RE: [Declude.JunkMail] Mailfrom Processing
ANYWHERE does include the headers. Please run the same test using your
LOGLEVEL at DEBUG and send a ticket to support.
David Barker
VP Operations Declude
Your Email security is our business
978.499.2933 office
978.988.1311 fax
dbar...@declude.com
-Original Message-
From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Dave
Beckstrom
Sent: Saturday, February 21, 2009 11:51 AM
To: declude.junkmail@declude.com
Subject: RE: [Declude.JunkMail] Mailfrom Processing
Does the ANYWHERE filter specification not include HEADERS? ANYWHERE should
include every testable location including HEADERS, correct?
I'm getting really disgusted. I set up this filter:
ANYWHERE6 PCRE
(?i:as.{0,2}seen.{0,2}on.{0,2}(?:oprah|60.{0,2}minutes))
I tested the filter and AsSeenOn 60-Minutes triggers a match in my regex
tester.
Yet the following email (which contained the text in FROM) did not trigger
the spam filter.
Return-Path: stopquh...@fivedaybox.com Sat Feb 21 10:28:21 2009
Received: from d3.92.b6.static.xlhost.com [207.182.146.211] by xxx.xxx.com
with SMTP;
Sat, 21 Feb 2009 10:28:21 -0600
Reply-To: stopquh...@fivedaybox.com
In-Reply-To: 20090221112930.gnforzb...@mx4.fivedaybox.com.3653
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary=_=_extPart_000_0097_b7aff28c.b7aff28c
Content-class: urn:content-classes:message
Return-path: stopquh...@fivedaybox.com
Subject: [SPAM]- Score (17)RE: The MOST POTENT Anti-Aging Supplement
Available Anywhere
Date: Sat, 21 Feb 2009 11:29:30 -0500
Message-Id: 20090221112930.gnforzb...@mx4.fivedaybox.com
Thread-Topic: RE: The MOST POTENT Anti-Aging Supplement Available Anywhere
From: AsSeenOn 60-Minutesyoungag...@fivedaybox.com
To: x...@xxx.com
Importance: Normal
X-invURIBL-Scan: Scanned by invURIBL 3.1.1 on 2/21/2009 10:28:31 AM
X-invURIBL-Weight: 9
X-invURIBL-Range: MEDIUM
X-RBL-Warning: CBL: Blocked - see
http://cbl.abuseat.org/lookup.cgi?ip=207.182.146.211;
X-RBL-Warning: SPAMCOP: Blocked - see
http://www.spamcop.net/bl.shtml?207.182.146.211;
X-RBL-Warning: SPAMHEADERS: This E-mail has headers consistent with spam
[4000100e].
X-RBL-Warning: SPFPASS: SPF returned PASS for this E-mail.
X-RBL-Warning: INV-URIBL: Message failed INV-URIBL: 9.
X-Declude-Sender: stopquh...@fivedaybox.com [207.182.146.211]
X-Declude-RefID:
X-Note:
X-Note: Spam Score: [17]
X-Note: Scan Time: 10:28:34 on 21 Feb 2009
X-Note: Spool File: 369856000891.eml
X-Note: Server Name: mx4.fivedaybox.com
X-Note: SMTP Sender: stopquh...@fivedaybox.com
X-Note: Reverse DNS IP: d3.92.b6.static.xlhost.com [207.182.146.211]
X-Note: Recipient(s): x...@xxx.com
X-Note: Country Chain: [ARIN Unlisted]-destination
X-Note: Failed Weights: CATCHALLMAILS [0], CBL [6], SPAMCOP [7], SPAMHEADERS
[3], SPFPASS [0], INV-URIBL [9], WEIGHT10 [10], WEIGHT14 [14]
X-Note:
-Original Message-
From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of David
Barker
Sent: 2009-02-11 08:29
To: declude.junkmail@declude.com
Subject: RE: [Declude.JunkMail] Mailfrom Processing
If you want to record the name of the sender (according to the SMTP
Envelope) in the E-mail headers, you can use the XSENDER configuration
option. To do this, add a line to the global.cfg file as:
XSENDER ON
Regular expressions are very different and powerful because they give the
ability to look for patterns rather than straight matches.
