I have seen talk on the Imail Forum about people attempting to script
something to combat Dictionary Attacks by blocking IPs that send over too
many RCPT TO commands that result in ERR invalid user.
Scott, is this something Declude will eventually handle for us? Or is
there anything out
I've found out that our netblock (/24 bit net carved out of a Class B
net) has been listed on Spews!. Not because of our doing but because
it's part of a upper block of Worldcom.
The 'evidence' pages show this coming from a completely different
network.
Does anyone have any experience with this
Should this not have triggered HELOBOGUS as it normally does?
Craig.
Received: from name2.sunbeach.net [205.214.199.131] by sunbeach.net with
ESMTP
(SMTPD32-6.06) id A2C44EDE0148; Sat, 14 Sep 2002 23:47:16 -0400
Received: from host242-39.pool80205.interbusiness.it
I've found out that our netblock (/24 bit net carved out of a Class B
net) has been listed on Spews!. Not because of our doing but because
it's part of a upper block of Worldcom.
The 'evidence' pages show this coming from a completely different
network.
That's what SPEWS does. I haven't seen
Should this not have triggered HELOBOGUS as it normally does?
Received: from name2.sunbeach.net [205.214.199.131] by sunbeach.net with ESMTP
(SMTPD32-6.06) id A2C44EDE0148; Sat, 14 Sep 2002 23:47:16 -0400
name2.sunbeach.net does have an A record, so it should not trigger the
HELOBOGUS test.
I spoke in haste, that all makes sense. I am having a tough time with
spammers using the mailfrom or return address of the recipient and a wetware
problem on the customer end. Is there any way I can stop this? I know, it
seems like a catch 22.
Craig.
-Original Message-
From: [EMAIL
Sorry, just getting around to reading my 700 or so unread messages. Anyone
notice Hotmail put in a few new options a while ago and enabled them for
everyone? Click on the options link and choose Personal Profile and scoll to
the bottom. You will notice that the two options to 1) Share my email
Gosh I'd like to know how he made that account and got it spammed so
quickly. That knowledge would be quite a tool.
_M
| -Original Message-
| From: [EMAIL PROTECTED]
| [mailto:[EMAIL PROTECTED]] On Behalf Of Tom
| Sent: Monday, September 16, 2002 5:21 PM
| To: [EMAIL PROTECTED]
|
Gosh I'd like to know how he made that account and got it spammed so
quickly. That knowledge would be quite a tool.
By this:
| A few days ago I created a new e-mail account, and within 24
| hours I had received over 25 unsolicited commercial e-mail
| messages, otherwise known as spam.
He
Bill,
Monday, September 16, 2002 you wrote:
BB I have seen talk on the Imail Forum about people attempting to
BB script something to combat Dictionary Attacks by blocking IPs that
BB send over too many RCPT TO commands that result in ERR invalid
BB user.
I wrote such a program that is
I spoke in haste, that all makes sense. I am having a tough time with
spammers using the mailfrom or return address of the recipient and a wetware
problem on the customer end. Is there any way I can stop this? I know, it
seems like a catch 22.
Unfortunately, there isn't any easy way to stop the
I agree SPEWS is very aggressive when it comes to blocking. SPEWS likes
to block adjacent netblocks in order to get legitimate customers to
pressure the ISP.
To get removed from the SPEWS list it takes practically an act of God to
get something removed. They say for you to post to the NANAE
I spoke in haste, that all makes sense. I am having a tough time with
spammers using the mailfrom or return address of the recipient and a
wetware
problem on the customer end. Is there any way I can stop this? I know, it
seems like a catch 22.
Unfortunately, there isn't any easy way to
Morning everyone,
Because all is going so well, I decided I'd screw with things a bit more
:)
I have just downloaded Tom's Image FX kill list and I'm looking through
it.
What I don't understand is, what is the difference between these 2
entries:
@example.com and .example.com
(obviously the
Thanks Terry Scott,
I think I'll give BlackICE a try. I will let you all know what I think about it.
Anything that does application-level SMTP firewalling should work. I wish there was
simpler a product that I could just run to listen to port 25, filter out the bad
stuff, and pipe the good
Unfortunately, SPEWS is part of the OS* tests - I have found them rather
GOOD. But spews certainly is a BIG down factor for the OSIRUSOFT lists.
Best Regards
Andy
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail
Unfortunately, there isn't any easy way to stop the E-mail that has the
same return address as the recipient's address ...
I would believe that there has to be a way to look at the return address
and the recipient's address.
Yes, that part is easy. :)
If they match then compare the
What I don't understand is, what is the difference between these 2
entries:
@example.com and .example.com
(obviously the difference is the @ and the ., but what exactly does
this mean?)
The blacklisting works on a partial match. So if you have @example.com,
it would catch [EMAIL PROTECTED]
It might be a good test to put into the weights.
