Re: [Declude.JunkMail] Spoofed IP's

2003-01-09 Thread R. Scott Perry
We have a problem, where SpamCop or someone, will contact us claiming they have received spam from our IP range. I investigate only to find out what I expected, there is no server, client, or anything on that subnet. Infact we haven't allocated that subnet yet, it sits unused. You may want to c

RE: [Declude.JunkMail] Spoofed IP's

2003-01-09 Thread Colbeck, Andrew
For what it's worth, no, we never get bogus claims of spam originating from our IP range. This is going out on a limb, but your range of 192.68.75.0/24 looks a lot like 192.168.75.0/24 (which would be IANA reserved private) and that confusion might be the source of your problem. The "ooh, hackers

Re: [Declude.JunkMail] PostFixGate

2003-01-09 Thread R. Scott Perry
Somehow I got listed on PostFixGate and have sent several e-mails and several of their "unblock me" notices and have never received any type of info. I am still listed, does anyone know how to get in touch with these guys so I can get removed. We're listed in there, too. It seems to have died

[Declude.JunkMail] Spoofed IP's

2003-01-09 Thread Aaron Moreau-Cook
This is a bit off topic, sorry! Let me start by proclaiming, I hate spam. It gives me headaches to no end, though Declude is preventing it from getting to our customers which makes them happy and makes me happy as well. We have a problem, where SpamCop or someone, will contact us claiming they ha

[Declude.JunkMail] PostFixGate

2003-01-09 Thread Jeff Kratka
Somehow I got listed on PostFixGate and have sent several e-mails and several of their "unblock me" notices and have never received any type of info. I am still listed, does anyone know how to get in touch with these guys so I can get removed. Jeff Kratka **

RE: [Declude.JunkMail] No reverse dns

2003-01-09 Thread John Tolmachoff
> This sucker would be flying down the boulevard! :)) John Tolmachoff MCSE, CSSA IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude

RE: [Declude.JunkMail] No reverse dns

2003-01-09 Thread Jim Rooth
This sucker would be flying down the boulevard! Jim Rooth Klotron, Inc. 214.244.0979 [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of John Tolmachoff Sent: Thursday, January 09, 2003 2:13 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.Ju

RE: [Declude.JunkMail] No reverse dns

2003-01-09 Thread John Tolmachoff
> Thanks to all. I have sent a request to the ISP to set up PTR record and > hopefully that will solve this issue. Appreciate the help from everyone. Now, if we were still driving... John Tolmachoff MCSE, CSSA IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft

RE: [Declude.JunkMail] No reverse dns

2003-01-09 Thread Jim Rooth
Thanks to all. I have sent a request to the ISP to set up PTR record and hopefully that will solve this issue. Appreciate the help from everyone. Jim Rooth Klotron, Inc. 214.244.0979 [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Dav

RE: [Declude.JunkMail] No reverse dns

2003-01-09 Thread R. Scott Perry
Possibly...the error my client received just said no reverse dns but it does have one even if it doesn't match the wording. Thanks. Just to clarify, the REVDNS test in Declude JunkMail only checks for the presence of a reverse DNS entry, and doesn't care what the actual entry is. There are a

RE: [Declude.JunkMail] No reverse dns

2003-01-09 Thread John Tolmachoff
> John, Let's get the names straight now... :)) John Tolmachoff MCSE, CSSA IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Junk

RE: [Declude.JunkMail] No reverse dns

2003-01-09 Thread David Lewis-Waller
Jim, Check with your ISP that you have the relevant records for your IP address range in place >From dnsstuff.com "You could also contact [EMAIL PROTECTED], who is in charge of the 225.75.168.in-addr.arpa. zone." David -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED

RE: [Declude.JunkMail] No reverse dns

2003-01-09 Thread John Tolmachoff
There is no need to have a PTR for mail.standardhardware.com as that is not an actual MX record. Yes, it is there, but it is not proper as mail.standardhardware.com is a cname. Not good. http://www.dnsstuff.com/tools/ptr.ch?ip=168.75.225.197 Answer: No PTR records exist for 168.75.225.197. [Neg T

RE: [Declude.JunkMail] No reverse dns

2003-01-09 Thread David Lewis-Waller
John, dnstsuff shows that 168.75.225.197 (ip for mail.standardhardware.com) doesn't have a PTR record. Set one up and you shouldn't fail REVDNS. http://www.dnsstuff.com/tools/ptr.ch?ip=168.75.225.197 David -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf

