMTP-(3664039604421990) processing d:\IMail\spool\Q3664039604421990.SMD02:22 07:41 SMTPD(3664039604421990) [ameripride.org] in white list02/22/2005 07:41:11 Q3664039604421990 Scanned: Virus Free 02/22/2005 07:41:14 Q3664039604421990 L1 Message OK02/22/2005 07:41:14 Q3664039604421990 Tests failed [weight=25]: BADHEADERS=WARN CMDSPACE=WARN IPNOTINMX=IGNORE NOLEGITCONTENT=IGNORE REVDNS=WARN TLD=WARN COUNTRY=WARN WEIGHT10PLUS=SUBJECT CATCHALLMAILS=IGNORE 02/22/2005 07:41:14 Q3664039604421990 L2 Message OK02/22/2005 07:41:14 Q3664039604421990 Tests failed [weight=25]: BADHEADERS=WARN CMDSPACE=WARN IPNOTINMX=IGNORE NOLEGITCONTENT=IGNORE REVDNS=WARN TLD=WARN COUNTRY=WARN WEIGHT10PLUS=SUBJECT CATCHALLMAILS=IGNORE 02/22/2005 07:41:14 Q3664039604421990 Skipping4 E-mail from [EMAIL PROTECTED]; whitelisted [EMAIL PROTECTED]02/22/2005 07:41:14 Q3664039604421990 Skipping4 E-mail from [EMAIL PROTECTED]; whitelisted [EMAIL PROTECTED]02/22/2005 07:41:14 Q3664039604421990 L3 Message OK02/22/2005 07:41:14 Q3664039604421990 Tests failed [weight=0]: CATCHALLMAILS=IGNORE 02:22 07:41 SMTP-(3664039604421990) ldeliver mail.ameripride.org maria.snyder-main (1) [EMAIL PROTECTED] 97202:22 07:41 SMTP-(3664039604421990) ldeliver mail.ameripride.org reggie.licari-main (1) [EMAIL PROTECTED] 97202:22 07:41 SMTP-(3664039604421990) ldeliver mail.ameripride.org richard.boudreau-main (1) [EMAIL PROTECTED] 97202:22 07:41 SMTP-(3664039604421990) finished d:\IMail\spool\Q3664039604421990.SMD status=1 - Original Message - From: Travis Rabe To: IMail_Forum@list.ipswitch.com Sent: Thursday, February 24, 2005 1:09 PM Subject: RE: [IMail Forum] odd behavior What do the logs show you? T From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Doug AndersonSent: Thursday, February 24, 2005 11:04 AMTo: IMail_Forum@list.ipswitch.comSubject: [IMail Forum] odd behavior I have the following type of email showing up...basically blank. I'm trying to figure out if our imail server is hacked or something - because it's coming from local host. Any ideas here? Got 8.15 and the most current release of declude running. Received: from 67.130.17.126 [221.127.179.32] by mail.ameripride.org (SMTPD32-8.15) id A66D3960442; Tue, 22 Feb 2005 07:41:01 -0600Received: from localhost (HELO localhost [127.0.0.1])by
RE: [Declude.JunkMail] [IMail Forum] odd behavior
As AUTOWHITELIST ON is in your global.cfg is it possible that ameripride.org is in an address book ? David B www.declude.com From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Doug Anderson Sent: Thursday, February 24, 2005 4:13 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] [IMail Forum] odd behavior That's the thing, I have one white list file (hate whitelists) and ameripride is not in it Did anything change in declude junkmail lately in reguards to whitelists (I just upgrade 2 nights ago)? All I have for references to whitelist are : $default.junkmail WHITELISTFILE D:\Imail\Declude\AWHITELST.txt #note