Re: [Declude.JunkMail] declude problems after imail upgrade.
I did recive this spam in my inbox this morning. As you can see it does not have any declude info and no Imail spam info either. What do the IMail and Declude log files show for the E-mail?What version of IMail are you running? What version of Declude are you running? -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. This outgoing message is guaranteed to be authentic by Message Level users. Guarantee the authenticity of your email @ http://www.messagelevel.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] declude problems after imail upgrade.
I did search the declude log file for [EMAIL PROTECTED] but could not find anything.. If you use the XSPOOLNAME ON option in the \IMail\Declude\global.cfg file, it will be easy to find the entries for the E-mail in the log file. If you do not use the XSPOOLNAME ON option, you may need to look at the IMail SMTP log file to file the queue file name of the E-mail, and search the Declude JunkMail log file for it (minus the first character and extension; for example, if you see Q1234567.SMD in the IMail log, you would search the Declude JunkMail log for 1234567). IMail v8.14 takes care of most of the known bugs that could prevent it from calling Declude, but there are still one or two left (such as the possibility of it happening when the queue manager is stopped before the SMTP service is). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. This outgoing message is guaranteed to be authentic by Message Level users. Guarantee the authenticity of your email @ http://www.messagelevel.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] declude problems after imail upgrade.
Here is 2 messages that did fail weight350 and did get saved in the weight350 directory. This is working correctly, expect there are no declude headers for the messages. Below each message is the lines from the declude log file: Received: from z-point.de [24.202.78.132] by deepspace.i360.net (SMTPD32-8.14) id AA1018301E8; Thu, 16 Dec 2004 15:11:44 -0600 Received: from 150.238.113.147 by smtp.tecban.com.br; Thu, 16 Dec 2004 21:04:45 + Message-ID: [EMAIL PROTECTED] From: Cristina Pickett [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: New product! Cialis soft tabs. Date: Thu, 16 Dec 2004 18:04:33 -0300 MIME-Version: 1.0 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Spam-Status: Possible SPAM, hits=7.00 required=5.00 tests=SUBJECT_DRUG_GAP_C:2.90 tests=BAYES_99:4.10 12/16/2004 15:11:50 Qfa10018301e85c11 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] IP: 24.202.78.132 ID: 12/16/2004 15:11:50 Qfa10018301e85c11 Tests failed [weight=435]: DSBL=WARN SPAMCOP=WARN FIVETENSRC=WARN CBL=WARN SORBS-DUL=WARN SPAMDOMAINS=WARN NOLEGITCONTENT=WARN IPNOTINMX=WARN CMDSPACE=WARN EFFILTER=WARN EFFILTER5-9=WARN COUNTRYFILTER=WARN SNIFFER=WARN WEIGHT75=WARN WEIGHT100=HOLD WEIGHT350=COPYFILE CATCHALLMAILS=IGNORE 12/16/2004 15:11:50 Qfa10018301e85c11 Last action = HOLD. Received: from 64.95.220.80 [61.107.153.188] by deepspace.i360.net (SMTPD32-8.14) id A9F42CB0218; Thu, 16 Dec 2004 15:11:16 -0600 Received: from mn68.jxg.gpvig.com ([134.120.6.47]) by mc12-f20.hotmail.com with Microsoft SMTPSVC(5.0.2195.08347); Wed, 15 Dec 2004 23:26:24 +0200 Received: from mb24.dko.bkvok.com ([224.224.232.122])by mx21.scy.tjdwr.com (8.12.3/8.12.3) with ESMTP id i2E5XSGm029877for [EMAIL PROTECTED]; Wed, 15 Dec 2004 17:27:24 -0400 X-Message-Info: WR29Th3to0Xu9wfR/8vk2Ct7sgB Return-Path: [EMAIL PROTECTED] Date: Wed, 15 Dec 2004 19:23:24 -0200 Subject: Get Cable FOR NOTHING Wed, 15 Dec 2004 13:29:24 -0800 From: Jean Mclaughlin [EMAIL PROTECTED] To: [EMAIL PROTECTED] MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=--080875099130426541 X-Spam-Status: Possible SPAM, hits=14.40 required=5.00 tests=MIME_BOUND_DD_DIGITS:3.20 tests=RCVD_FAKE_IP_224:3.10 tests=X_MESSAGE_INFO:3.30 tests=BAYES_90:3.00 tests=MIME_MISSING_BOUNDARY:1.80 12/16/2004 15:11:22 Qf9f302cb02185bdd From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] IP: 61.107.153.188 ID: i2E5XSGm029877for 12/16/2004 15:11:22 Qf9f302cb02185bdd Tests failed [weight=683]: SPAMCOP=WARN FIVETENSRC=WARN CBL=WARN SORBS-DUL=WARN MAILPOLICE-BULK=WARN BHOLE-KOREA=WARN SUBJECTSPACES7=WARN NOLEGITCONTENT=WARN BADHEADERS=WARN IPNOTINMX=WARN REVDNS=WARN ROUTING=WARN SPAMHEADERS=WARN CMDSPACE=WARN EFFILTER=WARN EFFILTER10-14=WARN COUNTRYFILTER=WARN SNIFFER=WARN WEIGHT75=WARN WEIGHT100=HOLD WEIGHT350=COPYFILE CATCHALLMAILS=IGNORE 12/16/2004 15:11:22 Qf9f302cb02185bdd Last action = HOLD. The message below came to my inbox and has no declude headers and I can not find the sender [EMAIL PROTECTED] in the declude log file. Received: from dsl47-172.pool.bitel.net [212.100.47.172] by deepspace.i360.net (SMTPD32-8.14) id AB734400DA; Thu, 16 Dec 2004 00:30:11 -0600 Received: from affable.roliosaa.com ([24.122.72.118]) by shay.beinjgh.com (InterMail vK.4.04.00.03 635-306-403-20030852 license 9nm547ll4323r7kq3y1ztk9766t8kjo6) with SMTP id [EMAIL PROTECTED] for [EMAIL PROTECTED]; Thu, 16 Dec 2004 07:25:21 +0100 Received: from www.roliosaa.com (231.231.144.0) by affable.roliosaa.com (RS ver 1.0.92vs) with SMTP id 3-26c103487040 for [EMAIL PROTECTED]; Thu, 16 Dec 2004 09:22:21 +0300 (EDT) Date: Wed, 15 Dec 2004 23:27:21 -0700 From: Demetrius Nunez [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Cheao Online Pharmacy::: Sender: Demetrius Nunez [EMAIL PROTECTED] Message-Id: [EMAIL PROTECTED] MIME-Version: 1.0 Content-type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7Bit X-Spam-Status: Possible SPAM, hits=7.20 required=5.00 tests=BAYES_99:4.10 tests=ONLINE_PHARMACY:3.10 R. Scott Perry wrote: I did recive this spam in my inbox this morning. As you can see it does not have any declude info and no Imail spam info either. What do the IMail and Declude log files show for the E-mail?What version of IMail are you running? What version of Declude are you running? -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask
Re: [Declude.JunkMail] declude problems after imail upgrade.
