ost (e.g., the configured name used in
the HELO).
Best Regards
Andy Schmidt
H&M Systems Software, Inc.
600 East Crescent Avenue, Suite 203
Upper Saddle River, NJ 07458-1846
Phone: +1 201 934-3414 x20 (Business)
Fax:+1 201 934-9206
http://www.HM-Software.com/
-Original Message-
0 and 19.). Action=SUBJECT.
06/05/2003 17:51:09 Qbb4535320128b6b9 Subject: Screen shots: Merrill Lynch
store
06/05/2003 17:51:09 Qbb4535320128b6b9 From: [EMAIL PROTECTED] To:
[EMAIL PROTECTED] IP: 12.29.228.5 ID:
<[EMAIL PROTECTED]5.228.29.12.in-addr.arpa
Best Regards
Andy Schmidt
Phone: +
Unfortunately - not.
Best Regards
Andy Schmidt
H&M Systems Software, Inc.
600 East Crescent Avenue, Suite 203
Upper Saddle River, NJ 07458-1846
Phone: +1 201 934-3414 x20 (Business)
Fax:+1 201 934-9206
http://www.HM-Software.com/
-Original Message-
From: [EMAIL PROTE
the bounce got back to me).
Best Regards
Andy Schmidt
H&M Systems Software, Inc.
600 East Crescent Avenue, Suite 203
Upper Saddle River, NJ 07458-1846
Phone: +1 201 934-3414 x20 (Business)
Fax:+1 201 934-9206
http://www.HM-Software.com/
--- Message which triggered moderation
Here two big international ones:
t-online.de t-online.com
wanadoo.fr
Best Regards
Andy Schmidt
H&M Systems Software, Inc.
600 East Crescent Avenue, Suite 203
Upper Saddle River, NJ 07458-1846
Phone: +1 201 934-3414 x20 (Business)
Fax:+1 201 934-9206
http://www.HM-Software
ompliant headers!
For all other purposes you have the SPAMHEADERS test that is
designed/advertised to be "flexible" and which is expected to "adopt" based
on occurrence of certain issues in the "wild" - so THERE it would make sense
to leave the MessageID FQDN check out
Title: Message
Hi
Scott:
Shouldn't this message ID cause a "BADHEADERS"
failure:
Message-ID: <[EMAIL PROTECTED]>
since
"athlon" is not guaranteed to be a unique occurrence (because it's not a
FQDN)?
-Original Message-
Received:
from athlon [208.169.85.246] by hm-software.com
Hi,
Has anyone found a way to allow MS SMTP to receive domain literal addresses
(as required by RFC 1123). Exchange Server has the following kb entry:
http://support.microsoft.com/default.aspx?scid=kb;en-us;194742
But I found none for the stand-alone MS (IIS) SMTP component?
Best Regards
Andy
organize a mutual project. Whoever is assigned to that account at your firm
is not doing their job. They should charge them for about 2 minutes of
consulting services - that's how little time it takes for someone who is the
least bit knowledgable to straighten out their domain.
Best Regar
Hi Scott:
No - neither was the case - those were normal "firstname.lastname" email
addresses.
Best Regards
Andy Schmidt
Phone: +1 201 934-3414 x20 (Business)
Fax:+1 201 934-9206
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of R. S
records.
X-Declude: Version 1.70i1; D7c05147f0162cb7b.SMD from gateway1.skubi.com
[12.3.242.12]
X-Declude: Triggered MAILFROM, HELOBOGUS, IPNOTINMX, NOLEGITCONTENT [3]
X-Countries: UNITED STATES->destination
Return-Path: <[EMAIL PROTECTED]>
X-Spam-Prob: 0.768622
Best Regards
Andy Schmidt
Phone: +1 201 934-
who is sending email through your ISP's smtp server.
I have been using the SPAMDOMAINS quite successfully - but I'm limiting
myself just to the most frequently used/faked sender domains.
Best Regards
Andy Schmidt
H&M Systems Software, Inc.