AWhitelst.txt does not include ameripride.org Global.cfg CODE LOGFILE d:\declude\logfiles\dec.log LOGLEVELLOW HOP 0 HIDETESTS CATCHALLMAILS IPNOTINMX NOLEGITCONTENT XINHEADER X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. XINHEADER X-Spam-Tests-Failed: %TESTSFAILED% [%WEIGHT%] XINHEADER X-Country-Chain: %COUNTRYCHAIN% XOUTHEADER X-Note: E-mail scanned by Declude-JunkMail for spam by CRC. XSENDER ON XSPOOLNAME ON XINHEADER X-Note: This E-mail was sent from %REVDNS% ([%REMOTEIP%]). PREWHITELIST ON AUTOWHITELIST ON WHITELIST AUTH . . WHITELIST IP 192.168.0.182 WHITELIST IP 192.168.0.85 WHITELIST IP 192.168.0.86 #Servers on local network (not exposed to public) that send emails (status reports) - Original Message - From: E. Shanbrom (Ipswitch) mailto:[EMAIL PROTECTED] To: IMail_Forum@list.ipswitch.com Sent: Thursday, February 24, 2005 2:48 PM Subject: Re: [IMail Forum] odd behavior Says ameripride.org is on the whitelist (decludes not IMail's) Eric S - Original Message - From: Doug Anderson mailto:[EMAIL PROTECTED] To: IMail_Forum@list.ipswitch.com Sent: Thursday, February 24, 2005 3:03 PM Subject: Re: [IMail Forum] odd behavior Trying to figure out why it's white listed. 02:22 07:40 SMTPD(3664039604421990) [192.168.0.135] connect 221.127.179.32 port 1194 02:22 07:41 SMTPD(3664039604421990) [221.127.179.32] HELO 67.130.17.126 02:22 07:41 SMTPD(3664039604421990) [221.127.179.32] MAIL FROM: [EMAIL PROTECTED] 02:22 07:41 SMTPD(3664039604421990) [221.127.179.32] RCPT TO: [EMAIL PROTECTED] 02:22 07:41 SMTPD(3664039604421990) [221.127.179.32] RCPT TO: [EMAIL PROTECTED] 02:22 07:41 SMTPD(3664039604421990) [221.127.179.32] RCPT TO: [EMAIL PROTECTED] 02:22 07:41 SMTPD(3664039604421990) [221.127.179.32] d:\IMail\spool\D3664039604421990.SMD 201 02:22 07:41 SMTP-(3664039604421990) processing d:\IMail\spool\Q3664039604421990.SMD 02:22 07:41 SMTPD(3664039604421990) [ameripride.org] in white list 02/22/2005 07:41:11 Q3664039604421990 Scanned: Virus Free 02/22/2005 07:41:14 Q3664039604421990 L1 Message OK 02/22/2005 07:41:14 Q3664039604421990 Tests failed [weight=25]: BADHEADERS=WARN CMDSPACE=WARN IPNOTINMX=IGNORE NOLEGITCONTENT=IGNORE REVDNS=WARN TLD=WARN COUNTRY=WARN WEIGHT10PLUS=SUBJECT CATCHALLMAILS=IGNORE 02/22/2005 07:41:14 Q3664039604421990 L2 Message OK 02/22/2005 07:41:14 Q3664039604421990 Tests failed [weight=25]: BADHEADERS=WARN CMDSPACE=WARN IPNOTINMX=IGNORE NOLEGITCONTENT=IGNORE REVDNS=WARN TLD=WARN COUNTRY=WARN WEIGHT10PLUS=SUBJECT CATCHALLMAILS=IGNORE 02/22/2005 07:41:14 Q3664039604421990 Skipping4 E-mail from [EMAIL PROTECTED]; whitelisted [EMAIL PROTECTED] 02/22/2005 07:41:14 Q3664039604421990 Skipping4 E-mail from [EMAIL PROTECTED]; whitelisted [EMAIL PROTECTED] 02/22/2005 07:41:14 Q3664039604421990 L3 Message OK 02/22/2005 07:41:14 Q3664039604421990 Tests failed [weight=0]: CATCHALLMAILS=IGNORE 02:22 07:41 SMTP-(3664039604421990) ldeliver mail.ameripride.org maria.snyder-main (1) [EMAIL PROTECTED] 