David Barker
VP Operations Declude
Your Email security is our business
978.499.2933 office
978.988.1311 fax
dbar...@declude.com
-Original Message-
From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Dave
Beckstrom
Sent: Monday, February 09, 2009 5:18 PM
To: declude.junkmail@declude.com
Subject: RE: [Declude.JunkMail] Mailfrom Processing
David,
I don't have an X-Declude-Sender configured. I'll add that.
Okay, so I already have Headers contains John Cummuta or something along
those lines set up. How would the regular expression be any different?
Is
it more effective because of the wild card?
-Original Message-
From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of
David
Barker
Sent: 2009-02-09 16:03
To: declude.junkmail@declude.com
Subject: RE: [Declude.JunkMail] Mailfrom Processing
This may not be the actual sender, the actual sender is what is found in
the
envelope or q*.smd (IM) or *.eml (SM) and found in the X-Declude-Sender
line.
If you need a filter the best way would be to use the regular
expressions
such as:
HEADERS 0 PCRE(?im:From:.*John Cummuta)
David Barker
VP Operations Declude
Your Email security is our business
978.499.2933 office
978.988.1311 fax
dbar...@declude.com
-Original Message-
From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Dave
Beckstrom
Sent
RE: [Declude.JunkMail] Mailfrom Processing
If you want to record the name of the sender (according to the SMTP Envelope) in the E-mail headers, you can use the XSENDER configuration option. To do this, add a line to the global.cfg file as: XSENDER ON Regular expressions are very different and powerful because they give the ability to look for patterns rather than straight matches. David Barker VP Operations Declude Your Email security is our business 978.499.2933 office 978.988.1311 fax dbar...@declude.com -Original Message- From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Dave Beckstrom Sent: Monday, February 09, 2009 5:18 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Mailfrom Processing David, I don't have an X-Declude-Sender configured. I'll add that. Okay, so I already have Headers contains John Cummuta or something along those lines set up. How would the regular expression be any different? Is it more effective because of the wild card? -Original Message- From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of David Barker Sent: 2009-02-09 16:03 To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Mailfrom Processing This may not be the actual sender, the actual sender is what is found in the envelope or q*.smd (IM) or *.eml (SM) and found in the X-Declude-Sender line. If you need a filter the best way would be to use the regular expressions such as: HEADERS 0 PCRE(?im:From:.*John Cummuta) David Barker VP Operations Declude Your Email security is our business 978.499.2933 office 978.988.1311 fax dbar...@declude.com -Original Message- From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Dave Beckstrom Sent: Monday, February 09, 2009 4:53 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Mailfrom Processing What filter will trigger on the words John Cummuta when the from address is formatted like: From: John Cummuta startover-4676...@allstockdirect.com Neither the mailfrom or headers filters are triggering on this. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Mailfrom Processing
What filter will trigger on the words John Cummuta when the from address is formatted like: From: John Cummuta startover-4676...@allstockdirect.com Neither the mailfrom or headers filters are triggering on this. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Mailfrom Processing
This may not be the actual sender, the actual sender is what is found in the envelope or q*.smd (IM) or *.eml (SM) and found in the X-Declude-Sender line. If you need a filter the best way would be to use the regular expressions such as: HEADERS 0 PCRE(?im:From:.*John Cummuta) David Barker VP Operations Declude Your Email security is our business 978.499.2933 office 978.988.1311 fax dbar...@declude.com -Original Message- From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Dave Beckstrom Sent: Monday, February 09, 2009 4:53 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Mailfrom Processing What filter will trigger on the words John Cummuta when the from address is formatted like: From: John Cummuta startover-4676...@allstockdirect.com Neither the mailfrom or headers filters are triggering on this. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Mailfrom Processing
