I've got a custom filter that isn't generating any error messages, but fails
to catch the spam I want it to. Perhaps someone could point out the
problem?
From my Global.CFG:
SPAMFILTER filter D:\IMail\Declude\spamfilter.txt x 0 0
From spamfilter.txt:
MAILFROM 0 CONTAINS $stderr$
MAILFROM 0
I've got a custom filter that isn't generating any error messages, but fails
to catch the spam I want it to. Perhaps someone could point out the
problem?
From spamfilter.txt:
MAILFROM 0 CONTAINS $stderr$
MAILFROM 0 CONTAINS $bounce$
MAILFROM 0 CONTAINS $odc.ca$@
The problem is the $ in there --
I understood the $'s to behave as wildcards. Removing them will work for
the stderr, and bounce rules but if I leave odc.ca in there without a
wildcard and an @ it will drop all internal mail. Is there another way I
can fix this? Also, what can I do to ensure the proper config files are
used?
Rob,
Wednesday, July 9, 2003 you wrote:
RS I understood the $'s to behave as wildcards.
Just as a matter of interest where did you get the idea that $
was a wildcard character?
Terry Fritts
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This
I understood the $'s to behave as wildcards. Removing them will work for
the stderr, and bounce rules but if I leave odc.ca in there without a
wildcard and an @ it will drop all internal mail. Is there another way I
can fix this?
Declude JunkMail doesn't include wildcards.
For the odc.ca rule,
That's the HOLD action. Although you can use it, the HOLD action will
prevent the E-mail from being delivered. So if you use the HOLD action,
the recipient will not receive the E-mail.
Right, I understand that option, which is why I'd prefer to be able to COPY
the lower weighted mails to be
That's the HOLD action. Although you can use it, the HOLD action will
prevent the E-mail from being delivered. So if you use the HOLD action,
the recipient will not receive the E-mail.
Right, I understand that option, which is why I'd prefer to be able to COPY
the lower weighted mails to be
It sounds like you're looking for an action that acts like the HOLD action
(by copying the Q*.SMD and D*.SMD files to a specific directory), but also
delivers the E-mail. Unfortunately, there isn't anything like that in
Declude JunkMail.
Right, that's what I was looking for. It makes sense
Just as a matter of interest where did you get the idea that $
was a wildcard character?
The way its written in the manual it just looked like it would be a
wildcard. You can't have a $ sign in a valid domain name or an email
address so I just assumed thats what it was. On closer
I just started seeing junkmail that is addressed to an everyone@ the
mailserver domain name. It looks like the real message was sent to an
email address at a domain hosted on that mailserver and the everyone@
was added. Is this a new technique?
Thanks
David Stavert
---
[This E-mail was scanned
Just as a matter of interest where did you get the idea that $
was a wildcard character?
The way its written in the manual it just looked like it would be a
wildcard. You can't have a $ sign in a valid domain name or an email
address so I just assumed thats what it was.
Thanks for
Scott,
How can I add a weight to this email message?
--
Received: from airip2.emailvalues.com [65.60.9.93] by mx2.cooking.com
(SMTPD32-7.07) id AC6A688008A; Tue, 08 Jul 2003 12:32:58 -0700
From: Weight Loss [EMAIL PROTECTED]
Could he not copy the messages to a special user, then use the command
line to move all the *.SMD to the SPAM directory from that user's mailbox?
Set up a batch file and schedule the task to move them every few minutes?
-Original Message-
From: R. Scott Perry
It sounds like you're
How can I add a weight to this email message?
--
Received: from airip2.emailvalues.com [65.60.9.93] by mx2.cooking.com
(SMTPD32-7.07) id AC6A688008A; Tue, 08 Jul 2003 12:32:58 -0700
The REVDNS hostname is
Hello, All,
We are using DJM Pro. I'm having an issue with a message that I don't think
should have been delivered.
Here are the headers...