600 East Crescent Avenue, Suite 203
Upper
;; ADDITIONAL SECTION:
mx.excitenetwork.com. 300 IN A 63.108.110.20
;; Query time: 121 msec
;; SERVER: 204.189.38.2#53(204.189.38.2)
;; WHEN: Fri May 30 11:51:56 2003
;; MSG SIZE rcvd: 116
==
Bill
- Original Message -
From: "Andy Schmidt" <[
Bill,
You need to update:
excite.com excitenetwork.com
Best Regards
Andy Schmidt
H&M Systems Software, Inc.
600 East Crescent Avenue, Suite 203
Upper Saddle River, NJ 07458-1846
Phone: +1 201 934-3414 x20 (Business)
Fax:+1 201 934-9206
http://www.HM-Software.com/
---
[This E-
ounce on:
Any OSDUL/OSSOFT
Weight >= 10
Hold on:
Any MailFrom/Percent
I delete on:
Weight >= 20
If someone needs assistance who gets caught by the MailFrom/Percent or
OSDUL/OSSOFT and all your test does is reduce weights - I assume the
people's emails would still not get through?
Hi,
Would be nice if Declude could be told not insert a header if one already
exists, e.g.:
XUNIQUEINHEADER Return-Path: <%MAILFROM%>
Best Regards
Andy Schmidt
H&M Systems Software, Inc.
600 East Crescent Avenue, Suite 203
Upper Saddle River, NJ 07458-1846
Phone: +1 201 93
lead to
an endless "confirmation request loop".
Best Regards
Andy Schmidt
H&M Systems Software, Inc.
600 East Crescent Avenue, Suite 203
Upper Saddle River, NJ 07458-1846
Phone: +1 201 934-3414 x20 (Business)
Fax:+1 201 934-9206
http://www.HM-Software.com/
s are:
10 post-com.mr.outblaze.com. [TTL=86400] IP=205.158.62.23 (No Glue)
[TTL=21600]
20 post-com-bk.mr.outblaze.com. [TTL=86400] IP=205.158.62.23 (No Glue)
[TTL=21600]
Best Regards
Andy Schmidt
H&M Systems Software, Inc.
600 East Crescent Avenue, Suite 203
Upper Saddle River, NJ 07458-1846
Phon
;pending"
challenges with the sender email address.
Best Regards
Andy Schmidt
H&M Systems Software, Inc.
600 East Crescent Avenue, Suite 203
Upper Saddle River, NJ 07458-1846
Phone: +1 201 934-3414 x20 (Business)
Fax:+1 201 934-9206
http://www.HM-Software.com/
o PREWHITELIST ON option to automatically bypass spam tests for
E-mail
from whitelisted IPs or whitelisted return address. <<
Can you think of any reason why someone should not have this on (other than
possibly seeing failed tests in the logs?)
Best Regards
Andy Schmidt
H&M Systems Software, In
Hi:
>> "ORDB hatte für den Open-Relay-Check zwei GMX-Adressen verwendet, die
nicht auf SMTP-Auth konfiguriert waren." In der eigenen
Open-Relay-Definition beschreibe ORDB ein solches System aber als einen
Mail-Server, der Nachrichten weiterleite, "bei denen weder der Sender noch
der Empfänger ein
Title: Message
That's
why I'd like to see the confirmation request implemented as a "weighted" action,
e.g., if someone does not have RDNS defined (thus runs a 'stealth' server) or is
listed on any open relay list - then THEIR system needs fixing and THEY control
whether MY system will requi
Hm, Scott:
I may be off-base here, but I would imagine this could work:
A) Declude inspects the D... and Q... File, correct?
B) once Declude decides, that there is a "TO" whitelist for a particular
email, it will determine if the "Q" file lists more than one "R" line
(Recipient).
C) if there is
Uh - okay. I thought there was a file I had downloaded once before - but
when I saw no mention in the Junkmail/manual.htm I thought I was
remembering wrong.
