What tests are the Postfix reports failing? Typically, you might see them
failing MAILFROM because the From address on some of these messages may
simply be root or MAILER DAEMON, without a valid e-mail address behind
it. You might try filtering on the subject of the reports and apply enough
of a
I thought I fixed that.
Any, no, you do not want to put HOPHIGH at zero, because then Declude will
only process the IP the message came from. It is suggested to have HOPHIGH
at 1 or 2, but no more than 2.
John Tolmachoff MCSE CSSA
Engineer/Consultant
eServices For You
www.eservicesforyou.com
- Original Message -
From: John Tolmachoff (Lists) [EMAIL PROTECTED]
Any, no, you do not want to put HOPHIGH at zero,
because then Declude will only process the IP the
message came from. It is suggested to have HOPHIGH
at 1 or 2, but no more than 2.
Wrong, HOPHIGH 0 is the default
Any, no, you do not want to put HOPHIGH at zero,
because then Declude will only process the IP the
message came from. It is suggested to have HOPHIGH
at 1 or 2, but no more than 2.
Wrong, HOPHIGH 0 is the default setting. HOPHIGH counts hops from the
IP
address that connected to your
Yes. Soil-tech.com is a local domain that we host and Tony is a valid
user on that domain. It almost appears that Imail is seeing his
OutlookExpress as a mail server, not a authenticated mail client.
Any other suggestions?
In this case, I would suggest using the debug mode to track the
problem.
http://news.com.com/2100-7344_3-5089977.html?tag=nefd_top
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe
I am on version 1.76i5 I have been getting this error for many months, yes
even back on verison 1.6x
the error happens to every email that reaches the action weight of DELETE
see attached the two files .GPx files form c:\ and my two Config files and
part of log file
We have determined the cause
Is anyone able to get to the site? www.dnsreport.com Just want to make sure
that it's just not me that is having problems.
Thanks,
Greg
attachment: winmail.dat
Yes, I can.
*
817-329-5275 PH
817-329-1189 FX
intercityweb.com
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
Sent: Monday, October 13, 2003 9:30 AM
To: Declude JunkMail (E-mail)
Subject: [Declude.JunkMail] DNS Report
Is
right now i was able to get the site
mfg
i.a.
gez. guhl
***
lds nrw
dez. 235
tel.: 0211 9449 2578
fax.: 0211 9449 8344
mailto:[EMAIL PROTECTED]
***
-Ursprüngliche Nachricht-
Von: [EMAIL PROTECTED]
[mailto:[EMAIL
Seems like it just came back up.
Thanks,
Greg
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
Sent: Monday, October 13, 2003 10:36 AM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.JunkMail] DNS Report
Yes, I can.
*
Seattle can get to it.
M
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
Sent: Monday, October 13, 2003 7:30 AM
To: Declude JunkMail (E-mail)
Subject: [Declude.JunkMail] DNS Report
Is anyone able to get to the site? www.dnsreport.com Just
I get it
Hermann
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
Sent: Monday, October 13, 2003 4:30 PM
To: Declude JunkMail (E-mail)
Subject: [Declude.JunkMail] DNS Report
Is anyone able to get to the site? www.dnsreport.com Just want to
And I'm seeing more and more of these messages with the text section crafted
cleverly to try and avoid blocks, and with more and more of them with these
text sections large enough to defeat scanning of the message proper by the
usual battery of content-based tests. I think Kami pointed this out
The message-length limit in particular is probably destined to be revised. We should
have some
control over this. Such as the ability to change it, or the ability to change the
limit when certain
parameters are met.
Keith Purtell, Web/Network Administrator
VantageMed Operations (Kansas City)
Shouldn't this have been caught by the comments test?
If not, what is the best way?
+ADwAIQ-DOCTYPE HTML PUBLIC +ACI--//W3C//DTD HTML 3.2//EN+ACIAPg-
+ADw-HTML+AD4-
+ADw-HEAD+AD4-
+ADw-META HTTP-EQUIV+AD0AIg-Content-Type+ACI- CONTENT+AD0AIg-text/html+ADs-
charset+AD0-utf-7+ACIAPg-
+ADw-META
Shouldn't this have been caught by the comments test?
The COMMENTS test *only* looks for HTML comments that are designed to
bypass filters. It does not look for made-up HTML tags, or legitimate HTML
tags that are used to bypass filters.
In this case:
What might be nice would be a test that would count how many times each
HTML feature was used -- for example, if it saw that nbsp; appeared 50
times in an E-mail, it could trigger the test.
That would be nice. Can SpamCheck, Alligate or Sniffer do this?
John Tolmachoff MCSE CSSA
Hi,
I've been using this filter with success:
REVDNS -100 ENDSWITH .shawcable.net
But what happens if :
X-Declude-Sender: [EMAIL PROTECTED] [204.209.208.8]
Does that test match the ip address to yahoo.com?
Or if the ip addresses reverses to shawcable.net, it will let it through
even if
I've been using this filter with success:
REVDNS -100 ENDSWITH .shawcable.net
But what happens if :
X-Declude-Sender: [EMAIL PROTECTED] [204.209.208.8]
Does that test match the ip address to yahoo.com?
Not in this specific case (since 204.209.208.8 doesn't have a reverse DNS
entry, even
Hi,
I'm getting a lot of false positives because of HELOBOGUS and MAILFROM issues.