972 02:22 07:41 SMTP-(3664039604421990) ldeliver mail.ameripride.org reggie.licari-main (1) [EMAIL PROTECTED] 972 02:22 07:41 SMTP-(3664039604421990) ldeliver mail.ameripride.org richard.boudreau-main (1) [EMAIL PROTECTED] 972 02:22 07:41 SMTP-(3664039604421990) finished d:\IMail\spool\Q3664039604421990.SMD status=1 - Original Message - From: Travis Rabe mailto:[EMAIL PROTECTED] To: IMail_Forum@list.ipswitch.com Sent: Thursday, February 24, 2005 1:09 PM Subject: RE: [IMail Forum] odd behavior What
Re: [Declude.JunkMail] [IMail Forum] odd behavior
John's semi right. Forgive me for not using plain text...but I've colored the lines red and put ** by it. The first line is imail whitelist, the next 2 are declude. Does declude understand when imail whitelists? Maybe I got it - under trusted addresses ameripride.org and our other domain WERE in there - I've removed it. - Original Message - From: John Tolmachoff (Lists) To: IMail_Forum@list.ipswitch.com Sent: Thursday, February 24, 2005 4:29 PM Subject: RE: [IMail Forum] odd behavior No it is not. Look at the log line again. It is in the Imail log and that line is on the SMTPD line. Declude does not log to the Imail log. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of E. Shanbrom (Ipswitch)Sent: Thursday, February 24, 2005 12:48 PMTo: IMail_Forum@list.ipswitch.comSubject: Re: [IMail Forum] odd behavior Says ameripride.org is on the whitelist (decludes not IMail's) Eric S - Original Message - From: Doug Anderson To: IMail_Forum@list.ipswitch.com Sent: Thursday, February 24, 2005 3:03 PM Subject: Re: [IMail Forum] odd behavior Trying to figure out why it's white listed. 02:22 07:40 SMTPD(3664039604421990) [192.168.0.135] connect 221.127.179.32 port 119402:22 07:41 SMTPD(3664039604421990) [221.127.179.32] HELO 67.130.17.12602:22 07:41 SMTPD(3664039604421990) [221.127.179.32] MAIL FROM: [EMAIL PROTECTED]02:22 07:41 SMTPD(3664039604421990) [221.127.179.32] RCPT TO: [EMAIL PROTECTED]02:22 07:41 SMTPD(3664039604421990) [221.127.179.32] RCPT TO: [EMAIL PROTECTED]02:22 07:41 SMTPD(3664039604421990) [221.127.179.32] RCPT TO: [EMAIL PROTECTED]02:22 07:41 SMTPD(3664039604421990) [221.127.179.32] d:\IMail\spool\D3664039604421990.SMD 20102:22 07:41 SMTP-(3664039604421990) processing d:\IMail\spool\Q3664039604421990.SMD** 02:22 07:41 SMTPD(3664039604421990) [ameripride.org] in white list02/22/2005 07:41:11 Q3664039604421990 Scanned: Virus Free 02/22/2005 07:41:14 Q3664039604421990 L1 Message OK02/22/2005 07:41:14 Q3664039604421990 Tests failed [weight=25]: BADHEADERS=WARN CMDSPACE=WARN IPNOTINMX=IGNORE NOLEGITCONTENT=IGNORE REVDNS=WARN TLD=WARN COUNTRY=WARN WEIGHT10PLUS=SUBJECT CATCHALLMAILS=IGNORE 02/22/2005 07:41:14 Q3664039604421990 L2 Message OK02/22/2005 07:41:14 Q3664039604421990 Tests failed [weight=25]: BADHEADERS=WARN CMDSPACE=WARN IPNOTINMX=IGNORE NOLEGITCONTENT=IGNORE REVDNS=WARN TLD=WARN COUNTRY=WARN WEIGHT10PLUS=SUBJECT CATCHALLMAILS=IGNORE ** 02/22/2005 