David, I don't have an X-Declude-Sender configured. I'll add that. Okay, so I already have Headers contains John Cummuta or something along those lines set up. How would the regular expression be any different? Is it more effective because of the wild card? -Original Message- From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of David Barker Sent: 2009-02-09 16:03 To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Mailfrom Processing This may not be the actual sender, the actual sender is what is found in the envelope or q*.smd (IM) or *.eml (SM) and found in the X-Declude-Sender line. If you need a filter the best way would be to use the regular expressions such as: HEADERS 0 PCRE(?im:From:.*John Cummuta) David Barker VP Operations Declude Your Email security is our business 978.499.2933 office 978.988.1311 fax dbar...@declude.com -Original Message- From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Dave Beckstrom Sent: Monday, February 09, 2009 4:53 PM To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Mailfrom Processing What filter will trigger on the words John Cummuta when the from address is formatted like: From: John Cummuta startover-4676...@allstockdirect.com Neither the mailfrom or headers filters are triggering on this. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Mailfrom Processing
Here is a snippet of an email header for an email received: Return-Path: i...@clockpleas.com Mon Feb 02 16:35:28 2009 Received: from mail.clockpleas.com [64.235.54.175] by xxx.xxx.com with SMTP; Mon, 2 Feb 2009 16:35:28 -0600 From: J. Cummuta i...@clockpleas.com To: x...@xxx.com Subject: Even your house is paid off MIME-Version: 1.0 Content-Type: text/html; charset=us-ascii; Content-Transfer-Encoding: 8bit The actual email address is always changing. However, J. Cummuta in the FROM address seems pretty consistent. If MAILFROM won't catch these, shouldn't the HEADERS test catch these? -Original Message- From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of David Barker Sent: 2009-01-05 15:25 To: declude.junkmail@declude.com Subject: RE: [Declude.JunkMail] Mailfrom Processing Declude looks at the MAILFROM in the envelope (*.hdr or q*.smd) and matches just on the email address. David Barker VP Operations Declude Your Email security is our business 978.499.2933 office 978.988.1311 fax dbar...@declude.com -Original Message- From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Dave Beckstrom Sent: Monday, January 05, 2009 4:18 PM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] Mailfrom Processing I have a question about the MAILFROM processing. Does this look at the display name too or just at the actual email address? I was trying to block the Loud N Clear ads by referencing the display name because it seemed to be pretty consistent while the email address itself didn't change. I set up the following and it didn't appear to work: MAILFROM 0 containsloudandclear Is the only way to filter on the display name in the from address to use the HEADERS filter? Thanks, Dave --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Mailfrom Processing
David Barker dbar...@declude.com wrote: Declude looks at the MAILFROM in the envelope (*.hdr or q*.smd) and matches just on the email address. David Barker VP Operations Declude Your Email security is our business 978.499.2933 office 978.988.1311 fax dbar...@declude.com -Original Message- From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Dave Beckstrom Sent: Monday, January 05, 2009 4:18 PM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] Mailfrom Processing I have a question about the MAILFROM processing. Does this look at the display name too or just at the actual email address? I was trying to block the Loud N Clear ads by referencing the display name because it seemed to be pretty consistent while the email address itself didn't change. I set up the following and it didn't appear to work: MAILFROM 0 containsloudandclear Is the only way to filter on the display name in the from address to use the HEADERS filter? Thanks, Dave --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Mailfrom Processing
Declude looks at the MAILFROM in the envelope (*.hdr or q*.smd) and matches just on the email address. David Barker VP Operations Declude Your Email security is our business 978.499.2933 office 978.988.1311 fax dbar...@declude.com -Original Message- From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Dave Beckstrom Sent: Monday, January 05, 2009 4:18 PM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] Mailfrom Processing I have a question about the MAILFROM processing. Does this look at the display name too or just at the actual email address? I was trying to block the Loud N Clear ads by referencing the display name because it seemed to be pretty consistent while the email address itself didn't change. I set up the following and it didn't appear to work: MAILFROM0 containsloudandclear Is the only way to filter on the display name in the from address to use the HEADERS filter? Thanks, Dave --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
