Re[4]: [Declude.JunkMail] How do they do it?

2004-02-06 Thread Sanford Whiteman
> I asked about that exact issue. He said that it would be pointless > to run Black Ice on the backup spoolers because they will accept all > addresses of a dictionary attack. No errors are reported. That's only true if you don't make your backup spoolers aware of your userbase. Best practice

[Declude.JunkMail] Whitelisting more than 200 TODOMAINs

2004-02-06 Thread Darin Cox
Anyone know of a way to use an external file to perform a WHITELIST TODOMAIN on more than 200 domains?  The manual mentions using the WHITELISTFILE option in $default$.junkmail, but I assume this only replaces the need for WHITELIST FROMDOMAIN...which doesn't really matter since we use a neg

[Declude.JunkMail] BlackIce

2004-02-06 Thread Mike Wiegers
This was discussed earlier. I don't know if these setting work but here is the discussion. http://www.mail-archive.com/[EMAIL PROTECTED]/msg06713.html --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list.

[Declude.JunkMail] Logtool

2004-02-06 Thread Frederick Samarelli
Warning for anyone thinking of purchasing Logtool. (See Below). Scott you may want to remove them from your Tools list. Fred - Original Message - From: "Jason Wolfe" <[EMAIL PROTECTED]> To: "Frederick Samarelli" <[EMAIL PROTECTED]> Sent: Saturday, January 17, 2004 11:15 PM Subject: Re: V

Re: Re[2]: [Declude.JunkMail] How do they do it?

2004-02-06 Thread Joe Wolf
Sandy, I asked about that exact issue. He said that it would be pointless to run Black Ice on the backup spoolers because they will accept all addresses of a dictionary attack. No errors are reported. The errors come in when the backup spooler forwards the messages to the primary server and tho

RE: [Declude.JunkMail] How do they do it?

2004-02-06 Thread Jeff Maze - Hostmaster
One problem we've recently had is that a mail server we were trying to send messages to would die intermittently.. Came to discover there were filters on their router that when a certain "incident" happened, it blocked everything from that computer IP for 4 hours.. Maybe this is something you'd l

Re[2]: [Declude.JunkMail] How do they do it?

2004-02-06 Thread Sanford Whiteman
> He also had major concerns about backup mail spoolers. He said that > you have to whitelist your backup spoolers and that will still allow > the spammer to run their dictionary attacks. Only if the backups don't run BlackIce. :) But if _they're_ downselling it, that's interesting. --Sandy -

RE: [Declude.JunkMail] How do they do it?

2004-02-06 Thread Markus Gufler
I have no practical solution but you would need something that parses your SMTP logfile in realtime (like unixtool's tail or the new baretail) and track occurences of "invalid user" messages. If there are more then X connection attempts from one single IP in Y minutes causing an invalid user log e

RE: [Declude.JunkMail] How do they do it?

2004-02-06 Thread Marc Catuogno
It's funny but when I do a search for "dictionary" on their site to see how to configure black ice to guard against dictionary attacks or how it does I get no results. Can any user of Black Ice point me in the right direction here?? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAI

Re: [Declude.JunkMail] How do they do it?

2004-02-06 Thread Joe Wolf
I called the Black Ice tech support people today and discussed this issue. They told me that Black Ice will not stop a dictionary attack that is in progress, but it would shut the spammer down for a second attempt. He also had major concerns about backup mail spoolers. He said that you have to wh

RE: [Declude.JunkMail] How do they do it?

2004-02-06 Thread Andy Schmidt
Rick, I read the "BlackIce" User Guide and various other manuals to see if I want to pursue this software. Which feature/setting blocks Dictionary SMTP attacks? I can't seem to find any setting specific to this? Best Regards Andy Schmidt H&M Systems Software, Inc. 600 East Crescent Avenue, Suit

RE: [Declude.JunkMail] How do they do it?

2004-02-06 Thread Jeff Kratka
Are there others suggestion for firewall software for the server. Does Zonealarm have a server version and if so does it work as well as Black Ice. Jeff Kratka * TymeWyse Internet P.O.Box 84 - 110 Ecklund St., Canyonville, OR 97417 tel/fax: (54

RE: [Declude.JunkMail] How do they do it?

2004-02-06 Thread R. Scott Perry
For a firewall, would the regular version of Blackice work ok or is the Server version needed. My understanding is that BlackIce Server is the one that is required to help with dictionary attacks (since it deals with malicious inbound mail connections, which normally are not a problem with indiv

RE: [Declude.JunkMail] How do they do it?

2004-02-06 Thread Rick Klinge
Server version: http://blackice.iss.net/product_server_protection.php ~Rick > > For a firewall, would the regular version of Blackice work ok > or is the Server version needed. > > > ___ Virus Scanned and Filtered by http://ww

RE: [Declude.JunkMail] How do they do it?

2004-02-06 Thread Jeff Kratka
For a firewall, would the regular version of Blackice work ok or is the Server version needed. Jeff Kratka * TymeWyse Internet P.O.Box 84 - 110 Ecklund St., Canyonville, OR 97417 tel/fax: (541) 839-6027 - [EMAIL PROTECTED]

Re: [Declude.JunkMail] Analyzing logs

2004-02-06 Thread R. Scott Perry
I think I've seen reference to a means before by which one can analyze the Junkmail logs to see which rules or DNSBL's are being most effective. However, I can't find it again now. The Junkmail config I have on our Imail server is working well. I've been asked to config Symantec Antispam fo

[Declude.JunkMail] Analyzing logs

2004-02-06 Thread Katie La Salle-Lowery
Title: Message Hi there,   I think I've seen reference to a means before by which one can analyze the Junkmail logs to see which rules or DNSBL's are being most effective.  However, I can't find it again now.  The Junkmail config I have on our Imail server is working well.  I've been asked

Re: [Declude.JunkMail] New warning message

2004-02-06 Thread Bill Landry
- Original Message - From: "R. Scott Perry" <[EMAIL PROTECTED]> > >Haven't seen this warning in the JM logs before: > > > >Warning: Could not add warning [in] to M:\IMail\spool\Dadd51cb000ae39f6.SM$. > > > >Is this one of those messages that IMail stole before Declude could finish > >proc

RE: [Declude.JunkMail] How do they do it?

2004-02-06 Thread Kami Razvan
"I did happen to talk to DigiHost yesterday and was told that they don't have any real spam filter, but they do have something in place that prevents dictionary attacks." Joe.. Check the archives on the topic of Dictionary attacks.. It has been covered in detail many times. One product that peop

Re: [Declude.JunkMail] How do they do it?

2004-02-06 Thread Joe Wolf
I'm glad that I'm not the only one with these problems! Not that I like having the problem, but I thought there must be some kind of undetectable Trojan on my system letting the spammers know when I add a domain or user. Misery like company I guess. I did happen to talk to DigiHost yesterday and

Re: [Declude.JunkMail] New warning message

2004-02-06 Thread R. Scott Perry
Haven't seen this warning in the JM logs before: Warning: Could not add warning [in] to M:\IMail\spool\Dadd51cb000ae39f6.SM$. Is this one of those messages that IMail stole before Declude could finish processing it? That is a really strange one -- I don't believe that I have seen it before, eit

[Declude.JunkMail] New warning message

2004-02-06 Thread Bill Landry
Haven't seen this warning in the JM logs before: Warning: Could not add warning [in] to M:\IMail\spool\Dadd51cb000ae39f6.SM$. Is this one of those messages that IMail stole before Declude could finish processing it? Bill --- [This E-mail was scanned for viruses by Declude Virus (http://www.decl