Re: [Declude.JunkMail] dictionary attacks

2002-09-17 Thread R. Scott Perry
I have seen talk on the Imail Forum about people attempting to script something to combat Dictionary Attacks by blocking IPs that send over too many RCPT TO commands that result in ERR invalid user. Scott, is this something Declude will eventually handle for us? Or is there anything out

[Declude.JunkMail] OT - Listed on Spwes!

2002-09-17 Thread Mark Smith
I've found out that our netblock (/24 bit net carved out of a Class B net) has been listed on Spews!. Not because of our doing but because it's part of a upper block of Worldcom. The 'evidence' pages show this coming from a completely different network. Does anyone have any experience with this

[Declude.JunkMail] HELOBOGUS

2002-09-17 Thread Craig Gittens
Should this not have triggered HELOBOGUS as it normally does? Craig. Received: from name2.sunbeach.net [205.214.199.131] by sunbeach.net with ESMTP (SMTPD32-6.06) id A2C44EDE0148; Sat, 14 Sep 2002 23:47:16 -0400 Received: from host242-39.pool80205.interbusiness.it

Re: [Declude.JunkMail] OT - Listed on Spwes!

2002-09-17 Thread R. Scott Perry
I've found out that our netblock (/24 bit net carved out of a Class B net) has been listed on Spews!. Not because of our doing but because it's part of a upper block of Worldcom. The 'evidence' pages show this coming from a completely different network. That's what SPEWS does. I haven't seen

Re: [Declude.JunkMail] HELOBOGUS

2002-09-17 Thread R. Scott Perry
Should this not have triggered HELOBOGUS as it normally does? Received: from name2.sunbeach.net [205.214.199.131] by sunbeach.net with ESMTP (SMTPD32-6.06) id A2C44EDE0148; Sat, 14 Sep 2002 23:47:16 -0400 name2.sunbeach.net does have an A record, so it should not trigger the HELOBOGUS test.

RE: [Declude.JunkMail] HELOBOGUS

2002-09-17 Thread Craig Gittens
I spoke in haste, that all makes sense. I am having a tough time with spammers using the mailfrom or return address of the recipient and a wetware problem on the customer end. Is there any way I can stop this? I know, it seems like a catch 22. Craig. -Original Message- From: [EMAIL

RE: [Declude.JunkMail] Fighting the Menace of Unwanted E-Mail

2002-09-17 Thread Craig Gittens
Sorry, just getting around to reading my 700 or so unread messages. Anyone notice Hotmail put in a few new options a while ago and enabled them for everyone? Click on the options link and choose Personal Profile and scoll to the bottom. You will notice that the two options to 1) Share my email

RE: [Declude.JunkMail] Fighting the Menace of Unwanted E-Mail

2002-09-17 Thread Madscientist
Gosh I'd like to know how he made that account and got it spammed so quickly. That knowledge would be quite a tool. _M | -Original Message- | From: [EMAIL PROTECTED] | [mailto:[EMAIL PROTECTED]] On Behalf Of Tom | Sent: Monday, September 16, 2002 5:21 PM | To: [EMAIL PROTECTED] |

RE: [Declude.JunkMail] Fighting the Menace of Unwanted E-Mail

2002-09-17 Thread R. Scott Perry
Gosh I'd like to know how he made that account and got it spammed so quickly. That knowledge would be quite a tool. By this: | A few days ago I created a new e-mail account, and within 24 | hours I had received over 25 unsolicited commercial e-mail | messages, otherwise known as spam. He

Re: [Declude.JunkMail] dictionary attacks

2002-09-17 Thread Smart Business Lists
Bill, Monday, September 16, 2002 you wrote: BB I have seen talk on the Imail Forum about people attempting to BB script something to combat Dictionary Attacks by blocking IPs that BB send over too many RCPT TO commands that result in ERR invalid BB user. I wrote such a program that is

RE: [Declude.JunkMail] HELOBOGUS

2002-09-17 Thread R. Scott Perry
I spoke in haste, that all makes sense. I am having a tough time with spammers using the mailfrom or return address of the recipient and a wetware problem on the customer end. Is there any way I can stop this? I know, it seems like a catch 22. Unfortunately, there isn't any easy way to stop the

RE: [Declude.JunkMail] OT - Listed on Spwes!

