[Declude.JunkMail] Badheaders, Eudora and Incredimail
Hi there, I'm new to this list and to Declude for that matter. I can say however that it does a terrific job. I need your advise on the following: A lot of legitimate e-mail is getting caught because of badheaders. Although we have set revdns, noabuse, nopostmaster and routing to ignore it appears that they add weight when combined. We've also discovered that the way Eudora and Incredimail write header information makes most if not all mail originating from these mail clients be caught as spam because of badheaders Is there any workaround? Best regards Lachezar --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] FILTER test...how much of the body does it read?
Scott, Can you remind me how much of the message body JunkMail scans with the FILTER test? I had one pass through that was about 600 lines. The end had the typical This is not spam, sent in compliance with, etc. which should have been caught by my word filters, but it wasn't. Just for kicks, I verified this by sending the whole message to myself from an outside account and the weight came up as 0. I moved the last paragraph to the top of the message and resent it and the FILTER test caught it. I was using 1.56i at the time and just installed 1.58b. Is there an option to have it scan the full body since a lot of the tell-tale spam identifiers are at the end? If not, can it be added in the future? Thanks! --Todd. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Badheaders, Eudora and Incredimail
Thanks for the prompt reply, THis is the header from one of the incredimail messages: Received: from Tyrone Sons [196.31.58.242] by tibiyo.com (SMTPD32-7.04) id A7DA483E01C8; Tue, 03 Sep 2002 09:42:18 +0200 MIME-Version: 1.0 Message-Id: 3D74673B.1E.19449@Tyrone Sons.realnet.co.sz Date: Tue, 3 Sep 2002 09:39:39 +0200 (South Africa Standard Time) Content-Type: Multipart/related; type=multipart/alternative; boundary=Boundary-00=_3MQUP4J1VA40 X-Mailer: IncrediMail 2001 (1750690) From: Tyrone Sons [EMAIL PROTECTED] X-FID: FEFCEF83-591F-11D4-AF87-0050DAC67E11 X-FVER: 2.0 X-FIT: Letter X-FCOL: Old Papers X-FCAT: Stationery X-FDIS: Celtic Myth X-Extensions: SU1CTDEsNDEsgUmBSTgsODQsOMGVTY3FhThNhYUoiU0kOMGdTYGBjYEoJDSZnSyFhUksSU1CTDIs MCwsSU1CTDMsMCws X-BG: AAE092E1-BF0E-11D6-8F75-00C0CA1101D1 X-BGT: repeat X-BGC: #ddbb99 X-BGPX: left X-BGPY: 0px X-ASN: EE860250-5330-11D4-BA52-0050DAC68030 X-ASNF: 0 X-ASH: EE860250-5330-11D4-BA52-0050DAC68030 X-ASHF: 1 X-AN: A5BE2A00-37CC-11D4-BA36-0050DAC68030 X-ANF: 0 X-AP: A5BE2A00-37CC-11D4-BA36-0050DAC68030 X-APF: 1 X-AD: 7E485C40-4138-11D4-BA3D-0050DAC68030 X-ADF: 0 X-AUTO: X-ASN,X-ASH,X-AN,X-AP,X-AD X-CNT: ; X-Priority: 3 To: [EMAIL PROTECTED] Subject: Not sending mail Reply-To: Tyrone Sons [EMAIL PROTECTED] X-Declude-Sender: [EMAIL PROTECTED] [196.31.58.242] X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. X-Spam-Tests-Failed: BADHEADERS X-RCPT-TO: [EMAIL PROTECTED] Status: U X-UIDL: 323286068 The following is the header from a Eudora mail client: Received: from johnresting [196.31.58.24] by realnet.co.sz (SMTPD32-7.06) id A891E79A011E; Tue, 03 Sep 2002 17:43:13 +0200 X-Sender: [EMAIL PROTECTED] X-Mailer: QUALCOMM Windows Eudora Pro Version 4.0.1 Date: Tue, 03 Sep 2002 17:45:53 +0200 To: [EMAIL PROTECTED] From: John Resting [EMAIL PROTECTED] Subject: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Message-Id: 200209031743796.SM00321@johnresting X-Declude-Sender: [EMAIL PROTECTED] [196.31.58.24] X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. X-Spam-Tests-Failed: None X-RCPT-TO: [EMAIL PROTECTED] Status: U X-UIDL: 912182731 I guess that the reason for the spam test being none is that I whitelisted the [EMAIL PROTECTED] e-mail address, and yes your note on the IP address is correct as there is an IP address instead of the server name. Best regards Lachezar -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of R. Scott Perry Sent: Tuesday, September 03, 2002 4:29 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Badheaders, Eudora and Incredimail A lot of legitimate e-mail is getting caught because of badheaders. That is