Re: [Declude.JunkMail] IP block
One option here would be to use a line HOPHIGH 2 in your \IMail\Declude\global.cfg file, which would scan the first two hops, which would also cause the 222.126.26.96 IP to be scanned. Hold on, maybe I have misunderstood the hophigh feature all this time. Do you mean to say that by using hophigh 2 I test all ip-numers in the first *and* in the second hop? Correct. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. This outgoing message is guaranteed to be authentic by Message Level users. Guarantee the authenticity of your email @ http://www.messagelevel.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] IP block
Below is the header I caught with an IMAIL rule but it should be caught with a Declude rule (I think) I have all email coming from 222.0.0.0/8 being deleted and this one was notthe first IP 63.238.52.97 is my first layer of filtering that is in house... The problem is that: Received: from theoracle.apid.com [63.238.52.97] by ethixs.com with ESMTP (SMTPD32-7.11) id AABA26F50386; Sun, 28 Nov 2004 14:44:58 -0500 Received: by theoracle.apid.com (Postfix, from userid 777) id 8AB2724FFB; Sun, 28 Nov 2004 13:46:39 -0600 (CST) Received: from adsl-68-251-177-107.dsl.ipltin.ameritech.net (adsl-68-251-177-107.dsl.ipltin.ameritech.net [68.251.177.107]) by theoracle.apid.com (Postfix) with SMTP id 10A9F24FB4; Sun, 28 Nov 2004 13:46:36 -0600 (CST) Received: from reprehensible.mail.shawcable.net (222.126.26.96)by 63.238.52.89; Sun, 28 Nov 2004 18:30:24 -0800 This E-mail actually came from 68.251.177.107. That IP *may* have received it from 222.126.26.96, but unless you can trust that IP, you have to assume that it really came from 68.251.177.107. One option here would be to use a line HOPHIGH 2 in your \IMail\Declude\global.cfg file, which would scan the first two hops, which would also cause the 222.126.26.96 IP to be scanned. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. This outgoing message is guaranteed to be authentic by Message Level users. Guarantee the authenticity of your email @ http://www.messagelevel.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Ip block
Noticed here a little while ago a spammer that was basically trying a dictionary attack on our imail server. If I IP blacklist this sender in declude he can still do his dictionary attack right ? That is correct. Declude won't see his IP until an E-mail actually arrives (and even then, would only be able to block the E-mail that got through). So only way to make sure he doesn't tie up my server resources is to add him to Imail Kill list ? That is correct. FYI ip is 62.254.178.50 You are lucky that they are only using one IP. G -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