2002-09-17 Thread Darrell L.
I agree SPEWS is very aggressive when it comes to blocking. SPEWS likes to block adjacent netblocks in order to get legitimate customers to pressure the ISP. To get removed from the SPEWS list it takes practically an act of God to get something removed. They say for you to post to the NANAE

Re: [Declude.JunkMail] HELOBOGUS

2002-09-17 Thread Lenny Bauman
I spoke in haste, that all makes sense. I am having a tough time with spammers using the mailfrom or return address of the recipient and a wetware problem on the customer end. Is there any way I can stop this? I know, it seems like a catch 22. Unfortunately, there isn't any easy way to

[Declude.JunkMail] Toms Kill List

2002-09-17 Thread Sharyn Schmidt
Morning everyone, Because all is going so well, I decided I'd screw with things a bit more :) I have just downloaded Tom's Image FX kill list and I'm looking through it. What I don't understand is, what is the difference between these 2 entries: @example.com and .example.com (obviously the

Re: [Declude.JunkMail] dictionary attacks

2002-09-17 Thread Bill B .
Thanks Terry Scott, I think I'll give BlackICE a try. I will let you all know what I think about it. Anything that does application-level SMTP firewalling should work. I wish there was simpler a product that I could just run to listen to port 25, filter out the bad stuff, and pipe the good

RE: [Declude.JunkMail] OT - Listed on Spwes!

2002-09-17 Thread Andy Schmidt
Unfortunately, SPEWS is part of the OS* tests - I have found them rather GOOD. But spews certainly is a BIG down factor for the OSIRUSOFT lists. Best Regards Andy --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail

Re: [Declude.JunkMail] HELOBOGUS

2002-09-17 Thread R. Scott Perry
Unfortunately, there isn't any easy way to stop the E-mail that has the same return address as the recipient's address ... I would believe that there has to be a way to look at the return address and the recipient's address. Yes, that part is easy. :) If they match then compare the

Re: [Declude.JunkMail] Toms Kill List

2002-09-17 Thread R. Scott Perry
What I don't understand is, what is the difference between these 2 entries: @example.com and .example.com (obviously the difference is the @ and the ., but what exactly does this mean?) The blacklisting works on a partial match. So if you have @example.com, it would catch [EMAIL PROTECTED]

RE: [Declude.JunkMail] HELOBOGUS

2002-09-17 Thread Madscientist
It might be a good test to put into the weights. Another one would be a test that looks that the sender's (from their address) and fails if the first MX doesn't match up. _M | -Original Message- | From: [EMAIL PROTECTED] | [mailto:[EMAIL PROTECTED]] On Behalf Of R. | Scott Perry |

RE: [Declude.JunkMail] Toms Kill List

2002-09-17 Thread Madscientist
The preceeding @ ensures that the match is an email with the example domain. The preceeding . ensures that the match is the domain used in a host link like www.example.com and so forth. Without these preceeding characters the following might also match incorrectly... legitimatexample.com Using

RE: [Declude.JunkMail] Fighting the Menace of Unwanted E-Mail

2002-09-17 Thread Charles Frolick
I always figured since my hotmail profile says I'm male and over 21 that's why it gets about 160 spam mails (that don't fail their spam filters) per week. Don't they do the same thing Juno mail does and pay for the service by selling the address to 'Advertising Partners'? My 17 year old sister

[Declude.JunkMail] Filtering Foreign Domains

2002-09-17 Thread Richard Farris
Is there a way to set declude up to filter all forein domains to be looked at before delivery. Also, last week I set up an Imail rule to filter c*u*m in the subject but it seems it stopped everything...is a * bad new in Imail rules.. At your service, Richard Farris [EMAIL PROTECTED]