Another one would be a test that looks that the sender's (from their
address) and fails if the first MX doesn't match up.
_M
| -Original Message-
| From: [EMAIL PROTECTED]
| [mailto:[EMAIL PROTECTED]] On Behalf Of R.
| Scott Perry
|
The preceeding @ ensures that the match is an email with the example
domain. The preceeding . ensures that the match is the domain used in a
host link like www.example.com and so forth. Without these preceeding
characters the following might also match incorrectly...
legitimatexample.com
Using
I always figured since my hotmail profile says I'm male and over 21 that's
why it gets about 160 spam mails (that don't fail their spam filters) per
week. Don't they do the same thing Juno mail does and pay for the service
by selling the address to 'Advertising Partners'? My 17 year old sister
Is there a way to set declude up to filter all forein domains to be looked
at before delivery.
Also, last week I set up an Imail rule to filter c*u*m in the subject but it
seems it stopped everything...is a * bad new in Imail rules..
At your service,
Richard Farris
[EMAIL PROTECTED]
I guess that makes sense.
We've got a few accounts like that out there - we set them up, forward
them into our system for evaluation, and never use them for anything
else... but there's a definite 'color' to the content - meaning the spam
we get there is skewed to a specifi strange attractor -
Is there a way to set declude up to filter all forein domains to be looked
at before delivery.
I'm not quite sure what you mean by this?
Are you referring to foreign domains as in ccTLDs
([EMAIL PROTECTED])? Where the IP address is from another country?
-Scott
I always thought it would make a lot of sense to have an Internal
SpamCop address.
An address that we can use in Declude so any e-mail that is sent to that
address is automatically added to a blacklist address for background
deletion.
If such addresses is then easily advertised on a couple of
An address that we can use in Declude so any e-mail that is sent to that
address is automatically added to a blacklist address for background
deletion.
This is something that we have been considering.
A couple of thoughts, though:
[1] What do you blacklist? I think that only the IP address
The problem with this is that once you subscribe it to anything you've
muddied the waters a bit about whether content to that address is spam
or not. If your specific use is such that you don't discriminate then
you've got a reasonable solution... but for truly pure spam, you need to
find ways
Greetings,
I am sending a message that failed the BADHEADERS and SPAMHEADERS tests.
The error code says that I have a bogus date. This message is the result of
sending a form (from inside our network) to a http server that processes the
form and sends a thank you. Could someone, please,
I am sending a message that failed the BADHEADERS and SPAMHEADERS tests.
The error code says that I have a bogus date.
That is correct -- it's easier to see the problem when you see only the
headers that were sent to IMail:
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject:
Craig,
I have two paid hotmail accounts. The one for my 5-year old daughter (it's
really a test account for spam-filtering) did not get checked. My other
account for Elmer Fudd strangely had a birthyear of 1900 and they were
checked.
I thought that when I set these up I said no sharing. Does
I'm tweaking my mail setup, and am noticing that some mails are passing
thru that fail up to four lightly-weighted tests. The tests were
lightly weighted for good reason, but if I wind up getting mail that
fails a LOT of tests, even the lightweights, I'd like to fail the msg.
Cheers,
--Matt
This game subverted the entire office. ;-)
_M
| -Original Message-
| From: [EMAIL PROTECTED]
| [mailto:[EMAIL PROTECTED]] On Behalf Of
| Alexis D. Gutzman
| Sent: Tuesday, September 17, 2002 11:48 AM
| To: [EMAIL PROTECTED]
| Subject: Re: [Declude.JunkMail] Fighting the Menace of
Some thoughts ... What I have seen happening to us..
[1] What do you blacklist? I think that only the IP address of the
sender could be safely blacklisted.
--- If I do IP then it has to be a temp file so lets say for 24 hours
that IP can not send email. Because we sure don't want to blacklist
roflmao..
Lovely I love it!!
Tuesday, September 17, 2002, 10:47:34 AM, you wrote:
ADG Craig,
ADG I have two paid hotmail accounts. The one for my 5-year old daughter (it's
ADG really a test account for spam-filtering) did not get checked. My other
ADG account for Elmer Fudd strangely had a
Dear Kami,
Tuesday, September 17, 2002, 11:36:09 AM, you wrote:
KR Some thoughts ... What I have seen happening to us..
KR [1] What do you blacklist? I think that only the IP address of the
KR sender could be safely blacklisted.
KR --- If I do IP then it has to be a temp file so lets say
SPEWS did the same thing to us. Blocked our entire C and incorrectly listed
it as a UUNet dial-up. Forget about getting de-listed with them, won't
happen. Their draconian tactics give anti-spammers a bad name.
---
[This E-mail was scanned for viruses by Declude Virus
Are DNS MX records queryable? Could I query one and get a list of valid
email addresses on that server? Is there a version that might be? A bug? An
pre-patched version? A as-installed implementation that would have this as
a possible result? Have you ever seen this work?
