Ca we assign some points if a message has as sender-domain a country-tld
but the message was send from a completely different country?
For example below a message with an japanese sender domains but send
from Mexico.
Received: from
Ca we assign some points if a message has as sender-domain a country-tld
but the message was send from a completely different country?
Not yet, but that's something that we do want to add.
-Scott
---
Declude JunkMail: The advanced anti-spam
Can you list an entire subnet in the ip whitelist? Messages generated by
our servers are being marked as spam as well as postmaster messages saying
that a mail could not be delivered.
Yes:
You can also use a CIDR range, such as WHITELIST IP 127.0.0.0/8 or
WHITELIST IP 192.0.2.0/24 (see the
Title: RE: [Declude.JunkMail] Whitelists
Can you list an entire subnet in the ip whitelist? Messages generated by our servers are being marked as spam as well as postmaster messages saying that a mail could not be delivered.
-Original Message-
From: R. Scott Perry [mailto:[EMAIL
Hello all,
I have 3 mx records for my domain. The first 2 are pointing to the external
mail gateways (primary and backup) both running Imail with declude
junkmail/virus. The 3rd mx record points directly to my internal exchange
server (running scanmail), which bypasses all junkmail and virus
I have 3 mx records for my domain. The first 2 are pointing to the external
mail gateways (primary and backup) both running Imail with declude
junkmail/virus. The 3rd mx record points directly to my internal exchange
server (running scanmail), which bypasses all junkmail and virus scanning by
Title: Message
Hi..
I have been
looking at this trend and perhaps having another tool in our arsenal could
help.
Can there be a
header or a variable we can assign weight to for DNS?
A lot of spam
houses have a DNS server and several that I checked were showing the same name
server for
I have this in my default file:
WEIGHT10HOLD
WEIGHT10A ROUTETO [EMAIL PROTECTED]
WEIGHT20HOLD
And this in my GLOBAL file:
WEIGHT10weight x x 10 0
WEIGHT10A weightx x 100
WEIGHT20weight x x
What is happening here is that the spammer is using their own software
(spamware) to send the spam. Knowing that many people don't scan E-mail
that comes through their backup mailserver(s), their spamware chooses to
try the backup mailservers first.
If your Exchange server isn't running any
I have this in my default file:
WEIGHT10HOLD
WEIGHT10A ROUTETO [EMAIL PROTECTED]
WEIGHT20HOLD
And this in my GLOBAL file:
WEIGHT10weight x x 10 0
WEIGHT10A weightx x 100
WEIGHT20weight x x
I have been looking at this trend and perhaps having another tool in our
arsenal could help.
Can there be a header or a variable we can assign weight to for DNS?
A lot of spam houses have a DNS server and several that I checked were
showing the same name server for their domains.
Just like a
OK. So, what's the proper syntax to HOLD and ROUTE the
email to me? ie: is this valid?
WEIGHT10HOLD,ROUTETO [EMAIL PROTECTED]
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of R. Scott Perry
Sent: Friday, July 18, 2003 2:07 PM
To: [EMAIL PROTECTED]
OK. So, what's the proper syntax to HOLD and ROUTE the
email to me? ie: is this valid?
WEIGHT10HOLD,ROUTETO [EMAIL PROTECTED]
You have everything set up properly. The problem is:
The catch here is that you have told Declude JunkMail that if an E-mail
fails the WEIGHT10 test, it should
Hi, Jose,
OK. So, what's the proper syntax to HOLD and ROUTE the
email to me? ie: is this valid?
WEIGHT10HOLD,ROUTETO [EMAIL PROTECTED]
If you just use the ROUTETO action the message will be sent to you. In
addition it will not be delivered to the recipient which is the equivalent
of
Do you have any suggestions for me to accomplish this?
I'm sure other users have done something similar before.
Thanks again, Jose
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of R. Scott Perry
Sent: Friday, July 18, 2003 2:19 PM
To: [EMAIL PROTECTED]
Got it, thanks for your input. I guess I will use ROUTETO
for a few days and switch back to HOLD at some point.
Jose
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Dan Geiser
Sent: Friday, July 18, 2003 2:26 PM
To: [EMAIL PROTECTED]
Subject: Re:
I have noticed that many spam headers contain a Received From: line with
conflicted ip addresses. I had thought this line was supposed to show
RECEIVED FROM: some_domain.cx [ip of domain]
However I have many that look like this:
Received: from 64.119.218.151.nnt6us.com [64.119.218.151] by mail
I would also like the script, thanks.
Regards,
Dan Horne
--
Quote of the day:
Instead of talking to your plants, if you yelled at them would
they still grow, only to be troubled and insecure?
-
Dan Horne, CCNA
Systems Administrator
TAIS Web
Wilcox World Travel Tours
Is there any way to prevent logging scan results for all incoming mail?
Ideally, I would prefer to log only for those domains and/or users which I
designate by giving them their own $default$.junkmail file.