RE: [Declude.JunkMail] Fighting the Menace of Unwanted E-Mail

2002-09-17 Thread Madscientist
I guess that makes sense. We've got a few accounts like that out there - we set them up, forward them into our system for evaluation, and never use them for anything else... but there's a definite 'color' to the content - meaning the spam we get there is skewed to a specifi strange attractor -

Re: [Declude.JunkMail] Filtering Foreign Domains

2002-09-17 Thread R. Scott Perry
Is there a way to set declude up to filter all forein domains to be looked at before delivery. I'm not quite sure what you mean by this? Are you referring to foreign domains as in ccTLDs ([EMAIL PROTECTED])? Where the IP address is from another country? -Scott

RE: [Declude.JunkMail] Fighting the Menace of Unwanted E-Mail

2002-09-17 Thread Kami Razvan
I always thought it would make a lot of sense to have an Internal SpamCop address. An address that we can use in Declude so any e-mail that is sent to that address is automatically added to a blacklist address for background deletion. If such addresses is then easily advertised on a couple of

RE: [Declude.JunkMail] Fighting the Menace of Unwanted E-Mail

2002-09-17 Thread R. Scott Perry
An address that we can use in Declude so any e-mail that is sent to that address is automatically added to a blacklist address for background deletion. This is something that we have been considering. A couple of thoughts, though: [1] What do you blacklist? I think that only the IP address

RE: [Declude.JunkMail] Fighting the Menace of Unwanted E-Mail

2002-09-17 Thread Madscientist
The problem with this is that once you subscribe it to anything you've muddied the waters a bit about whether content to that address is spam or not. If your specific use is such that you don't discriminate then you've got a reasonable solution... but for truly pure spam, you need to find ways

[Declude.JunkMail] failed tests

2002-09-17 Thread James Colunio
Greetings, I am sending a message that failed the BADHEADERS and SPAMHEADERS tests. The error code says that I have a bogus date. This message is the result of sending a form (from inside our network) to a http server that processes the form and sends a thank you. Could someone, please,

Re: [Declude.JunkMail] failed tests

2002-09-17 Thread R. Scott Perry
I am sending a message that failed the BADHEADERS and SPAMHEADERS tests. The error code says that I have a bogus date. That is correct -- it's easier to see the problem when you see only the headers that were sent to IMail: From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject:

Re: [Declude.JunkMail] Fighting the Menace of Unwanted E-Mail

2002-09-17 Thread Alexis D. Gutzman
Craig, I have two paid hotmail accounts. The one for my 5-year old daughter (it's really a test account for spam-filtering) did not get checked. My other account for Elmer Fudd strangely had a birthyear of 1900 and they were checked. I thought that when I set these up I said no sharing. Does

[Declude.JunkMail] Feature request: 'count' test.

2002-09-17 Thread Matt Robertson
I'm tweaking my mail setup, and am noticing that some mails are passing thru that fail up to four lightly-weighted tests. The tests were lightly weighted for good reason, but if I wind up getting mail that fails a LOT of tests, even the lightweights, I'd like to fail the msg. Cheers, --Matt

RE: [Declude.JunkMail] Fighting the Menace of Unwanted E-Mail

2002-09-17 Thread Madscientist
This game subverted the entire office. ;-) _M | -Original Message- | From: [EMAIL PROTECTED] | [mailto:[EMAIL PROTECTED]] On Behalf Of | Alexis D. Gutzman | Sent: Tuesday, September 17, 2002 11:48 AM | To: [EMAIL PROTECTED] | Subject: Re: [Declude.JunkMail] Fighting the Menace of

[Declude.JunkMail] Fighting the Menace of Unwanted E-Mail

2002-09-17 Thread Kami Razvan
Some thoughts ... What I have seen happening to us.. [1] What do you blacklist? I think that only the IP address of the sender could be safely blacklisted. --- If I do IP then it has to be a temp file so lets say for 24 hours that IP can not send email. Because we sure don't want to blacklist

