ry helpful for us, but squelched by
SPAMCHK.
I would just warn everyone to be aware of the likelihood of false
positives, especially from well-behaved, even distinctly anti-spam,
sources.
-Sandy
--------
Sanford Whiteman, Chief Technologist
Broadleaf Systems,
of working against a firewalled server. Are you allowing
NetBIOS ports through your fw for some reason?
-Sandy
Sanford Whiteman, Chief Technologist
Broadleaf Systems, a division of
Cypress Integrated Systems, Inc.
e-mail: [EMAIL PROTECTED]
-
ansmitted if the
SendName is broken. Make sure all of your paths are correct as well,
and post your logs.
-Sandy
--------
Sanford Whiteman, Chief Technologist
Broadleaf Systems, a division of
Cypress Integrated Systems, Inc.
e-mail:
enting it).
-Sandy
----
Sanford Whiteman, Chief Technologist
Broadleaf Systems, a division of
Cypress Integrated Systems, Inc.
e-mail: [EMAIL PROTECTED]
---
[This E-mail was scanned for viruses by Declude Virus
il (stupid, but hard to unlearn--they think that RRs have no
false negatives).
-Sandy
--------
Sanford Whiteman, Chief Technologist
Broadleaf Systems, a division of
Cypress Integrated Systems, Inc.
e-mail: [EMAIL PROTECTED]
---
site was supporting itself
through soft-core popup ads (think auto mechanics' calendars). So I'm
likely to keep my mind open to the employer's need to have a
defensible case.
-Sandy
Sanford Whiteman, Chief Technologist
Broadleaf
ten non-suspect "plain brown wrapper" e-mail receipts for credit
card transactions. How could web monitoring over a month or more
*possibly* be insufficient evidence, anyway?
-Sandy
Sanford Whiteman, Chief Technologist
Broadleaf Systems, a d
r negatively,
since you provide anti-spam software--not employee monitoring/spyware,
which is in a sense its direct opposite.
-Sandy
Sanford Whiteman, Chief Technologist
Broadleaf Systems, a division of
Cypress Integrated Systems, Inc.
e-mail: [EMAIL PROTECTED]
r! :))
-Sandy
--------
Sanford Whiteman, Chief Technologist
Broadleaf Systems, a division of
Cypress Integrated Systems, Inc.
e-mail: [EMAIL PROTECTED]
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail
> Right again, but we want to use the native Windows API call, which
> we know is there, for a few different reasons. We will also want
> GetHostByAddr functionality incase we want to index spam-vertised IP
> numbers.
Gotcha. So...
>> Sounds like the COM objects for ASP, and either COM or
> The project is to set up a dns server to list spam-vertised domain
> names, plus all of the opt-in services domain names.
Right. And are you successfully updating the name server at this
point? This was some of the confusion: some people were giving
suggestions for DNS server API
> You are going to need a DLL to do this, ASP with VB does not provide
> any of these functions by default. I believe if you use Simple DNS +
> you will be able to interact with it via ASP and VB.
You can interact with MS DNS through DDNS (though there too, you'd
have to either shell with ASP
> It's for a project where we're running a name server with
> spam-vertised domain names, IP Numbers and phone numbers. We have an
> .exe to pick them out of emails, now we need to look them up on the
> name server.
The ultimate goal would be to get the IP address of a spam-vertised
> My question, is there a clean-up utility along the lines of
> immsgexp.exe that can be directed to only work on selected
> mailboxes?
Search archives first...just posted last week.
-Sandy
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--
> The question: Why PERCENT should be a sign for spam that recieve 50%
> of the hold action in your default config file? Have I missed
> something?
It would be very rare that a sender HAS to use source-routing such as
the % method, so the assumption is that anyone doing so is either
d
Descriptive Subject lines will get you much better answers, but
Scott's already gotten back to you.
> Is there a way that if the sender is a recognized user of our mail
> system to ignore all spam filters?
You mean "if the sender impersonates a recognized user" (like so many
spammers do
> It would be nice for some of our customers to allow users to add an
> entry to their address book that would allow all spam to come
> through...
We use *@example.com (everyone at one domain) and * (everyone at all
domains) in our custom app, which uses aliases.txt as a whitelist.
(
> While I never followed up or asked any ones opinion, not that it has
> come up again, read through the attached text file and see what you
> think.
I think, "Ugh."
