Re: [Declude.JunkMail] Country Test Very odd Results
Hi Darrell-- This might have nothing at all to do with it, but maybe you need to update ALL_LIST.DAT... http://www.declude.com/version/release/all_list.dat There was a thread on this recently. Apparently, ARIN recently reassigned some blocks. -Dave Doherty Skywaves, Inc. - Original Message - From: Darrell ([EMAIL PROTECTED]) [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Tuesday, September 27, 2005 4:14 PM Subject: [Declude.JunkMail] Country Test Very odd Results Anyone want to take a stab at this one I would appreciate it. 216.55.166.147 - IPWHOIS Says its being used in San Diego CA Declude via Countries Test Reports 09/27/2005 14:58:39.015 q96320ffe0578da59.smd Msg failed COUNTRY (Message failed COUNTRY test (line 15, weight 5)). Action=WARN. Line 15: is the country AR The message was directly send from 216.55.166.147 so there were no other hops in the message in case it caught it in the country chain. It's just really weird as I am getting all kinds of messages that are legit seemingly get triggered on the country and mailfrom test.. Any thoughts? Darrell Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Country Test Very odd Results
Well this is more of a question than a stab - Can we see the full header? Yesterday I had something very similar - email from Venezuela but the ip was registered in Virginian according to Arin. -Nick Darrell ([EMAIL PROTECTED]) wrote: Anyone want to take a stab at this one I would appreciate it. 216.55.166.147 - IPWHOIS Says its being used in San Diego CA Declude via Countries Test Reports 09/27/2005 14:58:39.015 q96320ffe0578da59.smd Msg failed COUNTRY (Message failed COUNTRY test (line 15, weight 5)). Action=WARN. Line 15: is the country AR The message was directly send from 216.55.166.147 so there were no other hops in the message in case it caught it in the country chain. It's just really weird as I am getting all kinds of messages that are legit seemingly get triggered on the country and mailfrom test.. Any thoughts? Darrell Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Country Test Very odd Results
I don't have that specific one, but here is another one.. I have been getting pounded with this all day - this is way out of the norm. Only thing that has changed on this server is Declude 3.0 went on yesterday. This one came from 66.148.169.235 - ARIN says OrgName:NuVox Communications, Inc. OrgID: NUVOX Address:301 N Main Street Address:Suite 5000 City: Greenville StateProv: SC PostalCode: 29601 Country:US Declude says - Line 221 (Weight 5) which is this line COUNTRIES 5 CONTAINSTW Received: from cpsxch1.colemanprof.com [66.148.169.235] by mail1.gannett-tv.com with ESMTP (SMTPD32-8.13) id A08586105E8; Tue, 27 Sep 2005 15:41:57 -0400 Importance: normal Priority: normal Content-Class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: base64 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441 Subject: FW: MC'ing an Educator of the Year event in Portage County Date: Tue, 27 Sep 2005 15:41:00 -0400 Message-ID: [EMAIL PROTECTED] X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: MC'ing an Educator of the Year event in Portage County thread-index: AcXDmS1cQjIFkAV3RkG55oCy8k1bpQAAjLAi From: Rochelle Fisher [EMAIL PROTECTED] To: [EMAIL PROTECTED] X-RBL-Warning: COUNTRY: Message failed COUNTRY test (line 221, weight 5) X-RBL-Warning: HELOBOGUS: Domain cpsxch1..com has no MX or A records [0301]. X-RBL-Warning: BASE64: A binary encoded text or HTML section was found in this E-mail. X-RBL-Warning: CMDSPACE: Space found in RCPT TO: command. X-Declude-Sender: [EMAIL PROTECTED] [66.148.169.235] X-Declude-Spoolname: Da085086105e8ef78.smd X-Spam-Tests-Failed: POSTMASTER, COUNTRY, HELOBOGUS, BASE64, CMDSPACE X-Spam-Weight: -36 Status: U X-UIDL: 395171064 Nick Hayer writes: Well this is more of a question than a stab - Can we see the full header? Yesterday I had something very similar - email from Venezuela but the ip was registered in Virginian according to Arin. -Nick Darrell ([EMAIL PROTECTED]) wrote: Anyone want to take a stab at this one I would appreciate it. 216.55.166.147 - IPWHOIS Says its being used in San Diego CA Declude via Countries Test Reports 09/27/2005 14:58:39.015 q96320ffe0578da59.smd Msg failed COUNTRY (Message failed COUNTRY test (line 15, weight 5)). Action=WARN. Line 15: is the country AR The message was directly send from 216.55.166.147 so there were no other hops in the message in case it caught it in the country chain. It's just really weird as I am getting all kinds of messages that are legit seemingly get triggered on the country and mailfrom test.. Any thoughts? Darrell Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Country Test Very odd Results
Dave, I pulled that version down and compared the two (file sizes) and they were the same. I put that one in just in case. Darrell Dave Doherty writes: Hi Darrell-- This might have nothing at all to do with it, but maybe you need to update ALL_LIST.DAT... http://www.declude.com/version/release/all_list.dat There was a thread on this recently. Apparently, ARIN recently reassigned some blocks. -Dave Doherty Skywaves, Inc. - Original Message - From: Darrell ([EMAIL PROTECTED]) [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Tuesday, September 27, 2005 4:14 PM Subject: [Declude.JunkMail] Country Test Very odd Results Anyone want to take a stab at this one I would appreciate it. 216.55.166.147 - IPWHOIS Says its being used in San Diego CA Declude via Countries Test Reports 09/27/2005 14:58:39.015 q96320ffe0578da59.smd Msg failed COUNTRY (Message failed COUNTRY test (line 15, weight 5)). Action=WARN. Line 15: is the country AR The message was directly send from 216.55.166.147 so there were no other hops in the message in case it caught it in the country chain. It's just really weird as I am getting all kinds of messages that are legit seemingly get triggered on the country and mailfrom test.. Any thoughts? Darrell Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Country Test Very odd Results
Hey Guys, I just uploaded a new http://www.declude.com/version/release/all_list.dat see if this solves the problems that you have been seeing. David Barker www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darrell ([EMAIL PROTECTED]) Sent: Tuesday, September 27, 2005 5:11 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] Country Test Very odd Results Dave, I pulled that version down and compared the two (file sizes) and they were the same. I put that one in just in case. Darrell Dave Doherty writes: Hi Darrell-- This might have nothing at all to do with it, but maybe you need to update ALL_LIST.DAT... http://www.declude.com/version/release/all_list.dat There was a thread on this recently. Apparently, ARIN recently reassigned some blocks. -Dave Doherty Skywaves, Inc. - Original Message - From: Darrell ([EMAIL PROTECTED]) [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Tuesday, September 27, 2005 4:14 PM Subject: [Declude.JunkMail] Country Test Very odd Results Anyone want to take a stab at this one I would appreciate it. 216.55.166.147 - IPWHOIS Says its being used in San Diego CA Declude via Countries Test Reports 09/27/2005 14:58:39.015 q96320ffe0578da59.smd Msg failed COUNTRY (Message failed COUNTRY test (line 15, weight 5)). Action=WARN. Line 15: is the country AR The message was directly send from 216.55.166.147 so there were no other hops in the message in case it caught it in the country chain. It's just really weird as I am getting all kinds of messages that are legit seemingly get triggered on the country and mailfrom test.. Any thoughts? Darrell - --- Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