Here is 2 messages that did fail weight350 and did get saved in the weight350 directory. This is working correctly, expect there are no declude headers for the messages. Below each message is the lines from the declude log file: The only time that I have seen this happen (an E-mail that didn't appear to have Declude headers, but was indeed scanned by Declude without any problems) was when Declude *did* add the headers, but the spam was malformed so badly that the body of the spam was in the headers. If you check the D*.SMD file and see the Declude headers anywhere in there, then this is the case. The message below came to my inbox and has no declude headers and I can not find the sender [EMAIL PROTECTED] in the declude log file. You won't be able to. See my previous message. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. This outgoing message is guaranteed to be authentic by Message Level users. Guarantee the authenticity of your email @ http://www.messagelevel.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] declude problems after imail upgrade.
I did recive this spam in my inbox this morning. As you can see it does not have any declude info and no Imail spam info either. Received: from 64.95.220.80 [217.96.6.120] by deepspace.i360.net (SMTPD32-8.14) id AB6D3008E; Thu, 16 Dec 2004 00:30:05 -0600 Received: from beforehand.purpossz.com ([59.208.20.202]) by esophagi.purpossz.com (Sun Java System Messaging Server 6.1 HotFix 0.07 (built Aug 27 2004)) with ESMTP id [EMAIL PROTECTED] for [EMAIL PROTECTED]; Thu, 16 Dec 2004 02:22:15 -0400 (IST) Received: from bobble.disppopp.com ([32.192.160.12]) by beforehand.purpossz.com (Sun Java System Messaging Server 6.1 HotFix 0.06 (built Aug 27 2004)) with ESMTP id [EMAIL PROTECTED] for [EMAIL PROTECTED] (ORCPT [EMAIL PROTECTED]); Thu, 16 Dec 2004 03:24:15 -0300 (IST) Received: from sycophant.disppopp.com ([130.50.0.160]) by bobble.disppopp.com with Microsoft SMTPSVC(6.0.2951.707); Thu, 16 Dec 2004 02:25:15 -0400 Date: Thu, 16 Dec 2004 09:29:15 +0300 From: Josefa Yu [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: ,Best Online Pharmacy Sender: Josefa Yu [EMAIL PROTECTED] Message-Id: [EMAIL PROTECTED] MIME-Version: 1.0 Content-type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7Bit X-RCPT-TO: [EMAIL PROTECTED] Status: U X-UIDL: 397200687 This one came in a few hours later and you see the Declude headers: Received: from 3D1 [12.96.0.66] by 3dnetsolutions.com with ESMTP (SMTPD32-8.14) id A46A3EE0122; Thu, 16 Dec 2004 06:49:46 -0600 From: David Brauner [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Stone Store Date: Thu, 16 Dec 2004 06:45:45 -0600 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary==_NextPart_000_0006_01C4E33A.E063C620 X-Mailer: Microsoft Office Outlook, Build 11.0.6353 Thread-Index: AcTjbSjjgbGMUjKmTO+xUhD2Mk6M8g== X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 Message-Id: [EMAIL PROTECTED] X-Declude-Sender: [EMAIL PROTECTED] [12.96.0.66] X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. X-Spam-Tests-Failed: Whitelisted [0] X-Country-Chain: UNITED STATES-destination X-Note: This E-mail was sent from fw01.aumgt.com ([12.96.0.66]). X-RCPT-TO: [EMAIL PROTECTED] Status: U X-UIDL: 397200690 Heimir Eidskrem wrote: Imail's anti spam is turned off. Atleast I think it is. I have nothing in the DNS list and do not have the antispam option under the domains. Here is another header and it does not show the Imail spam header: Note that is only show weight75 but with a score of 540 Received: from FIREWALL [200.228.80.2] by deepspace.i360.net (SMTPD32-8.14) id AD04801DC; Thu, 16 Dec 2004 00:36:52 -0600 Received: from dns0.keromail.com ([132.146.16.88]) by 1swk-wkl15.200.228.80.2 with Microsoft SMTPSVC(5.0.3243.5389); Thu, 16 Dec 2004 05:30:07 -0100 Reply-To: Your wife sleeps