very bad. Note that any E-mail failing the BADHEADERS test is likely to get caught on other servers, as well. Although we have set revdns, noabuse, nopostmaster and routing to ignore it appears that they add weight when combined. That is correct, unless you disable those tests, or set the weight to 0. The IGNORE action only affects the test that it is used with, and does not take away the weight for that test. We've also discovered that the way Eudora and Incredimail write header information makes most if not all mail originating from these mail clients be caught as spam because of badheaders Is there any workaround? I often get mail from people using Eudora and Incredimail, and they do not fail the BADHEADERS test. So it is likely a problem with the specific version(s) that you are running, or a setup error. There is a bug in some versions of Eudora that can cause the BADHEADERS test to fail if an IP address is entered as the name of the server. Eudora will accept this, but assume that it is a host name (not an IP), so when it generates the Message-ID: header, it uses the format for a hostname rather than an IP, which breaks the header. If you post the full headers of one of the E-mails that was caught (actually, one for Eudora and one for Incredimail would be best), I can take a look to see what is wrong. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re[2]: [Declude.JunkMail] Spammer tools - why do these sites exist
Add to the list nslookup marketmenow.com Name:marketmenow.com Address: 66.94.74.206 1270 ms90 ms60 ms pos1-0-622M.cr2.CLE1.gblx.net [206.132.111.118] 1380 ms60 ms60 ms pos1-0-0-155M.ar1.CLE1.gblx.net [206.132.111.130 1450 ms70 ms60 ms FidelityAccessNetworks.fa0-1-0.101.sw1.CLE1.gblx.net [208.50.254.6] 15 *** Request timed out. 1660 ms60 ms61 ms 66.94.74.206 gblx.net is their upstream provider. Monday, September 2, 2002, 10:46:13 AM, you wrote: JT Query: marketmenow.com. Query type: Any record JT Recursive query: YesAuthoritative answer: Yes JT Query time: 280 ms. Server name: n/a JT Answer: JT marketmenow.com.3600A 66.94.74.206 JT marketmenow.com.3600NS ns1.1800thenerd.net. JT marketmenow.com.3600SOA ns1.1800thenerd.net. JT admin.1800thenerd.net. JT 21 ; serial JT 900 ; refresh (15 minutes) JT 600 ; retry (10 minutes) JT 86400 ; expire (1 day) JT 3600; minimum (1 hour) JT marketmenow.com.3600MX 10 JT mail.1800thenerd.net. JT Additional: JT ns1.1800thenerd.net.3600A 64.214.111.123 JT mail.1800thenerd.net. 3600A 64.214.111.126 JT Query: www.marketmenow.com. Query type: Any record JT Recursive query: YesAuthoritative answer: Yes JT Query time: 320 ms. Server name: n/a JT Answer: JT www.marketmenow.com.3600A 66.94.74.206 JT Query: 1800thenerd.net. Query type: Zone transfer JT Recursive query: n/aAuthoritative answer: n/a JT Query time: 420 ms. Server name: ns1.1800thenerd.net JT 1800thenerd.net.3600SOA ns1.1800thenerd.net. JT brian.barnt.smscecon.com. JT 100 ; serial JT 900 ; refresh (15 minutes) JT 600 ; retry (10 minutes) JT 86400 ; expire (1 day) JT 3600; minimum (1 hour) JT 1800thenerd.net.3600NS ns1.1800thenerd.net. JT 1800thenerd.net.3600NS ns2.1800thenerd.net. JT 1800thenerd.net.3600MX 10 JT mail.1800thenerd.net. JT 1800thenerd.net.3600MX 20 mrx.1800thenerd.net. JT 1800thenerd.1800thenerd.net.3600A 64.214.111.124 JT citrix.1800thenerd.net. 3600A 64.214.111.127 JT ftp.1800thenerd.net.3600A 64.214.111.125 JT mail.1800thenerd.net. 3600A 64.214.111.126 JT mail.1800thenerd.net. 3600MX 10 JT mail.1800thenerd.net. JT mail.1800thenerd.net. 3600MX 20 mrx.1800thenerd.net. JT main.1800thenerd.net. 3600A 64.214.111.124 JT mrx.1800thenerd.net.3600A 64.204.252.135 JT mrx-cle-t1-1.1800thenerd.net. 3600A 64.204.252.129 JT mrxctx01.1800thenerd.net. 3600A 64.214.111.127 JT mrxctx02.1800thenerd.net. 3600A 64.214.111.128 JT ns1.1800thenerd.net.3600A 64.214.111.123 JT ns2.1800thenerd.net.3600A 64.214.111.129 JT pdc.1800thenerd.net.3600A 64.214.111.124 JT print.1800thenerd.net. 3600A 64.214.111.125 JT sql.1800thenerd.net.3600A 64.214.111.125 JT web.1800thenerd.net.3600A 64.214.111.125 JT web01.1800thenerd.net. 3600A 64.214.111.125 JT www.1800thenerd.net.3600A 64.214.111.125 JT WHO is