M$ at it again, and their faithful admins recite their inconsistent
rhetoric as if it's perfectly normal. As you point out, th
> ...is it a legitimate mail that has a legitimate reason for using
> base64 encoding (which we would care about, as it could indicate
> that there are false positives that can't be prevented)?...
Such e-mails are created by OWA in some situations (I haven't figured
out when). I'd call
e at http://209.227.3.6 (user demo,
password blue) for an example of how we do the same thing with more granular control
(we don't believe in fully whitelisting by address alone, as you will see).
-Sandy
--
----
Sanford Whiteman, Chief Technologist
Br
> So what I am trying to do is to "clean" out the junkmail folders for
> all the users to only keep the past 7 days in there (maybe less) So
> I need to remove messages by date out of the junkmail.mbx files...
Two batch files, ITERATE.BAT and EXPIRE.BAT:
ITERATE.BAT
---
c:
CD c:\imail
> The software apparently quarantines them as "undetermined" due to
> malformed headers.
What headers are malformed? Could you post a sample header of a
quarantined message? Have you controlled for MUA errors?
As I'm sure you know, Scott does not create bad MIME, and adding
addit
l" utility, wasting everybody's bandwidth and delaying
> issue resolution. And if you should have occasion to review this
> policy in the future, I do hope you consider that your own systems
> violate it. :)
>
> Sincerely yours,
>
> Sandy
-Sa
> It's also important to realize the purpose of the HELOBOGUS test. It
> isn't designed primarily to catch spammers. It's designed to help
> detect poorly administered mailservers -- ones that are likely to be
> abused by spammers.
True, but if you're using HELOBOGUS for anything oth
> Why they don't answer with an 5xx code? There was one single "531 -
> Mailbox has exceeded disk quota" today...
Because they're stupid. They don't want to wait, so they just keep it
comin' 1/2 hour later.
>> If the server terminates the session and blacklists you temporarily
>> or permanently
ind of a toss-up, but I'd like
to discuss it.
Please post your thoughts.
-Sandy
--------
Sanford Whiteman, Chief Technologist
Broadleaf Systems, a division of
Cypress Integrated Systems, Inc.
e-mail: [EMAIL PROTECTED]
---
[
>>I can't retrieve the extended info for code a400010b. Does anyone
>>have it on hand?
> That one is caused by a missing To: header.
Thanks--I would've caught it if I'd had the original e-mail, but I
just had the alert. Is it indeed not at /tools/badheaders?
-Sandy
---
[This E-mail was s
> So there are a lot of msgs where the remote mailserver after some
> mb's of transfered data terminates the trasmission.
Any mail server that terminates the session instead of sending a 5xx
is broken, as it's just inviting more waste on both sides. If the
server terminates
Horrifying doublespeak: they agree that spamtraps are foolproof
evidence of harvesting, and yet they may somehow be found in an
otherwise verifiable opt-in list? I'm sure their verification process
is really in-depth.
Anyone thought about how much they could have made by getting $5
Scott/All,
I can't retrieve the extended info for code a400010b. Does anyone have
it on hand?
-Sandy
Sanford Whiteman, Chief Technologist
Broadleaf Systems, a division of
Cypress Integrated Systems, Inc.
e-mail: [EMAIL PROT
> There is one thing that I just really can not figure out how to do.
> How do you get the plan.ima file to copy into the declude config
> directory?
I don't. I use REDIRECT.
-Sandy
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came fro
g up the pages, but I
thought you might like to take a look: http://209.227.3.6, user demo,
pw blue (yes, I'm steering you to a production server).
Check out the SPAManager Whitelist and SPAManager settings screens and
let me know your thoughts.
-Sandy
-----
> I believe what happens in this case is that if IMail detects an
> invalid Internet domain (such as "rand1" instead of "rand1.com" or
> "mail.rand1.com"), it allows the domain to exist, but never actually
> sets it up.
IMail does not have any problems with unqualified host names that I
Eje
> My understanding is that Outlook Express can't filter based on
> headers...
Joe's talking about the HEADER action, which isn't inserting an RFC822
header, but a header before the original body (closer to word
processing terminology).
John's answer is spot-on: if the body is Base
> Elegant solution Sandy.
> Very nice work.
Thanks!Theclient just got interested in some major
improvements--well, honestly, one department of insufferables demanded
that they be able to turn off our "insulting" alerts to their moronic
contacts--so I should be coding a blue s
> Does MAILFROM filter detect invalid FROM addresses?
Yes, that's why you got the X- header.