around man [EMAIL PROTECTED] From: Your wife sleeps around man [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: MILF looking for fun Date: Thu, 16 Dec 2004 02:27:07 -0400 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=--9567293821psrq3033 Message-Id: [EMAIL PROTECTED] X-RBL-Warning: DSBL: http://dsbl.org/listing?200.228.80.2; X-RBL-Warning: SPAMCOP: Blocked - see http://www.spamcop.net/bl.shtml?200.228.80.2; X-RBL-Warning: NJABLPROXIES: open proxy -- 1096166403 X-RBL-Warning: FIVETENSRC: miscellaneous address blocks that have sent spam here X-RBL-Warning: CBL: Blocked - see http://cbl.abuseat.org/lookup.cgi?ip=200.228.80.2; X-RBL-Warning: BHOLE-BRAZIL: Brazil blocked by brazil.blackholes.us X-RBL-Warning: NOLEGITCONTENT: No content unique to legitimate E-mail detected. X-RBL-Warning: HELOBOGUS: Domain FIREWALL has no MX or A records [0301]. X-RBL-Warning: IPNOTINMX: X-RBL-Warning: REVDNS: This E-mail was sent from a MUA/MTA 200.228.80.2 with no reverse DNS entry. X-RBL-Warning: ROUTING: This E-mail was routed in a poor manner consistent with spam [630f]. X-RBL-Warning: SPAMHEADERS: This E-mail has headers consistent with spam [630f]. X-RBL-Warning: CMDSPACE: Space found in RCPT TO: command. X-RBL-Warning: COUNTRYFILTER: Message failed COUNTRYFILTER test (line 29, weight 20) X-RBL-Warning: SNIFFER: Message failed SNIFFER: 54. X-RBL-Warning: WEIGHT75: Weight of 540 reaches or exceeds the limit of 75. X-Declude-Sender: [EMAIL PROTECTED] [200.228.80.2] X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. X-Spam-Tests-Failed: DSBL, SPAMCOP, NJABLPROXIES, FIVETENSRC, CBL, BHOLE-BRAZIL, NOLEGITCONTENT, HELOBOGUS, IPNOTINMX, REVDNS, ROUTING, SPAMHEADERS, CMDSPACE, COUNTRYFILTER, SNIFFER, WEIGHT75, WEIGHT100, WEIGHT350, CATCHALLMAILS [540] X-Country-Chain: 'EU' [corrupt RIPE data]-BRAZIL-destination X-Note: This E-mail was sent from [No Reverse DNS] ([200.228.80.2]). Matt wrote: From the attached issue #2 headers I saw the following that suggests the issue: X-IMAIL-SPAM-STATISTICS: (fe1a000200328ac4, 0.9892) You need to make sure that IMail's spam stuff is turned off. It seems like
RE: [Declude.JunkMail] declude problems after imail upgrade.
Hi I also got one mail that I noticed did not have any Declude headers (it was spam, that's why I checked the headers to see why it was not marked as spam) From the logs I found traces of the e-mail in Imail, and in Declude Virus, but not in Declude Spam. I made no changes to the setup of Imail/Declude for a long time except to change a few weights. If you need the e-mail and log files just say so. Regards, Kaj -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Heimir Eidskrem Sent: 16. december 2004 18:03 I did recive this spam in my inbox this morning. As you can see it does not have any declude info and no Imail spam info either. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] declude problems after imail upgrade.
Scott, This is from the my first email regarding this: Hello there, I did an upgrade to 8.14 tonight and im seeing a few things thats are different. Tech info: Imail 8.14 Declude 1.81 (Junkmail/virus Pro) Server 2.6Ghz Xeon/1GB Ram I am capturing spam so I know Declude is working. Issue 1. I hold on weigth100 and on weight350 I do a copyfile d:\imail\spool\spam\weight350. I see several emails in the normal hold directory with a weight higher then 350 that should have been saved in the weight350 directory Also the emails in the weight350 directory does not have ANY declude headers? Weigth350 header: eceived: from 64.95.220.80 [211.221.13.162] by deepspace.i360.net (SMTPD32-8.14) id A02C2900C6; Wed, 15 Dec 2004 21:25:32 -0600 Received: from dotcool.com ([142.67.185.186]) by infinite.audioseek.com (InterMail vK.4.04.00.00 583-722-824 license 9jh638vy1934o4xw8h8ozi6348a0igq4) with ESMTP id [EMAIL