Re: [Declude.JunkMail] ROUTING
David, I think routing only covers cases where the message starts in the US and exits and than comes back. http://www.mail-archive.com/declude.junkmail@declude.com/msg13204.html If you search the archive about routing and look at the messages specifically from Scott Perry you will get different nuggets of info on how it works. From what I remember is it specifically looks for mail hopping across different regions like US-China-US, etc... Darrell -- Check out http://www.invariantsystems.com for utilities for Declude, Imail, mxGuard, and ORF. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. David Dodell wrote: When I see this: X-Country-Chain: RUSSIAN FEDERATION-NEW ZEALAND-destination Shouldn't this trigger the ROUTING level? Not seeing that getting caught. David --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. -- --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] ROUTING
On Feb 8, 2009, at 8:43 AM, Darrell (supp...@invariantsystems.com) wrote: I think routing only covers cases where the message starts in the US and exits and than comes back. Thanks for the pointer ... yes, that appears to be what is happening. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] ROUTING and COUNTRIES
If Declude is reading this, maybe they could add these values to their Knowledge Base. http://support.declude.com/Customer/KBArticle.aspx?articleid=6KBSearchID=1012 I also found a country code list that included some of the codes Scott mentioned at the bottom of this page: http://it.farmprogress.com/declude/declude.htm Original Message From: Scott Fisher [EMAIL PROTECTED] Sent: Friday, September 16, 2005 4:15 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] ROUTING and COUNTRIES Yes COUNTRIES 0 CONTAINS *A is correct. The Asterick is a literal. codes I know of: *1 Multi-Regional *2 Europe *3 North America *4 Central/South America *5 Pacific Rim *A ARIN Unlisted (North America/South Africa) *B Public Data Network *E RIPE Unlisted (Europe, North Africa, Middle East) *I Private IP *L Loopback *M Multicast *P APNIC Unlisted (Asia Pacific) *R IANA Reserved *U Unknown - Original Message - From: Gary Steiner [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Friday, September 16, 2005 2:06 PM Subject: re: [Declude.JunkMail] ROUTING and COUNTRIES I guess it depends on exactly what text it is searching for. In looking at my log files (set to Debug), I see that when it is checking the COUNTRIES filter I created, it displays a message like Checking countries: *A . Is it actually looking for an asterisk followed by an A? Here are some non-countries and the corresponding text displayed in the log file: [ARIN Unlisted] *A [RIPE Unlisted] *E [IANA Reserved] *R [Unknown] *U Does this mean we should be using a line like COUNTRIES0CONTAINS*A Is that asterisk a literal or will it act as a wildcard? Is anyone using this in a country filter? Original Message From: Nick Hayer [EMAIL PROTECTED] Sent: Friday, September 16, 2005 12:36 PM To: Declude.JunkMail@declude.com Subject: [Declude.JunkMail] ROUTING and COUNTRIES Help from the guru's please... Wouldn't [shouldn't] this email fail the ROUTING test? X-Country-Chain: UNITED STATES-[IANA Reserved]-UNITED STATES-destination X-Note: SMTP Sender: [EMAIL PROTECTED] X-Note: Sent from: [Revdns: [No Reverse DNS]] [RemoteHostDomain: lgvsoft.at] [RemoteIP: 58.142.35.136] [SenderHost: lgvsoft.at] X-Note: Spam [v:2.0.6.16] tests: IP4R.SORBS.DYNAMIC [0], EXTERNAL.CIP.OnlyIp [2], TEST.DYNHELO [5], TEST.REVDNS [0], FILTER.DYNA [5], FILTER.COMBO.DYNHELO.CIP [3] Also - is there a way to determine that this email came from/through a foreign [to the US] source? This email did not trigger on a foreign filter file that contains: COUNTRIES0CONTAINSIANA Reserved Same file has these than never trigger it seems either COUNTRIES0CONTAINSARIN Unlisted COUNTRIES0CONTAINSRIPE Unlisted Thanks! -Nick --- --- [This E-mail scanned for viruses by Declude Virus] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] ROUTING and COUNTRIES