Thanks.
Best Regards
Andy Schmidt
H&M Systems Software, Inc.
600 East Crescent Avenue, Suite 203
Upper Saddle River, NJ 07458-1846
P
38-151.adsl.pl.apol.com.tw [218.187.138.151]
X-Countries: [APNIC Unlisted]->destination
Return-Path: <[EMAIL PROTECTED]>
X-RCPT-TO: <[EMAIL PROTECTED]>
Status: U
X-UIDL: 348102362
Best Regards
Andy Schmidt
H&M Systems Software, Inc.
600 East Crescent Avenue, Suite 203
Upper Saddle Rive
>> Are you sure you matched this up correctly? <<
Declude Version 1.68i5.
Here is "the chain of evidence" I followed:
A) The snippet of our own, highly informative, bounce message showing the
DECLUDE variables:
... (verbose text omitted) ...
Mail Server: 161.225.2.41 for target.com [targe
Hi Scott:
This one returned code 802c (This E-mail has a bogus Date: header.) -
however, the Date: header does look just fine?
May be the problem is the "Subject" header - as it appears to "wrap" around
into a second line? But, then again, multi-line headers appear to be quite
normal, becaus
y of hardware,
software, operating system and application brands all can communicate
across the one Internet.
Best Regards
Andy Schmidt
Phone: +1 201 934-3414 x20 (Business)
Fax:+1 201 934-9206
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mai
Hi:
"Adds %IP4R%, %RHSBL%, %MAILFROMBL% and %HELO% variables."
Okay, I can guess what IP4R and HELO inserts - but what do strings do the
two "...BL"s insert?
Where are those variables valid?
A) in Declude SMTP headers?
B) in alert/bounce messages templates?
C) in ... ?
telist and not include total weights that are equal/less
than 0), e.g. a %TESTSRESULT% variable that inserts the string "PASSED"
(if whitelisted or total weight <= 0) or the string "FAILED" in any other
case that at least one test failed.
Best Regards
Andy Schmidt
H&M
y expire unused entries.
Any feature where future "false positives" can be reduced and their
management can be totally automated is highly desirable and worth an upgrade
charge.
Best Regards
Andy Schmidt
H&M Systems Software, Inc.
600 East Crescent Avenue, Suite 203
Upper Saddle River, N
ew "PASS" action. Then I could (ab)use the "ipfile" option to define
an IP whitelist and define the "PASS" action (to let mail pass), which
hopefully would supercede all other actions based on other tests.
Best Regards
Andy Schmidt
H&M Systems Software, Inc.
g a $Junkmail file in there?
Otherwise, the gateway support doesn't seem to be well thought through?
Best Regards
Andy Schmidt
Phone: +1 201 934-3414 x20 (Business)
Fax:+1 201 934-9206
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mai
entry, if I intentionally send an email where
the MAILFROM is bogus.
What am I doing wrong?
Best Regards
Andy Schmidt
Phone: +1 201 934-3414 x20 (Business)
Fax:+1 201 934-9206
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came fro
Hi,
>> not one message deleted by Declude was a false positive <<
John, how would you know - since they were DELETED and you have no way to
determine their content after the fact?
Best Regards
Andy Schmidt
Phone: +1 201 934-3414 x20 (Business)
Fax:+1 201 934-9206
---
[Thi
Hi,
this list has served me well so far:
HELO8 CONTAINS$domain
REVDNS 8 ENDSWITH.a83c9d.net
REVDNS 8 ENDSWITH.are.net
REVDNS 8 ENDSWITH.azogle.com
REVDNS 8 ENDSWITH.bestpost.net
>> These are just the defaults for creating new users,
The limits themselves are actually set on the userlevel. <<
No - they are NOT.
I went through this with IPSwitch when messages were rejected for an inbound
IP address (IP bound domain), even though the VIRTUAL domain and INDIVIDUAL
users were
Sorry - I can't tell whether your old Imail 5 has that feature - or, whether
it was added in Version 6 or 7. I would consult IPswitch's web site for
historic information going that many years back. I started with Imail 4 and
don't recall if/that it WAS added after that - but I may not have paid
a
Why not control the message size in Imail - you can set it per domain and, I
believe, per user.