PROTECTED] for [EMAIL PROTECTED]; Fri, 05 Dec 2003 15:08:11 +0200 Date: Fri, 05 Dec 2003 15:09:11 +0200 From: Jodi Luna [EMAIL PROTECTED] Subject: our discussion on december 21th To: [EMAIL PROTECTED] References: [EMAIL PROTECTED] In-Reply-To: [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7Bit Weight100 Header Received: from outmail-01.supplyleadb.com [209.216.105.34] by deepspace.i360.net (SMTPD32-8.14) id A0519B0146; Wed, 15 Dec 2004 22:34:25 -0600 From: Family Pictures [EMAIL PROTECTED] Subject: Something the whole family can enjoy...a free Panasonic Camcorder To: [EMAIL PROTECTED] MIME-Version: 1.0 Date: Wed, 15 Dec 2004 23:33:36 EST Message-ID: q7AA1,[EMAIL PROTECTED] X-Mailer: 3.2.2-23 [Dec 14 2004, 19:36:15] Content-Type: text/html; charset=us-ascii; class-id=1:311TXBIMpInmBEs1BI131sYMp1:1787079 Content-Transfer-Encoding: 7bit X-Spam-Status: Possible SPAM, hits=8.00 required=5.00 tests=BAYES_80:2.20 tests=HTTP_WITH_EMAIL_IN_URL:1.60 tests=NAI_BAD_URI:4.20 X-RBL-Warning: SPAMCOP: Blocked - see http://www.spamcop.net/bl.shtml?209.216.105.34; X-RBL-Warning: SBL: http://www.spamhaus.org/SBL/sbl.lasso?query=SBL18575; X-RBL-Warning: AHBL: 1100493921 bruns - Spam Source - 209.216.105.0/24 - demandconnection.com, SubscriberBASE, animateddeliverye.com X-RBL-Warning: FIVETEN-SPAMSUPPORT: added 2003-05-30; spam support - hosting admanmail, emailbucks X-RBL-Warning: MAILPOLICE-BULK: This E-mail came from stderr.supplyleadb.com, a potential spam source listed in MAILPOLICE-BULK. X-RBL-Warning: SUBJECTSPACES7: Subject with at least 7 spaces found. X-RBL-Warning: NOLEGITCONTENT: No content unique to legitimate E-mail detected. X-RBL-Warning: BADHEADERS: This E-mail was sent from a broken mail client [8008000e]. X-RBL-Warning: IPNOTINMX: X-RBL-Warning: EFFILTER: Message failed EFFILTER test (line 1, weight 0) X-RBL-Warning: EFFILTER5-9: Message failed EFFILTER5-9 test (line 4, weight 40) X-RBL-Warning: GIBBERISH: Message failed GIBBERISH test (line 400, weight 60) (weight capped at 60) X-RBL-Warning: SNIFFER: Message failed SNIFFER: 57. X-RBL-Warning: WEIGHT75: Weight of 438 reaches or exceeds the limit of 75. X-Declude-Sender: [EMAIL PROTECTED] [209.216.105.34] X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. X-Spam-Tests-Failed: SPAMCOP, SBL, AHBL, FIVETEN-SPAMSUPPORT, MAILPOLICE-BULK, SUBJECTSPACES7, NOLEGITCONTENT, BADHEADERS, IPNOTINMX, EFFILTER, EFFILTER5-9, GIBBERISH, SNIFFER, WEIGHT75, WEIGHT100, WEIGHT350, CATCHALLMAILS [438] X-Country-Chain: UNITED STATES-destination X-Note: This E-mail was sent from outmail-01.supplyleadb.com ([209.216.105.34]). Issue 2. I did recive an email in my inbox with no Declude headers. Any idea why? Received: from host44.200-45-196.telecom.net.ar [200.45.196.44] by deepspace.i360.net (SMTPD32-8.14) id AE1E20032; Wed, 15 Dec 2004 21:16:46 -0600 Received: from .striker.ottawa.on.ca ([101.154.58.194] helo=mail.nitros5.org) by .striker.ottawa.on.ca with esmtp ( 3.35 #1 ()) id 450nlc-0078MM-00 for [EMAIL PROTECTED]; Thu, 16 Dec 2004 17:07:25 -0200 Message-Id: [EMAIL PROTECTED] X-Sender: [EMAIL PROTECTED] Date: Thu, 16 Dec 2004 21:13:25 +0200 From: Deena Sumner [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: You Need This Heimir X-IMAIL-SPAM-STATISTICS: (fe1a000200328ac4, 0.9892) X-RCPT-TO: [EMAIL PROTECTED] Status: R X-UIDL: 397200679 I did search the declude log file for [EMAIL PROTECTED] but could not find anything.. R. Scott Perry wrote: I did recive this spam in my inbox this morning. As you can see it does not have any declude info and no Imail spam info either. What do the IMail and Declude log files show for the E-mail?What version of IMail are you running? What version of Declude are you running? -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail
Re: [Declude.JunkMail] declude problems after imail upgrade.