lookup for 1800thenerd.net: JT Registrant: JT James, Steven (1800THENERD4-DOM) JT8286 Wright Rd JTBroadview Hts, OH 44147 JTUS JTDomain Name: 1800THENERD.NET JTAdministrative Contact, Technical Contact: JT James, Steven (YSWDJCVPTI) [EMAIL PROTECTED] JT 8286 Wright Rd JT Broadview Hts, OH 44147 JT US JT 440-838-1330 440-878-8999 440-878-8999 JTRecord expires on 16-Feb-2003. JTRecord created on 16-Feb-2000. JTDatabase last updated on 2-Sep-2002 11:42:14 EDT. JTDomain servers in listed order: JTNS1.1800THENERD.NET 64.214.111.123 JTWARHOL.AMERISERV.NET 216.82.64.10 JT WHO is lookup for marketmenow.com: JT Registrant: JT Liv's Inc. JT 8593 Mentor Road JT Mentor, OH 44060 JT US JT Domain Name: MARKETMENOW.COM JT Administrative Contact: JT Stipcic, Livio [EMAIL PROTECTED] JT 8593 Mentor Road JT Mentor, OH 44060 JT US JT 440-205-9140 JT Technical Contact: JT Stipcic, Livio [EMAIL
RE: [Declude.JunkMail] FILTER test...how much of the body does it read?
Hi; I think this is a great idea... Why not actually have an option to scan the top or the bottom. I know in our case if I have only one choice I would choose the bottom of the e-Mail for scan. Because most of our Word Filter is based on the bottom of the spams. I had no idea that it is only 8000 characters. Regards, Kami -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of R. Scott Perry Sent: Tuesday, September 03, 2002 11:57 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] FILTER test...how much of the body does it read? Can you remind me how much of the message body JunkMail scans with the FILTER test? It scans the first 8,000 or so characters. I was using 1.56i at the time and just installed 1.58b. Is there an option to have it scan the full body since a lot of the tell-tale spam identifiers are at the end? If not, can it be added in the future? There isn't such an option, but it is one that we could add (although it could add significantly to CPU usage). -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] FILTER test...how much of the body does it read?
It scans the first 8,000 or so characters. I was using 1.56i at the time and just installed 1.58b. Is there an option to have it scan the full body since a lot of the tell-tale spam identifiers are at the end? If not, can it be added in the future? There isn't such an option, but it is one that we could add (although it could add significantly to CPU usage). What about say the first 5000 and the last 5000? John Tolmachoff IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of R. Scott Perry Sent: Tuesday, September 03, 2002 8:57 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] FILTER test...how much of the body does it read? Can you remind me how much of the message body JunkMail scans with the FILTER test? -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Badheaders, Eudora and Incredimail
THis is the header from one of the incredimail messages: Message-Id: 3D74673B.1E.19449@Tyrone Sons.realnet.co.sz This one looks like Incredimail doesn't do an incredible job checking host names -- the last I checked, host names could not include a space in them. :) The following is the header from a Eudora mail client: ... I guess that the reason for the spam test being none is that I whitelisted the [EMAIL PROTECTED] e-mail address, and yes your note on the IP address is correct as there is an IP address instead of the server name. Actually, the I address isn't the issue here (although the X-Sender: [EMAIL PROTECTED] should be X-Sender: johnrest@[192.168.0.1], the RFCs allow anything in the X- headers, so it is technically valid. This E-mail didn't fail the BADHEADERS test here, just the SPAMHEADERS test (because it was sent without a Message-ID: header). I'm guessing the version of Eudora they are running is a beta version, as I haven't heard of any legitimate mail clients that don't add the Message-ID: header (usually it's poorly designed web apps that have that problem). -Scott --- Declude: Anti-virus, Anti-spam and Anti-hijacking solutions for IMail. http://www.declude.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] FILTER test...how much of the body does it read?