07:41:14 Q3664039604421990 Skipping4 E-mail from [EMAIL PROTECTED]; whitelisted [EMAIL PROTECTED]** 02/22/2005 07:41:14 Q3664039604421990 Skipping4 E-mail from [EMAIL PROTECTED]; whitelisted [EMAIL PROTECTED]02/22/2005 07:41:14 Q3664039604421990 L3 Message OK02/22/2005 07:41:14 Q3664039604421990 Tests failed [weight=0]: CATCHALLMAILS=IGNORE 02:22 07:41 SMTP-(3664039604421990) ldeliver mail.ameripride.org maria.snyder-main (1) [EMAIL PROTECTED] 97202:22 07:41 SMTP-(3664039604421990) ldeliver mail.ameripride.org reggie.licari-main (1) [EMAIL PROTECTED] 97202:22 07:41 SMTP-(3664039604421990) ldeliver mail.ameripride.org richard.boudreau-main (1) [EMAIL PROTECTED] 97202:22 07:41 SMTP-(3664039604421990) finished d:\IMail\spool\Q3664039604421990.SMD status=1 - Original Message - From: Travis Rabe To: IMail_Forum@list.ipswitch.com Sent: Thursday, February 24, 2005 1:09 PM Subject: RE: [IMail Forum] odd behavior What do the logs show you? T From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Doug AndersonSent: Thursday, February 24, 2005 11:04 AMTo: IMail_Forum@list.ipswitch.comSubject: [IMail Forum] odd behavior I have the following type of email showing up...basically blank. I'm trying to figure out if our imail server is hacked or something - because it's coming from local host. Any ideas here? Got 8.15 and the most current release of declude running. Received: from 67.130.17.126 [221.127.179.32] by mail.ameripride.org (SMTPD32-8.15) id A66D3960442; Tue, 22 Feb 2005 07:41:01 -0600Received: from localhost (HELO localhost [127.0.0.1])by actsX-RBL-Warning: BADHEADERS: This E-mail was sent from a broken mail client
Re: [Declude.JunkMail] [IMail Forum] odd behavior
Doug, It is likely that this is due to the AUTOWHITELIST ON setting and the recipient having their own E-mail address listed in their Web mail address book. Either that or something that says [EMAIL PROTECTED] (Declude's version of a wildcard match for that domain). Matt Doug Anderson wrote: That's the thing, I have one white list file (hate whitelists) and ameripride is not in it Did anything change in declude junkmail lately in reguards to whitelists (I just upgrade 2 nights ago)? All I have for references to whitelist are : $default.junkmail WHITELISTFILE D:\Imail\Declude\AWHITELST.txt #note AWhitelst.txt does not include ameripride.org Global.cfg CODE LOGFILE d:\declude\logfiles\dec.log LOGLEVEL LOW HOP 0 HIDETESTSCATCHALLMAILS IPNOTINMX NOLEGITCONTENT XINHEADERX-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. XINHEADERX-Spam-Tests-Failed: %TESTSFAILED% [%WEIGHT%] XINHEADERX-Country-Chain: %COUNTRYCHAIN% XOUTHEADERX-Note: E-mail scanned by Declude-JunkMail for spam by CRC. XSENDERON XSPOOLNAMEON XINHEADERX-Note: This E-mail was sent from %REVDNS% ([%REMOTEIP%]). PREWHITELISTON AUTOWHITELIST ON WHITELISTAUTH . . WHITELIST IP 192.168.0.182 WHITELIST IP 192.168.0.85 WHITELIST IP 192.168.0.86 #Servers on local network (not exposed to public) that