Stopping and starting IMail's SMTP and Queue Manager services will cause IMail to pass messages for a couple seconds without sending them to external programs (Declude). This will happen mostly when you perform a restart on your Windows server. To prevent this, you must stop the IMail SMTP service before the restart. This will also occur when you stop and restart both the SMTP and Queue Manager services in a certain order and/or rapid succession (I never nailed that one down). Could this be your issue, or is this a continual issue? Matt Heimir Eidskrem wrote: Hello there, I did an upgrade to 8.14 tonight and im seeing a few things thats are different. Tech info: Imail 8.14 Declude 1.81 (Junkmail/virus Pro) Server 2.6Ghz Xeon/1GB Ram I am capturing spam so I know Declude is working. Issue 1. I hold on weigth100 and on weight350 I do a copyfile d:\imail\spool\spam\weight350. I see several emails in the normal hold directory with a weight higher then 350 that should have been saved in the weight350 directory Also the emails in the weight350 directory does not have ANY declude headers? Weigth350 header: eceived: from 64.95.220.80 [211.221.13.162] by deepspace.i360.net (SMTPD32-8.14) id A02C2900C6; Wed, 15 Dec 2004 21:25:32 -0600 Received: from dotcool.com ([142.67.185.186]) by infinite.audioseek.com (InterMail vK.4.04.00.00 583-722-824 license 9jh638vy1934o4xw8h8ozi6348a0igq4) with ESMTP id [EMAIL PROTECTED] for [EMAIL PROTECTED]; Fri, 05 Dec 2003 15:08:11 +0200 Date: Fri, 05 Dec 2003 15:09:11 +0200 From: Jodi Luna [EMAIL PROTECTED] Subject: our discussion on december 21th To: [EMAIL PROTECTED] References: [EMAIL PROTECTED] In-Reply-To: [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7Bit Weight100 Header Received: from outmail-01.supplyleadb.com [209.216.105.34] by deepspace.i360.net (SMTPD32-8.14) id A0519B0146; Wed, 15 Dec 2004 22:34:25 -0600 From: Family Pictures [EMAIL PROTECTED] Subject: Something the whole family can enjoy...a free Panasonic Camcorder To: [EMAIL PROTECTED] MIME-Version: 1.0 Date: Wed, 15 Dec 2004 23:33:36 EST Message-ID: q7AA1,[EMAIL PROTECTED] X-Mailer: 3.2.2-23 [Dec 14 2004, 19:36:15] Content-Type: text/html; charset=us-ascii; class-id=1:311TXBIMpInmBEs1BI131sYMp1:1787079 Content-Transfer-Encoding: 7bit X-Spam-Status: Possible SPAM, hits=8.00 required=5.00 tests=BAYES_80:2.20 tests=HTTP_WITH_EMAIL_IN_URL:1.60 tests=NAI_BAD_URI:4.20 X-RBL-Warning: SPAMCOP: Blocked - see http://www.spamcop.net/bl.shtml?209.216.105.34; X-RBL-Warning: SBL: http://www.spamhaus.org/SBL/sbl.lasso?query=SBL18575; X-RBL-Warning: AHBL: 1100493921 bruns - Spam Source - 209.216.105.0/24 - demandconnection.com, SubscriberBASE, animateddeliverye.com X-RBL-Warning: FIVETEN-SPAMSUPPORT: added 2003-05-30; spam support - hosting admanmail, emailbucks X-RBL-Warning: MAILPOLICE-BULK: This E-mail came from stderr.supplyleadb.com, a potential spam source listed in MAILPOLICE-BULK. X-RBL-Warning: SUBJECTSPACES7: Subject with at least 7 spaces found. X-RBL-Warning: NOLEGITCONTENT: No content unique to legitimate E-mail detected. X-RBL-Warning: BADHEADERS: This E-mail was sent from a broken mail client [8008000e]. X-RBL-Warning: IPNOTINMX: X-RBL-Warning: EFFILTER: Message failed EFFILTER test (line 1, weight 0) X-RBL-Warning: EFFILTER5-9: Message failed EFFILTER5-9 test (line 4, weight 40) X-RBL-Warning: GIBBERISH: Message failed GIBBERISH test (line 400, weight 60) (weight capped at 60) X-RBL-Warning: SNIFFER: Message failed SNIFFER: 57. X-RBL-Warning: WEIGHT75: Weight of 438 reaches or exceeds the limit of 75. X-Declude-Sender: [EMAIL PROTECTED] [209.216.105.34] X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. X-Spam-Tests-Failed: SPAMCOP, SBL, AHBL, FIVETEN-SPAMSUPPORT, MAILPOLICE-BULK, SUBJECTSPACES7, NOLEGITCONTENT, BADHEADERS, IPNOTINMX, EFFILTER, EFFILTER5-9, GIBBERISH, SNIFFER, WEIGHT75, WEIGHT100, WEIGHT350, CATCHALLMAILS [438] X-Country-Chain: UNITED STATES-destination X-Note: This E-mail was sent from outmail-01.supplyleadb.com ([209.216.105.34]). Issue 2. I did recive an email in my inbox with no Declude headers. Any idea why? Received: from host44.200-45-196.telecom.net.ar [200.45.196.44] by deepspace.i360.net (SMTPD32-8.14) id AE1E20032; Wed, 15 Dec 2004 21:16:46 -0600 Received: from .striker.ottawa.on.ca ([101.154.58.194] helo=mail.nitros5.org) by .striker.ottawa.on.ca with esmtp ( 3.35 #1 ()) id 450nlc-0078MM-00 for [EMAIL PROTECTED]; Thu, 16 Dec 2004 17:07:25 -0200 Message-Id: [EMAIL PROTECTED] X-Sender: [EMAIL PROTECTED] Date: Thu, 16 Dec 2004 21:13:25 +0200 From: Deena Sumner [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: You Need This Heimir X-IMAIL-SPAM-STATISTICS: (fe1a000200328ac4, 0.9892) X-RCPT-TO: [EMAIL PROTECTED]
Re: [Declude.JunkMail] declude problems after imail upgrade.