No, I don't want to do
I mean ANYTHING with a .au or .ru or .de extensionwhat I have seen most
of it is spam..
At your service,
Richard Farris
[EMAIL PROTECTED]
1.800.548.3877
- Original Message -
From: R. Scott Perry [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, September 17, 2002 10:22 AM
Are DNS MX records queryable?
Yes.
Could I query one and get a list of valid email addresses on that server?
No. A DNS MX query will list the mailservers for a domain, not the users
on it.
Is there a version that might be? A bug? An
pre-patched version? A as-installed implementation that
I mean ANYTHING with a .au or .ru or .de extensionwhat I have seen most
of it is spam..
We might consider adding that as a new test. Of course, there are likely
millions of people with ccTLD return addresses, so it would have to be used
very carefully if it was added.
I block the following IP blocks for a customer of mine who only requires
email from within the US. This list isnt exact but quite effective none the
less.
Have a great day!
Rick Davidson
Buckeye Internet Services
www.buckeyeweb.com
440-953-1900
-
61.0.0.0/8
62.0.0.0/8
80.0.0.0/8
81.0.0.0/8
Tell me about it.
They're suggestion:
Well switch to a new ISP
Ha! Right... And change a whole firewall, network, mail, routing, vpn,
etc. configuration just because those jerks can't exclude a subnet.
The problem isn't with the ISP. We haven't had a single outage in two
years so I'm not going
Well switch to a new ISP
Ha! Right... And change a whole firewall, network, mail, routing, vpn,
etc. configuration just because those jerks can't exclude a subnet.
Not only that, but how are you going to know what IP addresses the new
ISP will assign you until after you sign the contract, and
If you are a victim of a spews adjacency - depending on the ISP they may
work with you to give you a clean netblock not in SPEWS.
Darrell
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of John Tolmachoff
Sent: Tuesday, September 17, 2002 2:54 PM
To:
Howdy Scott,
Was wondering if you would consider creating a separate whitelist file for
management purposes. Currently I have one customer with 4 Imail servers
peered as a single domain across the country (US :-) I maintain master black
lists and word filters on my workstation and use a batch
Was wondering if you would consider creating a separate whitelist file for
management purposes.
This is actually something that we are working on and plan to add. :)
-Scott
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
We would carry you around on our shoulders and cheer if you were here :-)
Have a great day!
Rick Davidson
Buckeye Internet Services
www.buckeyeweb.com
440-953-1900
-
- Original Message -
From: R. Scott Perry [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, September 17, 2002 5:28
Rick,
I too am planning to advance Declude administration to my users via a
web application. Although I saw no reason why I couldn't programmaticaly
change the global.cfg and other files. Could I ask your reasoning?
Also, to what level of modification do you anticipate. The numerous
options
Perhaps this list might be a way to set up test account exchanges??
David
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Charles Frolick
Sent: Tuesday, September 17, 2002 10:01 AM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.JunkMail] Fighting the
I have compiled the following list of ISP's/Mail/and Uncertain Services
that have been common with spam, however, we use a weighing system with
them instead of using delete or bounce. Feel free to use this list at
your own risk.
Regards,
Tom
Image`fx
-
@Aol.com
I have compiled yet another list of items commonly found in
spam and mass marketing addresses. You can use this list
of words at your own risk. I suggest you use it with a
weight value and not something drastic like delete. Some
of these words may also be commonly used for list services
so
The preceding @ ensures that the match is an email with the example
domain. The preceding . ensures that the match is the domain used in a
host link like www.example.com and so forth. Without these preceding
characters the following might also match incorrectly...
legitimatexample.com
Just wanted everyone to know something about Spam and SpamReview.
As you may already know, I get spam and I use SpamReview to help
gather addresses before I verify them and add them to the kill file.
I think it's a valuable application, however, I still have to add
allot of addresses manually.
The problems here are that you have to enter your IP ranges (so the test
wouldn't work automatically), and that some people will send mail from the
Internet (especially in the case of sending test messages).
If the IP block is setup up in the Global.cfg like
Netblock
I have two questions regarding filter processing.
1. If there are multiple filters listed in the global.cfg are they
processed in the order they're listed?
Yes.
2. If there is a match on an item in a filter list does processing
continue against that list?
Yes, so if the weight of each
Scott,
For the wish list please - An additional filter type (or flag) that
would exit after the first match.
I've been pretty successful with filtering MAILFROM and, to speed up
processing it would be beneficial if the filter processing could end
after a match. The same would apply to an IP
In some cases, not necessarily this one, SpamReview will use
mindspring or the reply address where as Declude will say it's from
a different address.
Sounds like a pretty useless app, if so.
You see the dilemma, I would go after all of them, something's gota
eventually byte.
57 matches
Mail list logo