We have a problem, where SpamCop or someone, will contact us claiming they
have received spam from our IP range. I investigate only to find out what I
expected, there is no server, client, or anything on that subnet. Infact we
haven't allocated that subnet yet, it sits unused.
You may want to c
For what it's worth, no, we never get bogus claims of spam originating from
our IP range.
This is going out on a limb, but your range of 192.68.75.0/24 looks a lot
like 192.168.75.0/24 (which would be IANA reserved private) and that
confusion might be the source of your problem.
The "ooh, hackers
Somehow I got listed on PostFixGate and have sent several e-mails and
several of their "unblock me" notices and have never received any type of
info. I am still listed, does anyone know how to get in touch with these
guys so I can get removed.
We're listed in there, too. It seems to have died
This is a bit off topic, sorry!
Let me start by proclaiming, I hate spam. It gives me headaches to no end,
though Declude is preventing it from getting to our customers which makes
them happy and makes me happy as well.
We have a problem, where SpamCop or someone, will contact us claiming they
ha
Somehow I got listed on PostFixGate and have sent several e-mails and
several of their "unblock me" notices and have never received any type of
info. I am still listed, does anyone know how to get in touch with these
guys so I can get removed.
Jeff Kratka
**
> This sucker would be flying down the boulevard!
:))
John Tolmachoff MCSE, CSSA
IT Manager, Network Engineer
RelianceSoft, Inc.
Fullerton, CA 92835
www.reliancesoft.com
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude
This sucker would be flying down the boulevard!
Jim Rooth
Klotron, Inc.
214.244.0979
[EMAIL PROTECTED]
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of John Tolmachoff
Sent: Thursday, January 09, 2003 2:13 PM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.Ju
> Thanks to all. I have sent a request to the ISP to set up PTR record and
> hopefully that will solve this issue. Appreciate the help from everyone.
Now, if we were still driving...
John Tolmachoff MCSE, CSSA
IT Manager, Network Engineer
RelianceSoft, Inc.
Fullerton, CA 92835
www.reliancesoft
Thanks to all. I have sent a request to the ISP to set up PTR record and
hopefully that will solve this issue. Appreciate the help from everyone.
Jim Rooth
Klotron, Inc.
214.244.0979
[EMAIL PROTECTED]
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Dav
Possibly...the error my client received just said no reverse dns but it does
have one even if it doesn't match the wording. Thanks.
Just to clarify, the REVDNS test in Declude JunkMail only checks for the
presence of a reverse DNS entry, and doesn't care what the actual entry is.
There are a
> John,
Let's get the names straight now...
:))
John Tolmachoff MCSE, CSSA
IT Manager, Network Engineer
RelianceSoft, Inc.
Fullerton, CA 92835
www.reliancesoft.com
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.Junk
Jim,
Check with your ISP that you have the relevant records for your IP
address range in place
>From dnsstuff.com
"You could also contact [EMAIL PROTECTED], who is in charge
of the 225.75.168.in-addr.arpa. zone."
David
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED
There is no need to have a PTR for mail.standardhardware.com as that is not
an actual MX record. Yes, it is there, but it is not proper as
mail.standardhardware.com is a cname. Not good.
http://www.dnsstuff.com/tools/ptr.ch?ip=168.75.225.197
Answer:
No PTR records exist for 168.75.225.197. [Neg T
John,
dnstsuff shows that 168.75.225.197 (ip for mail.standardhardware.com)
doesn't have a PTR record. Set one up and you shouldn't fail REVDNS.
http://www.dnsstuff.com/tools/ptr.ch?ip=168.75.225.197
David
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf
Possibly...the error my client received just said no reverse dns but it does
have one even if it doesn't match the wording. Thanks.
Jim Rooth
Klotron, Inc.
214.244.0979
[EMAIL PROTECTED]
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Mark Smith
Sent: T
Jim,
All our domains, some 400, or so share a single IP address - this
shouldn't fail the Reverse DNS test.
David
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Jim Rooth
Sent: 09 January 2003 18:24
To: [EMAIL PROTECTED]
Subject: RE: [Declude.JunkMail]
This shouldn't fail REVDNS as there is a REVDNS entry. Maybe HELOBOGUS.
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]] On Behalf Of Jim Rooth
> Sent: Thursday, January 09, 2003 1:24 PM
> To: [EMAIL PROTECTED]
> Subject: RE: [Declude.JunkMail] No reverse dns
I'm attempting to set up a system to filter on file extensions per
domain. Delcude Virus can ban per file extension but for per domain. I
can't do it via Imail Web messaging as the customer uses SMTP/ETRN. I've
set up a ATTACHMENT test that looks for:
HEADERS 0 CONTAINS Content-Type: multipar
Problem is there are 57 domains using one ip address. Reverse lookup shows
the domain the server is and not the other domains. But if you do a reverse
lookup for mail.standardhardware.com it will give you 168.75.225.197
mail.klotron.com. Thus it fails the reverse dns test. The IP is correct
bu
Jim, only one PTR record per IP address needed.
Should only be for the mail record domain.