send emails (status reports) - Original Message - From: E. Shanbrom (Ipswitch) To: IMail_Forum@list.ipswitch.com Sent: Thursday, February 24, 2005 2:48 PM Subject: Re: [IMail Forum] odd behavior Says ameripride.org is on the whitelist (decludes not IMail's) Eric S - Original Message - From: Doug Anderson To: IMail_Forum@list.ipswitch.com Sent: Thursday, February 24, 2005 3:03 PM Subject: Re: [IMail Forum] odd behavior Trying to figure out why it's white listed. 02:22 07:40 SMTPD(3664039604421990) [192.168.0.135] connect 221.127.179.32 port 1194 02:22 07:41 SMTPD(3664039604421990) [221.127.179.32] HELO 67.130.17.126 02:22 07:41 SMTPD(3664039604421990) [221.127.179.32] MAIL FROM: [EMAIL PROTECTED] 02:22 07:41 SMTPD(3664039604421990) [221.127.179.32] RCPT TO: [EMAIL PROTECTED] 02:22 07:41 SMTPD(3664039604421990) [221.127.179.32] RCPT TO: [EMAIL PROTECTED] 02:22 07:41 SMTPD(3664039604421990) [221.127.179.32] RCPT TO: [EMAIL PROTECTED] 02:22 07:41 SMTPD(3664039604421990) [221.127.179.32] d:\IMail\spool\D3664039604421990.SMD 201 02:22 07:41 SMTP-(3664039604421990) processing d:\IMail\spool\Q3664039604421990.SMD 02:22 07:41 SMTPD(3664039604421990) [ameripride.org] in white list 02/22/2005 07:41:11 Q3664039604421990 Scanned: Virus Free 02/22/2005 07:41:14 Q3664039604421990 L1 Message OK 02/22/2005 07:41:14 Q3664039604421990 Tests failed [weight=25]: BADHEADERS=WARN CMDSPACE=WARN IPNOTINMX=IGNORE NOLEGITCONTENT=IGNORE REVDNS=WARN TLD=WARN COUNTRY=WARN WEIGHT10PLUS=SUBJECT CATCHALLMAILS=IGNORE 02/22/2005 07:41:14 Q3664039604421990 L2 Message OK 02/22/2005 07:41:14 Q3664039604421990 Tests failed [weight=25]: BADHEADERS=WARN CMDSPACE=WARN IPNOTINMX=IGNORE NOLEGITCONTENT=IGNORE REVDNS=WARN TLD=WARN COUNTRY=WARN WEIGHT10PLUS=SUBJECT CATCHALLMAILS=IGNORE 02/22/2005 07:41:14 Q3664039604421990 Skipping4 E-mail from [EMAIL PROTECTED]; whitelisted [EMAIL PROTECTED] 02/22/2005 07:41:14 Q3664039604421990 Skipping4 E-mail from [EMAIL PROTECTED]; whitelisted [EMAIL PROTECTED] 02/22/2005 07:41:14 Q3664039604421990 L3 Message OK 02/22/2005 07:41:14 Q3664039604421990 Tests failed [weight=0]: CATCHALLMAILS=IGNORE 02:22 07:41 SMTP-(3664039604421990) ldeliver mail.ameripride.org maria.snyder-main (1) [EMAIL PROTECTED] 972 02:22 07:41 SMTP-(3664039604421990) ldeliver mail.ameripride.org reggie.licari-main (1) [EMAIL PROTECTED] 972 02:22 07:41 SMTP-(3664039604421990) ldeliver mail.ameripride.org richard.boudreau-main (1) [EMAIL PROTECTED] 972 02:22 07:41 SMTP-(3664039604421990) finished d:\IMail\spool\Q3664039604421990.SMD status=1 - Original Message - From: Travis Rabe To: IMail_Forum@list.ipswitch.com Sent: Thursday, February 24, 2005 1:09 PM Subject: RE: [IMail Forum] odd behavior What do the logs show you? T From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Doug Anderson Sent: Thursday, February 24, 2005 11:04 AM To: IMail_Forum@list.ipswitch.com Subject: [IMail Forum] odd behavior I have the following type of email showing