Matt, Don't think so since im still seeing this. Also, I notice that the my weight350 test is not triggered. I only see the weight75 test with 846 points for example and not the other ones. So far I have not found any messages with declude headers in my weight350 directory. H Matt wrote: Stopping and starting IMail's SMTP and Queue Manager services will cause IMail to pass messages for a couple seconds without sending them to external programs (Declude). This will happen mostly when you perform a restart on your Windows server. To prevent this, you must stop the IMail SMTP service before the restart. This will also occur when you stop and restart both the SMTP and Queue Manager services in a certain order and/or rapid succession (I never nailed that one down). Could this be your issue, or is this a continual issue? Matt Heimir Eidskrem wrote: Hello there, I did an upgrade to 8.14 tonight and im seeing a few things thats are different. Tech info: Imail 8.14 Declude 1.81 (Junkmail/virus Pro) Server 2.6Ghz Xeon/1GB Ram I am capturing spam so I know Declude is working. Issue 1. I hold on weigth100 and on weight350 I do a copyfile d:\imail\spool\spam\weight350. I see several emails in the normal hold directory with a weight higher then 350 that should have been saved in the weight350 directory Also the emails in the weight350 directory does not have ANY declude headers? Weigth350 header: eceived: from 64.95.220.80 [211.221.13.162] by deepspace.i360.net (SMTPD32-8.14) id A02C2900C6; Wed, 15 Dec 2004 21:25:32 -0600 Received: from dotcool.com ([142.67.185.186]) by infinite.audioseek.com (InterMail vK.4.04.00.00 583-722-824 license 9jh638vy1934o4xw8h8ozi6348a0igq4) with ESMTP id [EMAIL PROTECTED] for [EMAIL PROTECTED]; Fri, 05 Dec 2003 15:08:11 +0200 Date: Fri, 05 Dec 2003 15:09:11 +0200 From: Jodi Luna [EMAIL PROTECTED] Subject: our discussion on december 21th To: [EMAIL PROTECTED] References: [EMAIL PROTECTED] In-Reply-To: [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7Bit Weight100 Header Received: from outmail-01.supplyleadb.com [209.216.105.34] by deepspace.i360.net (SMTPD32-8.14) id A0519B0146; Wed, 15 Dec 2004 22:34:25 -0600 From: Family Pictures [EMAIL PROTECTED] Subject: Something the whole family can enjoy...a free Panasonic Camcorder To: [EMAIL PROTECTED] MIME-Version: 1.0 Date: Wed, 15 Dec 2004 23:33:36 EST Message-ID: q7AA1,[EMAIL PROTECTED] X-Mailer: 3.2.2-23 [Dec 14 2004, 19:36:15] Content-Type: text/html; charset=us-ascii; class-id=1:311TXBIMpInmBEs1BI131sYMp1:1787079 Content-Transfer-Encoding: 7bit X-Spam-Status: Possible SPAM, hits=8.00 required=5.00 tests=BAYES_80:2.20 tests=HTTP_WITH_EMAIL_IN_URL:1.60 tests=NAI_BAD_URI:4.20 X-RBL-Warning: SPAMCOP: Blocked - see http://www.spamcop.net/bl.shtml?209.216.105.34; X-RBL-Warning: SBL: http://www.spamhaus.org/SBL/sbl.lasso?query=SBL18575; X-RBL-Warning: AHBL: 1100493921 bruns - Spam Source - 209.216.105.0/24 - demandconnection.com, SubscriberBASE, animateddeliverye.com X-RBL-Warning: FIVETEN-SPAMSUPPORT: added 2003-05-30; spam support - hosting admanmail, emailbucks X-RBL-Warning: MAILPOLICE-BULK: This E-mail came from stderr.supplyleadb.com, a potential spam source listed in MAILPOLICE-BULK. X-RBL-Warning: SUBJECTSPACES7: Subject with at least 7 spaces found. X-RBL-Warning: NOLEGITCONTENT: No content unique to legitimate E-mail detected. X-RBL-Warning: BADHEADERS: This E-mail was sent from a broken mail client [8008000e]. X-RBL-Warning: IPNOTINMX: X-RBL-Warning: EFFILTER: Message failed EFFILTER test (line 1, weight 0) X-RBL-Warning: EFFILTER5-9: Message failed EFFILTER5-9 test (line 4, weight 40) X-RBL-Warning: GIBBERISH: Message failed GIBBERISH test (line 400, weight 60) (weight capped at 60) X-RBL-Warning: SNIFFER: Message failed SNIFFER: 57. X-RBL-Warning: WEIGHT75: Weight of 438 reaches or exceeds the limit of 75. X-Declude-Sender: [EMAIL PROTECTED] [209.216.105.34] X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. X-Spam-Tests-Failed: SPAMCOP, SBL, AHBL, FIVETEN-SPAMSUPPORT, MAILPOLICE-BULK, SUBJECTSPACES7, NOLEGITCONTENT, BADHEADERS, IPNOTINMX, EFFILTER, EFFILTER5-9, GIBBERISH, SNIFFER, WEIGHT75, WEIGHT100, WEIGHT350, CATCHALLMAILS [438] X-Country-Chain: UNITED STATES-destination X-Note: This E-mail was sent from outmail-01.supplyleadb.com ([209.216.105.34]). Issue 2. I did recive an email in my inbox with no Declude headers. Any idea why? Received: from host44.200-45-196.telecom.net.ar [200.45.196.44] by deepspace.i360.net (SMTPD32-8.14) id AE1E20032; Wed, 15 Dec 2004 21:16:46 -0600 Received: from .striker.ottawa.on.ca ([101.154.58.194] helo=mail.nitros5.org) by .striker.ottawa.on.ca with esmtp ( 3.35 #1 ()) id 450nlc-0078MM-00 for [EMAIL PROTECTED]; Thu, 16 Dec 2004 17:07:25 -0200
Re: [Declude.JunkMail] declude problems after imail upgrade.