-
Received: from out017.tpcper.com [69.24.239.37] by pagerover.com
(SMTPD32-6.06) id A4323AA80134; Sun, 06 Jul 2003 15:10:42 -0400
To: [EMAIL PROTECTED]
We are using DJM Pro. I'm having an issue with a message that I don't think
should have been delivered.
X-Spam-Tests-Failed: OSSRC, EASYNET-DNSBL, IPNOTINMX, WEIGHT05, WEIGHT07,
WEIGHTRANGE05-59, WEIGHTRANGE07-59 [8]
For the life of me I cannot figure out why this was delivered to the
Scott,
I understand your point but would it be possible to do a DNS lookup on the RDNS
hostname.
The IP address that is returned should match the IP address that they used.
In your case it would match, but in this case 93.9.60.65.in-addr.arpa does not even
have an record. I am looking for a
Please remember to restart the services too... :) Glad I could help.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mike Kruidhof
Sent: Wednesday, July 09, 2003 12:38 PM
To: [EMAIL PROTECTED]
Scott,
I understand your point but would it be
Perhaps blocking on odc.ca. would be the best option here (including the
. at the end)?
Hey! Good idea. Dropping that in right now.
Thanks ;)
Rob Salmond
Ontario Die Company
(519)-576-8950 ext. 132
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
Finally getting around to updating my Declude Junkmail config. I would
like to use the REDIRECT command, but want to make sure I'm using it
correctly before throwing myself to the wolves! :)
1. Using the REDIRECT command, I don't need the domain folders. For
example: I'm a mail gateway for
We are seeing several spam emails delivered to our clients which are
apparently able to bypass JMPro filters as there is no X-Declude-Sender line
in the header. Can anyone explain why it is missing (see sample header
below)?
X-RBL-Warning: EASYNET-DNSBL: Blacklisted by easynet.nl DNSBL -
Perhaps blocking on odc.ca. would be the best option here (including the
. at the end)?
Hey! Good idea. Dropping that in right now.
Thanks ;)
Rob Salmond
Ontario Die Company
(519)-576-8950 ext. 132
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This
2. In the archives, ( This message specifically
http://www.mail-archive.com/[EMAIL PROTECTED]/msg09131.html)
it says to put the configuration in the global.cfg file. However, if I'm
reading the manual correctly, it says to put the configuration in
$default$.junkmail.
It should actually be
2. In the archives, ( This message specifically
http://www.mail-archive.com/[EMAIL PROTECTED]/msg09131.html)
it says to put the configuration in the global.cfg file. However, if
I'm reading the manual correctly, it says to put the configuration in
$default$.junkmail.
It should actually be
Scott
I had this problem with a domain that was not on my server and wanted to use
REDIRECT to point ot another junkmail file. But it always used the outbound
settings in the global.cfg.
You said when I had the issue you were going to have this fixed in a future
beta release. Has it been
I had this problem with a domain that was not on my server and wanted to use
REDIRECT to point ot another junkmail file. But it always used the outbound
settings in the global.cfg.
You said when I had the issue you were going to have this fixed in a future
beta release. Has it been fixed
The
At 02:39 PM 7/9/2003, you wrote:
I had this problem with a domain that was not on my server and wanted to use
REDIRECT to point ot another junkmail file. But it always used the outbound
settings in the global.cfg.
You said when I had the issue you were going to have this fixed in a future
beta
.tpcper is Topica. They come out with new spamming domains continuously while keeping
their IPs fixed. Blocking their IPs however, also blocks all the newsletters they
publish. I've been testing their removal system for the last 2 months, if you enter
the recipients email address here with
I had a very interesting and nice talk with the CEO of Topica at ISPCon in
April. She was very proactive on the double opt-in service and to get their
higher level of service, you must be double opt-in only! I encouraged her to
set a deadline for everyone on their servers to be double opt-in and
The asumption is that multiple folders are needed, you are running multiple domains
through the same gateway. I've been using REDIRECT for over a year and there are
advantages to customization, being able to REDIRECt with some and SUBJECT with others,
or different versions of each.