If Declude is reading this... To help comfort those who think we are not paying attention. We read all posts and take notice of everything that is said. I will look at adding this to the Knowledge Base next week. David Barker www.declude.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gary Steiner Sent: Sunday, September 18, 2005 12:11 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] ROUTING and COUNTRIES If Declude is reading this, maybe they could add these values to their Knowledge Base. http://support.declude.com/Customer/KBArticle.aspx?articleid=6KBSearchID=10 12 I also found a country code list that included some of the codes Scott mentioned at the bottom of this page: http://it.farmprogress.com/declude/declude.htm Original Message From: Scott Fisher [EMAIL PROTECTED] Sent: Friday, September 16, 2005 4:15 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] ROUTING and COUNTRIES Yes COUNTRIES 0 CONTAINS *A is correct. The Asterick is a literal. codes I know of: *1 Multi-Regional *2 Europe *3 North America *4 Central/South America *5 Pacific Rim *A ARIN Unlisted (North America/South Africa) *B Public Data Network *E RIPE Unlisted (Europe, North Africa, Middle East) *I Private IP *L Loopback *M Multicast *P APNIC Unlisted (Asia Pacific) *R IANA Reserved *U Unknown - Original Message - From: Gary Steiner [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Friday, September 16, 2005 2:06 PM Subject: re: [Declude.JunkMail] ROUTING and COUNTRIES I guess it depends on exactly what text it is searching for. In looking at my log files (set to Debug), I see that when it is checking the COUNTRIES filter I created, it displays a message like Checking countries: *A . Is it actually looking for an asterisk followed by an A? Here are some non-countries and the corresponding text displayed in the log file: [ARIN Unlisted] *A [RIPE Unlisted] *E [IANA Reserved] *R [Unknown] *U Does this mean we should be using a line like COUNTRIES0CONTAINS*A Is that asterisk a literal or will it act as a wildcard? Is anyone using this in a country filter? Original Message From: Nick Hayer [EMAIL PROTECTED] Sent: Friday, September 16, 2005 12:36 PM To: Declude.JunkMail@declude.com Subject: [Declude.JunkMail] ROUTING and COUNTRIES Help from the guru's please... Wouldn't [shouldn't] this email fail the ROUTING test? X-Country-Chain: UNITED STATES-[IANA Reserved]-UNITED STATES-destination X-Note: SMTP Sender: [EMAIL PROTECTED] X-Note: Sent from: [Revdns: [No Reverse DNS]] [RemoteHostDomain: lgvsoft.at] [RemoteIP: 58.142.35.136] [SenderHost: lgvsoft.at] X-Note: Spam [v:2.0.6.16] tests: IP4R.SORBS.DYNAMIC [0], EXTERNAL.CIP.OnlyIp [2], TEST.DYNHELO [5], TEST.REVDNS [0], FILTER.DYNA [5], FILTER.COMBO.DYNHELO.CIP [3] Also - is there a way to determine that this email came from/through a foreign [to the US] source? This email did not trigger on a foreign filter file that contains: COUNTRIES0CONTAINSIANA Reserved Same file has these than never trigger it seems either COUNTRIES0CONTAINSARIN Unlisted COUNTRIES0CONTAINSRIPE Unlisted Thanks! -Nick --- --- [This E-mail scanned for viruses by Declude Virus] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] ROUTING and COUNTRIES
That's enough to make you paranoid. ;)
Original Message
From: David Barker [EMAIL PROTECTED]
Sent: Sunday, September 18, 2005 2:18 PM
To: Declude.JunkMail@declude.com
Subject: RE: [Declude.JunkMail] ROUTING and COUNTRIES
If Declude is reading this... To help comfort those who think we are not
paying attention. We read all posts and take notice of everything that is
said.
I will look at adding this to the Knowledge Base next week.
David Barker
www.declude.com
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Gary Steiner
Sent: Sunday, September 18, 2005 12:11 PM
To: Declude.JunkMail@declude.com
Subject: Re: [Declude.JunkMail] ROUTING and COUNTRIES
If Declude is reading this, maybe they could add these values to their
Knowledge Base.
http://support.declude.com/Customer/KBArticle.aspx?articleid=6KBSearchID=10
12
I also found a country code list that included some of the codes Scott
mentioned at the bottom of this page:
http://it.farmprogress.com/declude/declude.htm
Original Message
From: Scott Fisher [EMAIL PROTECTED]
Sent: Friday, September 16, 2005 4:15 PM
To: Declude.JunkMail@declude.com
Subject: Re: [Declude.JunkMail] ROUTING and COUNTRIES
Yes COUNTRIES 0 CONTAINS *A is correct. The Asterick is a literal.
codes I know of:
*1 Multi-Regional
*2 Europe
*3 North America
*4 Central/South America
*5 Pacific Rim
*A ARIN Unlisted (North America/South Africa)
*B Public Data Network
*E RIPE Unlisted (Europe, North Africa, Middle East)
*I Private IP
*L Loopback
*M Multicast
*P APNIC Unlisted (Asia Pacific)
*R IANA Reserved
*U Unknown
- Original Message -
From: Gary Steiner [EMAIL PROTECTED]
To: Declude.JunkMail@declude.com
Sent: Friday, September 16, 2005 2:06 PM
Subject: re: [Declude.JunkMail] ROUTING and COUNTRIES
I guess it depends on exactly what text it is searching for. In looking
at
my log files (set to Debug), I see that when it is checking the COUNTRIES
filter I created, it displays a message like Checking countries: *A .