I'm not sure you want to go that route - there's a lot of good spam fodder at the top of a message. The pattern matching engine in sniffer can afford to wade through the entire message so we've got a lot of rules in the Sniffer database that start in the top of a message and end in the bottom. If you can't afford to scan the whole message then you might scan the top and the bottom and leave out the middle. This would likely work better than skipping one end or the other. My $0.02. _M | -Original Message- | From: [EMAIL PROTECTED] | [mailto:[EMAIL PROTECTED]] On Behalf Of Kami Razvan | Sent: Tuesday, September 03, 2002 12:25 PM | To: [EMAIL PROTECTED] | Subject: RE: [Declude.JunkMail] FILTER test...how much of the | body does it read? | | | Hi; | I think this is a great idea... Why not actually have an | option to scan the top or the bottom. I know in our case if | I have only one choice I would choose the bottom of the | e-Mail for scan. | | Because most of our Word Filter is based on the bottom of the | spams. I had no idea that it is only 8000 characters. | | Regards, | Kami | | -Original Message- | From: [EMAIL PROTECTED] | [mailto:[EMAIL PROTECTED]] On Behalf Of R. | Scott Perry | Sent: Tuesday, September 03, 2002 11:57 AM | To: [EMAIL PROTECTED] | Subject: Re: [Declude.JunkMail] FILTER test...how much of the | body does it read? | | | | Can you remind me how much of the message body JunkMail | scans with the | FILTER test? | | It scans the first 8,000 or so characters. | | I was using 1.56i at the time and just installed 1.58b. Is there an | option to have it scan the full body since a lot of the | tell-tale spam | identifiers are at the end? If not, can it be added in the future? | | There isn't such an option, but it is one that we could add | (although it | | could add significantly to CPU usage). | -Scott | | | --- | [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] OT: Spammed by my own state (HTML format)
Title: I'm here to help! Please forgive me for sending this but I just had to. I received this via my personal e-mail address which gets forwarded to my work address. Not only do my taxes pay for thebad TV commercials this guy has been subjecting me to, they are now funding spam. Ugh... Bill -Original Message-From: Bill Beach [mailto:[EMAIL PROTECTED]]Sent: Thursday, August 29, 2002 12:53 PMTo: Gib ArmstrongSubject: RE: I'm here to help! As my state rep., please do something about all of the spam I get. You can start by not sending me any. -Original Message-From: Gib Armstrong [mailto:[EMAIL PROTECTED]]Sent: Thursday, August 29, 2002 9:01 AMTo:[EMAIL PROTECTED]Subject: I'm here to help!Importance: Low Dealing with state government can be difficult at times, but it doesn't have to be. As your state Representative, I'm here to help! Whether it's questions about programs or you just need help cutting through the red tape to resolve a problem, please let me know what I can do for you. Here are just a few ways I can help: Tell a Friend Email : Email : Email : Getting a Copy of a Birth Certificate Assistance With College Loans Renewing Car Registrations Notary Services PACE Assistance And More Please contact me at my district office or visit my Web site at www.repgibarmstrong.com if there's something I can do for you. Thanks,Gib State RepresentativeGibson C. Armstrong 680 Robert Fulton Highway Quarryville, PA 17566 (717) 786-4551 Phone: (717) 786-3645 www.repgibarmstrong.com Security and Privacy Remove Me
[Declude.JunkMail] getting the headers from forwards?
Is there anyway that a techno-phobic person can easily forward me the headers from the spam they get so I can more easily adjust my blacklist? Or is there a way in outlook 2000 for me to look more deeply into the e-mail forwards to see the source? Thanks - Marc --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] getting the headers from forwards?
The only way I've found is to navigate through View = Options and then copy the Internet header text found there. We put a how-to with screen captures on our intranet, but most don't use it. Easier just to delete. Keith Purtell, Web/Network Administrator VantageMed Operations (Kansas City) Email: [EMAIL PROTECTED] CONFIDENTIALITY NOTICE: This email message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Marc Catuogno Sent: Tuesday, September 03, 2002 1:30 PM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] getting the headers from forwards? Is there anyway that a techno-phobic person can easily forward me the headers from the spam they get so I can more easily adjust my blacklist? Or is there a way in outlook 2000 for me to look more deeply into the e-mail forwards to see the source? Thanks - Marc --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] School system needs advice
I've been running Junkmail for a few months now... We're a K-12 public school system with a porn-spam problem. Frankly, I'm apparently lousy at tweaking my JunkMail Pro settings to get a good setup to stop the porn, or at least cut it down. I can get quite a bit of the other junk mail. Until we can get a low-false-positive solution, I'm simply doing ATTACH and the like, as we don't have available time to review HOLD e-mails. As you can understand, this presents some problems with sensitive eyes. My boss is now talking about the possibility that Declude JunkMail isn't what we need and is wanting me to prowl around Networld next week for an alternative. Does anyone have suggestions on how I can quickly tune Declude JunkMail to provide a decent-quality result? I generally like Declude (especially Virus), but a flashy corporate package tends to look good to management types and failure seems to be more accepted if it comes from a multi-million dollar corporation. I need good suggestions, both general and specific. -Curtis Faulkner --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Our Latest Declude's Kill File Statistics- Image`fx