IMail really should be changed to catch that, thought I must admit
that I use those addresses sometimes when testing--faster to type. :)
-Sandy
---
[This E-mail was scanned for viruses by Declude Vi
>> Nobody seems to have acknowledged my message about REDIRECTing to
>> PLAN.IMA for per-user actions, but I am using the method with great
>> success to provide user self-management from *within* IMail Web
>> Messaging. If I, no JavaScript guru, can do it, surely others could
>> go this or
>> I have Declude scanning all mail using an undocumented technique. I
>> will post it, if you promise not to ask Scott directly (seriously).
> Please pretty please.
The reason Declude cannot scan mail sent from IWEBMSG is that IWEBMSG
uses IMAIL1 to encode messages, and IMAIL1 is hard-coded t
> Many people, including me, have asked IpSwitch to do something like
> this. Also because declude does NOT get called when e-mail in
> entered using the web interface.
I have Declude scanning all mail using an undocumented technique. I
will post it, if you promise not to ask Scott d
> E-mail is sent to entered e-mail address for conformation
Well, I guess we know what you're doing with the bounces. :)
-Sandy
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just
Chuck,
> Ok, I just have to say it. As Declude evolves, I think their
> dependance on Imail needs to lessen (another good reason for Declude
> provided HTTP service).
See my earlier post for some thoughts on this.
-Sandy
---
[This E-mail was scanned for viruses by Declude Virus (http://
Mark,
> However, a web GUI will be very hard to do without the 'masters'
> kept in a database. Without a database you'll run into file locking
> problems and it will be harder to deal with single records.
> ODBC for text files? :)
I fear you've been in the MS world too long. When ODBC is us
Decjunkmail,
I have a few comments on your post.
> The lack of a web-based GUI is probably the one main feature that
> keeps some of your competitors in business.
I disagree strongly. I can't say what Scott's competitive research has
shown, but the fact that Declude is a third-party
> Admittedly, we're a small ISP and may not be representative of the
> entire group, but I'm not convinced we would even use such a
> product.
Okay, makes sense. Many admins would quite sensibly not want to
surrender control, and server resources, to a chaotic--not to say
ign
> Is this something that is important enough that it would be
> worthwhile?
I don't think it's worth the effort technically, though it may well be
so in a financial sense.
Nobody seems to have acknowledged my message about REDIRECTing to
PLAN.IMA for per-user actions, but I am us
> I wish we could automatically have the address that has sent that
> email added to a temporary blacklist.
You can. I described in a HOWTO a couple of weeks ago our use of
Program Aliases for dynamic whitelisting, and the same technique could
be used for blacklisting.
-Sandy
---
[This
John,
> How effective is Declude in doing say a 50 line filter test as
> compared to a program that is doing a filter test of the same
> configuration?
A little vague, no?
"How good is IMail at SMTP deliveries, compared to my proprietary
MTA?"
-Sandy
---
[This E-mail was scan
> Right but that doesn't work for gateway systems. :)
It does. Tom's illustrating the use of "dummy" virtuals to get
outgoing mail bound to a specific EHLO/HELO hostname. The virtuals do
not accept mail to the gatewayed domain, just forward it on as they
would any non-local domain that
> We have our smtp server running Declude...The smtp server is then
> forwarding the emails to our pop server
This is a perfectly fine configuration, and does not constitute a
multistage relay UNLESS you have your POP3 server set to relay for/to
the IP of your SMTP server; if you have it
> ...a spammer sends anemailto
> [EMAIL PROTECTED]@myvaliddomain.com. The imail server is
> accepting the email since @myvaliddomain.com is a local domain and
> then sending the message to [EMAIL PROTECTED]
Only if your IMail relay permissions a
> However he does travel quite a lot for our company and meet with
> clients, so his profile is much more public than mine.
If applicable, you should tell him to be particularly careful at
Internet cafes abroad. I have heard tell of numerous cases in which a
business trip, and a lo
> Since I have been using the ROUTETO command, can I somehow forward
> the message to the intended recipient...
Yes, The Bat! does this readily.
> ...without the user realizing I monitored it?
Not in a commercial MUA that I'm aware of, since they add headers that
traced the message route.
The
> Is there a way to change the location of HOLD messages from the
> default?
You can use an NTFS mount point to put it on another physical
partition, though it's still just one folder.
-Sandy
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
T
> So, IPNOTINMX compares the MX IP against the SENDER (workstation)
> IP? Not the SENDING MAIL SERVER'S IP?