Is
it actually looking for an asterisk followed by an A? Here are some
non-countries and the corresponding text displayed in the log file:
[ARIN Unlisted] *A
[RIPE Unlisted] *E
[IANA Reserved] *R
[Unknown] *U
Does this mean we should be using a line like
COUNTRIES0CONTAINS*A
Is that asterisk a literal or will it act as a wildcard? Is anyone using
this in a country filter?
Original Message
From: Nick Hayer [EMAIL PROTECTED]
Sent: Friday, September 16, 2005 12:36 PM
To: Declude.JunkMail@declude.com
Subject: [Declude.JunkMail] ROUTING and COUNTRIES
Help from the guru's please...
Wouldn't [shouldn't] this email fail the ROUTING test?
X-Country-Chain: UNITED STATES-[IANA Reserved]-UNITED
STATES-destination
X-Note: SMTP Sender: [EMAIL PROTECTED]
X-Note: Sent from: [Revdns: [No Reverse DNS]] [RemoteHostDomain:
lgvsoft.at] [RemoteIP: 58.142.35.136] [SenderHost: lgvsoft.at]
X-Note: Spam [v:2.0.6.16] tests: IP4R.SORBS.DYNAMIC [0],
EXTERNAL.CIP.OnlyIp [2], TEST.DYNHELO [5], TEST.REVDNS [0], FILTER.DYNA
[5], FILTER.COMBO.DYNHELO.CIP [3]
Also - is there a way to determine that this email came from/through a
foreign [to the US] source?
This email did not trigger on a foreign filter file that contains:
COUNTRIES0CONTAINSIANA Reserved
Same file has these than never trigger it seems either
COUNTRIES0CONTAINSARIN Unlisted
COUNTRIES0CONTAINSRIPE Unlisted
Thanks!
-Nick
---
---
[This E-mail scanned for viruses by Declude Virus]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail. The archives can be found
at http://www.mail-archive.com.
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail. The archives can be found
at http://www.mail-archive.com.
---
[This E-mail scanned for viruses by Declude Virus]
---
[This E-mail scanned for viruses by Declude Virus]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail. The archives can be found
at http://www.mail-archive.com.
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail. The archives can be found
at http://www.mail-archive.com.
---
[This E-mail scanned for viruses by Declude Virus]
---
[This E-mail scanned for viruses by Declude Virus]
---
This E-mail came
re: [Declude.JunkMail] ROUTING and COUNTRIES
I guess it depends on exactly what text it is searching for. In looking at my log files (set to Debug), I see that when it is checking the COUNTRIES filter I created, it displays a message like Checking countries: *A . Is it actually looking for an asterisk followed by an A? Here are some non-countries and the corresponding text displayed in the log file: [ARIN Unlisted] *A [RIPE Unlisted] *E [IANA Reserved] *R [Unknown] *U Does this mean we should be using a line like COUNTRIES0CONTAINS*A Is that asterisk a literal or will it act as a wildcard? Is anyone using this in a country filter? Original Message From: Nick Hayer [EMAIL PROTECTED] Sent: Friday, September 16, 2005 12:36 PM To: Declude.JunkMail@declude.com Subject: [Declude.JunkMail] ROUTING and COUNTRIES Help from the guru's please... Wouldn't [shouldn't] this email fail the ROUTING test? X-Country-Chain: UNITED STATES-[IANA Reserved]-UNITED STATES-destination X-Note: SMTP Sender: [EMAIL PROTECTED] X-Note: Sent from: [Revdns: [No Reverse DNS]] [RemoteHostDomain: lgvsoft.at] [RemoteIP: 58.142.35.136] [SenderHost: lgvsoft.at] X-Note: Spam [v:2.0.6.16] tests: IP4R.SORBS.DYNAMIC [0], EXTERNAL.CIP.OnlyIp [2], TEST.DYNHELO [5], TEST.REVDNS [0], FILTER.DYNA [5], FILTER.COMBO.DYNHELO.CIP [3] Also - is there a way to determine that this email came from/through a foreign [to the US] source? This email did not trigger on a foreign filter file that contains: COUNTRIES0CONTAINSIANA Reserved Same file has these than never trigger it seems either COUNTRIES0CONTAINSARIN Unlisted COUNTRIES0CONTAINSRIPE Unlisted Thanks! -Nick --- --- [This E-mail scanned for viruses by Declude Virus] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] ROUTING and COUNTRIES