Re[2]: [Declude.JunkMail] Fighting the Menace of Unwanted E-Mail

2002-09-17 Thread Eje Gustafsson
roflmao.. Lovely I love it!! Tuesday, September 17, 2002, 10:47:34 AM, you wrote: ADG Craig, ADG I have two paid hotmail accounts. The one for my 5-year old daughter (it's ADG really a test account for spam-filtering) did not get checked. My other ADG account for Elmer Fudd strangely had a

Re: [Declude.JunkMail] Fighting the Menace of Unwanted E-Mail

2002-09-17 Thread Eje Gustafsson
Dear Kami, Tuesday, September 17, 2002, 11:36:09 AM, you wrote: KR Some thoughts ... What I have seen happening to us.. KR [1] What do you blacklist? I think that only the IP address of the KR sender could be safely blacklisted. KR --- If I do IP then it has to be a temp file so lets say

Re: [Declude.JunkMail] OT - Listed on Spwes!

2002-09-17 Thread David Sullivan
SPEWS did the same thing to us. Blocked our entire C and incorrectly listed it as a UUNet dial-up. Forget about getting de-listed with them, won't happen. Their draconian tactics give anti-spammers a bad name. --- [This E-mail was scanned for viruses by Declude Virus

[Declude.JunkMail] Querying DNS MX records?

2002-09-17 Thread Alexis D. Gutzman
Are DNS MX records queryable? Could I query one and get a list of valid email addresses on that server? Is there a version that might be? A bug? An pre-patched version? A as-installed implementation that would have this as a possible result? Have you ever seen this work? No, I don't want to do

Re: [Declude.JunkMail] Filtering Foreign Domains

2002-09-17 Thread Richard Farris
I mean ANYTHING with a .au or .ru or .de extensionwhat I have seen most of it is spam.. At your service, Richard Farris [EMAIL PROTECTED] 1.800.548.3877 - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, September 17, 2002 10:22 AM

Re: [Declude.JunkMail] Querying DNS MX records?

2002-09-17 Thread R. Scott Perry
Are DNS MX records queryable? Yes. Could I query one and get a list of valid email addresses on that server? No. A DNS MX query will list the mailservers for a domain, not the users on it. Is there a version that might be? A bug? An pre-patched version? A as-installed implementation that

Re: [Declude.JunkMail] Filtering Foreign Domains

2002-09-17 Thread R. Scott Perry
I mean ANYTHING with a .au or .ru or .de extensionwhat I have seen most of it is spam.. We might consider adding that as a new test. Of course, there are likely millions of people with ccTLD return addresses, so it would have to be used very carefully if it was added.

Re: [Declude.JunkMail] Filtering Foreign Domains

2002-09-17 Thread Rick Davidson
I block the following IP blocks for a customer of mine who only requires email from within the US. This list isnt exact but quite effective none the less. Have a great day! Rick Davidson Buckeye Internet Services www.buckeyeweb.com 440-953-1900 - 61.0.0.0/8 62.0.0.0/8 80.0.0.0/8 81.0.0.0/8

RE: [Declude.JunkMail] OT - Listed on Spwes!

2002-09-17 Thread Mark Smith
Tell me about it. They're suggestion: Well switch to a new ISP Ha! Right... And change a whole firewall, network, mail, routing, vpn, etc. configuration just because those jerks can't exclude a subnet. The problem isn't with the ISP. We haven't had a single outage in two years so I'm not going

RE: [Declude.JunkMail] OT - Listed on Spwes!

2002-09-17 Thread John Tolmachoff
Well switch to a new ISP Ha! Right... And change a whole firewall, network, mail, routing, vpn, etc. configuration just because those jerks can't exclude a subnet. Not only that, but how are you going to know what IP addresses the new ISP will assign you until after you sign the contract, and

RE: [Declude.JunkMail] OT - Listed on Spwes!