If the message exceeds the max message size, Imail will reject it - and it
will result in a bounce from the SENDING server.
In fact, Imail's ESMTP will announce the max message size to the sending
serv
t&cache=off
I started seeing the CORRECT information (and it refreshed your cache).
So - I believe in the "ip=!NET..." detail screen your CACHE OFF link is
constructed incorrectly.
Best Regards
Andy Schmidt
H&M Systems Software, Inc.
600 East Crescent Avenue
Suite 203
Upper Saddle R
2653.19)
id ; Sun, 26 Jan 2003 21:38:19 -0500
Message-ID: <21E9B609A3EED511A4BA000255225A880127305A@EXCHANGE1>
From: "Berardinelli, Dave" <[EMAIL PROTECTED]>
To: Andy Schmidt <[EMAIL PROTECTED]>
Cc: "Roy, Charles" <[EMAIL PROTECTED]>
Subject: R
Test Email - Please Ignore
01/17/2003 13:41:51 Q4e6d4dac00e4e077 From: [EMAIL PROTECTED] To:
[EMAIL PROTECTED]
even though the email was addressed to my alias domain of:
[EMAIL PROTECTED]
Best Regards
Andy Schmidt
Phone: +1 201 934-3414 x20 (Business)
Fax:+1 201 934
Scott,
would you like for me to downloaded a new interim release to CONFIRM that it
has since been fixed (you apparently thought back then, that it had been
fixed already)?
Best Regards
Andy Schmidt
Phone: +1 201 934-3414 x20 (Business)
Fax:+1 201 934-9206
---
[This E-mail was scanned for
[210f].). Action=WARN.
01/17/2003 11:59:20 Q36604c8300e4f10a Subject: EUMEL A-2 B1
01/17/2003 11:59:20 Q36604c8300e4f10a From: [EMAIL PROTECTED] To:
[EMAIL PROTECTED]
Best Regards
Andy Schmidt
Phone: +1 201 934-3414 x20 (Business)
Fax:+1 201 934-9206
---
[This E-mail was scanned f
Title: Message
Oh, this is all sementics.
:-)
-Original Message-From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Kami
RazvanSent: Thursday, January 16, 2003 10:31 AMTo:
[EMAIL PROTECTED]Subject: [Declude.JunkMail] How obscene
is Basement?
Scott...
Ho
X-Countries: %COUNTRYCHAIN%
XINHEADER Return-Path: <%MAILFROM%>
XOUTHEADER X-Note: Report any abuse to [EMAIL PROTECTED]
XSENDER OFF
XSPOOLNAME OFF
SWITCHRECIP ON
Best Regards
Andy Schmidt
Phone: +1 201 934-3414 x20 (Business)
Fax:+1 201 93
om:<[EMAIL PROTECTED]>
12:23 13:54 SMTPD(0A2C0068) [192.67.198.73] RCPT
To:<[EMAIL PROTECTED]>
12:23 13:54 SMTPD(0A2C0068) [192.67.198.73]
D:\IMAIL\spool\D5be60a2c00681c65.SMD 1913
Best Regards
Andy Schmidt
Phone: +1 201 934-3414 x20 (Business)
Fax:+1 201 934-9206
-Orig
) [192.67.198.73] MAIL From:<[EMAIL PROTECTED]>
01:06 07:48 SMTPD(4A1D00D4) [192.67.198.73] RCPT
To:<[EMAIL PROTECTED]>
01:06 07:48 SMTPD(4A1D00D4) [192.67.198.73]
D:\IMAIL\spool\D7b294a1d00d4e815.SMD 1913
Best Regards
Andy Schmidt
Phone: +1 201 934-3414 x20 (Business)
Fax:+1
the .DE namespace would still work.)