Yes COUNTRIES 0 CONTAINS *A is correct. The Asterick is a literal. codes I know of: *1 Multi-Regional *2 Europe *3 North America *4 Central/South America *5 Pacific Rim *A ARIN Unlisted (North America/South Africa) *B Public Data Network *E RIPE Unlisted (Europe, North Africa, Middle East) *I Private IP *L Loopback *M Multicast *P APNIC Unlisted (Asia Pacific) *R IANA Reserved *U Unknown - Original Message - From: Gary Steiner [EMAIL PROTECTED] To: Declude.JunkMail@declude.com Sent: Friday, September 16, 2005 2:06 PM Subject: re: [Declude.JunkMail] ROUTING and COUNTRIES I guess it depends on exactly what text it is searching for. In looking at my log files (set to Debug), I see that when it is checking the COUNTRIES filter I created, it displays a message like Checking countries: *A . Is it actually looking for an asterisk followed by an A? Here are some non-countries and the corresponding text displayed in the log file: [ARIN Unlisted] *A [RIPE Unlisted] *E [IANA Reserved] *R [Unknown] *U Does this mean we should be using a line like COUNTRIES0CONTAINS*A Is that asterisk a literal or will it act as a wildcard? Is anyone using this in a country filter? Original Message From: Nick Hayer [EMAIL PROTECTED] Sent: Friday, September 16, 2005 12:36 PM To: Declude.JunkMail@declude.com Subject: [Declude.JunkMail] ROUTING and COUNTRIES Help from the guru's please... Wouldn't [shouldn't] this email fail the ROUTING test? X-Country-Chain: UNITED STATES-[IANA Reserved]-UNITED STATES-destination X-Note: SMTP Sender: [EMAIL PROTECTED] X-Note: Sent from: [Revdns: [No Reverse DNS]] [RemoteHostDomain: lgvsoft.at] [RemoteIP: 58.142.35.136] [SenderHost: lgvsoft.at] X-Note: Spam [v:2.0.6.16] tests: IP4R.SORBS.DYNAMIC [0], EXTERNAL.CIP.OnlyIp [2], TEST.DYNHELO [5], TEST.REVDNS [0], FILTER.DYNA [5], FILTER.COMBO.DYNHELO.CIP [3] Also - is there a way to determine that this email came from/through a foreign [to the US] source? This email did not trigger on a foreign filter file that contains: COUNTRIES0CONTAINSIANA Reserved Same file has these than never trigger it seems either COUNTRIES0CONTAINSARIN Unlisted COUNTRIES0CONTAINSRIPE Unlisted Thanks! -Nick --- --- [This E-mail scanned for viruses by Declude Virus] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] ROUTING
I've had several pieces of spam make it through that included routing from the U.S. to another country and then back to the U.S. as indicated in the headers below. Shouldn't this trigger the ROUTING test? X-Country-Chain: UNITED STATES-FRANCE-UNITED STATES-destination It depends on the specific IPs involved -- the ROUTING test is not as granular as the geolocation, so the ROUTING test may not detect certain routing that you think it might. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Routing Questions
Received: from 82-44-97-74.cable.ubr05.croy.blueyonder.co.uk [82.44.97.74] by myserver.mydomain.com (SMTPD32-8.12) id A2FC109014A; Thu, 17 Jun 2004 03:31:24 -0700 X-Message-Info: M910kloPMXge5x274W205+aumRB668UNfe Received: from mail98522.juzoq.overture.com ([151.226.174.214]) by hg94-we19.overture.com with Microsoft SMTPSVC(5.0.2195.6824); Thu, 17 Jun 2004 01:35:20 +0200 ... What happens in this case where the email is routed through several servers to get to my user. Does Declude check all the paths or just the last one that it received it from. It appears that Declude would know about the other routes because they are mentioned in the headers. That depends on how you have Declude JunkMail set up. By default, Declude JunkMail will only scan the IP that connected to you (which is what most people historically have done with anti-spam software). However, Declude JunkMail is very flexible; you can have it bypass gateways/backups of yours, and you have it scan multiple hops if you want to. Normally this is only necessary if either you have gateways/backups, or if you have people forwarding E-mail from another address that does not scan the E-mail for spam. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