RE: [Declude.JunkMail] No reverse dns

2003-01-09 Thread Jim Rooth
Possibly...the error my client received just said no reverse dns but it does have one even if it doesn't match the wording. Thanks. Jim Rooth Klotron, Inc. 214.244.0979 [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Mark Smith Sent: T

RE: [Declude.JunkMail] No reverse dns

2003-01-09 Thread David Lewis-Waller
Jim, All our domains, some 400, or so share a single IP address - this shouldn't fail the Reverse DNS test. David -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Jim Rooth Sent: 09 January 2003 18:24 To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail]

RE: [Declude.JunkMail] No reverse dns

2003-01-09 Thread Mark Smith
This shouldn't fail REVDNS as there is a REVDNS entry. Maybe HELOBOGUS. > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]] On Behalf Of Jim Rooth > Sent: Thursday, January 09, 2003 1:24 PM > To: [EMAIL PROTECTED] > Subject: RE: [Declude.JunkMail] No reverse dns

[Declude.JunkMail] Filtering on file extension

2003-01-09 Thread David Lewis-Waller
I'm attempting to set up a system to filter on file extensions per domain. Delcude Virus can ban per file extension but for per domain. I can't do it via Imail Web messaging as the customer uses SMTP/ETRN. I've set up a ATTACHMENT test that looks for: HEADERS 0 CONTAINS Content-Type: multipar

RE: [Declude.JunkMail] No reverse dns

2003-01-09 Thread Jim Rooth
Problem is there are 57 domains using one ip address. Reverse lookup shows the domain the server is and not the other domains. But if you do a reverse lookup for mail.standardhardware.com it will give you 168.75.225.197 mail.klotron.com. Thus it fails the reverse dns test. The IP is correct bu

RE: [Declude.JunkMail] No reverse dns

2003-01-09 Thread John Tolmachoff
Jim, only one PTR record per IP address needed. Should only be for the mail record domain. John Tolmachoff MCSE, CSSA IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

RE: [Declude.JunkMail] No reverse dns

2003-01-09 Thread David Lewis-Waller
Jim, Create a reverse zone in DNS that covers the IP address used in IMail. i.e. we have xxx.xxx.xxx.xxx.in-addr.arpa With entries that cover from xxx-xxx-xxx-0.domain to xxx-xxx-xxx-255.domain This ensures that we have a reverse DNS for all possible IPs on that class C. David -Original

RE: [Declude.JunkMail] Hotmail, Yahoo, MSN, etc...

2003-01-09 Thread Madscientist
Agreed here - we've been working on various white-rules for these domains and each attempt has failed due to the amount of actual spam sourced from these servers. _M | -Original Message- | From: [EMAIL PROTECTED] | [mailto:[EMAIL PROTECTED]] On Behalf Of Mark Smith | Sent: Thursday, Janua

[Declude.JunkMail] No reverse dns

2003-01-09 Thread Jim Rooth
How odes one correct the reverse DNS on Imail if using virtual domains? For instance I have 57 domains all using the same IP...doing a reverse lookup will not show the correct server name. Jim Rooth Klotron, Inc. 214.244.0979 [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [

RE: [Declude.JunkMail] Hotmail, Yahoo, MSN, etc...

2003-01-09 Thread Mark Smith
That's the problem... Hotmail is on and off of Spamcop every other day. We bounce at 12 and delete at 20. Spamcop is at 8 so I'll put in -8 for hotmail which will adjust for the nopostmaster and noabuse. > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]] On Behalf

[Declude.JunkMail] Procedure for sending lists

2003-01-09 Thread John Tolmachoff
I would like to take a minute to remind everyone that if you are going to send a list or message to some one to share or review or other, please attach it or zip it so that is will pass the filters and scanning we all have in place. Example, if you are going to send a list of spam domains and you

RE: [Declude.JunkMail] Hotmail, Yahoo, MSN, etc...

2003-01-09 Thread David Lewis-Waller
We use Declude standard weights and add 15 for ones that fail SortMonster tests. We hold on weights over 30 and I don't think we've caught legitimate mail from these sources for sometime. Our only real fine tuning was to negative weight some email domains (below). We don't use any kill lists at all

RE: [Declude.JunkMail] Hotmail, Yahoo, MSN, etc...