Best Regards
Andy Schmidt
Phone: +1 201 934-3414 x20 (Business)
Fax:+1 201 934-9206
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of R. Scott Perry
Sent: Friday, January 03, 2003 06:23 PM
To: [EMAIL PROTECTED]
and it DOES have
MX and A records.
Best Regards
Andy Schmidt
Phone: +1 201 934-3414 x20 (Business)
Fax:+1 201 934-9206
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E
Dan,
> server dns.denic.de.
> set type=a
> www.grepel.de.
Server: dns.denic.de
Address: 194.246.96.79
Name:www.grepel.de
Address: 192.67.198.4
Seems to me, as if it's resolving just fine?
Best Regards
Andy Schmidt
Phone: +1 201 934-3414 x20 (Business)
Fax:+
l.de.
Server: dns.denic.de
Address: 194.246.96.79
So again I ask - why can NSLOOKUP find the www3.grepel.de - but DNSSTUFF
can't?
Best Regards
Andy Schmidt
Phone: +1 201 934-3414 x20 (Business)
Fax:+1 201 934-9206
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAI
enic.de
responsible mail addr = ops.denic.de
serial = 2003010330
refresh = 10800 (3 hours)
retry = 7200 (2 hours)
expire = 360 (41 days 16 hours)
default TTL = 86400 (1 day)
Is your DNSREPORT/DNSSTUFF lookup broken?
Best Regards
Andy Schmi
Hi Scott:
The following header tripped "SPAMROUTING".
However,
http://www.dnsstuff.com/tools/whois.ch?ip=192.67.198.73 is located in
Karlsruhe, Germany
http://www.dnsstuff.com/tools/whois.ch?ip=217.72.192.180 is located in
Karlsruhe, Germany
http://www.dnsstuff.com/tools/whois.ch?ip=145.254.191.
Sorry - I'm running i9 not i6 - I was reading upside down.
Problem still exists, though.
Best Regards
Andy Schmidt
Phone: +1 201 934-3414 x20 (Business)
Fax:+1 201 934-9206
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of R. Scott Perry
Hm, I downloaded it around 10:40 AM today? Is there a newer once since?
Best Regards
Andy Schmidt
Phone: +1 201 934-3414 x20 (Business)
Fax:+1 201 934-9206
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of R. Scott Perry
Sent: Thursday, December
dc.zoneperfectexpress.com has no MX or A records.). Action=WARN.
12/26/2002 10:47:09 Q247a22bf01388f52 Subject: Read:
12/26/2002 10:47:09 Q247a22bf01388f52 From:
[EMAIL PROTECTED] To:
Best Regards
Andy Schmidt
Phone: +1 201 934-3414 x20 (Business)
Fax:+1 201 934-9206
-Original
Hi,
yes, got complaints yesterday as well (one of our mailing lists) - seems to
be back to normal, though.
Best Regards
Andy Schmidt
Phone: +1 201 934-3414 x20 (Business)
Fax:+1 201 934-9206
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of
Hi,
note the following header.
As you can see from the X-Declude headers, it "Failed BADHEADERS, IPNOTINMX"
with a weight of 5 for the bad headers.
It DOES list "China" on the Countrychain.
But, it did not pick up the COUNTRY line from the Weight Filter (last line):
HELO8 CO
Well - if it was a POSITIVE test, THEN it would be called "IS IN MX" not
"NOT IN MX".
Best Regards
Andy Schmidt
Phone: +1 201 934-3414 x20 (Business)
Fax:+1 201 934-9206
-Original Message-
From: [EMAIL PROTECTED]
[mailto:Declude.JunkMail-owner@;declude.com]On
8 ENDSWITH.tepmail.com
REVDNS 8 ENDSWITH.webmailer.de
SUBJECT 5 CONTAINSviagra
BODY3 CONTAINSAs seen on
BODY3 CONTAINSNigeria
BODY5 CONTAINSopt-in
Best Regards
not via a
"virus"?