No, the log settings will apply to all users.
I have tried to delete the top level
Hello, All,
Does anyone know if you can use GLOBAL.CFG-style comment lines (# Your
comment goes here) in the flat text files used for the FILTER, FROMFILE,
IPFILE and SPAMDOMAINS test types?
Thanks, Much!
Dan Geiser [EMAIL PROTECTED]
We see the following hammering on one of our DNS servers (log copy below).
204.188.100.4 is an IP assigned to the NIC on the mail server (although it
is not assigned to any mail domain or web site) and 206.168.216.6 is one of
the DNS servers. We are seeing this behavior sporadically and it is
I run a gateway configuration with clients changing their entire MX record to my
servers, which in turn point back to the client's server. In this way, clients don't
need to change anything else on their end and everyone is happy. The original email
server stays wide open and no one is the
Can't wait for this one!
On Friday, July 18, 2003 11:10, R. Scott Perry [EMAIL PROTECTED] wrote:
I have been looking at this trend and perhaps having another tool in our
arsenal could help.
Can there be a header or a variable we can assign weight to for DNS?
A lot of spam houses have a DNS
Does anyone know if you can use GLOBAL.CFG-style comment lines (# Your
comment goes here) in the flat text files used for the FILTER, FROMFILE,
IPFILE and SPAMDOMAINS test types?
Yes, you can -- at the beginning of the lines. In many of the files, they
can't be used in the middle of the line
Hi Pat:
The fix is for the client to firewall block IPs that aren't mine but this
doesn't feel right.
Why not? If INDEED their IP address is not listed on any domain's MX record,
then this server should indeed only accept contacts from your IP range. Any
other contact is either a SPAM,
It is seems like a intersting test , but it will do more harm to ISP ,
I am just thinking my case , having more than thousands domains.
If 1 of those domains start doing a spam , thousands of others will have
problems.
The isp mail servers also .
Adding a small weight can do the job :)
Rifat
My server is receiving a mail from an ip address listed in spamcop.
This mail does not fail any other test .
Before the ip address get listed in many RBL , some spam go in.
It is not a big amount.
I just thought that if some sort of counter can be integrated in declude
this can be prevented .
We see the following hammering on one of our DNS servers (log copy below).
204.188.100.4 is an IP assigned to the NIC on the mail server (although it
is not assigned to any mail domain or web site) and 206.168.216.6 is one of
the DNS servers. We are seeing this behavior sporadically and it is
Think of the companies that offer spammers a haven. If you could block
everything hosted by that ISP it would be wicked nice. There's no end to the
mail servers these bastards can setup, but registered DNS servers is a whole
other story. I don't take mail if there's no PTR, and the HELO has no A
Be careful blocking solely on RDNS and HELOBOGUS. There are many legitimate
mail servers out there with ignorant DNS admins. We are lucky to have Scott,
Len (on the Imail list), and DNS Stuff/Report. I have taken the approach to
attempt to enlighten them with the following email. Because my users
Great letter Kevin, but I recently tried to explain this to a company and their
engineer said that it was by design. His explanation was that they did it for
security/obscurity reasons and we were applying to strong restrictions on mail
delivery. Sometimes you just can't win with these
We got listed on the ORDB database as a mail relay...everywhere I test
mail relay, it says we are not running a relay. When looking at the
logs...it appears ORDB can get my mail server to mail to their email
address of
[EMAIL PROTECTED]
from my [EMAIL PROTECTED]
you can see the report at:
Exactly thats why I mentioned ignorant admins. I tell them that it is there
decision to have there email delayed by not being RFC complient and I just
want them to know the consequences. I generally find some one in management
to CC when I sent this response. When CCing I place the origional email
Glenn ,
I guess on your IMAIL you have selected relay for
local users or local hosts,
You better change it to ip address .
And use SMTP AUTH for clients not in your ip block
I just did a telnet to your server and send mail
from user root to my mail adress .
Other relay tester didnt use a
Title: Message
What
are your Imail settings with respect to relaying?
Looks
as if you may have defined "permit for local hosts" - which is misleading,
because all it requires is that the sender use one of your domain names to be
able to relay through your system.
You
need to either do
Are you using the PERCENT test?
They are using something like [EMAIL PROTECTED]@domain.com.
From the JunkMail manual:
PERCENT
This test will catch all mail with To:
addresses that contain a percent sign. The percent sign indicates an outdated
routing method
Thankssounds like I am going to have to contact 1500 clients about
setting Authorize on thei email client..
Gb
At 10:09 PM 7/18/2003 -0400, you wrote:
What
are your Imail settings with respect to relaying?
Looks as if you may have
defined permit for local hosts - which is misleading,
What is the last header that is in the E-mail headers? What is the
first
header in the E-mail body? Those headers should provide some clues.
-Scott
Here are the headers:
Return-Path: [EMAIL PROTECTED]
Received: from smtpin2.usinternet.com
38 matches
Mail list logo
