Hello,
Anyone know what lately (the last week or so) we've been getting a
lot of message building up in queue with as the from address (according
to the queue) and a to address listed as domains and other listings
different that what we host.
Any clues or iMail configuration
I have been using JunkMail Pro for about a year. I only make minor changes
to the standard config files because I've never had the time to learn about
all the ever changing spam tests, etc. The only action I take on spam is to
prefix the subject with SPAM: and send it on to the user for their
I have been using JunkMail Pro for about a year. I only make minor changes
to the standard config files because I've never had the time to learn about
all the ever changing spam tests, etc. The only action I take on spam is to
prefix the subject with SPAM: and send it on to the user for their
Also declude has progressed in a way allowing admins to greatly customize
every installation based on their specific network and spam they receive,
making no two installations the same, and rendering the idea of sharing
config file impossible.
Invest an hour in reading the manual and a few more
Scott,
I have installed the latest files... I try and keep up with them. I think
the only changes I make are on the Weight 10 and 20 and I change the
subject. I look at the headers on a bunch of the spam messages that come
thru and most fail SORBS-DUHL, but then I see that many legit messages
Is this correct:
BLACKHOLE-BRAZILip4rbrazil.blackholes.us127.0.0.2
3 0
or this:
BLACKHOLE-BRAZILip4rbrazil.blackholes.us127.0.0.2
3
The first one has a trailing 0, the second one does not. Whis is the
correct format?
Thanks,
Kris
This may sound stupid, but if I create a filter searching for
a string in an email...
BODY2CONTAINSxyz
and the email contains 4 instances of that string
now is the xyx time for all xyz good men xyz to come
to the aid xyz of their country
does the filter return an internal value of 8 or
2?
I have installed the latest files... I try and keep up with them. I think
the only changes I make are on the Weight 10 and 20 and I change the
subject. I look at the headers on a bunch of the spam messages that come
thru and most fail SORBS-DUHL, but then I see that many legit messages do as
It will return a weight of 2. The filter will
only flag the first occurrence that it finds, then ignores the
rest.
Bill
- Original Message -
From:
Doug Anderson
To: [EMAIL PROTECTED]
Sent: Tuesday, December 16, 2003 7:32
AM
Subject: [Declude.JunkMail] Filter
This may sound stupid, but if I create a filter searching for a string in
an email...
BODY 2 CONTAINS xyz
and the email contains 4 instances of that string
now is the xyx time for all xyz good men xyz to come to the aid xyz of
their country
does the filter return an internal value of 8 or 2?
Scott,
I'm not looking at the file right now, but all I do is change the Weight 10
and 20 from Warn to Subject Sapm: or whaterver the correct syntax is. The
result is that the message is sent on with the subject prefix of SPAM:
added. That's all I want to do. Then it's up to the user if they
Is there any test on declude that will detect this ??
beside ipr4 tests ??
only failed one test, not enough to tag it as spam... (on WEIGHT=10)
Received: from worldonline.de [80.230.246.63] by mail.fanosa.com with ESMTP
(SMTPD32-8.04) id A910153400AA; Mon, 15 Dec 2003 23:24:48 -0500
To:
I don't know anything about HOPHIGH. Mine is set at whatever your default
is.
OK, then that isn't a problem.
But it still doesn't explain why you have so much legitimate E-mail failing
the SORBS-DUHL test. That's a serious problem. Could you post the full
headers of a legitimate E-mail that
Scenario: One Imail server with multiple domains. I only want to JM filter
one domain, FilteredDomain.com. My current settings in
E:\Imail\Declude\$default$.junkmail are:
WEIGHT10 WARN
WEIGHT20 WARN
E:\Imail\Declude\FilteredDomain.com\$default$.junkmail are:
WEIGHT10 HOLD
WEIGHT20 HOLD
Which
I personally block all Dynamic IP address on my outer mail gateway, so not
even declude sees this.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Alejandro
Valenzuela
Sent: Tuesday, December 16, 2003 6:45 PM
To: [EMAIL PROTECTED]
Subject:
"which will be made freely available in 2004 to
open-source developers, would authenticate the outbound domains of every e-mail
message using unique embedded keys within e-mail message headers. The keys would
be authenticated through comparison with public keys registered by the
Internet's
When Declude shows the sender as null, (X-Declude-Sender:
[xxx.xxx.xxx.xxx])and if I wanted to add a small weight for that which way
should I do it:
MAILFROM5 ISBLANK
MAILFROM5 CONTAINS
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
---
[This
Sniffer has been doing a good job of filtering these out for me.