Report ID Version 1.02b Detailed Report for: 09/03/2002 17:05:52 Log file examined: x:\IMAIL\SPOOL\DEC0903.LOG Kill file examined: x:\IMAIL\DECLUDE\FROMFILE.TXT Kill file copied to: x:\APPS\DELOG\FROMFILE.TXT Merge file examined: x:\WORKSPOT\KILL.TXT Clean action set to: 30 Total addresses in kill file: 662 Total addresses updated: 138 Total new addresses added: 21 Total old addresses removed: 0 Total addresses in merge file: 22 Total duplicate merge addresses: 1 Total addresses now in kill file: 683 Total percentage of kill file usage: 21% Total Unique Message Count: 1982 Total Unique Identifiers found: 138 Total failure of all Identifiers: 767 Total Percent of ID effectiveness: 39% List of spammers caught by the kill file: found: 30 ID-20020903-000434 .torpedomail.com found: 13 ID-20020903-000498 .newnamedns.com found: 1 ID-20020903-000410 @peter4537.com found: 15 ID-20020903-000520 .n0o1.com found: 2 ID-20020903-000248 @sporttime.info found: 17 ID-20020903-84 .mm53.com found: 2 ID-20020903-000501 @framesetup.com found: 18 ID-20020903-35 .currentmail.com found: 32 ID-20020903-22 .azoogle.com found: 3 ID-20020903-67 .heresadeal.com found: 16 ID-20020903-56 .etracks.com found: 1 ID-20020903-000223 @mountainwings2.com found: 8 ID-20020903-000374 @marvelousmail.com found: 2 ID-20020903-000441 @nationwidemortgage.us found: 10 ID-20020903-000188 @fultondirect.com found: 8 ID-20020903-000372 .mylottomail.com found: 3 ID-20020903-000206 @j4femail.com found: 1 ID-20020903-000414 @sina.com found: 4 ID-20020903-000300 .c0olmail.com found: 27 ID-20020903-82 .mb00.net found: 9 ID-20020903-000384 .play4keeps.com found: 15 ID-20020903-000310 .mrktmail.com found: 1 ID-20020903-000135 .top-special-offers.com found: 1 ID-20020903-000438 @intervolved.net found: 2 ID-20020903-000444 @yourbigfun.com found: 5 ID-20020903-000261 @yeah.net found: 78 ID-20020903-000136 .topica.com found: 1 ID-20020903-000640 @economist.com.cn found: 18 ID-20020903-23 .bb02.net found: 1 ID-20020903-000242 .marknetworld.net found: 1 ID-20020903-51 .emailfactory.com found: 48 ID-20020903-000381 @vmadmin.com found: 11 ID-20020903-11 .EASYWINNING.COM found: 4 ID-20020903-20 .aweber.com found: 10 ID-20020903-21 .azogle.com found: 3 ID-20020903-53 .emailwow.com found: 7 ID-20020903-000569 @hsmmailer.com found: 15 ID-20020903-59 .firstratedeals.com found: 6 ID-20020903-000278 .mailthanks.com found: 3 ID-20020903-63 .freelotto.com found: 1 ID-20020903-000320 @mailme.dk found: 5 ID-20020903-000433 .sky08.com found: 2 ID-20020903-000324 .purepost.com found: 3 ID-20020903-000237 @sender33567.com found: 1 ID-20020903-14 .FAMILYTIME.COM found: 9 ID-20020903-000332 .onelinezine.com found: 3 ID-20020903-000279 .opt4email.com found: 5 ID-20020903-000267 .chtah.com found: 5 ID-20020903-000339 .fztrk.com found: 7 ID-20020903-000481 .dont-miss-this-deal.com found: 1 ID-20020903-000116 .roving.com found: 9 ID-20020903-91 .naviantnetwork.net found: 2 ID-20020903-38 .dazenetwork.com found: 7 ID-20020903-000354 .giantreward.com found: 1 ID-20020903-000302 .neoseeker.com found: 5 ID-20020903-000525 .dm-direct.com found: 4 ID-20020903-000174 @dlbdirect.com found: 3 ID-20020903-000229 @newfunpages.com found: 1 ID-20020903-000392 @scicmail.com found: 1 ID-20020903-25 .bizrate.com found: 2 ID-20020903-000411 .greatmailoffers.com found: 4 ID-20020903-000102 .optinmailing.com found: 1 ID-20020903-000311 .smrmail.com found: 6 ID-20020903-000100 .opinionsurveys.com found: 6 ID-20020903-000612 @hi-speedmediaoffers.net found: 3 ID-20020903-30 .clickz.com found: 9 ID-20020903-000111 .qves.net found: 3 ID-20020903-000343 @ultimatesports.info found: 7 ID-20020903-02 .1premio.com found: 8 ID-20020903-96 .offermonkey.com found: 1 ID-20020903-000460 @offer888.net found: 5 ID-20020903-000112 .rapid-e.net found: 2 ID-20020903-000285 .adversend.com found: 1 ID-20020903-000321 @rootsweb.com found: 4 ID-20020903-000207 @jdrdirect.com found: 1 ID-20020903-000406
RE: [Declude.JunkMail] School system needs advice
Does anyone have suggestions on how I can quickly tune Declude JunkMail to provide a decent-quality result? I generally like Declude (especially Virus), but a flashy corporate package tends to look good to management types and failure seems to be more accepted if it comes from a multi-million dollar corporation. You will never be able to stop 100% of all the porn spam.. You should be able to get a good percentage. However, if the mindset in place is that failure seems to be more accepted if it comes from a multi-million dollar corporation. Then you are already behind the 8-ball. What tests are you using? Darrell --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] School system needs advice
I need good suggestions, both general and specific. Spam is always going to get through at one time or another. BUT, we have had success adding Sniffer (www.sortmonster.com) into the Declude Junkmail mix. Our local competition uses Postini and the amount of spam that gets by that over priced service is incredible. I have a friend who's work place uses them and he laughs at the amount of spam he does not have to see our service. We also have an IMGate box (http://imgate.meiway.com) as our first line of defense. By doing all of the above, our spam level is very low. I am always tweaking the settings and spend more time on it than I would like. As an ISP, I have to be more open to some of the known junk places for our users that like getting coupons and junk on a daily basis. As a school district, you will be able to get away with rejecting EVERYTHING Sniffer wants to reject. newsletters included as they are not related to school needs. And Sniffer seems to do a great job at catching porno spam!!! Sheldon Sheldon Koehler, Owner/Partnerhttp://www.tenforward.com Ten Forward Communications 360-457-9023 Nationwide access, neighborhood support! Whenever you find yourself on the side of the majority, it's time to pause and reflect. Mark Twain --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] School system needs advice