I know there probably has been discussion here about this already. Is there a
resolution? How do I get around this? I'm catching email from AOL, Roadrunner,
Adelphia, etc.
See below.
Thanks, andy
I'm getting a lot of false positives because of HELOBOGUS and MAILFROM issues.
If you are running v1.76, you should download the latest interim release
from http://www.declude.com/release/176i/declude.exe . This is happening
as one of the many side-effects of bad old Verisign's attempt to
Scott,
Just out of curiousity, is there anyway you folks could include a
version resource in declude.exe
to make it possible to determine the version number without having to
use declude -diag?
IMHO, being able to use explorer file properties would be very handy.
Mike
R. Scott Perry wrote:
Scott..
Wow, that changes a lot. I knew something was going on with Verisign. Is
there a technical description somewhere of what they did so I can catch up?
Do you have new default config files listed on your website that incorporate
the latest changes needed.
Once again, the support of the
Just out of curiousity, is there anyway you folks could include a version
resource in declude.exe
to make it possible to determine the version number without having to use
declude -diag?
IMHO, being able to use explorer file properties would be very handy.
It would be nice, but unfortunately
Wow, that changes a lot. I knew something was going on with Verisign. Is
there a technical description somewhere of what they did so I can catch up?
Actually, they got threatened by ICANN and sued by other companies, and
finally gave up. So DNS is back the way it should, albeit with minor
Is there any way to test for several addresses in the TO: line that are similar? For
instance the following addresses were in the TO: line of a message I received
recently. None of the addresses exist other than mine.
[EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED],
Most illegal junkmail senders (I would imagine), use proprietary
applications to pour their swill down our throats.
Although many probably use the normal apps like Outlook, the die hard ones
must use custom coded apps (and the people using them are not the
programmers I bet).
Correct.
Like
I just noticed that all we're getting for IP addresses with these two
versions is 0.0.0.0.
Example:
X-Declude-Sender: [EMAIL PROTECTED] [0.0.0.0]
After going back to 1.76i1, we're getting a real IP address.
Example:
X-Declude-Sender: [EMAIL PROTECTED] [156.21.1.21]
Anyone else seeing this?
Sniffer has mechanisms like this coming up in V3, but they are strictly
feature extractors that will be used by the AI to characterize the
messages. It's not really practical to set simple limits/thresholds on
the number or itteration of HTML elements used in the text... however
there are some
Doesn't the installed.bin file contain the current version number?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of R. Scott Perry
Sent: Monday, 13 October 2003 3:32 PM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.JunkMail] ERROR: SOMEONE CRUMBLED MY MAGIC
FYI I just upgraded to the latest and it's giving us the correct IP address
in X-Declude Sender. not 0.0.0.0
I just noticed that all we're getting for IP addresses with these two
versions is 0.0.0.0.
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
Doesn't the installed.bin file contain the current version number?
It may. But that file is a binary file that shouldn't be handled with text
editors, making it difficult to view the information in it.
-Scott
---
Declude JunkMail: The advanced
I just noticed that all we're getting for IP addresses with these two
versions is 0.0.0.0.
Example:
X-Declude-Sender: [EMAIL PROTECTED] [0.0.0.0]
After going back to 1.76i1, we're getting a real IP address.
Example:
X-Declude-Sender: [EMAIL PROTECTED] [156.21.1.21]
Could you send me the
R. Scott Perry wrote:
Note that with v1.76, you can just run the Declude.exe file without
any arguments and it will display the version.
Only from a prompt, unless you're a very fast reader. :)
Mike
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This
R. Scott Perry wrote:
I just noticed that all we're getting for IP addresses with these two
versions is 0.0.0.0.
Example:
X-Declude-Sender: [EMAIL PROTECTED] [0.0.0.0]
After going back to 1.76i1, we're getting a real IP address.
Example:
X-Declude-Sender: [EMAIL PROTECTED] [156.21.1.21]
anyone willing to send me a copy of their kill list? I am far behind in
the filtering spam war, and would appreciate a 'cheat sheet' to update our
kill list here at Primate. I'm tired of sifting through held emails via
Spam Review. Thanks for your help.
Joseph C. Acac
CNPRC
University of
It may. But that file is a binary file that shouldn't be handled with text
editors, making it difficult to view the information in it.
Whoops. Then I hope I didn't seriously goof something up. My installed.bin file
properties state that it consists of exactly six bytes, and if I open it with
anyone willing to send me a copy of their kill list? I am
far behind in the filtering spam war, and would appreciate
a 'cheat sheet' to update our kill list here at Primate.
I'm tired of sifting through held emails via Spam Review.
Your welcome to use ours:
thanks scott, that fixed it
Sincerely,
William J. Baumbach II [EMAIL PROTECTED]
9975 Pennsylvania Ave. Manassas, Va. 20110-2028
Ph: 703-367-7900 ext:1708 Fax: 703-691-0946
-
- Original Message -
From: R. Scott Perry [EMAIL
use at your own risk, there might be good email addresses in this list, not
sure, however its the one i use for my Imail Kill.lst
Sincerely,
William J. Baumbach II [EMAIL PROTECTED]
9975 Pennsylvania Ave. Manassas, Va. 20110-2028
Ph: 703-367-7900 ext:1708 Fax: 703-691-0946
41 matches
Mail list logo