Burzin
At 10:45 AM 12/16/2003, you wrote:
Is there any test on declude that will detect this ??
beside ipr4 tests ??
only failed one test, not enough to tag it as spam... (on WEIGHT=10)
Received: from worldonline.de
For your second question
I use this ...
WEIGHT10SUBJECT SPAM:[%WEIGHT%]
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Burzin Sumariwalla
Sent: Tuesday, December 16, 2003 11:19 AM
To: [EMAIL PROTECTED]
Subject: Re: [Declude.JunkMail] refining
Scott,
Here's the header from a legit message to me that failed SORBS-DUHL.
Received: from SMTP32-FWD by csimo.com
(SMTP32) id A0298; Tue, 16 Dec 2003 07:11:26 -0600
Received: from SMTP32-FWD by csimo.com
(SMTP32) id A049C; Tue, 16 Dec 2003 07:11:26 -0600
Received: from brothers
Hi,
It does indeed look as if 64.251.138.48 is a dial-up account at Fidelity
Communications. Note the Reverse DNS of
64-251-138-48-dialup-mo.fidnet.com. So their listing in the dynamic and
dial-up hosts lists would be proper!?
Is it possible that [EMAIL PROTECTED] was working from home or
that
Why did this fail routing?
Received: from ns1.ssc-isp.net [12.9.25.242] by standardabrasives.com
(SMTPD32-8.04) id AA3617C1004E; Fri, 12 Dec 2003 09:26:14 -0800
Received: from smtp0.libero.it ([193.70.192.33])
by ns1.ssc-isp.net (SAVSMTP 3.1.1.32) with SMTP id M2003121209213324723
for [EMAIL
When Declude shows the sender as null, (X-Declude-Sender:
[xxx.xxx.xxx.xxx])and if I wanted to add a small weight for that which way
should I do it:
MAILFROM5 ISBLANK
MAILFROM5 CONTAINS
The second one (CONTAINS ).
MAILFROM5CONTAINS
Bill
- Original Message -
From: John Tolmachoff (Lists) [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, December 16, 2003 9:58 AM
Subject: [Declude.JunkMail] NULL sender
When Declude shows the sender as null, (X-Declude-Sender:
OK then. I guess the routing test is outdated and is limited in its
usefullness.
How does ROUTING determin the IP's country or origin?
Kevin Bilbee
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of R. Scott Perry
Sent: Tuesday, December 16, 2003 11:34
Hello,
Does anyone know of a way to add a weight to a message that
has the recipients name in the subject line?
Thanks
Jeffrey Di Gregorio
Systems Administrator
Pacific School of Religion
510-849-8283
Hi;
I am not
sure you can except of listing them in a filter file and then searching that
way.
What
would be GREAT is we could use variables in the filters. So %LOCALHOST% could be
used as a filter.
e.g.
BODY 5
CONTAINS %LOCALHOST%
this way
one could dynamically change filters. The same
It works by dividing the world into 3 regions, and trying to
cross-reference IPs to each region.
Scott,
But if we use COUNTRIES, I can display the list of countries (not just
regions?) in my email templates?
Are you saying that the routing test uses a different lookup than the
COUNTRIES
if we use COUNTRIES, I can display the list of countries (not just
regions?) in my email templates?
Yes.
Are you saying that the routing test uses a different lookup than the
COUNTRIES variables?
Yes.
If so, would it make sense to upgrade the routing test
so it uses the same information as
Hi,
FYI, rr.com has finally removed my IP from their spammer list as of
today. It took 4 requests dating back to 11/18. I only knew we were no
longer being blocked because one of my customers told me a message got
through. My log file from today verified this to be true. I never did
receive
If you have Declude JunkMail Pro, then the custom filters shared on my
site are all generally good at detecting this sort of thing. This one
in particular would have been it by DYNAMIC, FOREIGN,
TLD-WESTERNEUROPEAN, and TLD-MIDDLEEASTERN for a total of 9 points (or
90% of fail weight
Jeffrey Di Gregorio wrote:
Hello,
Does anyone know of a way to add a weight to a message that has the
recipients name in the subject line?