You might want to try Sniffer and/or the silent-way beta-not supported-use at your own risk adult test. You should also try using creating a custom test to search for words in the subject line and body. (I forget what it is called right now.) John Tolmachoff IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] School system needs advice
Double that. Using declude + sniffer I have not seen a piece of porn get through. Only rarely do I see any spam get through. I would highly suggestion getting sniffer, as much (adult + non-adult) spam often passes all HEADER checks (which is what declude does alone), so you must rely on something that checks the message body (sniffer). Well worth the $$$! (try their Free Demo to get a glimpse of what it does. Keep in mind you are using old body definitions with their demo, and they give almost daily updates once you register). -Original Message- From: Sheldon Koehler [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 03, 2002 4:31 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] School system needs advice I need good suggestions, both general and specific. Spam is always going to get through at one time or another. BUT, we have had success adding Sniffer (www.sortmonster.com) into the Declude Junkmail mix. Our local competition uses Postini and the amount of spam that gets by that over priced service is incredible. I have a friend who's work place uses them and he laughs at the amount of spam he does not have to see our service. We also have an IMGate box (http://imgate.meiway.com) as our first line of defense. By doing all of the above, our spam level is very low. I am always tweaking the settings and spend more time on it than I would like. As an ISP, I have to be more open to some of the known junk places for our users that like getting coupons and junk on a daily basis. As a school district, you will be able to get away with rejecting EVERYTHING Sniffer wants to reject. newsletters included as they are not related to school needs. And Sniffer seems to do a great job at catching porno spam!!! Sheldon Sheldon Koehler, Owner/Partnerhttp://www.tenforward.com Ten Forward Communications 360-457-9023 Nationwide access, neighborhood support! Whenever you find yourself on the side of the majority, it's time to pause and reflect. Mark Twain --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] RSS Blacklist
One of our addresses on our IMail server is on the RSS Blacklist. We have Declude installed with the default parameters for number of emails to relay. Do we shut off relay for a while to get off their list or do they understand programs like Declude and how they work and we can try to explain our config? You could try explaining to MAPS that you have rate limiting in place. However, the question is why you got listed in RSS in the first place. The IP you are sending from isn't listed, so I can't say what the reason is. However, RSS will only list IPs that have actually sent spam (and got reported to RSS). Have you verified that the IP that is listed with them is your IMail server, and that the E-mail that they got was sent from IMail (if you run IIS, note that *tons* of IIS servers are used by spammers)? -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] School system needs advice
Thanks to all of you for your quick help! Darrell, I feel like a bad network admin, as I can't answer the question about our current tests right now. My boss brought this issue up with me sick at home and I currently can't get to my server or backups (I tend to make my NT's very inaccessible out of an NT security paranoia). I've explained to management that no solution will get 100% (I'm familiar with this concept and have been trying to explain it for a month to my boss for various needs). So far on this project, he is trusting me, according to a recent e-mail, to augment the current solution or to correct the config to provide better service. Hopefully, I will continue to keep us away from the corporate-is-better mentality that quite often enters in these type of scenarios. I just want the best product for the job and feel that it will include Declude, whether it means a new config or adding Message Sniffer. -Curtis On 9/3/2002 5:21 PM, Darrell L. [EMAIL PROTECTED] wrote: Does anyone have suggestions on how I can quickly tune Declude JunkMail to provide a decent-quality result? I generally like Declude (especially Virus), but a flashy corporate package tends to look good to management types and failure seems to be more accepted if it comes from a multi-million dollar corporation. You will never be able to stop 100% of all the porn spam.. You should be able to get a good percentage. However, if the mindset in place is that failure seems to be more accepted if it comes from a multi-million dollar corporation. Then you are already behind the 8-ball. What tests are you using? Darrell --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] ASP/CF/CGI/etc Web Developers....