Imail's anti spam is turned off. Atleast I think it is. I have nothing in the DNS list and do not have the antispam option under the domains. Here is another header and it does not show the Imail spam header: Note that is only show weight75 but with a score of 540 Received: from FIREWALL [200.228.80.2] by deepspace.i360.net (SMTPD32-8.14) id AD04801DC; Thu, 16 Dec 2004 00:36:52 -0600 Received: from dns0.keromail.com ([132.146.16.88]) by 1swk-wkl15.200.228.80.2 with Microsoft SMTPSVC(5.0.3243.5389); Thu, 16 Dec 2004 05:30:07 -0100 Reply-To: Your wife sleeps around man [EMAIL PROTECTED] From: Your wife sleeps around man [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: MILF looking for fun Date: Thu, 16 Dec 2004 02:27:07 -0400 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=--9567293821psrq3033 Message-Id: [EMAIL PROTECTED] X-RBL-Warning: DSBL: http://dsbl.org/listing?200.228.80.2; X-RBL-Warning: SPAMCOP: Blocked - see http://www.spamcop.net/bl.shtml?200.228.80.2; X-RBL-Warning: NJABLPROXIES: open proxy -- 1096166403 X-RBL-Warning: FIVETENSRC: miscellaneous address blocks that have sent spam here X-RBL-Warning: CBL: Blocked - see http://cbl.abuseat.org/lookup.cgi?ip=200.228.80.2; X-RBL-Warning: BHOLE-BRAZIL: Brazil blocked by brazil.blackholes.us X-RBL-Warning: NOLEGITCONTENT: No content unique to legitimate E-mail detected. X-RBL-Warning: HELOBOGUS: Domain FIREWALL has no MX or A records [0301]. X-RBL-Warning: IPNOTINMX: X-RBL-Warning: REVDNS: This E-mail was sent from a MUA/MTA 200.228.80.2 with no reverse DNS entry. X-RBL-Warning: ROUTING: This E-mail was routed in a poor manner consistent with spam [630f]. X-RBL-Warning: SPAMHEADERS: This E-mail has headers consistent with spam [630f]. X-RBL-Warning: CMDSPACE: Space found in RCPT TO: command. X-RBL-Warning: COUNTRYFILTER: Message failed COUNTRYFILTER test (line 29, weight 20) X-RBL-Warning: SNIFFER: Message failed SNIFFER: 54. X-RBL-Warning: WEIGHT75: Weight of 540 reaches or exceeds the limit of 75. X-Declude-Sender: [EMAIL PROTECTED] [200.228.80.2] X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. X-Spam-Tests-Failed: DSBL, SPAMCOP, NJABLPROXIES, FIVETENSRC, CBL, BHOLE-BRAZIL, NOLEGITCONTENT, HELOBOGUS, IPNOTINMX, REVDNS, ROUTING, SPAMHEADERS, CMDSPACE, COUNTRYFILTER, SNIFFER, WEIGHT75, WEIGHT100, WEIGHT350, CATCHALLMAILS [540] X-Country-Chain: 'EU' [corrupt RIPE data]-BRAZIL-destination X-Note: This E-mail was sent from [No Reverse DNS] ([200.228.80.2]). Matt wrote: From the attached issue #2 headers I saw the following that suggests the issue: X-IMAIL-SPAM-STATISTICS: (fe1a000200328ac4, 0.9892) You need to make sure that IMail's spam stuff is turned off. It seems like IMail might be screwing this up for Declude. I am guessing that this isn't intended and could be the cause of at least issue #2. Matt Heimir Eidskrem wrote: Matt, Don't think so since im still seeing this. Also, I notice that the my weight350 test is not triggered. I only see the weight75 test with 846 points for example and not the other ones. So far I have not found any messages with declude headers in my weight350 directory. H Matt wrote: Stopping and starting IMail's SMTP and Queue Manager services will cause IMail to pass messages for a couple seconds without sending them to external programs (Declude). This will happen mostly when you perform a restart on your Windows server. To prevent this, you must stop the IMail SMTP service before the restart. This will also occur when you stop and restart both the SMTP and Queue Manager services in a certain order and/or rapid succession (I never nailed that one down). Could this be your issue, or is this a continual issue? Matt Heimir Eidskrem wrote: Hello there, I did an upgrade to 8.14 tonight and im seeing a few things thats are different. Tech info: Imail 8.14 Declude 1.81 (Junkmail/virus Pro) Server 2.6Ghz Xeon/1GB Ram I am capturing spam so I know Declude is working. Issue 1. I hold on weigth100 and on weight350 I do a copyfile d:\imail\spool\spam\weight350. I see several emails in the normal hold directory with a weight higher then 350 that should have been saved in the weight350 directory Also the emails in the weight350 directory does not have ANY declude headers? Weigth350 header: eceived: from 64.95.220.80 [211.221.13.162] by deepspace.i360.net (SMTPD32-8.14) id A02C2900C6; Wed, 15 Dec 2004 21:25:32 -0600 Received: from dotcool.com ([142.67.185.186]) by infinite.audioseek.com (InterMail vK.4.04.00.00 583-722-824 license 9jh638vy1934o4xw8h8ozi6348a0igq4) with ESMTP id [EMAIL PROTECTED] for [EMAIL PROTECTED]; Fri, 05 Dec 2003 15:08:11 +0200 Date: Fri, 05 Dec 2003 15:09:11 +0200 From: Jodi Luna [EMAIL PROTECTED] Subject: our discussion on december 21th To: [EMAIL PROTECTED] References: [EMAIL PROTECTED] In-Reply-To: [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] MIME-Version: 1.0
Re: [Declude.JunkMail] declude problems after imail upgrade.