It compares to the connecting IP, which in your case was your directly
connected workstation. For remote connections, it would indeed be the
mail server.
-Sandy
---
[This E-mail was sc
Guys,
Nobody uses Finger anymore, right? Well, check this out: with a few
cosmetic tweaks to chgplan.html, pchgplan.html, and dropdown.cgi, you
can give your users a fully IMail-served per-user blacklist, with the
data stored in the unused PLAN.IMA and users none the wiser. Combine
this wit
> With all respect if we were trying to hack Imail then why ask such
> question in this user group?
Stranger things have happened. :) I knew that wasn't what you *meant*
in terms of your end results, but in practical terms your proposed
implementation would have required it.
-Sandy
---
[T
> What I am trying to figure out is what holds/creates the string :
> Xade9939bcc9fcf9aee8571e9
In other words, "How do I crack IWEBMSG session security?"
What are you trying to do with this information?
-Sandy
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com
> To clarify a point though: do you implement a BOUNCE to the domain's
> postmaster of the offending server?
We haven't found this useful, since so much spam goes to the "known
good" postmaster@ and abuse@ is not as common as it should be. At any
rate, we don't BOUNCE the messages that ar
ave their interests piqued.
-Sandy
--------
Sanford Whiteman, Chief Technologist
Broadleaf Systems, a division of
Cypress Integrated Systems, Inc.
e-mail: [EMAIL PROTECTED]
---
[This E-mail was scanned for viruses by Declude Virus
> I believe this to be the first of many emails trying desperately to
> tweak every last feature of IMail and Declude to get the performance
> that I need. Please let me know anything you might need from me.
Performance Monitor will help you figure out whether only the CPU is
being pegged,
> Seems to me that this would add a LOT of false positives, especially
> from larger ISPs where the outgoing relay servers aren't necessarily
> the same as the incoming (the only ones listed in MX records) smtp
> servers.
> Am I all wet on this?
I agree with you completely. In fact, even with t
> How do you setup a domain to spool only then forward to another
> Exchange server?
Search IMail KB for "store and forward."
-Sandy
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscr
> I realize that this mailing list is devoted to JunkMail discussions;
> however, I was referred here
...from where?
> Any help or a link to another group that would be able to help me would be
> greatly appreciated.
Try signing up for the IMail Forum at:
http://www.ipswitch.com/support/mai
> Oh great. I don't have a "support" contract and really dont feel
> like shelling out the $$ for 7.1x.
I hear ya.
> Any workaround?
You could write a custom program alias to do the filtering. But this
probably won't be worth the effort for just your mailbox alone.
Note that this isn't a
> When iMail recieves mail, it will route into the mailbox BEFORE the
> filters are run.
I see you're on 7.07. I believe this was...well, let's say "altered to
your liking" instead of "fixed"...in 7.1.
-Sandy
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
> Does anybody see a reason against filtering on these characters in
> the senders email address?
Yes:
a) The '+' sign is in common use by well-behaved list managers, and is
in fact suggested by list exploder RFCs. It is reasonable, in fact
preferable, to expect legitimate bulk mail t
> That's what I suspected. Has anyone seen HTML Base64 segments that
> *weren't* spam? Are there any email clients that actually put out
> such a thing?
Yes. My research suggests that sites using Outlook in (native)
Corporate Mode and Exchange 5.5 and 2000 are frequent false-positi
> Seems Yahoo (at least groups) fails the abuse test when they do have
> an abuse account.
yahoogroups.com should not fail, but yahoo.com proper (pardon the
expression) should fail NOABUSE (they attempt to route people to
[EMAIL PROTECTED], which is all well and good, but non-RFC). If
> Is there a knowledge base entry listing the headers that Imail
> injects?
No.
But these are they, AFAIK:
Received:
Message-Id:
From:
Date:
X-RCPT-TO:
Status:
X-UIDL:
Note that messages must have basic RFC822-style header and body
sections in order for these headers to be in
> Not exactly, I actually verify each and every site before I consider
> listing them in my kill file or ISP file.
Great--the point is that SpamReview's bugs, if they're grabbing faked
intermediate second-level domains (mindspring.net in your example) and
suggesting that they be killed whe
> In some cases, not necessarily this one, SpamReview will use
> mindspring or the reply address where as Declude will say it's from
> a different address.
Sounds like a pretty useless app, if so.
> You see the dilemma, I would go after all of them, something's gota
> eventually byt
601 - 671 of 671 matches
Mail list logo