Title: Message The topic has been reachednumerous on this list so I thought I would share an idea I had earlier today that works great with everyone onthis list. Many of you have the idea's of writing your own parsers/interfaces for parts of declude or other parts of imail, but the biggest stump can be there is no easy way to check authentication against the IMAIL registry, or to integrate the features seamlessly into the imail/webmail interface. Any developer can easily validate a session using an IMAIL session without ever needing or knowning the actual password of an account. I have commented my Cold Fusion authorization page [ cf_imail_login.txt ] so that no matter what language you code in you should be able to easily port. For a working example feel free to check my "test" login I make available to this list. http://mail.bsc.net/ login = [EMAIL PROTECTED] pass = declude ( click the "Junkmail" button and you will be sent to an external server, but the interface is identical ) *Note: my working example builds heavily on the attachments I have included. I stripped everything down to the bare logic so everyone can use this to suit their needs. If anyone else finds this information nearly as useful as I did today please let me know. I'm sure this will make using the filters much much simpler for my users. -Tom /center !-- END CENTER MAIL SUMMARY TABLE-- pnbsp;/p /td/tr !-- CLOSE MAIN DOCUMENT CELL AND OPEN FOOTER CELL -- trtd table width=100% border=0 cellpadding=0 cellspacing=0 bgcolor=#3399FF tr tdFONT FACE=Arial, Helvetica, sans-serif SIZE=4 /font/font/td/tr /table !-- CLOSE FOOTER COLOR CELL AND MAIN TABLE -- /td/tr /table !-- CLOSE BORDER CELL AND TABLE -- /td/tr /table /body /html How to link back into IMAIL from your web-application. I recommand doing a CFINCLUDE for both your header and footer from within your CF Applcation. To ensure your look fits, just find a webmail template that has as little text as possible, preferabally one with maybe a one-line message to you. (such as no messages) View source, save then replace as needed. Here is an example of your links: a href=http://#mailip##imailuserkey#/logoff.#imailnumber#.cgi; img src=http://#mailip##imailuserkey#/logoffbtn.gif; border=0 alt=Logoff width=74 height=24 /a !--- example header template used in CF to link back to IMAIL Note: I wrote my own template parser which uses double ## rather than singe which is what you will see in this example --- !DOCTYPE HTML PUBLIC -//W3C//DTD HTML 4.0 Transitional//EN html head TITLEMail Summary: Main/TITLE !--File: MSGSUM.HTML-- /head body bgcolor=#FF topmargin=0 leftmargin=0 a name=Top/a !-- THIS TABLE ENCLOSES THE ENTIRE PAGE CONTENTS WITH A COLORED BORDER-- table width=100% border=0 cellpadding=5 cellspacing=0 tr td align=center bgcolor=#3399FF !-- THIS TABLE ENCLOSES THE ENTIRE PAGE CONTENTS -- !-- OPEN HEADER CELL -- table width=100% border=0 cellpadding=0 cellspacing=0 tr td align=center bgcolor=#3399FFFONT FACE=Arial, Helvetica, sans-serif SIZE=4!-- HEADER MENU -- table width=100% border=0 cellpadding=0 cellspacing=0 trtdFONT FACE=Arial, Helvetica, sans-serif SIZE=4 bMailbox: Main/bnbsp;a name=topnbsp;/anbsp;nbsp; font size=4#chklogin.imailemail#/td tda href=http://##mailipchklogin.imailuserkey##/logoff.##chklogin.imailnumber##.cgi; img src=http://##mailipchklogin.imailuserkey##/logoffbtn.gif; border=0 alt=Logoff width=74 height=24/a /font/font /td/tr trtd colspan=2FONT FACE=Arial, Helvetica, sans-serif SIZE=4 !--Begin SumMenu.cgi This is not an IMAIL tag. Just info-- a href=http://##mailipchklogin.imailuserkey##/menu.##chklogin.imailnumber##.cgi?mbx=Main; img src=http://##mailipchklogin.imailuserkey##/menubtn.gif; border=0 alt=Menu/a a href=http://##mailipchklogin.imailuserkey##/readmail.##chklogin.imailnumber##.cgi?uid=##chklogin.userid##mbx=Main; img src=http://##mailipchklogin.imailuserkey##/checkmail.gif; border=0 alt=Check Mail/a a href=http://##mailipchklogin.imailuserkey##/newmsg.##chklogin.imailnumber##.cgi?uid=##chklogin.userid##mbx=Main; img src=http://##mailipchklogin.imailuserkey##/composebtn.gif; border=0 alt=Compose/a a href=http://##mailipchklogin.imailuserkey##/searchmail.##chklogin.imailnumber##.cgi?uid=##chklogin.userid##mbx=Mainmsg=1; img src=http://##mailipchklogin.imailuserkey##/search.gif; border=0 alt=Search Mail/a a href=##script_name##?cpid=##cpid##p=##p##femail=##femail##a=step2 img border=0 src=http://CFServer.YourServer.Com/images/junkmail.jpg; width=72 height=24 /abr !--End SumMenu.cgi-- /font /td/tr /table !-- END HEADER MENU -- /td/tr !-- CLOSE HEADER CELL AND OPEN MAIN DOCUMENT CELL -- trtd bgcolor=#FF align=centerFONT FACE=Arial, Helvetica, sans-serif BR In order to link to our external mail server correctly a few alterations to the IMAIL templates must