My experience was that almost all of such stuff that reaches my server
is from one spammer. You can set up a filter as follows if you have
Kami, et al.,
I know it's a bit of a pain to maintain, and it doesn't take away from
the benefits of having some variables for filtering, but there is an
effective filter for something related that I haven't yet shared. The
filter is called ADDRESSSUB, and it's quite simple and highly
. Attempting to send email to any of
those domains ends up with this result:
20031216 000133 127.0.0.1 SMTP
(0384324F) Trying aol.com (0)
20031216 000133 127.0.0.1 SMTP
(0384324F) Connect aol.com [205.188.156.154:25] (1)
20031216 000133 127.0.0.1 SMTP
(0384324F) 554-(RLY:B2) The information
Hi Scott:
I really admire your dedication behind your product and that you are
available for ad hoc communication at all times. Thank you for that.
However, I believe that there could be some better way of systematic
communication of any changes to the software, the configuration files, knows
Title: Message
Hi,
I just noticed that
AOL has stepped up their policies another notch.
They used to say
that "AOL **MAY**" not accept email from servers without Reverse DNS.
In the last two
weeks, that changed:
http://postmaster.aol.com/guidelines/standards.html
AOL's servers will
guarantee we've never sent any spam
their way, or any way, for that matter. Attempting to send email to
any of those domains ends up with this result:
20031216 000133 127.0.0.1 SMTP (0384324F) Trying aol.com (0)
20031216 000133 127.0.0.1 SMTP (0384324F) Connect aol.com
- Original Message -
From: Matthew Bramble [EMAIL PROTECTED]
I've seen places as large as GM block on just reverse
DNS alone, which is pretty stupid in my book, and that warning from
AOL's HELO has been there for months at least, and shows that they have
at least considered this
I really admire your dedication behind your product and that you are
available for ad hoc communication at all times. Thank you for that.
However, I believe that there could be some better way of systematic
communication of any changes to the software, the configuration files, knows
beta
Please let the list know if this works, though I'm just stabbing in the
dark of course. I've seen places as large as GM block on just reverse
DNS alone, which is pretty stupid in my book, and that warning from
AOL's HELO has been there for months at least, and shows that they have
at least
way, for that matter. Attempting to send email
to any of those domains ends up with this result:
20031216 000133 127.0.0.1 SMTP
(0384324F) Trying aol.com (0)
20031216 000133 127.0.0.1 SMTP
(0384324F) Connect aol.com [205.188.156.154:25] (1)
20031216 000133 127.0.0.1 SMTP
(0384324F) 554-(RLY:B2
blocking mail from every domain on my server
for almost two weeks now. I can guarantee we've never sent any spam
their way, or any way, for that matter. Attempting to send email to
any of those domains ends up with this result:
20031216 000133 127.0.0.1 SMTP (0384324F) Trying aol.com (0
Title: Message
I know this will stir a few people the
wrong way, but
If so many people are upset that MS is
being monopolistic by using their EULA to prevent software from operating, then
why dont those same people get upset at AOL for the internet-nazi-police tactics used to prevent
But only if its done accurately. And right now, the state of the RDNS
entries is such that it can't be done accurately. This is due in large
part to the ISPs not having proper RDNS entries (or having sweeping
blocks of static and dynamic, business and consumer class IPs with the
same RDNS
Sheldon Koehler wrote:
I would LOVE to see AOL start blocking on RDNS! If they do it, then we can
start doing it. Then within a few months, all of the legitimate mail servers
on the planet will have proper RDNS and the Spammers will have a much harder
time with life. Spam will decline a LOT!!!
Title: Message
This is exactly why I think we should have a some
sort of global internet council for setting standards, rather than all of us
little guys having to react, after the fact, whenever a large player makes a
change. The global council could maintain a distribution list to help
Maybe not necessarily a reply to your comments, but the problem is that
SMTP wasn't designed for security. Heck, how many years was it before
they came up with SMTP AUTH?