Thought these might be of interest:
New site spoofs PayPal to get billing information
http://maccentral.macworld.com/news/2003/07/09/paypal/
Congress fights over spam opt-in rules
http://maccentral.macworld.com/news/2003/07/09/spam/
---
[This E-mail was scanned for viruses by
The harvesting attempt is increasing every day.
In 1 hour period , i can see minimum 20 different ip address trying to
harvest user database.
Many connection is made from the same user via proxy but it is really
annoying for mail servers to deal with many ip address and
to waste processor time
Just to let everyone know so others don't get hit with it, I just had a Spam
attack/Bomb from one particular location. As soon as I found out I blocked
everything possible and things are working. It was so bad that it killed the
server. It came from:
[217.16.118.12] MAIL From:[EMAIL PROTECTED]
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Jeff Kratka
Sent: Wednesday, July 09, 2003 5:29 PM
To: [EMAIL PROTECTED]
Subject: [Declude.JunkMail] Spam Attack
Just to let everyone know so others don't get hit with it, I just
had a Spam
Scott,
We use the default XSENDER ON option in the Global.cfg file. The weird thing
is that 98% of our email headers do have the X-DECLUDE-SENDER line listed
properly.
Thank You,
JR Tatum, President
Performance Dimensions, Inc.
(336) 774-1849
mailto:[EMAIL PROTECTED]
http://www.triadnetwork.com
Scott
If the domain is remote the redirect does not work because it is
considered outgoing so the rules in the global.cfg are used. But when there
is a domain level junkmail file specified for the remote domain declude
processes the remote domain using the default.junkmail file for that domain.
Is may missing from the archives
I am looking for a thread from May and I can not seem to find it. I have
some of the messages saved locally but I am missing a few.
I even search on the word header and nothing in May. Try searching
Logging Nothing in April or May.
I find this hard to
Scott,
I found your email to me about this issue. Take a look what you wrote
-Original Message-
From: R. Scott Perry [mailto:[EMAIL PROTECTED]
Sent: Friday, May 23, 2003 5:16 AM
To: Kevin Bilbee
Subject: RE: [Declude.JunkMail] Logging request
That is correct but the only
They had a big outage during that time.
John Tolmachoff MCSE CSSA
Engineer/Consultant
eServices For You
www.eservicesforyou.com
-Original Message-
From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
[EMAIL PROTECTED] On Behalf Of Kevin Bilbee
Sent: Wednesday, July 09, 2003 5:57 PM
I finally have had the chance to upgrade to 1.65 and need a little help on
a couple of things
I have in my global.cfg file a couple of tests:
BLACKLISTIP ipfile E:\IMail\Declude\ipblacklist.txt x 20 0
BLACKLISTDOMAIN filter E:\IMail\Declude\domainblacklist.txt x 20 0
one is an ip address test
I just checked the log files again and I am seeing this:
07/09/2003 20:26:04 Qc0a12c1600c8a399 Msg failed BLACKLISTIP ( This is a
spam IP address). Action=DELETE.
07/09/2003 20:26:04 Qc0a12c1600c8a399 Msg failed BLACKLISTDOMAIN (Message
failed BLACKLISTDOMAIN test (79)). Action=DELETE.
So it
I first thought that but there are different messages, just bad jokes each message.
There were also some viruses atteched which were caught.
Jeff
-- Original Message --
From: Kevin Bilbee [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
Date: Wed, 9 Jul
These IP addresses are blacklisted as an open relay in ORDB etc.
Check http://www.dnsstuff.com/tools/ip4r.ch?ip=217.16.118.12
Cheers
Adrian
-
- Original Message -
From: Jeff Kratka [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday,
Scott:
Does spoolviewer.exe look at the registry to determine the actual spool
location?
We just moved our spool to a different physical volume to improve
performance...
D:\imail\spool - e:\imail\spool
everything else remained on D except the spool.
Everything is functioning great (doubled our
44 matches
Mail list logo