RE: [Declude.JunkMail] RSS Blacklist
The domain that is listed is saturnstpaul.com. They were running their mail server on an AS/400 and had us host their mail when their AS/400 was very busy since it was an open relay. This is where the problem probably originated. I'll try explaining the situation to MAPS and see where I get. Thanks. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of R. Scott Perry Sent: Tuesday, September 03, 2002 5:26 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] RSS Blacklist One of our addresses on our IMail server is on the RSS Blacklist. We have Declude installed with the default parameters for number of emails to relay. Do we shut off relay for a while to get off their list or do they understand programs like Declude and how they work and we can try to explain our config? You could try explaining to MAPS that you have rate limiting in place. However, the question is why you got listed in RSS in the first place. The IP you are sending from isn't listed, so I can't say what the reason is. However, RSS will only list IPs that have actually sent spam (and got reported to RSS). Have you verified that the IP that is listed with them is your IMail server, and that the E-mail that they got was sent from IMail (if you run IIS, note that *tons* of IIS servers are used by spammers)? -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] School system needs advice
I'm curious as to what weight you are setting sniffer at? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Tom Baker | Netsmith Inc Sent: Tuesday, September 03, 2002 2:39 PM To: '[EMAIL PROTECTED]' Subject: RE: [Declude.JunkMail] School system needs advice Double that. Using declude + sniffer I have not seen a piece of porn get through. Only rarely do I see any spam get through. I would highly suggestion getting sniffer, as much (adult + non-adult) spam often passes all HEADER checks (which is what declude does alone), so you must rely on something that checks the message body (sniffer). Well worth the $$$! (try their Free Demo to get a glimpse of what it does. Keep in mind you are using old body definitions with their demo, and they give almost daily updates once you register). -Original Message- From: Sheldon Koehler [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 03, 2002 4:31 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] School system needs advice I need good suggestions, both general and specific. Spam is always going to get through at one time or another. BUT, we have had success adding Sniffer (www.sortmonster.com) into the Declude Junkmail mix. Our local competition uses Postini and the amount of spam that gets by that over priced service is incredible. I have a friend who's work place uses them and he laughs at the amount of spam he does not have to see our service. We also have an IMGate box (http://imgate.meiway.com) as our first line of defense. By doing all of the above, our spam level is very low. I am always tweaking the settings and spend more time on it than I would like. As an ISP, I have to be more open to some of the known junk places for our users that like getting coupons and junk on a daily basis. As a school district, you will be able to get away with rejecting EVERYTHING Sniffer wants to reject. newsletters included as they are not related to school needs. And Sniffer seems to do a great job at catching porno spam!!! Sheldon Sheldon Koehler, Owner/Partnerhttp://www.tenforward.com Ten Forward Communications 360-457-9023 Nationwide access, neighborhood support! Whenever you find yourself on the side of the majority, it's time to pause and reflect. Mark Twain --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.