From the attached issue #2 headers I saw the following that suggests the issue: X-IMAIL-SPAM-STATISTICS: (fe1a000200328ac4, 0.9892) You need to make sure that IMail's spam stuff is turned off. It seems like IMail might be screwing this up for Declude. I am guessing that this isn't intended and could be the cause of at least issue #2. Matt Heimir Eidskrem wrote: Matt, Don't think so since im still seeing this. Also, I notice that the my weight350 test is not triggered. I only see the weight75 test with 846 points for example and not the other ones. So far I have not found any messages with declude headers in my weight350 directory. H Matt wrote: Stopping and starting IMail's SMTP and Queue Manager services will cause IMail to pass messages for a couple seconds without sending them to external programs (Declude). This will happen mostly when you perform a restart on your Windows server. To prevent this, you must stop the IMail SMTP service before the restart. This will also occur when you stop and restart both the SMTP and Queue Manager services in a certain order and/or rapid succession (I never nailed that one down). Could this be your issue, or is this a continual issue? Matt Heimir Eidskrem wrote: Hello there, I did an upgrade to 8.14 tonight and im seeing a few things thats are different. Tech info: Imail 8.14 Declude 1.81 (Junkmail/virus Pro) Server 2.6Ghz Xeon/1GB Ram I am capturing spam so I know Declude is working. Issue 1. I hold on weigth100 and on weight350 I do a copyfile d:\imail\spool\spam\weight350. I see several emails in the normal hold directory with a weight higher then 350 that should have been saved in the weight350 directory Also the emails in the weight350 directory does not have ANY declude headers? Weigth350 header: eceived: from 64.95.220.80 [211.221.13.162] by deepspace.i360.net (SMTPD32-8.14) id A02C2900C6; Wed, 15 Dec 2004 21:25:32 -0600 Received: from dotcool.com ([142.67.185.186]) by infinite.audioseek.com (InterMail vK.4.04.00.00 583-722-824 license 9jh638vy1934o4xw8h8ozi6348a0igq4) with ESMTP id [EMAIL PROTECTED] for [EMAIL PROTECTED]; Fri, 05 Dec 2003 15:08:11 +0200 Date: Fri, 05 Dec 2003 15:09:11 +0200 From: Jodi Luna [EMAIL PROTECTED] Subject: our discussion on december 21th To: [EMAIL PROTECTED] References: [EMAIL PROTECTED] In-Reply-To: [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7Bit Weight100 Header Received: from outmail-01.supplyleadb.com [209.216.105.34] by deepspace.i360.net (SMTPD32-8.14) id A0519B0146; Wed, 15 Dec 2004 22:34:25 -0600 From: Family Pictures [EMAIL PROTECTED] Subject: Something the whole family can enjoy...a free Panasonic Camcorder To: [EMAIL PROTECTED] MIME-Version: 1.0 Date: Wed, 15 Dec 2004 23:33:36 EST Message-ID: q7AA1,[EMAIL PROTECTED] X-Mailer: 3.2.2-23 [Dec 14 2004, 19:36:15] Content-Type: text/html; charset=us-ascii; class-id=1:311TXBIMpInmBEs1BI131sYMp1:1787079 Content-Transfer-Encoding: 7bit X-Spam-Status: Possible SPAM, hits=8.00 required=5.00 tests=BAYES_80:2.20 tests=HTTP_WITH_EMAIL_IN_URL:1.60 tests=NAI_BAD_URI:4.20 X-RBL-Warning: SPAMCOP: Blocked - see http://www.spamcop.net/bl.shtml?209.216.105.34; X-RBL-Warning: SBL: http://www.spamhaus.org/SBL/sbl.lasso?query=SBL18575; X-RBL-Warning: AHBL: 1100493921 bruns - Spam Source - 209.216.105.0/24 - demandconnection.com, SubscriberBASE, animateddeliverye.com X-RBL-Warning: FIVETEN-SPAMSUPPORT: added 2003-05-30; spam support - hosting admanmail, emailbucks X-RBL-Warning: MAILPOLICE-BULK: This E-mail came from stderr.supplyleadb.com, a potential spam source listed in MAILPOLICE-BULK. X-RBL-Warning: SUBJECTSPACES7: Subject with at least 7 spaces found. X-RBL-Warning: NOLEGITCONTENT: No content unique to legitimate E-mail detected. X-RBL-Warning: BADHEADERS: This E-mail was sent from a broken mail client [8008000e]. X-RBL-Warning: IPNOTINMX: X-RBL-Warning: EFFILTER: Message failed EFFILTER test (line 1, weight 0) X-RBL-Warning: EFFILTER5-9: Message failed EFFILTER5-9 test (line 4, weight 40) X-RBL-Warning: GIBBERISH: Message failed GIBBERISH test (line 400, weight 60) (weight capped at 60) X-RBL-Warning: SNIFFER: Message failed SNIFFER: 57. X-RBL-Warning: WEIGHT75: Weight of 438 reaches or exceeds the limit of 75. X-Declude-Sender: [EMAIL PROTECTED] [209.216.105.34] X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. X-Spam-Tests-Failed: SPAMCOP, SBL, AHBL, FIVETEN-SPAMSUPPORT, MAILPOLICE-BULK, SUBJECTSPACES7, NOLEGITCONTENT, BADHEADERS, IPNOTINMX, EFFILTER, EFFILTER5-9, GIBBERISH, SNIFFER, WEIGHT75, WEIGHT100, WEIGHT350, CATCHALLMAILS [438] X-Country-Chain: UNITED STATES-destination X-Note: This E-mail was sent from outmail-01.supplyleadb.com ([209.216.105.34]). Issue 2. I did recive an email in my inbox with no Declude headers. Any