Or are these servers which have their NetBios ports exposed to the Internet?
Then, this is really not a junk "mail" issue - since no email is involved in
the distribution.
Best Regards
Andy Schmidt
Phone: +1 201 934-3414 x20 (Business)
Fax:+1 201 934
rst place.
PS: I do like the solution of sending emails to the IP WHOIS contact. Right
now I'm trying to send to Postmaster@[sender's IP] obviously with little
success.
Best Regards
Andy Schmidt
Phone: +1 201 934-3414 x20 (Business)
Fax:+1 201 934-9206
-Original Message-
ion in the first place. And if
everyone did, then viruses would be stopped at the first hop.
Best Regards
Andy Schmidt
Phone: +1 201 934-3414 x20 (Business)
Fax:+1 201 934-9206
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Trent M.
Davenport
Sen
Hm,
>> The problem is that ARIN shows 16.30.58.11 as being an IP allocated to
the
United States. <<
http://www.dnsstuff.com/tools/netgeo.ch?ip=16.30.58.11 says that it doesn't
KNOW which country?
Best Regards
Andy Schmidt
Phone: +1 201 934-3414 x20 (Business)
Fax:
multiple hops - it does not seem to bounce back and forth
between continents?
Best Regards
Andy Schmidt
Phone: +1 201 934-3414 x20 (Business)
Fax:+1 201 934-9206
-Original Message-
Received: from SMTP32-FWD by Mail.Webhost.HM-Software.com
(SMTP32) id A0DF0; Tue, 10 Sep 2002 13:11
Scott:
Ouch - I thought Declude was protecting me form the "%" email address "open
relay vulnerability". However, NOW it appears, as if the WHITELIST feature
overrides the open-relay protect function. Anything you can do about that:
Delivered-To: [EMAIL PROTECTED]
Received: from hm-software.c
Okay, I knew that Imail added Message ID headers - I did NOT know that it
also added DATE headers. Is there a knowledge base entry listing the
headers that Imail injects?
Best Regards
Andy
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came
So are you inferring that either Imail or the client's Exchange Server
inserted that DATE header on the bottom?
Best Regards
Andy
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of R. Scott Perry
Sent: Wednesday, September 18, 2002 06:15 PM
To: [EMAIL PROTE
Scott-
why do I get http://www.declude.com/tools/header.php?code=c020020c for
this:
Received: from mta541.mail.yahoo.com [216.136.131.23] by hm-software.com
(SMTPD32-7.07) id A0461AEF00BE; Wed, 18 Sep 2002 17:29:42 -0400
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
X-Loop: [EMAIL PROTECTED]
.165.12.in-addr.arpa.
So - your "help" text could be much more specific.
Best Regards
Andy Schmidt
Phone: +1 201 934-3414 x20 (Business)
Fax:+1 201 934-9206
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Decl
Unfortunately, SPEWS is part of the OS* tests - I have found them rather
GOOD. But spews certainly is a BIG down factor for the OSIRUSOFT lists.
Best Regards
Andy
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail
Clearly - a denial of lipservice attack
Best Regards
Andy Schmidt
Phone: +1 201 934-3414 x20 (Business)
Fax:+1 201 934-9206
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Kami Razvan
Sent: Wednesday, August 28, 2002 03:52 PM
To: [EMAIL
hem about each email and
subject that had gotten deleted, apologizing and advising them that the
sender had already been contacted to resent - but, if it should be a
time-critical email, they may wish to use to follow-up via phone.
Best Regards
Andy Schmidt
Phone: +1 201 934-3414 x20 (Business
termediate beta?
Best Regards
Andy Schmidt
Phone: +1 201 934-3414 x20 (Business)
Fax:+1 201 934-9206
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL
a8c0@DEMA4>
From: "lydiae" <[EMAIL PROTECTED]>
To: "Andy Schmidt" <[EMAIL PROTECTED]>
References: <003a01c24878$a885c690$[EMAIL PROTECTED]>
Subject: Re: Email Troubles
Date: Wed, 21 Aug 2002 10:04:30 -0700
MIME-Version: 1.0
Content-Type: text/plain;
charset=&
Unfortunately, I do not. I only happened upon this message while scanning
through the log file for another issue.