John Tolmachoff MCSE, CSSA
IT Manager, Network Engineer
RelianceSoft, Inc.
Fullerton, CA 92835
www.reliancesoft.com
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
Jim,
Create a reverse zone in DNS that covers the IP address used in IMail.
i.e. we have
xxx.xxx.xxx.xxx.in-addr.arpa
With entries that cover from xxx-xxx-xxx-0.domain to
xxx-xxx-xxx-255.domain
This ensures that we have a reverse DNS for all possible IPs on that
class C.
David
-Original
Agreed here - we've been working on various white-rules for these
domains and each attempt has failed due to the amount of actual spam
sourced from these servers.
_M
| -Original Message-
| From: [EMAIL PROTECTED]
| [mailto:[EMAIL PROTECTED]] On Behalf Of Mark Smith
| Sent: Thursday, Janua
How odes one correct the reverse DNS on Imail if using virtual domains? For
instance I have 57 domains all using the same IP...doing a reverse lookup
will not show the correct server name.
Jim Rooth
Klotron, Inc.
214.244.0979
[EMAIL PROTECTED]
-Original Message-
From: [EMAIL PROTECTED]
[
That's the problem... Hotmail is on and off of Spamcop every other day.
We bounce at 12 and delete at 20.
Spamcop is at 8 so I'll put in -8 for hotmail which will adjust for the
nopostmaster and noabuse.
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]] On Behalf
I would like to take a minute to remind everyone that if you are going to
send a list or message to some one to share or review or other, please
attach it or zip it so that is will pass the filters and scanning we all
have in place.
Example, if you are going to send a list of spam domains and you
We use Declude standard weights and add 15 for ones that fail
SortMonster tests. We hold on weights over 30 and I don't think we've
caught legitimate mail from these sources for sometime. Our only real
fine tuning was to negative weight some email domains (below). We don't
use any kill lists at all
The way I have it configured, they will end up with a weight of 8 and we
hold at 20, so they would have to fail a test like SPAMCOP or NOXMAIL or one
of our major filters to be held.
John Tolmachoff MCSE, CSSA
IT Manager, Network Engineer
RelianceSoft, Inc.
Fullerton, CA 92835
www.reliancesoft.co
I'd stay away from IP's because they can change all of the time.
But the problem still is that actual spam comes from those IP's.
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]] On Behalf Of Markus Gufler
> Sent: Thursday, January 09, 2003 11:48 AM
> To: [EMAIL
> We have a list of any free domains that we have received mail
> from. The free sites we add 5 to start with. [I can send you
> the list if you want]
Can you send those to me?
Thanks!
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]] On Behalf Of Kami Razva
I'm not sure if I'm right with this:
Should it be possible to determine a list of IP-ranges from the real
outgoung smtp-servers of this popular domains, then Declude probably can
add a new test if this mail (using a popular from domain) commes from
one of this ip-ranges.
Even if this ip-ranges are
What we have done is weigh negatively the sum of those tests for these two
domains (Yahoo, Hotmail).
We have a list of any free domains that we have received mail from. The
free sites we add 5 to start with. [I can send you the list if you want]
The Hotmail and Yahoo spam are typically caught by
What is everyone doing about Hotmail, Yahoo, Juno and other web-based
mail systems?
It's really a catch-22. Hotmail is so frequently listed on RBL's and is
a large source of spam but it's also a large source of legitimate email.
They all seem to fail postmaster and abuse so they're already at 6-8
> That's the %ALLRECIPS% variable -- it will be fixed in the next release
> (neither [EMAIL PROTECTED] nor copyall_account will be shown, since
> the sender shouldn't know about the [EMAIL PROTECTED] address).
Fixed, thanks.
Declude Virus v1.65i17 caught the : W32/Lentin.H@mm virus in
hotmail_hac
In response to some of the questions and
comments I have received:
We will be extending this for external
tests as we get to them. This is because each external test is an individual
program, and we will need to work with the creator of that program to develop the
appropriate web pages.
It appears that with the latest interim release there is a problem with
ROUTETO. Since we upgraded we see that the heavy weighted emails that are
to be ROUTEDTO admin are being delivered.
What would be very useful here is if you could get debug log file entries
for an E-mail that should have
Title: Message
Hi;
It appears that
with the latest interim release there is a problem with ROUTETO. Since we
upgraded we see that the heavy weighted emails that are to be ROUTEDTO admin are
being delivered.
Part of the
header:
=
X-RBL-Warning:
BADH
Perfect! I, for one, am going to change my permanent email address to
[EMAIL PROTECTED] That should completely take care of my
personal spam problem! ;-)
--Todd.
- Original Message -
From: "Sanford Whiteman" <[EMAIL PROTECTED]>
To: "Jay A. Caplan" <[EMAIL PROTECTED]>
Sent: Tuesday, Ja
They belong on the same list as Citicorp & its subsidiaries.
George
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Sanford Whiteman
Sent: Thursday, January 09, 2003 2:54 AM
To: [EMAIL PROTECTED]
Subject: [Declude.JunkMail] OT: Pots & Kettles in the Cla
38 matches
Mail list logo