Title: Message
Correct.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-Original Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Danny Klopfer
Sent: Sunday,
November 09, 2003 5:27 PM
To: [EMAIL PROTECTED]
Subject: RE: [0] RE:
Can I have Whitelist File in the Global.cfg ?
whitelistfile d:\Imail\Declude\mywhitelist.txt
Thanks,
Kris McElroy
[EMAIL PROTECTED]
Chief Technology Officer
Duracom, INC.
www.duracom.net
I am always doing that which I can not do, in order that I may learn how to
do it.
---
[This
Can I have Whitelist File in the Global.cfg ?
No. It only applies to config files for incoming E-mail.
-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
Declude Virus: Catches known viruses and is the leader in
Hello,
I'm testing out the ATTACH and MAILBOX options. In web messaging many of
the Declude tagged MAILBOX and ATTACH messages do not display the Declude
spam hider info. or appear as attachments. Is this are there workarounds
for web messaging? I'm using Declude 1.75 and Imail 8.03.
I'm testing out the ATTACH and MAILBOX options. In web messaging many of
the Declude tagged MAILBOX and ATTACH messages do not display the Declude
spam hider info. or appear as attachments. Is this are there workarounds
for web messaging?
I believe that IMail's web messaging doesn't support
Is support for emails within emails required to preface the original email
with...
You have spam!
Subject:%SUBJECT%
From: %MAILFROM%
Tests Failed: %TESTSFAILED%
To view the E-mail, just click the attachment.
Burzin
At 02:22 PM 11/10/2003, you wrote:
I'm testing out the
BODY5 CONTAINS href=#104;#116;#116;#112;
Should there by any reason why the above filter entry wouldn't be triggered
on an email that contains that string in the html source?
What am I doing wrong?
Darrell
---
[This E-mail was scanned for viruses by Declude Virus
I'm sorry, I was referring specifically to web messaging.
Burzin
At 03:04 PM 11/10/2003, you wrote:
Is support for emails within emails required to preface the original
email with...
You have spam!
Subject:%SUBJECT%
From: %MAILFROM%
Tests Failed: %TESTSFAILED%
To view the
Are you sure it didn't contain a line break in the source?
Try out my OBFUSCATION filter. I've attached it since I haven't had
time to comment it up appropriately and put it on my site.
Matt
Darrell LaRock wrote:
BODY 5 CONTAINS href=#104;#116;#116;#112;
Should there by any reason why the
I spoke with one of our programmers regarding a simple idea I had to allow us to
simplify white list
administration via the Web. All we have to do is upload new entries in a text file and
have them
automatically added to my existing white list text file. But he wants to install a
Microsoft .NET
If you are going to try to get ASP.net to work it will not on NT. the .net
frame work will function but the IIS portion will not.
If you want to use ASP.net the you need to update to Windows 2000
Kevin Bilbee
Network Administrator
Standard Abrasives, Inc.
[EMAIL PROTECTED]
We've had quite a bit of spam getting through lately, all with a similarly
formatted subject line:
X-F: xxx Mon Nov 10 15:23:57 2003
Received: from h51n1fls34o281.telia.com [213.66.91.51] by xxx
(SMTPD32-6.06) id A3D216140152; Mon, 10 Nov 2003 15:23:46 -0500
Received: from 206.147.156.5 by
Scot Desort wrote:
Notice the %RND_UC_CHAR[2-8] in the subject. Looks like broken spam
software that is supposed to insert RaNDom characters into the subject.
We've seen this coming from a variety of sources. I guess we can just filter
for that string in the SUBJECT? It's not failing enough tests
Scot,
Yep, seen quite a few %RND_UC_CHAR, also have seen rndline in the subject
from different broken spamware.
I have added the following to my subject filter to push them over the edge.
SUBJECT 20 CONTAINS%RND_
SUBJECT 20 CONTAINSrndline
Fritz
Frederick P. Squib,
I am running IMAIL 7.15 and Declude 1.75. I knew I had a big no-no in
my Global file; whitelist from prudentialrand.com. A spammer has now
been exploiting it. How can I get my users whitelisted so they can
communicate with each other without worrying about being filtered
without letting the
Matt,
Great job on the filters...Thanks.
Here is one in it's entirety from one of my spamtraps, only the names have
been changed to protect my 'honeypot'.
Fritz
Frederick P. Squib, Jr.
Network Operations/Mail Administrator
Citizens Telephone Company of Kecksburg
http://www.wpa.net
() ascii
Whitelisting by IP is the safest since it is the hardest to spoof.
Whitelisting by reverse DNS would do no better than by IP because you
have off-network users connecting directly to your mail server (seen
with that X-Declude-Sender entry), so choose IP over reverse DNS. The
best solution
FYI:We have Sniffer and it has been catching these for us.
- Original Message -
From: Fritz Squib [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, November 10, 2003 10:26 PM
Subject: RE: [Declude.JunkMail] some spam slipping through...
Matt,
Great job on the filters...Thanks.
Matt:
The FOREIGN/TLD filter set that I shared yesterday for instance would
have added at least 3 points to this message and possibly two more
depending on the X-Declude-Sender which you cut out.
I saw your post and I have not yet added that filter. I will be reviewing it
shortly and plan on
Fritz,
Well, you did pretty well on tagging that one I would say :) You caught
it with a SPAMDOMAINS entry for instance, and I can't verify if Message
Sniffer would catch this. The only additional scoring that my server
would have levied outside of Message Sniffer would have been with my
Scot,
The dictionary randomization is obviously a better system and won't get
tagged by many of my tests. The DYNAMIC filter would have scored this
one though, as well as some others. It would be a good idea to look at
adding canada.com to SPAMDOMAINS if you can find the standard reverse
DNS
Greetings All,
What is the Declude Virus/Junkmail Imail process order
for emails sent to the server and are mailbox forwards
treated different then standard mailboxes??
Thanks,
Mike
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the
Imail SMTP Kill.lst and Control Access lists.
Declude Virus
Declude Hijack
Declude JunkMail
Imail Rules
For Imail 8.x, the following is true:
Imail SMTP Kill.lst and Control Access lists.
Imail AntiSpam checks (if used)
Declude Virus
Declude Hijack
Declude JunkMail
Imail AntiSpam statistical
23 matches
Mail list logo