Best Regards
Andy Schmidt
Phone: +1 201 934-3414 x20 (Business)
Fax:+1 201 934-9206
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf
>> Which version of Declude are you running <<
According to the mail header:
X-Declude: Version 1.57
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL P
Hi Scott:
This entry appeared exactly ONE time in my mail logs of today. Since I only
have 30 white-lists and it never reported the problem before or after, it
appears as if this is a bug in declude?
08/13/2002 08:43:41 Qfef5314f025cc6e0 SPAMROUTING:4 REVDNS:5 HEUR8:2 .
Total weight = 11
08/13/
on the mailfrom and the helo BEFORE
Imail gets control.
The other option would be to "hack" into the Virus Gateway interface that
they are using to call the Symantec AV DLLs.
Best Regards
Andy Schmidt
Phone: +1 201 934-3414 x20 (Business)
Fax:+1 201 934-9206
---
[This E
How about:
Here is the headers that I am inserting - in case that helps:
XINHEADER X-Declude: Version %VERSION%; %QUEUENAME% from %REVDNS%
[%REMOTEIP%]
XINHEADER X-Declude: Failed %TESTSFAILED% [%WEIGHT%]
XINHEADER Return-Path: <%MAILFROM%>
Best Regards
Andy Schmidt
Hi Scott:
>> REDIRECT [EMAIL PROTECTED] C:\IMail\Declude\lenient.cfg <<
hhh that would be a cool feature.
Instead of "whitelisting" Postmaster@ I could now decide to simply test
those differently.
But - since this is essentially "per user" configuration - will that feature
demand "Pro
0
XINHEADER X-Declude: Version %VERSION%; %QUEUENAME% from %REVDNS%
[%REMOTEIP%]
XINHEADER X-Declude: Failed %TESTSFAILED% [%WEIGHT%]
XINHEADER Return-Path: <%MAILFROM%>
Best Regards
Andy Schmidt
H&M Systems Software, Inc.
600 East Crescent Avenue
Suite 203
Upper
m that our English speaking customers have NO
problem with our very informative REVDNS warning - but we do host foreign
language domains - and it would be nice to provide THEM with a localized
text.
Best Regards
Andy Schmidt
H&M Systems Software, Inc.
600 East Crescent Avenue
Suite 203
Upper Sa
opt-in
HEADER 5 CONTAINS@legacydomain.name
Best Regards
Andy Schmidt
H&M Systems Software, Inc.
600 East Crescent Avenue
Suite 203
Upper Saddle River, NJ 07458-1846
Phone: +1 201 934-3414 x20 (Business)
Fax:+1 201 934-9206
http://www.hm-software.com/
---
[This E-mail
>> Now the question: Can we add a weigh to the address used in the To List?
<<
SP> I don't think that is currently possible. Why would you want to do
that,
though? <
Scott,
actually, I had wished for this myself for a while. We DO have a few
"legacy" domain names where 99% of the incoming me
Scott,
any chance that the "FROM hm-software.com" whitelist
picked up on the
Return-Path: <36-809-hm-software.com?[EMAIL PROTECTED]> ?
Obviously, the intent is to ONLY whitelist things that
END with "hm-software.com".
WHITELIST ANYWHERE [EMAIL PROTECTED]WHITELIST IP 63.107.174.WHITELIST
>> people have seen a sudden increase in spam when whitelisting "mail.com"
(which ends up whitelisting @hotmail.com, a popular return address for
spammers). <<
Well - that's only because Declude doesn't support regular expressions. I
face this problem constantly - the INCLUDES filters are a nice
Yes,
I am only able to reply now.
I spent all day to extract email addresses (from/to/subject) from the
Declude.log and then write a mail-merge to send customized notifications to
each sender and recipient - 5,800 in all.
