Got another one for you. Check out the DNS for this spammer's
domain: e247.com
The MX points to localhost. The MAILFROM test does not catch this yet,
but probably should.
Good catch. It was only detecting MX/A records that returned an IP of
127.0.0.1, but in this case e247.com returns an
The answer is going to be obvious and simple but I can't spot it.
I have a filter file:
MAILFROMLISTfilter d:\IMail\declude\mailfrom.txt
x 0 0
That contains the line (mailfrom.txt)
MAILFROM 30 CONTAINS @ideal.co.uk
(I've checked that there isn't a space at
The answer is going to be obvious and simple but I can't spot it.
You're not the first to be fooled by this:
From: [EMAIL PROTECTED] [EMAIL PROTECTED]
The problem here is that the return address of the E-mail isn't
[EMAIL PROTECTED] (nor is the From: address either, which is
[EMAIL
David:
This is why we have created several filter files and one that also gives
weight to our Blacklist being found in the header. We have a blacklist file
with Delete action and one that is filter based on the entries in the
blacklist. So if any listing in the blacklist is found in the header
A - I thought the FROM address was the labelled From: not the return
address. Should have sussed that one.
Thanks v.much for pointing this out
David
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry
Sent: 24 March 2003 15:01
To: [EMAIL
Hi Scott and all,
We added a test to SpamManager that has produced some really interesting
results.
What we are doing is to track the 2000 (user configurable) most recent spammer
IP addresses. The list is maintained as an MRU style list (sorted with the
most recent at the top). If incoming
Scott,
We've been a Junkmail client for quite some time and although we love the
product, there is probably a whole lot more we could be doing to optimize
our system. Being we have 2000 Cable modem clients and I am running the
department by myself, time to learn all the new features, take into
Hi all - I am having a set of problems that I am wondering if
there is any relationship between as I know reverse reverse DNS
can effect mail delivery.
1.) We are failing to receive mail from some places; one being
verizon and some within our group are questioning if Declude is
somehow
1.) We are failing to receive mail from some places; one being
verizon and some within our group are questioning if Declude is
somehow preventing the mail from getting through. I do not think that
is the case.
This should be relatively easy to determine.
First, see if you can find the E-mail in
Here is what we found. After about 3 weeks of data collection, only about 1 in
400 incoming spams is identified by a DNS lookup, and NOT on the list of the
2000 most recent spammers.
That is quite impressive.
I was thinking that it would probably be a relatively simple matter to add
such a test
Murphy's Law -- as soon as I write to the list, I find the DNS prob.
One of my PTR records had a typo -- was PRE instead of PTR and that did it..
Donna
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Donna Walsh
Sent: Monday, March 24, 2003 3:58 PM
To:
Title: Parsing Email Header
I wanted to see if anyone had any luck with a recommended tool (i.e. Perl Script, etc) to parse out email headers on the fly (i.e. Program alias) and adding the address into a block list that Declude Junkmail could guard against the next time. We are wanting to
Murphy's Law -- as soon as I write to the list, I find the DNS prob.
One of my PTR records had a typo -- was PRE instead of PTR and that did
it..
At least it is fixed. :))
John Tolmachoff MCSE, CSSA
IT Manager, Network Engineer
RelianceSoft, Inc.
Fullerton, CA 92835
www.reliancesoft.com
Keith,
Monday, March 24, 2003 you wrote:
KJ I wanted to see if anyone had any luck with a recommended tool (i.e.
KJ Perl Script, etc) to parse out email headers on the fly (i.e. Program
KJ alias) and adding the address into a block list that Declude Junkmail
KJ could guard against the next time.
I was thinking that it would probably be a relatively simple matter to add
such a test in a future version of declude. If an incoming message reached
a
certain weight, it could be added to a recent spammer list. This list
could be
checked along with other internal tests _before_ DNS tests are
SPThat sounds like an excellent idea -- I'm going to investigate to see
SPwhether this may be possible or not. Circumventing the DNS lookups would
SPbe very useful.
Mr. Obvious here... the same technique could be used in the negative to pass
through frequent mail from *low* scoring servers.
That
16 matches
Mail list logo