2003-01-09 Thread John Tolmachoff
The way I have it configured, they will end up with a weight of 8 and we hold at 20, so they would have to fail a test like SPAMCOP or NOXMAIL or one of our major filters to be held. John Tolmachoff MCSE, CSSA IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.co

RE: [Declude.JunkMail] Hotmail, Yahoo, MSN, etc...

2003-01-09 Thread Mark Smith
I'd stay away from IP's because they can change all of the time. But the problem still is that actual spam comes from those IP's. > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]] On Behalf Of Markus Gufler > Sent: Thursday, January 09, 2003 11:48 AM > To: [EMAIL

RE: [Declude.JunkMail] Hotmail, Yahoo, MSN, etc...

2003-01-09 Thread Mark Smith
> We have a list of any free domains that we have received mail > from. The free sites we add 5 to start with. [I can send you > the list if you want] Can you send those to me? Thanks! > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]] On Behalf Of Kami Razva

RE: [Declude.JunkMail] Hotmail, Yahoo, MSN, etc...

2003-01-09 Thread Markus Gufler
I'm not sure if I'm right with this: Should it be possible to determine a list of IP-ranges from the real outgoung smtp-servers of this popular domains, then Declude probably can add a new test if this mail (using a popular from domain) commes from one of this ip-ranges. Even if this ip-ranges are

RE: [Declude.JunkMail] Hotmail, Yahoo, MSN, etc...

2003-01-09 Thread Kami Razvan
What we have done is weigh negatively the sum of those tests for these two domains (Yahoo, Hotmail). We have a list of any free domains that we have received mail from. The free sites we add 5 to start with. [I can send you the list if you want] The Hotmail and Yahoo spam are typically caught by

[Declude.JunkMail] Hotmail, Yahoo, MSN, etc...

2003-01-09 Thread Mark Smith
What is everyone doing about Hotmail, Yahoo, Juno and other web-based mail systems? It's really a catch-22. Hotmail is so frequently listed on RBL's and is a large source of spam but it's also a large source of legitimate email. They all seem to fail postmaster and abuse so they're already at 6-8

RE: [Declude.JunkMail] Copyall_account

2003-01-09 Thread John Tolmachoff
> That's the %ALLRECIPS% variable -- it will be fixed in the next release > (neither [EMAIL PROTECTED] nor copyall_account will be shown, since > the sender shouldn't know about the [EMAIL PROTECTED] address). Fixed, thanks. Declude Virus v1.65i17 caught the : W32/Lentin.H@mm virus in hotmail_hac

RE: [Declude.JunkMail] "Admin Web for Declude"

2003-01-09 Thread John Tolmachoff
In response to some of the questions and comments I have received:   We will be extending this for external tests as we get to them. This is because each external test is an individual program, and we will need to work with the creator of that program to develop the appropriate web pages.

Re: [Declude.JunkMail] ROUTETO - 1.65i15

2003-01-09 Thread R. Scott Perry
It appears that with the latest interim release there is a problem with ROUTETO. Since we upgraded we see that the heavy weighted emails that are to be ROUTEDTO admin are being delivered. What would be very useful here is if you could get debug log file entries for an E-mail that should have

[Declude.JunkMail] ROUTETO - 1.65i15

2003-01-09 Thread Kami Razvan
Title: Message Hi;   It appears that with the latest interim release there is a problem with ROUTETO.  Since we upgraded we see that the heavy weighted emails that are to be ROUTEDTO admin are being delivered.   Part of the header:   = X-RBL-Warning: BADH

Re: [Declude.JunkMail] Service Introduced To Help Legitimate Bulk Mailers Evade Spam Filters

2003-01-09 Thread Todd Ryan
Perfect! I, for one, am going to change my permanent email address to [EMAIL PROTECTED] That should completely take care of my personal spam problem! ;-) --Todd. - Original Message - From: "Sanford Whiteman" <[EMAIL PROTECTED]> To: "Jay A. Caplan" <[EMAIL PROTECTED]> Sent: Tuesday, Ja

RE: [Declude.JunkMail] OT: Pots & Kettles in the Clair de Lune

2003-01-09 Thread George Kulman
They belong on the same list as Citicorp & its subsidiaries. George -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Sanford Whiteman Sent: Thursday, January 09, 2003 2:54 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] OT: Pots & Kettles in the Cla