2002-09-17 Thread Darrell L.
If you are a victim of a spews adjacency - depending on the ISP they may work with you to give you a clean netblock not in SPEWS. Darrell -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of John Tolmachoff Sent: Tuesday, September 17, 2002 2:54 PM To:

[Declude.JunkMail] Whitelist Request

2002-09-17 Thread Rick Davidson
Howdy Scott, Was wondering if you would consider creating a separate whitelist file for management purposes. Currently I have one customer with 4 Imail servers peered as a single domain across the country (US :-) I maintain master black lists and word filters on my workstation and use a batch

Re: [Declude.JunkMail] Whitelist Request

2002-09-17 Thread R. Scott Perry
Was wondering if you would consider creating a separate whitelist file for management purposes. This is actually something that we are working on and plan to add. :) -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] ---

Re: [Declude.JunkMail] Whitelist Request

2002-09-17 Thread Rick Davidson
We would carry you around on our shoulders and cheer if you were here :-) Have a great day! Rick Davidson Buckeye Internet Services www.buckeyeweb.com 440-953-1900 - - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, September 17, 2002 5:28

Re: [Declude.JunkMail] Whitelist Request

2002-09-17 Thread Robert Shubert
Rick, I too am planning to advance Declude administration to my users via a web application. Although I saw no reason why I couldn't programmaticaly change the global.cfg and other files. Could I ask your reasoning? Also, to what level of modification do you anticipate. The numerous options

RE: [Declude.JunkMail] Fighting the Menace of Unwanted E-Mail

2002-09-17 Thread David Stavert
Perhaps this list might be a way to set up test account exchanges?? David -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Charles Frolick Sent: Tuesday, September 17, 2002 10:01 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Fighting the

[Declude.JunkMail] List of mail services and alike

2002-09-17 Thread Tom
I have compiled the following list of ISP's/Mail/and Uncertain Services that have been common with spam, however, we use a weighing system with them instead of using delete or bounce. Feel free to use this list at your own risk. Regards, Tom Image`fx - @Aol.com

[Declude.JunkMail] Common items in Spam addresses

2002-09-17 Thread Tom
I have compiled yet another list of items commonly found in spam and mass marketing addresses. You can use this list of words at your own risk. I suggest you use it with a weight value and not something drastic like delete. Some of these words may also be commonly used for list services so

RE: [Declude.JunkMail] Toms Kill List

2002-09-17 Thread Tom
The preceding @ ensures that the match is an email with the example domain. The preceding . ensures that the match is the domain used in a host link like www.example.com and so forth. Without these preceding characters the following might also match incorrectly... legitimatexample.com

[Declude.JunkMail] OT- SpamReview the Kill File

2002-09-17 Thread Tom
Just wanted everyone to know something about Spam and SpamReview. As you may already know, I get spam and I use SpamReview to help gather addresses before I verify them and add them to the kill file. I think it's a valuable application, however, I still have to add allot of addresses manually.

Re: SPAMCOP:Re: [Declude.JunkMail] HELOBOGUS

2002-09-17 Thread R. Scott Perry
The problems here are that you have to enter your IP ranges (so the test wouldn't work automatically), and that some people will send mail from the Internet (especially in the case of sending test messages). If the IP block is setup up in the Global.cfg like Netblock

Re: [Declude.JunkMail] Filter Processing

2002-09-17 Thread R. Scott Perry
I have two questions regarding filter processing. 1. If there are multiple filters listed in the global.cfg are they processed in the order they're listed? Yes. 2. If there is a match on an item in a filter list does processing continue against that list? Yes, so if the weight of each

RE: [Declude.JunkMail] Filter Processing

2002-09-17 Thread George Kulman
Scott, For the wish list please - An additional filter type (or flag) that would exit after the first match. I've been pretty successful with filtering MAILFROM and, to speed up processing it would be beneficial if the filter processing could end after a match. The same would apply to an IP

Re: [Declude.JunkMail] OT- SpamReview the Kill File

2002-09-17 Thread Sanford Whiteman
In some cases, not necessarily this one, SpamReview will use mindspring or the reply address where as Declude will say it's from a different address. Sounds like a pretty useless app, if so. You see the dilemma, I would go after all of them, something's gota eventually byte.