Once I turned on the WeightRange - it deleted 99% of the incoming message
>> ..also for those who report a list of failed tests in the subject or body
of an email. <<
Uh - good point - the reporting makes sense!
I knew I liked the feature - just didn't know WHY yet
Best Regards
Andy Schmidt
Phone: +1 201 934-3414 x20 (Business)
Fax:+1 201 93
f 18 would trigger TWO of the
tests?
Why would 25 only trigger ONE standard test but a lower weight of 18 would
trigger TWO?
I can't make heads or tails of this.
Best Regards
Andy Schmidt
Phone: +1 201 934-3414 x20 (Business)
Fax:+1 201 934-9206
---
[This E-mail was scanned
and WEIGHT15.
Okay, so the traditional:
WEIGHT10
WEIGHT15
WEIGHT20
is then equivalent to:
WEIGHT10 weightrange x x 10 99
WEIGHT15 weightrange x x 15 99
WEIGHT20 weightrange x x 20 99
Best Regards
Andy Schmidt
Phone: +1 201 934-3414 x20 (Business)
Fax:+1 201 934-9206
---
[Thi
t to
WEIGHT 10
WEIGHT 15
WEIGHT 20
If the calculated weight is 25 - will both only execute the last of the
three?
What can I accomplish with WEIGHTRANGE - e.g., how does it trigger a
different result to WEIGHT.
Best Regards
Andy Schmidt
Phone: +1 201 934-3414 x20 (Business)
Fax:+1 201 934-9
Hi,
>> I'm guessing that there were 2 subject headers in there -- a "good" one
and
a "bad" one. Do you have the full headers for that E-mail by chance? <<
here is the header.
After looking at it I suspect that Declude is reporting the string of 9
SPACES behind the word "gate"
Received: from d
Hi Scott:
>> "Is cps-stampings.com a local domain?" <<
yes, ignoring upper case/lower case (!?) CPS Stampings has been a local
domain for years:
[HKEY_LOCAL_MACHINE\SOFTWARE\Ipswitch\IMail\Domains\CPS-Stampings.com]
"Address"="$virtual030"
"TopDir"="E:\\MAIL\\CPS"
"Flags"=dword:
"MaxSiz
eader" - what is so bad about the word "gate"?
Best Regards
Andy Schmidt
H&M Systems Software, Inc.
600 East Crescent Avenue
Suite 203
Upper Saddle River, NJ 07458-1846
Phone: +1 201 934-3414 x20 (Business)
Fax:+1 201 934-9206
http://www.hm-software.com/
---
[This E-mail wa
Hi Scott:
I have just learned, that our dial-up SMTP AUTH users can no longer send
email to us. Even though IMAIL recognizes them as "local" users, Imail
applies the OSDUL test as if they were NON AUTH users.
IMAIL LOG
07:09 11:14 SMTPD(0C590240) [63.107.174.14] connect 151.198.46.15 port 2830
You can see - spammers are adapting their message bodies to outsmarten the
HEUR and the FILTER tests.
(Of course, he eventually got lazy and used - and, the word "remove"
still appears in the URL and was not URLencoded.)
You are receiving this email as a subscriber
to the Opt-In America Ma
Darn - I'm very sorry for the false alarm.
Best Regards
Andy Schmidt
Phone: +1 201 934-3414 x20 (Business)
Fax:+1 201 934-9206
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of R. Scott Perry
Sent: Wednesday, July 03, 2002 03:06 PM
To: [
Hi Scott:
Please check the header below. You can see that Imail/Declude got
that mail from 206.46.170.226 - which is on my IPBYPASS
list:
IPBYPASS 63.107.174.32IPBYPASS 65.86.89.162# Verizon
Mail
ServersIPBYPASS 206.46.170.218IPBYPASS 206.46.170.246IPBYPASS 206.46.170.266
# Attempting a
701 - 800 of 968 matches
Mail list logo