SMTP needs to be reworked, and then you need to give the Internet
another 5 to 10 years to catch up with the new
their way, or any way, for that matter. Attempting to send
email to any of those domains ends up with this result:
20031216 000133 127.0.0.1 SMTP (0384324F) Trying aol.com (0)
20031216 000133 127.0.0.1 SMTP (0384324F) Connect aol.com
[205.188.156.154:25] (1)
20031216 000133 127.0.0.1
Title: Message
OK I
have to reply to this one.
Nice
comparrison.
Kevin
Bilbee
-Original Message-From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]On Behalf Of Todd
HoltSent: Tuesday, December 16, 2003 4:33 PMTo:
[EMAIL PROTECTED]Subject: RE: [Declude.JunkMail] AOL
Title: Message
I would agree with this type of governing
body. One that sets standards like
RDNS entries and what they mean.
pessimistic rant
But it is still up to each mail admin(s)
to implement an anti-spam policy. And
the history of governing bodies is such that only the biggest
mail from every domain on my
server
for almost two weeks now. I can guarantee we've never sent any spam
their way, or any way, for that matter. Attempting to send email to
any of those domains ends up with this result:
20031216 000133 127.0.0.1 SMTP (0384324F) Trying aol.com (0
Title: Message
Totally agree. I know we'll always be at
their mercy, but at least we would have some warning
then...grin
Darin.
- Original Message -
From: Todd Holt
To: [EMAIL PROTECTED]
Sent: Tuesday, December 16, 2003 9:14 PM
Subject: RE: [Declude.JunkMail] AOL and Reverse
Is there a way to turn off Declude Queue?
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL
Isn't the IETF supposed to be this body?
_M
At 09:14 PM 12/16/2003, you wrote:
I
would agree with this type of governing body. One that sets
standards like RDNS entries and what they mean.
pessimistic rant
But it is still up to each mail admin(s) to implement an anti-spam
policy. And the
Somehow, it seems that Declude is thinking there is a problem and is putting
all Q into the overflow file. However, the spool only has a couple hundred
files.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-Original Message-
From: [EMAIL PROTECTED]
I wanted to throw this question to the list:
1) Who does *NOT* have Reverse DNS (PTR) entries for their mailservers?
2) If so, why not?
Personally I think reverse DNS entries adds an ounce of ownership to who actually uses
an IP address. For instance, I have several IPs given to me by my colo
Todd,
I suspect no one has an issue with what AOL is doing is because we are so
close to the situation (i.e. we are all trying to block spam).
Darrell
Todd Holt writes:
I know this will stir a few people the wrong way, but.
If so many people are upset that MS is being monopolistic by
I will disagree. I do not believe there is any comparison between MS EULA and AOL
mail policies. I do not see AOL's actions as the ...internet-nazi-police
tactics... as you claim. I do not see where AOL is gaining any competitive
advantage, they are simply trying to protect their network
. AOL will not deliver e-mail that contains a hex-encoded Universal Resource
Locator (URL). (Ex: http://%6d%6e%3f
Contains it where, in the body?
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
Jason,
Many ISPs refuse (for one reason or another) to delegate RDNS.
For example, we have a T-1 from MPower in Las Vegas. It is business
class. It has is a static block of 8 IPs. Normally considered by most
as acceptable to host a mail server. But Mpower refuses to delegate
RDNS.
And a
Not much comfort to those admins that are being blocked by AOL when
their servers are setup correctly.
Todd Holt
Xidix Technologies, Inc
Las Vegas, NV USA
www.xidix.com
702.319.4349
-Original Message-
From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
[EMAIL PROTECTED] On Behalf Of
Exactly, Chuck.
AOL is implementing the very same checks that we are using in Declude. So
what's the whining all about? I've been desperately waiting for years for
some of the big players to enforce standards (e.g., reverse DNS) and prudent
practices (e.g., no open relays, mail servers on dynamic
Todd, by understanding at Mpower is they will not delegate, but will make an
entry for you for what you need. If they are not allowing an entry for you,
contact me off list as I have a contact at Mpower that may be able to look
into it.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
63 matches
Mail list logo